[evolvis-commits] r18351: rework LDAP → Forge password handling

mirabilos at evolvis.org mirabilos at evolvis.org
Thu Apr 12 20:40:14 CEST 2012


Author: mirabilos
Date: 2012-04-12 20:40:13 +0200 (Thu, 12 Apr 2012)
New Revision: 18351

Modified:
   trunk/gforge_base/evolvisforge-5.1/src/univention/ldap2psql.sh
Log:
rework LDAP → Forge password handling

• support {SSHA} within unix_pw
• since we only ever check unix_pw, set user_pw to 'X' generally

Modified: trunk/gforge_base/evolvisforge-5.1/src/univention/ldap2psql.sh
===================================================================
--- trunk/gforge_base/evolvisforge-5.1/src/univention/ldap2psql.sh	2012-04-12 18:40:09 UTC (rev 18350)
+++ trunk/gforge_base/evolvisforge-5.1/src/univention/ldap2psql.sh	2012-04-12 18:40:13 UTC (rev 18351)
@@ -32,7 +32,7 @@
 nl='
 '
 
-vars="modifyTimestamp givenName mailPrimaryAddress sn uid userPassword"
+vars="modifyTimestamp givenName mailPrimaryAddress sn uid"
 
 function out {
 	text="WARNING: $*"
@@ -46,11 +46,16 @@
 
 [[ -z $2 || -z $3 || -z $4 || -z $5 || -z $6 || -z $7 ]] && out ignoring
 
-# if LDAP uses {crypt} appease PAM
 if [[ $userPassword = '{crypt}'* ]]; then
+	# if LDAP uses {crypt} appease PAM
 	cryptpw=${userPassword#?crypt?}
 	vars="$vars cryptpw"
 	[[ $cryptpw = '!'* ]] && taction=2
+elif [[ $userPassword = '{'[Ss][Ss][Hh][Aa]'}'* ]]; then
+	# PAM does not know about this, but Evolvis
+	cryptpw=$userPassword
+	vars="$vars cryptpw"
+	# but how to handle user deactivation here?
 else
 	cryptpw=
 	Ecryptpw="''"
@@ -99,7 +104,7 @@
 		# modify
 		cmd="$cmd, status='A'"
 		cmd="$cmd, email=$EmailPrimaryAddress"
-		cmd="$cmd, user_pw=$EuserPassword"
+		cmd="$cmd, user_pw='X'"
 		cmd="$cmd, unix_pw=$Ecryptpw"
 		cmd="$cmd, realname=$Ern"
 		cmd="$cmd, firstname=$EgivenName"
@@ -113,7 +118,7 @@
 	cmd="$cmd add_date, confirm_hash, jabber_only, ccode, unix_pw,"
 	cmd="$cmd timezone, language, mail_siteupdates, mail_va, status,"
 	cmd="$cmd unix_status, sys_state, type_id, theme_id) VALUES ("
-	cmd="$cmd $Euid, $EmailPrimaryAddress, $EuserPassword, $Ern,"
+	cmd="$cmd $Euid, $EmailPrimaryAddress, 'X', $Ern,"
 	cmd="$cmd $EgivenName, $Esn, '/lib/anonsvnsh', 11, 11,"
 	cmd="$cmd $(date -u +'%s'), $EmodifyTimestamp, 0, 'DE', $Ecryptpw,"
 	cmd="$cmd 'Europe/Berlin', 1, 1, 0, 'A', 'A', 'N', 1,"



More information about the evolvis-commits mailing list