mmaassen · January 14, 2016 09:39
diff --git a/jboss-security-domain.cli.sh b/jboss-security-domain.cli.sh
 #!/bin/bash
 BASEPATH=$(dirname $0)
 source $BASEPATH/functions.sh

 LOGFILE="$LOGPATH/$(basename $0).log"
 exec > >(tee -i $LOGFILE)

 checkSudo

 ARRAY="$@"

 ########################################################################
 ## Defaults
 CACHETYPE=""   ## empty || cache-type=default
 FLAG="sufficient"
 SECURITY_DOMAIN_NAME="templateRemoveMe"
 SECURITY_DOMAIN_LDAP_URL="ldap://localhost"
 SECURITY_DOMAIN_LDAP_USER="cn=admin,dc=hydrogenic,dc=nl"
 SECURITY_DOMAIN_LDAP_PASSWORD="changethis"
 SECURITY_DOMAIN_LDAP_USERS_DN="ou=intern,ou=gebruikers,dc=hydrogenic,dc=nl"
 SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE="(uid={0})"
 SECURITY_DOMAIN_LDAP_ROLES_DN="ou=dev,ou=hdrh,ou=groepen,dc=hydrogenic,dc=nl"
 SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE="(member={1})"
 SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE="cn"
 DEBUG=false
 ## Defaults
 ########################################################################

 usage(){
    printError "$0 --omgeving <omgeving>"
    printError "=================================="
    printError "========== OPTIONS ==============="
    printError "=================================="
    printError "--omgeving '$OMGEVING'"
    printError "--name '$SECURITY_DOMAIN_NAME'"
    printError "--ldap-url '$SECURITY_DOMAIN_LDAP_URL'"
    printError "--ldap-user '$SECURITY_DOMAIN_LDAP_USER'"
    printError "--ldap-password '$SECURITY_DOMAIN_LDAP_PASSWORD'"
    printError "--ldap-user-dn '$SECURITY_DOMAIN_LDAP_USERS_DN'"
    printError "--ldap-user-attr '$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE'"
    printError "--ldap-role-dn '$SECURITY_DOMAIN_LDAP_ROLES_DN'"
    printError "--ldap-role-attr '$SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE'"
    printError "--ldap-role-user-attr '$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE'"
    printError "=================================="
    printError "--help  #show this message"
    printError "--debug #debug output"
    printError "=================================="
    printError "add-wildfly-security-domain.sh --omgeving dev --name omnimapSecurityDomain --ldap-url 'ldap://ldap.hydrogenic.nl' --ldap-password 'example' --ldap-role-dn 'ou=dev,ou=hdrh,ou=groepen,dc=hydrogenic,dc=nl'"
    printError "=================================="
    exit 1
 }

 ########################################################################

 OPTS=`getopt -l "omgeving:,name:,ldap-url:,ldap-user:,ldap-password:,ldap-user-dn:,ldap-user-attr:,ldap-role-dn:,ldap-role-attr:,ldap-role-user-attr:,help,debug" -n 'addSecurityDomain.sh' -- "$ARRAY"`

 if [ $? != 0 ] ; then echo "Failed parsing options." >&2 ; exit 1 ; fi

 # eval set -- "$OPTS"

 while true; do
  case "$1" in
    --omgeving )            OMGEVING=$2; shift;shift;;
    --name )                SECURITY_DOMAIN_NAME=$2; shift;shift;;
    --ldap-url )            SECURITY_DOMAIN_LDAP_URL=$2; shift;shift;;
    --ldap-user )           SECURITY_DOMAIN_LDAP_USER=$2; shift;shift;;
    --ldap-password )       SECURITY_DOMAIN_LDAP_PASSWORD=$2; shift;shift;;
    --ldap-user-dn )        SECURITY_DOMAIN_LDAP_USERS_DN=$2; shift;shift;;
    --ldap-user-attr )      SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE=$2; shift;shift;;
    --ldap-role-dn )        SECURITY_DOMAIN_LDAP_ROLES_DN=$2; shift;shift;;
    --ldap-role-attr )      SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE=$2; shift;shift;;
    --ldap-role-user-attr ) SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE=$2; shift;shift;;
    --help )                usage ;;
    --debug )               export DEBUG=true; shift;shift;;
    -- ) shift; break ;;
    * ) break ;;
  esac
 done






 if [[ "y$OMGEVING" == "y" ]]; then
    printError "--omgeving is vereist"
    usage
 fi

 printDebug "OMGEVING=$OMGEVING"
 printDebug "SECURITY_DOMAIN_NAME=$SECURITY_DOMAIN_NAME"
 printDebug "SECURITY_DOMAIN_LDAP_URL=$SECURITY_DOMAIN_LDAP_URL"
 printDebug "SECURITY_DOMAIN_LDAP_USER=$SECURITY_DOMAIN_LDAP_USER"
 printDebug "SECURITY_DOMAIN_LDAP_PASSWORD=$SECURITY_DOMAIN_LDAP_PASSWORD"
 printDebug "SECURITY_DOMAIN_LDAP_USERS_DN=$SECURITY_DOMAIN_LDAP_USERS_DN"
 printDebug "SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE=$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE"
 printDebug "SECURITY_DOMAIN_LDAP_ROLES_DN=$SECURITY_DOMAIN_LDAP_ROLES_DN"
 printDebug "SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE=$SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE"
 printDebug "SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE=$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE"


 if [[ -f  /tmp/$SECURITY_DOMAIN_NAME.cli ]]; then
    rm -f  /tmp/$SECURITY_DOMAIN_NAME.cli
 fi

 cat > /tmp/$SECURITY_DOMAIN_NAME.cli << EOF
 batch
 /profile=full-ha/subsystem=security/security-domain=$SECURITY_DOMAIN_NAME:add($CACHETYPE)
 /profile=full-ha/subsystem=security/security-domain=$SECURITY_DOMAIN_NAME/authentication=classic:add()
 /profile=full-ha/subsystem=security/security-domain=$SECURITY_DOMAIN_NAME/authentication=classic/login-module=LdapExtended:add(code=LdapExtended,flag=$FLAG,module-options={"java.naming.provider.url" => "$SECURITY_DOMAIN_LDAP_URL","java.naming.factory.initial" => "com.sun.jndi.ldap.LdapCtxFactory","bindDN" => "$SECURITY_DOMAIN_LDAP_USER","bindCredential" => "$SECURITY_DOMAIN_LDAP_PASSWORD","baseCtxDN" => "$SECURITY_DOMAIN_LDAP_USERS_DN","baseFilter" => "$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE","rolesCtxDN" => "$SECURITY_DOMAIN_LDAP_ROLES_DN","roleFilter" => "$SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE","roleAttributeID" => "$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE","allowEmptyPasswords" => "SUBTREE_SCOPE"})
 run-batch
 EOF

 printDebug "\n\nRunning CLI: \n---\n\n$(cat /tmp/$SECURITY_DOMAIN_NAME.cli)\n\n---\n\n"

 sudo -i -u jboss /apps/jboss-running/bin/jboss-cli.sh --connect --controller=`hostname -I` --file=/tmp/$SECURITY_DOMAIN_NAME.cli

 ## MORE INFO
 ## https://gist.github.com/hasalex/5854155
	#!/bin/bash
	BASEPATH=$(dirname $0)
	source $BASEPATH/functions.sh

	LOGFILE="$LOGPATH/$(basename $0).log"
	exec > >(tee -i $LOGFILE)

	checkSudo

	ARRAY="$@"

	########################################################################
	## Defaults
	CACHETYPE="" ## empty \|\| cache-type=default
	FLAG="sufficient"
	SECURITY_DOMAIN_NAME="templateRemoveMe"
	SECURITY_DOMAIN_LDAP_URL="ldap://localhost"
	SECURITY_DOMAIN_LDAP_USER="cn=admin,dc=hydrogenic,dc=nl"
	SECURITY_DOMAIN_LDAP_PASSWORD="changethis"
	SECURITY_DOMAIN_LDAP_USERS_DN="ou=intern,ou=gebruikers,dc=hydrogenic,dc=nl"
	SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE="(uid={0})"
	SECURITY_DOMAIN_LDAP_ROLES_DN="ou=dev,ou=hdrh,ou=groepen,dc=hydrogenic,dc=nl"
	SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE="(member={1})"
	SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE="cn"
	DEBUG=false
	## Defaults
	########################################################################

	usage(){
	printError "$0 --omgeving <omgeving>"
	printError "=================================="
	printError "========== OPTIONS ==============="
	printError "=================================="
	printError "--omgeving '$OMGEVING'"
	printError "--name '$SECURITY_DOMAIN_NAME'"
	printError "--ldap-url '$SECURITY_DOMAIN_LDAP_URL'"
	printError "--ldap-user '$SECURITY_DOMAIN_LDAP_USER'"
	printError "--ldap-password '$SECURITY_DOMAIN_LDAP_PASSWORD'"
	printError "--ldap-user-dn '$SECURITY_DOMAIN_LDAP_USERS_DN'"
	printError "--ldap-user-attr '$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE'"
	printError "--ldap-role-dn '$SECURITY_DOMAIN_LDAP_ROLES_DN'"
	printError "--ldap-role-attr '$SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE'"
	printError "--ldap-role-user-attr '$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE'"
	printError "=================================="
	printError "--help #show this message"
	printError "--debug #debug output"
	printError "=================================="
	printError "add-wildfly-security-domain.sh --omgeving dev --name omnimapSecurityDomain --ldap-url 'ldap://ldap.hydrogenic.nl' --ldap-password 'example' --ldap-role-dn 'ou=dev,ou=hdrh,ou=groepen,dc=hydrogenic,dc=nl'"
	printError "=================================="
	exit 1
	}

	########################################################################

	OPTS=`getopt -l "omgeving:,name:,ldap-url:,ldap-user:,ldap-password:,ldap-user-dn:,ldap-user-attr:,ldap-role-dn:,ldap-role-attr:,ldap-role-user-attr:,help,debug" -n 'addSecurityDomain.sh' -- "$ARRAY"`

	if [ $? != 0 ] ; then echo "Failed parsing options." >&2 ; exit 1 ; fi

	# eval set -- "$OPTS"

	while true; do
	case "$1" in
	--omgeving ) OMGEVING=$2; shift;shift;;
	--name ) SECURITY_DOMAIN_NAME=$2; shift;shift;;
	--ldap-url ) SECURITY_DOMAIN_LDAP_URL=$2; shift;shift;;
	--ldap-user ) SECURITY_DOMAIN_LDAP_USER=$2; shift;shift;;
	--ldap-password ) SECURITY_DOMAIN_LDAP_PASSWORD=$2; shift;shift;;
	--ldap-user-dn ) SECURITY_DOMAIN_LDAP_USERS_DN=$2; shift;shift;;
	--ldap-user-attr ) SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE=$2; shift;shift;;
	--ldap-role-dn ) SECURITY_DOMAIN_LDAP_ROLES_DN=$2; shift;shift;;
	--ldap-role-attr ) SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE=$2; shift;shift;;
	--ldap-role-user-attr ) SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE=$2; shift;shift;;
	--help ) usage ;;
	--debug ) export DEBUG=true; shift;shift;;
	-- ) shift; break ;;
	* ) break ;;
	esac
	done






	if [[ "y$OMGEVING" == "y" ]]; then
	printError "--omgeving is vereist"
	usage
	fi

	printDebug "OMGEVING=$OMGEVING"
	printDebug "SECURITY_DOMAIN_NAME=$SECURITY_DOMAIN_NAME"
	printDebug "SECURITY_DOMAIN_LDAP_URL=$SECURITY_DOMAIN_LDAP_URL"
	printDebug "SECURITY_DOMAIN_LDAP_USER=$SECURITY_DOMAIN_LDAP_USER"
	printDebug "SECURITY_DOMAIN_LDAP_PASSWORD=$SECURITY_DOMAIN_LDAP_PASSWORD"
	printDebug "SECURITY_DOMAIN_LDAP_USERS_DN=$SECURITY_DOMAIN_LDAP_USERS_DN"
	printDebug "SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE=$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE"
	printDebug "SECURITY_DOMAIN_LDAP_ROLES_DN=$SECURITY_DOMAIN_LDAP_ROLES_DN"
	printDebug "SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE=$SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE"
	printDebug "SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE=$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE"


	if [[ -f /tmp/$SECURITY_DOMAIN_NAME.cli ]]; then
	rm -f /tmp/$SECURITY_DOMAIN_NAME.cli
	fi

	cat > /tmp/$SECURITY_DOMAIN_NAME.cli << EOF
	batch
	/profile=full-ha/subsystem=security/security-domain=$SECURITY_DOMAIN_NAME:add($CACHETYPE)
	/profile=full-ha/subsystem=security/security-domain=$SECURITY_DOMAIN_NAME/authentication=classic:add()
	/profile=full-ha/subsystem=security/security-domain=$SECURITY_DOMAIN_NAME/authentication=classic/login-module=LdapExtended:add(code=LdapExtended,flag=$FLAG,module-options={"java.naming.provider.url" => "$SECURITY_DOMAIN_LDAP_URL","java.naming.factory.initial" => "com.sun.jndi.ldap.LdapCtxFactory","bindDN" => "$SECURITY_DOMAIN_LDAP_USER","bindCredential" => "$SECURITY_DOMAIN_LDAP_PASSWORD","baseCtxDN" => "$SECURITY_DOMAIN_LDAP_USERS_DN","baseFilter" => "$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE","rolesCtxDN" => "$SECURITY_DOMAIN_LDAP_ROLES_DN","roleFilter" => "$SECURITY_DOMAIN_LDAP_ROLE_MEMBER_ATTRIBUTE","roleAttributeID" => "$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE","allowEmptyPasswords" => "SUBTREE_SCOPE"})
	run-batch
	EOF

	printDebug "\n\nRunning CLI: \n---\n\n$(cat /tmp/$SECURITY_DOMAIN_NAME.cli)\n\n---\n\n"

	sudo -i -u jboss /apps/jboss-running/bin/jboss-cli.sh --connect --controller=`hostname -I` --file=/tmp/$SECURITY_DOMAIN_NAME.cli

	## MORE INFO
	## https://gist.github.com/hasalex/5854155