diff --git a/server/scripts/ldap-check.sh b/server/scripts/ldap-check.sh index a261986fb22..20c96dc1eef 100755 --- a/server/scripts/ldap-check.sh +++ b/server/scripts/ldap-check.sh @@ -1,6 +1,12 @@ #!/bin/bash -./jq-dep-check.sh +jq_cmd=jq +[[ $(type -P "$jq_cmd") ]] || { + echo "'$jq_cmd' command line JSON processor not found"; + echo "Please install on linux with 'sudo apt-get install jq'" + echo "Please install on mac with 'brew install jq'" + exit 1; +} ldapsearch_cmd=ldapsearch [[ $(type -P "$ldapsearch_cmd") ]] || { @@ -17,31 +23,28 @@ if [[ -z ${1} ]]; then exit 1; fi -echo "Looking for config.json" +find_config_file() { + local config_paths=("./config.json" "./config/config.json" "../config/config.json" "/opt/mattermost/config/config.json") + + for path in "${config_paths[@]}"; do + if [[ -e "$path" ]]; then + echo "$path" + return 0 + fi + done + + return 1 +} -config_file= -if [[ -e "./config.json" ]]; then - config_file="./config.json" - echo "Found config at $config_file"; -fi - -if [[ -z ${config_file} && -e "./config/config.json" ]]; then - config_file="./config/config.json" - echo "Found config at $config_file"; -fi - -if [[ -z ${config_file} && -e "../config/config.json" ]]; then - config_file="../config/config.json" - echo "Found config at $config_file"; -fi - -if [[ -z ${config_file} ]]; then - echo "We could not find config.json"; - exit 1; +config_file=$(find_config_file) +if [[ $? -ne 0 ]]; then + echo "We could not find config.json" + exit 1 fi LdapServer=`cat $config_file | jq -r .LdapSettings.LdapServer` LdapPort=`cat $config_file | jq -r .LdapSettings.LdapPort` +ConnectionSecurity=`cat $config_file | jq -r .LdapSettings.ConnectionSecurity` BindUsername=`cat $config_file | jq -r .LdapSettings.BindUsername` BindPassword=`cat $config_file | jq -r .LdapSettings.BindPassword` BaseDN=`cat $config_file | jq -r .LdapSettings.BaseDN` @@ -52,6 +55,17 @@ IdAttribute=`cat $config_file | jq -r .LdapSettings.IdAttribute` GroupFilter=`cat $config_file | jq -r .LdapSettings.GroupFilter` GroupIdAttribute=`cat $config_file | jq -r .LdapSettings.GroupIdAttribute` +if [[ -z ${ConnectionSecurity} || ${ConnectionSecurity} == "null" ]]; then + LdapUri="ldap://$LdapServer:$LdapPort" + StartTlsFlag="" +elif [[ ${ConnectionSecurity} == "STARTTLS" ]]; then + LdapUri="ldap://$LdapServer:$LdapPort" + StartTlsFlag="-ZZ" +else + LdapUri="ldaps://$LdapServer:$LdapPort" + StartTlsFlag="" +fi + if [[ -z ${UserFilter} ]]; then UserFilter="($IdAttribute=$2)" else @@ -64,20 +78,20 @@ else GroupFilter="(&($GroupIdAttribute=$2)$GroupFilter)" fi +run_ldap_search() { + local filter="$1" + local attributes="$2" + + cmd_to_run="$ldapsearch_cmd -LLL -x $StartTlsFlag -H \"$LdapUri\" -D \"$BindUsername\" -w \"$BindPassword\" -b \"$BaseDN\" \"$filter\" $attributes" + echo $cmd_to_run + echo "-------------------------" + eval $cmd_to_run +} + if [[ $1 == '-u' ]]; then - -cmd_to_run="$ldapsearch_cmd -LLL -x -h $LdapServer -p $LdapPort -D \"$BindUsername\" -w \"$BindPassword\" -b \"$BaseDN\" \"$UserFilter\" $IdAttribute $UsernameAttribute $EmailAttribute" -echo $cmd_to_run -echo "-------------------------" -eval $cmd_to_run - + run_ldap_search "$UserFilter" "$IdAttribute $UsernameAttribute $EmailAttribute" elif [[ $1 == '-g' ]]; then - -cmd_to_run="$ldapsearch_cmd -LLL -x -h $LdapServer -p $LdapPort -D \"$BindUsername\" -w \"$BindPassword\" -b \"$BaseDN\" \"$GroupFilter\"" -echo $cmd_to_run -echo "-------------------------" -eval $cmd_to_run - + run_ldap_search "$GroupFilter" "" else echo "User or Group not specified" fi