serve-ssh-certs/scripts/authorizedprincipals.sh

#!/bin/bash

LDAPSEARCH=/usr/bin/ldapsearch
SSSD_CONFIG=/etc/sssd/sssd.conf
SEARCHBASE="dc=schuerz,dc=at"
BindDN=$(sed -n -e '/^ldap_default_bind_dn/s/^ldap_default_bind_dn[ ]*=[ ]*//p' $SSSD_CONFIG)
BindPW=$(sed -n -e '/^ldap_default_authtok/s/^ldap_default_authtok[ ]*=[ ]*//p' $SSSD_CONFIG)
LDAPHost="ldap://ldap.schuerz.at"
HostDN=""

function join_by { local d=$1; shift; echo -n "$1"; shift; printf "%s" "${@/#/$d}"; }

#echo BindDN: $BindDN
#echo BindPW: $BindPW
#echo HostDN: $HostDN

regex='([^,]+),([^,]+),([^,]+),([^,]+),([^,]+),([^,]+)'
#regex='(([^,]+),)+[^,]+'
if [[ $BindDN =~ $regex ]]; then
    i=2
    n=${#BASH_REMATCH[*]}
    #echo BR ${BASH_REMATCH[*]}
#    delete=( ${BASH_REMATCH[1]} )
#    echo delete ${delete[*]}
#    echo deleted ${BASH_REMATCH[*]/$delete}
#    HostDN=("${BASH_REMATCH[@]/$delete}")
    while [[ $i -lt $n ]]
    do
        #echo "  capture[$i]: ${BASH_REMATCH[$i]}"
        if [[ -z "$HostDN" ]]; then
            HostDN="${BASH_REMATCH[$i]}"
            #echo $HostDN
        else
            HostDN="${HostDN},${BASH_REMATCH[$i]}"
            #echo $HostDN
        fi
        let i++
    done

else
    echo BindDN does not match regex
    echo $BindDN
    echo $regex

fi

#echo "HostDN: $HostDN"
SEARCHFILTER="(&(dcAccountStatus=active)(|(memberof=cn=perm-sys_local_admins,${HostDN}) (memberof=cn=perm-sys_local_users,${HostDN}) ( memberof=cn=perm-sys_admins,ou=all_hosts,ou=posix,ou=groups,dc=schuerz,dc=at) (memberof=cn=perm-sys_users,ou=all_hosts,ou=posix,ou=groups,dc=schuerz,dc=at)))" 
#echo "SEARCHFILTER: $SEARCHFILTER"

ldapsearch -LLL -Z -w $BindPW -D $BindDN  "${SEARCHFILTER}" uid|awk 'BEGIN{ORS=" "}$1=="uid:" {print $2}'
add authorizedprincipalscommand 2019-09-03 13:23:14 +02:00			`#!/bin/bash`

			`LDAPSEARCH=/usr/bin/ldapsearch`
			`SSSD_CONFIG=/etc/sssd/sssd.conf`
			`SEARCHBASE="dc=schuerz,dc=at"`
			`BindDN=$(sed -n -e '/^ldap_default_bind_dn/s/^ldap_default_bind_dn[ ]=[ ]//p' $SSSD_CONFIG)`
			`BindPW=$(sed -n -e '/^ldap_default_authtok/s/^ldap_default_authtok[ ]=[ ]//p' $SSSD_CONFIG)`
			`LDAPHost="ldap://ldap.schuerz.at"`
			`HostDN=""`

			`function join_by { local d=$1; shift; echo -n "$1"; shift; printf "%s" "${@/#/$d}"; }`

			`#echo BindDN: $BindDN`
			`#echo BindPW: $BindPW`
			`#echo HostDN: $HostDN`

			`regex='([^,]+),([^,]+),([^,]+),([^,]+),([^,]+),([^,]+)'`
			`#regex='(([^,]+),)+[^,]+'`
			`if [[ $BindDN =~ $regex ]]; then`
			`i=2`
			`n=${#BASH_REMATCH[*]}`
			`#echo BR ${BASH_REMATCH[*]}`
			`# delete=( ${BASH_REMATCH[1]} )`
			`# echo delete ${delete[*]}`
			`# echo deleted ${BASH_REMATCH[*]/$delete}`
			`# HostDN=("${BASH_REMATCH[@]/$delete}")`
			`while [[ $i -lt $n ]]`
			`do`
			`#echo " capture[$i]: ${BASH_REMATCH[$i]}"`
			`if [[ -z "$HostDN" ]]; then`
			`HostDN="${BASH_REMATCH[$i]}"`
			`#echo $HostDN`
			`else`
			`HostDN="${HostDN},${BASH_REMATCH[$i]}"`
			`#echo $HostDN`
			`fi`
			`let i++`
			`done`

			`else`
			`echo BindDN does not match regex`
			`echo $BindDN`
			`echo $regex`

			`fi`

			`#echo "HostDN: $HostDN"`
			`SEARCHFILTER="(&(dcAccountStatus=active)(\|(memberof=cn=perm-sys_local_admins,${HostDN}) (memberof=cn=perm-sys_local_users,${HostDN}) ( memberof=cn=perm-sys_admins,ou=all_hosts,ou=posix,ou=groups,dc=schuerz,dc=at) (memberof=cn=perm-sys_users,ou=all_hosts,ou=posix,ou=groups,dc=schuerz,dc=at)))"`
			`#echo "SEARCHFILTER: $SEARCHFILTER"`

			`ldapsearch -LLL -Z -w $BindPW -D $BindDN "${SEARCHFILTER}" uid\|awk 'BEGIN{ORS=" "}$1=="uid:" {print $2}'`