#!/bin/bash
keystore_pd="Huawei@portal.com"
ldapAdmin_pd="huawei@123"
ldapadmin="root"
LANG="en_US.UTF-8" && cd /opt/huawei/portal/conf/certs/truststore
echo "${keystore_pd}" | /opt/huawei/portal/3rdParty/1.3.0/jre/linux_aarch64/bin/keytool -list \
-keystore /opt/huawei/portal/conf/certs/truststore/trust.jks | grep zhc_certs
if [ "$?" -ne 0 ];then
/opt/huawei/portal/3rdParty/1.3.0/jre/linux_aarch64/bin/keytool -import -alias zhc_certs -file /etc/openldap/cacerts/*.crt -keystore trust.jks <<EOF
${keystore_pd}
yes
EOF
/opt/huawei/portal/3rdParty/1.3.0/jre/linux_aarch64/bin/keytool -list -keystore trust.jks <<EOF
${keystore_pd}
EOF
fi
cd /opt/huawei/portal && source profile.hpc
/usr/bin/expect <<-EOF > ~/logfile.bak
spawn /opt/huawei/portal/ac/1.3.0/bin/kmctool.sh encrypt
set timeout 2
expect "*Enter the password to be encrypted*"
send "${ldapAdmin_pd}\r";
expect eof
EOF
domain_name="$(openssl x509 -in /etc/openldap/cacerts/*.crt -text -noout | grep CN= | awk -F"CN=" '{print $2}')"
mid_domain_name="$(openssl x509 -in /etc/openldap/cacerts/*.crt -text -noout | grep CN= | awk -F"CN=" '{print $2}' | awk -F. '{print $2}')"
last_domain_name="$(openssl x509 -in /etc/openldap/cacerts/*.crt -text -noout | grep CN= | awk -F"CN=" '{print $2}' | awk -F. '{print $3}')"
old_ldapadmin_pd="$(grep ^password /opt/huawei/portal/conf/ac/ldap.yml | awk '{print $2}' | sed 's/"//g')"
new_ldapadmin_pd="$(tail -1 ~/logfile.bak| col -b)"
sed -i -e '/ldap01.huawei.com/ s#ldap01.huawei.com#'"${domain_name}"'#g' \
-e '/^password:/ s#'"${old_ldapadmin_pd}"'#'"${new_ldapadmin_pd}"'#g' \
-e 's#^dn.*#dn: "DC='"${mid_domain_name}"',DC='"${last_domain_name}"'"#g' \
-e 's#^userName.*#userName: "dc='"${ldapadmin}"',dc='"${mid_domain_name}"',dc='"${last_domain_name}"'"#g' /opt/huawei/portal/conf/ac/ldap.yml
cat /opt/huawei/portal/conf/ac/ldap.yml
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步