This file is indexed.

/usr/sbin/ldif2ldap is in 389-ds-base 1.3.3.5-4.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
#!/bin/bash

source /usr/share/dirsrv/data/DSSharedLib

libpath_add ""
libpath_add "/usr/lib/x86_64-linux-gnu"
libpath_add ""
libpath_add "/usr/lib/x86_64-linux-gnu/dirsrv/"

export LD_LIBRARY_PATH
SHLIB_PATH=$LD_LIBRARY_PATH
export SHLIB_PATH
PATH=$PATH:::/usr/bin:/usr/lib64/mozldap

usage ()
{
    echo "Usage: ldif2ldap [-Z serverID] [-D <rootdn>] -w <password> -f <file> [-P protocol] [-h]"
    echo "Options:"
    echo "        -Z serverID  - Server instance identifier"
    echo "        -D rootdn    - Directory Manager DN"
    echo "        -w passwd    - Directory Manager password"
    echo "        -f file      - File containing LDAP entries to add to the server"
    echo "        -P protocol  - STARTTLS, LDAPS, LDAPI, LDAP"
    echo "        -h           - Display usage"
}

while getopts "Z:D:w:f:hP:" flag
do
    case $flag in
        Z) servid=$OPTARG;;
        P) protocol=$OPTARG;;
        D) rootdn=$OPTARG;;
        w) passwd=$OPTARG;;
        f) args=$args"-f $OPTARG"
           input_file=$OPTARG;;
        h) usage
           exit 0;;
        ?) usage
           exit 1;;
    esac
done

if [ "$input_file" == "" ]
then 
    usage
    exit 1
fi

initfile=$(get_init_file "/etc/default" $servid)
if [ $? == 1 ]
then
    usage
    echo "You must supply a valid server instance identifier.  Use -Z to specify instance name"
    echo "Available instances: $initfile"
    exit 1
fi

. $initfile

process_dse $CONFIG_DIR $$
file="/tmp/DSSharedLib.$$"
port=$(grep -i 'nsslapd-port' $file | awk '{print $2}' )
host=$(grep -i 'nsslapd-localhost' $file | awk '{print $2}' )
security=$(grep -i 'nsslapd-security' $file | awk '{print $2}' )
secure_port=$(grep -i 'nsslapd-secureport' $file | awk '{print $2}' )
ldapi=$(grep -i 'nsslapd-ldapilisten' $file | awk '{print $2}' )
ldapiURL=$(grep -i 'nsslapd-ldapifilepath' $file | awk '{print $2}' )
certdir=$(grep -i 'nsslapd-certdir' $file | awk '{print $2}' )
autobind=$(grep -i 'nsslapd-ldapiautobind' $file | awk '{print $2}' )
if [ "$rootdn" == "" ]; then
    value=$(grep -i 'nsslapd-rootdn' $file)
    rootdn=`echo "$value" | sed -e 's/nsslapd-rootdn: //i'`
fi
rm $file

if [ "$ldapiURL" != "" ]; then
    ldapiURL=`echo "$ldapiURL" | sed -e 's/\//%2f/g'`
    ldapiURL="ldapi://"$ldapiURL
fi

client_type=`ldapmodify -V 2>&1`;
echo "$client_type" | grep -q "OpenLDAP"
if  [ $? -eq 0 ]
then
    openldap="yes"
    export LDAPTLS_CACERTDIR=$certdir
fi

if [ -z $security ]; then
    security="off"
fi
revised_protocol=$(check_protocol $protocol $security $ldapi $openldap)
if [ "$revised_protocol" != "$protocol" ]; then
    echo Protocol $protocol requested, but this protocol is not supported
    error="yes"
fi
protocol=$revised_protocol

#
# STARTTLS
#
if [ "$security" == "on" ]; then
    if [ "$protocol" == "STARTTLS" ] || [ "$protocol" == "" ]; then
        if [ "$error" == "yes" ]; then 
            echo "Using the next most secure protocol(STARTTLS)"
        fi
        if [ "$openldap" == "yes" ]; then
            ldapmodify -x -ZZ -p $port -h $host -D $rootdn -w $passwd -a -f $input_file
        else
            ldapmodify -ZZZ -P $certdir -p $port -h $host -D $rootdn -w $passwd -a -f $input_file
        fi
        exit $?
    fi
fi

#
# LDAPS
#
if [ "$security" == "on" ]; then
    if [ "$protocol" == "LDAPS" ] || [ "$protocol" == "" ]; then
        if [ "$error" == "yes" ]; then 
            echo "Using the next most secure protocol(LDAPS)"
        fi
        if [ "$openldap" == "yes" ]; then
            ldapmodify -x -H "ldaps://$host:$secure_port" -D $rootdn -w $passwd -a -f $input_file
        else
            ldapmodify -Z -P $certdir -p $secure_port -h $host -D $rootdn -w $passwd -a -f $input_file 
        fi
        exit $?
    fi
fi

#
# LDAPI
#
if [ "$ldapi" == "on" ] && [ "$openldap" == "yes" ]; then
    if [ "$protocol" == "LDAPI" ] || [ "$protocol" == "" ]; then
        if [ "$(id -u)" == "0" ] && [ "$autobind" == "on" ]; then
            if [ "$error" == "yes" ]; then 
                echo "Using the next most secure protocol(LDAPI/AUTOBIND)"
            fi
            ldapmodify -H $ldapiURL -Y EXTERNAL -a -f $input_file 2>/dev/null
        else
            if [ "$error" == "yes" ]; then 
                echo "Using the next most secure protocol(LDAPI)"
            fi
            ldapmodify -x -H $ldapiURL -D $rootdn -w $passwd -a -f $input_file
        fi
        rc=$?
        if [ $rc != 0 ]
        then
            echo "Operation failed (error $rc)"
        fi
        exit $rc
    fi
fi

#
# LDAP
#
if [ "$protocol" == "LDAP" ] || [ "$protocol" == "" ]; then
    if [ "$error" == "yes" ]; then 
        echo "Using the next most secure protocol(LDAP)"
    fi
    if [ "$openldap" == "yes" ]; then
        ldapmodify -x -p $port -h $host -D $rootdn -w $passwd -a -f $input_file
    else
        ldapmodify -p $port -h $host -D $rootdn -w $passwd -a -f $input_file
    fi
    exit $?
fi

echo ERROR $protocol