4 # mirabilos <t.glaser@tarent.de>
5 # Copyright © 2014, 2015
6 # Dominik George <dominik.george@teckids.org>
7 # Copyright © 2014, 2015
8 # mirabilos <thorsten.glaser@teckids.org>
10 # Provided that these terms and disclaimer and all copyright notices
11 # are retained or reproduced in an accompanying document, permission
12 # is granted to deal in this work without restriction, including un‐
13 # limited rights to use, publicly perform, distribute, sell, modify,
14 # merge, give away, or sublicence.
16 # This work is provided “AS IS” and WITHOUT WARRANTY of any kind, to
17 # the utmost extent permitted by applicable law, neither express nor
18 # implied; without malicious intent or gross negligence. In no event
19 # may a licensor, author or contributor be held liable for indirect,
20 # direct, other damage, loss, or other issues arising in any way out
21 # of dealing in the work, even if advised of the possibility of such
22 # damage or existence of a defect, except proven that it results out
23 # of said person’s immediate fault when using the work as intended.
25 # Generic LDAP (LDIF) parser into associative arrays.
27 # include assockit, unless already done
28 mydir=$(realpath "$(dirname "$0")")
29 [[ -n $ASSO_VAL ]] || PATH="$mydir:$mydir/..:$PATH" . assockit.ksh
32 set -A Tb64decode_tbl -- \
33 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 \
34 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 \
35 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 62 -1 -1 -1 63 \
36 52 53 54 55 56 57 58 59 60 61 -1 -1 -1 -1 -1 -1 \
37 -1 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 \
38 15 16 17 18 19 20 21 22 23 24 25 -1 -1 -1 -1 -1 \
39 -1 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 \
40 41 42 43 44 45 46 47 48 49 50 51 -1 -1 -1 -1 -1 \
41 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 \
42 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 \
43 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 \
44 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 \
45 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 \
46 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 \
47 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 \
48 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1 -1
50 [[ -o utf8-mode ]]; local u=$? s
53 local -i i=0 n=${#s[*]} v x
58 (( (x = Tb64decode_tbl[s[i++]]) == -1 )) && continue
59 while (( (v = Tb64decode_tbl[s[i++]]) == -1 )); do
65 (( o = ((x = (x << 6) | v) >> 4) & 255 ))
67 while (( (v = Tb64decode_tbl[s[i++]]) == -1 )); do
73 (( o = ((x = (x << 6) | v) >> 2) & 255 ))
75 while (( (v = Tb64decode_tbl[s[i++]]) == -1 )); do
81 (( o = ((x << 6) | v) & 255 ))
87 # Syntax: asso_setldap arrayname index ... -- ldapsearch-options
88 function asso_setldap_plain {
89 local opts x n=0 found=0
93 if [[ $x = -[-+] ]]; then
102 asso_setldap_internal "${opts[@]}"
104 function asso_setldap_sasl {
105 local opts x n=0 found=0
109 if [[ $x = -[-+] ]]; then
114 if (( !found )); then
118 asso_setldap_internal "${opts[@]}"
120 function asso_setldap_internal {
122 local arrpath ldapopts x i=0 T dn line value found=0
125 [[ $1 = -- || $1 = -+ ]] && break
129 if [[ $1 != -- && $1 != -+ ]]; then
130 print -u2 'assoldap.ksh: syntax: asso_setldap arraypath -- ldappath'
133 [[ $1 = -+ ]]; do_free=$?
135 set -A ldapopts -- "$@"
137 # Add default host URI if none is given
138 for x in "${ldapopts[@]}"; do
139 if [[ $x = -H ]]; then
144 if (( !found )); then
145 set -A ldapopts+ -- -H ldapi://
148 if (( do_free )); then
149 # just in case, unset the target array and create it as associative
150 asso__lookup 1 "${arrpath[@]}"
152 asso__r_setf $ASSO_AASS
155 # call ldapsearch with decent output format
156 if ! T=$(mktemp /tmp/assoldap.XXXXXXXXXX); then
157 print -u2 'assoldap.ksh: could not create temporary file'
160 if ! ldapsearch -LLL "${ldapopts[@]}" >"$T"; then
161 print -ru2 "assoldap.ksh: error from: ldapsearch -LLL ${ldapopts[*]}"
165 if [[ ! -s $T ]]; then
172 { IFS= read -r line && while :; do
173 if [[ -z $line ]]; then
175 IFS= read -r line || break
178 if [[ $line = ' '* ]]; then
182 value=${line: ${#x}+2}
184 IFS= read -r line || break
185 [[ $line = ' '* ]] && continue
186 if [[ $x = *: ]]; then
188 [[ $x = jpegPhoto ]] || value=${|Tb64decode "$value";}
190 [[ $x = dn ]] && dn=$value
192 c=$(asso_getv "${arrpath[@]}" "$dn" "$x" count)
193 asso_sets "$value" "${arrpath[@]}" "$dn" "$x" $((c))
194 asso_seti $((++c)) "${arrpath[@]}" "$dn" "$x" count
203 LDAPTLS_CACERT=/etc/ssl/certs/dc.lan.tarent.de.cer \
204 asso_setldap_plain users -- \
205 -H ldaps://dc.lan.tarent.de -b cn=users,dc=tarent,dc=de -s one \
206 isJabberAccount=1 cn uid
208 print -u2 An error occurred: $?
211 print "uid (dn) = cn"
213 for user_dn in "${asso_y[@]}"; do
214 print -r -- "$(asso_getv users "$user_dn" uid)" \
215 "($user_dn) = $(asso_getv users "$user_dn" cn)"