39 lines
1.8 KiB
Bash
Executable File
39 lines
1.8 KiB
Bash
Executable File
#!/bin/sh
|
|
set -e
|
|
|
|
if [ "x$1" = "x" ]; then
|
|
echo Suffix de la base à réinitialiser ?
|
|
echo -ne "> "
|
|
read SUFFIX
|
|
else
|
|
SUFFIX="$1"
|
|
fi
|
|
|
|
DN=`ldapsearch -H ldapi:// -Y EXTERNAL -b cn=config "olcSuffix=$SUFFIX" "" 2>/dev/null | grep ^dn | head -n1`
|
|
|
|
if [ "x$DN" != "" ]; then
|
|
LDIF=`tempfile`
|
|
cat <<EOF >$LDIF
|
|
$DN
|
|
changetype: modify
|
|
replace: olcAccess
|
|
olcAccess: {0}to * by dn.exact="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by group.exact="cn=admin,ou=groups,$SUFFIX" manage by * break
|
|
olcAccess: {1}to dn.regex="uid=[^,]+,ou=people,$SUFFIX" attrs=supannAliasLogin,supannListeRouge,eduPersonNickname,supannMailPerso,userPassword,labeledURI by self write by * break
|
|
olcAccess: {2}to dn.one="ou=groups,$SUFFIX" by set="this/owner & user" manage by * break
|
|
olcAccess: {3}to dn.one="ou=groups,$SUFFIX" attrs=entry,cn,description,owner,supannRefId by users read by * break
|
|
olcAccess: {4}to dn.one="ou=groups,$SUFFIX" attrs=member by set="this/supannGroupeAdminDN/member* & user" write by set="this/supannGroupeAdminDN & user" write by set="this/supannGroupeLecteurDN/member* & user" read by set="this/supannGroupeLecteurDN & user" read by dnattr=member search
|
|
olcAccess: {5}to dn.one="ou=structures,$SUFFIX" by * read
|
|
olcAccess: {6}to dn.one="ou=people,$SUFFIX" by self read by users read by anonymous auth by * none
|
|
olcAccess: {7}to * by users search
|
|
-
|
|
replace: olcDbIndex
|
|
olcDbIndex: objectClass,contextCSN,member,eduPersonPrincipalName,owner,supannRefId eq
|
|
olcDbIndex: supannAliasLogin,mail,givenName,uid,cn,sn,supannMailPerso,displayName pres,eq,approx,sub
|
|
EOF
|
|
ldapmodify -H ldapi:// -Y EXTERNAL -f $LDIF 2>/dev/null >/dev/null
|
|
rm $LDIF
|
|
echo "Réinitialisation de la base $DN pour le suffixe $SUFFIX effectuée."
|
|
else
|
|
echo "ERREUR: Le suffixe $SUFFIX n'a pas été trouvé"
|
|
fi
|