Last active
January 14, 2016 09:39
-
-
Save mmaassen/d790bd279122fb8ef089 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
BASEPATH=$(dirname $0) | |
source $BASEPATH/functions.sh | |
LOGFILE="$LOGPATH/$(basename $0).log" | |
exec > >(tee -i $LOGFILE) | |
checkSudo | |
ARRAY="$@" | |
######################################################################## | |
## Defaults | |
CACHETYPE="" ## empty || cache-type=default | |
FLAG="sufficient" | |
SECURITY_DOMAIN_NAME="templateRemoveMe" | |
SECURITY_DOMAIN_LDAP_URL="ldap://localhost" | |
SECURITY_DOMAIN_LDAP_USER="cn=admin,dc=hydrogenic,dc=nl" | |
SECURITY_DOMAIN_LDAP_PASSWORD="changethis" | |
SECURITY_DOMAIN_LDAP_USERS_DN="ou=intern,ou=gebruikers,dc=hydrogenic,dc=nl" | |
SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE="(uid={0})" | |
SECURITY_DOMAIN_LDAP_ROLES_DN="ou=dev,ou=hdrh,ou=groepen,dc=hydrogenic,dc=nl" | |
SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE="(member={1})" | |
SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE="cn" | |
DEBUG=false | |
## Defaults | |
######################################################################## | |
usage(){ | |
printError "$0 --omgeving <omgeving>" | |
printError "==================================" | |
printError "========== OPTIONS ===============" | |
printError "==================================" | |
printError "--omgeving '$OMGEVING'" | |
printError "--name '$SECURITY_DOMAIN_NAME'" | |
printError "--ldap-url '$SECURITY_DOMAIN_LDAP_URL'" | |
printError "--ldap-user '$SECURITY_DOMAIN_LDAP_USER'" | |
printError "--ldap-password '$SECURITY_DOMAIN_LDAP_PASSWORD'" | |
printError "--ldap-user-dn '$SECURITY_DOMAIN_LDAP_USERS_DN'" | |
printError "--ldap-user-attr '$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE'" | |
printError "--ldap-role-dn '$SECURITY_DOMAIN_LDAP_ROLES_DN'" | |
printError "--ldap-role-attr '$SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE'" | |
printError "--ldap-role-user-attr '$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE'" | |
printError "==================================" | |
printError "--help #show this message" | |
printError "--debug #debug output" | |
printError "==================================" | |
printError "add-wildfly-security-domain.sh --omgeving dev --name omnimapSecurityDomain --ldap-url 'ldap://ldap.hydrogenic.nl' --ldap-password 'example' --ldap-role-dn 'ou=dev,ou=hdrh,ou=groepen,dc=hydrogenic,dc=nl'" | |
printError "==================================" | |
exit 1 | |
} | |
######################################################################## | |
OPTS=`getopt -l "omgeving:,name:,ldap-url:,ldap-user:,ldap-password:,ldap-user-dn:,ldap-user-attr:,ldap-role-dn:,ldap-role-attr:,ldap-role-user-attr:,help,debug" -n 'addSecurityDomain.sh' -- "$ARRAY"` | |
if [ $? != 0 ] ; then echo "Failed parsing options." >&2 ; exit 1 ; fi | |
# eval set -- "$OPTS" | |
while true; do | |
case "$1" in | |
--omgeving ) OMGEVING=$2; shift;shift;; | |
--name ) SECURITY_DOMAIN_NAME=$2; shift;shift;; | |
--ldap-url ) SECURITY_DOMAIN_LDAP_URL=$2; shift;shift;; | |
--ldap-user ) SECURITY_DOMAIN_LDAP_USER=$2; shift;shift;; | |
--ldap-password ) SECURITY_DOMAIN_LDAP_PASSWORD=$2; shift;shift;; | |
--ldap-user-dn ) SECURITY_DOMAIN_LDAP_USERS_DN=$2; shift;shift;; | |
--ldap-user-attr ) SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE=$2; shift;shift;; | |
--ldap-role-dn ) SECURITY_DOMAIN_LDAP_ROLES_DN=$2; shift;shift;; | |
--ldap-role-attr ) SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE=$2; shift;shift;; | |
--ldap-role-user-attr ) SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE=$2; shift;shift;; | |
--help ) usage ;; | |
--debug ) export DEBUG=true; shift;shift;; | |
-- ) shift; break ;; | |
* ) break ;; | |
esac | |
done | |
if [[ "y$OMGEVING" == "y" ]]; then | |
printError "--omgeving is vereist" | |
usage | |
fi | |
printDebug "OMGEVING=$OMGEVING" | |
printDebug "SECURITY_DOMAIN_NAME=$SECURITY_DOMAIN_NAME" | |
printDebug "SECURITY_DOMAIN_LDAP_URL=$SECURITY_DOMAIN_LDAP_URL" | |
printDebug "SECURITY_DOMAIN_LDAP_USER=$SECURITY_DOMAIN_LDAP_USER" | |
printDebug "SECURITY_DOMAIN_LDAP_PASSWORD=$SECURITY_DOMAIN_LDAP_PASSWORD" | |
printDebug "SECURITY_DOMAIN_LDAP_USERS_DN=$SECURITY_DOMAIN_LDAP_USERS_DN" | |
printDebug "SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE=$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE" | |
printDebug "SECURITY_DOMAIN_LDAP_ROLES_DN=$SECURITY_DOMAIN_LDAP_ROLES_DN" | |
printDebug "SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE=$SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE" | |
printDebug "SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE=$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE" | |
if [[ -f /tmp/$SECURITY_DOMAIN_NAME.cli ]]; then | |
rm -f /tmp/$SECURITY_DOMAIN_NAME.cli | |
fi | |
cat > /tmp/$SECURITY_DOMAIN_NAME.cli << EOF | |
batch | |
/profile=full-ha/subsystem=security/security-domain=$SECURITY_DOMAIN_NAME:add($CACHETYPE) | |
/profile=full-ha/subsystem=security/security-domain=$SECURITY_DOMAIN_NAME/authentication=classic:add() | |
/profile=full-ha/subsystem=security/security-domain=$SECURITY_DOMAIN_NAME/authentication=classic/login-module=LdapExtended:add(code=LdapExtended,flag=$FLAG,module-options={"java.naming.provider.url" => "$SECURITY_DOMAIN_LDAP_URL","java.naming.factory.initial" => "com.sun.jndi.ldap.LdapCtxFactory","bindDN" => "$SECURITY_DOMAIN_LDAP_USER","bindCredential" => "$SECURITY_DOMAIN_LDAP_PASSWORD","baseCtxDN" => "$SECURITY_DOMAIN_LDAP_USERS_DN","baseFilter" => "$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE","rolesCtxDN" => "$SECURITY_DOMAIN_LDAP_ROLES_DN","roleFilter" => "$SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE","roleAttributeID" => "$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE","allowEmptyPasswords" => "SUBTREE_SCOPE"}) | |
run-batch | |
EOF | |
printDebug "\n\nRunning CLI: \n---\n\n$(cat /tmp/$SECURITY_DOMAIN_NAME.cli)\n\n---\n\n" | |
sudo -i -u jboss /apps/jboss-running/bin/jboss-cli.sh --connect --controller=`hostname -I` --file=/tmp/$SECURITY_DOMAIN_NAME.cli | |
## MORE INFO | |
## https://gist.github.com/hasalex/5854155 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment