resetacl: renommage en resetdb, ajouter la contrainte sur pslBadgeCSN (fixes #22917)
Corrige aussi les mises à jour de contrainte précédente qui ne marchait pas car olcConstraintAttribute ne supporte pas les recherches par sous-chaîne.
This commit is contained in:
parent
a8f4ba5d4d
commit
1751cf08dc
|
@ -10,6 +10,16 @@ function echoonerror {
|
|||
fi
|
||||
}
|
||||
|
||||
function confirm {
|
||||
echo -n Voulez-vous $1 ? "(y/n) "
|
||||
read OK
|
||||
if [ "$OK" = "y" ]; then
|
||||
return 0
|
||||
else
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
if [ "x$1" = "x" ]; then
|
||||
echo Suffix de la base à réinitialiser ?
|
||||
echo -ne "> "
|
||||
|
@ -23,7 +33,12 @@ DN2=`ldapsearch -H ldapi:// -Y EXTERNAL -b $DN "objectClass=olcConstraintConfig"
|
|||
|
||||
if [ "x$DN" != "" ]; then
|
||||
LDIF=`tempfile`
|
||||
cat <<EOF >$LDIF
|
||||
cat <<EOF
|
||||
La réinitialisation des ACLs supprimera vos ACLs locales les remplaçant par le
|
||||
standard PSL, à ne faire qu'en connaissance de cause.
|
||||
EOF
|
||||
if confirm "remettre à zéro les ACLs"; then
|
||||
cat <<EOF >$LDIF
|
||||
dn: $DN
|
||||
changetype: modify
|
||||
replace: olcAccess
|
||||
|
@ -73,24 +88,58 @@ olcAccess: {9}to dn.subtree="ou=structures,$SUFFIX"
|
|||
olcAccess: {10}to *
|
||||
by group.exact="cn=reader,ou=groups,$SUFFIX" +r
|
||||
by users +s
|
||||
-
|
||||
EOF
|
||||
echoonerror ldapmodify -H ldapi:// -Y EXTERNAL -f $LDIF && echo "- directives olcAccess réinitialisées"
|
||||
fi
|
||||
cat <<EOF
|
||||
La réinitialisation des directives olcDBIndex supprimera vos règles
|
||||
d'indexation locales, si vous utilisez des attributs locaux qui nécessitent une
|
||||
indexation cela pourrait produire des ralentissements.
|
||||
EOF
|
||||
if confirm "réinitialiser les directives olcDbIndex"; then
|
||||
cat <<EOF >$LDIF
|
||||
dn: $DN
|
||||
changetype: modify
|
||||
replace: olcDbIndex
|
||||
olcDbIndex: objectClass,contextCSN,member,eduPersonPrincipalName,owner,supannRefId eq
|
||||
olcDbIndex: objectClass,contextCSN,member,eduPersonPrincipalName,owner,supannRefId,pslBadgeCSN eq
|
||||
olcDbIndex: supannAliasLogin,mail,givenName,uid,cn,sn,supannMailPerso,displayName pres,eq,approx,sub
|
||||
-
|
||||
replace: olcDbMaxSize
|
||||
olcDbMaxSize: 1073741824
|
||||
EOF
|
||||
echoonerror ldapmodify -H ldapi:// -Y EXTERNAL -f $LDIF
|
||||
if echoonerror ldapsearch -H ldapi:// -Y EXTERNAL -b "$DN2" olcConstraintAttribute=*displayName* >/dev/null; then
|
||||
echo <<EOF >$LDIF
|
||||
echoonerror ldapmodify -H ldapi:// -Y EXTERNAL -f $LDIF
|
||||
echo "- directives olcDBIndex réinitialisées"
|
||||
fi
|
||||
|
||||
# remove the displayname constraint
|
||||
if ldapsearch -H ldapi:// -Y EXTERNAL -b "$DN2" "olcConstraintAttribute=displayName,sn,givenName set \"\\28this/givenName + [ ] + this/sn\\29 & this/displayName\" restrict=\"ldap:///ou=people,$SUFFIX??sub?\\28objectClass=\\2a\\29\"" 2>/dev/null | grep -q ^olcConstraintAttribute ; then
|
||||
cat <<EOF >$LDIF
|
||||
dn: $DN2
|
||||
changetype: modify
|
||||
delete: olcConstraintAttribute
|
||||
olcConstraintAttribute: displayName,sn,givenName set "(this/givenName + [ ] + this/sn) & this/displayName" restrict="ldap:///ou=people,$SUFFIX??sub?(objectClass=*)"
|
||||
olcConstraintAttribute: supannAliasLogin regex "^[[:alnum]+$"
|
||||
EOF
|
||||
echoonerror ldapmodify -H ldapi:// -Y EXTERNAL -f $LDIF
|
||||
echoonerror ldapmodify -H ldapi:// -Y EXTERNAL -f $LDIF && echo "- contrainte displayName retiré"
|
||||
fi
|
||||
# remove the supannAliasLogin constraint
|
||||
if ldapsearch -H ldapi:// -Y EXTERNAL -b "$DN2" olcConstraintAttribute='supannAliasLogin regex "^[[:alnum:]]+$"' 2>/dev/null | grep -q ^olcConstraintAttribute ; then
|
||||
cat <<EOF >$LDIF
|
||||
dn: $DN2
|
||||
changetype: modify
|
||||
delete: olcConstraintAttribute
|
||||
olcConstraintAttribute: supannAliasLogin regex "^[[:alnum:]]+$"
|
||||
EOF
|
||||
echoonerror ldapmodify -H ldapi:// -Y EXTERNAL -f $LDIF && echo "- contrainte supannAliasLogin retiré"
|
||||
fi
|
||||
# add the pslBadgeCSN constraint
|
||||
if ! (ldapsearch -H ldapi:// -Y EXTERNAL -b "$DN2" 'olcConstraintAttribute=pslBadgeCSN regex "^[0-9A-F]{8,14}$"' 2>/dev/null | grep -q ^olc); then
|
||||
cat <<EOF >$LDIF
|
||||
dn: $DN2
|
||||
changetype: modify
|
||||
add: olcConstraintAttribute
|
||||
olcConstraintAttribute: pslBadgeCSN regex "^[0-9A-F]{8,14}$"
|
||||
EOF
|
||||
echoonerror ldapmodify -H ldapi:// -Y EXTERNAL -f $LDIF && echo "- contrainte pslBadgeCSN ajouté"
|
||||
fi
|
||||
rm $LDIF
|
||||
echo "Réinitialisation de la base $DN pour le suffixe $SUFFIX effectuée."
|
Reference in New Issue