diff --git a/lib/resetacl b/lib/resetdb similarity index 56% rename from lib/resetacl rename to lib/resetdb index e045a6a..d543db5 100755 --- a/lib/resetacl +++ b/lib/resetdb @@ -10,6 +10,16 @@ function echoonerror { fi } +function confirm { + echo -n Voulez-vous $1 ? "(y/n) " + read OK + if [ "$OK" = "y" ]; then + return 0 + else + return 1 + fi +} + if [ "x$1" = "x" ]; then echo Suffix de la base à réinitialiser ? echo -ne "> " @@ -23,7 +33,12 @@ DN2=`ldapsearch -H ldapi:// -Y EXTERNAL -b $DN "objectClass=olcConstraintConfig" if [ "x$DN" != "" ]; then LDIF=`tempfile` - cat <$LDIF +cat <$LDIF dn: $DN changetype: modify replace: olcAccess @@ -73,24 +88,58 @@ olcAccess: {9}to dn.subtree="ou=structures,$SUFFIX" olcAccess: {10}to * by group.exact="cn=reader,ou=groups,$SUFFIX" +r by users +s -- +EOF + echoonerror ldapmodify -H ldapi:// -Y EXTERNAL -f $LDIF && echo "- directives olcAccess réinitialisées" + fi +cat <$LDIF +dn: $DN +changetype: modify replace: olcDbIndex -olcDbIndex: objectClass,contextCSN,member,eduPersonPrincipalName,owner,supannRefId eq +olcDbIndex: objectClass,contextCSN,member,eduPersonPrincipalName,owner,supannRefId,pslBadgeCSN eq olcDbIndex: supannAliasLogin,mail,givenName,uid,cn,sn,supannMailPerso,displayName pres,eq,approx,sub - replace: olcDbMaxSize olcDbMaxSize: 1073741824 EOF - echoonerror ldapmodify -H ldapi:// -Y EXTERNAL -f $LDIF - if echoonerror ldapsearch -H ldapi:// -Y EXTERNAL -b "$DN2" olcConstraintAttribute=*displayName* >/dev/null; then - echo <$LDIF + echoonerror ldapmodify -H ldapi:// -Y EXTERNAL -f $LDIF + echo "- directives olcDBIndex réinitialisées" + fi + + # remove the displayname constraint + if ldapsearch -H ldapi:// -Y EXTERNAL -b "$DN2" "olcConstraintAttribute=displayName,sn,givenName set \"\\28this/givenName + [ ] + this/sn\\29 & this/displayName\" restrict=\"ldap:///ou=people,$SUFFIX??sub?\\28objectClass=\\2a\\29\"" 2>/dev/null | grep -q ^olcConstraintAttribute ; then + cat <$LDIF dn: $DN2 changetype: modify delete: olcConstraintAttribute olcConstraintAttribute: displayName,sn,givenName set "(this/givenName + [ ] + this/sn) & this/displayName" restrict="ldap:///ou=people,$SUFFIX??sub?(objectClass=*)" -olcConstraintAttribute: supannAliasLogin regex "^[[:alnum]+$" EOF - echoonerror ldapmodify -H ldapi:// -Y EXTERNAL -f $LDIF + echoonerror ldapmodify -H ldapi:// -Y EXTERNAL -f $LDIF && echo "- contrainte displayName retiré" + fi + # remove the supannAliasLogin constraint + if ldapsearch -H ldapi:// -Y EXTERNAL -b "$DN2" olcConstraintAttribute='supannAliasLogin regex "^[[:alnum:]]+$"' 2>/dev/null | grep -q ^olcConstraintAttribute ; then + cat <$LDIF +dn: $DN2 +changetype: modify +delete: olcConstraintAttribute +olcConstraintAttribute: supannAliasLogin regex "^[[:alnum:]]+$" +EOF + echoonerror ldapmodify -H ldapi:// -Y EXTERNAL -f $LDIF && echo "- contrainte supannAliasLogin retiré" + fi + # add the pslBadgeCSN constraint + if ! (ldapsearch -H ldapi:// -Y EXTERNAL -b "$DN2" 'olcConstraintAttribute=pslBadgeCSN regex "^[0-9A-F]{8,14}$"' 2>/dev/null | grep -q ^olc); then + cat <$LDIF +dn: $DN2 +changetype: modify +add: olcConstraintAttribute +olcConstraintAttribute: pslBadgeCSN regex "^[0-9A-F]{8,14}$" +EOF + echoonerror ldapmodify -H ldapi:// -Y EXTERNAL -f $LDIF && echo "- contrainte pslBadgeCSN ajouté" fi rm $LDIF echo "Réinitialisation de la base $DN pour le suffixe $SUFFIX effectuée." diff --git a/lib/resetacl.help b/lib/resetdb.help similarity index 100% rename from lib/resetacl.help rename to lib/resetdb.help