#!/bin/bash ## CONFIGURATION ## realm=EXAMPLE.com principal=bind9@$realm keytab=/root/bind9.keytab domain=example.com basedn='DC=example,DC=com' # add to your /etc/bind/named.conf: # include "/etc/bind/named.conf.activedirectory"; targetfile="/etc/bind/named.conf.activedirectory" export KRB5CCNAME="/tmp/bind9.cc" # keytab can be generated using # $ ktutil # ktutil: addent -password -p bind9@EXAMPLE.COM -k 1 -e aes256-cts-hmac-sha1-96 # Password for bind9@EXAMPLE.COM: # ktutil: wkt bind9.keytab # ktutil: quit ## KERBEROS ## klist 2>&1 | grep $realm | grep '/' > /dev/null if [ "$?" = 1 ]; then expiration=0 else expiration=$(klist | grep $realm | grep '/' | awk -F ' ' '{system ("date -d \""$2"\" +%s")}' | sort | head -n 1) fi now=$(date +%s) if [ "$now" -ge "$expiration" ]; then echo "Getting new ticket, old one expired $expiration, now is $now" kinit -F -k -t $keytab $principal fi ## THE REAL STUFF ## php $(dirname $0)/condfwds.php $domain $basedn > $targetfile.new if [ "$?" != 0 ]; then echo "An error ocurred while trying to synchronize with LDAP" cat $targetfile.new rm $targetfile.new exit 1 fi oldmd5=$(md5sum $targetfile | awk '{print $1}') newmd5=$(md5sum $targetfile.new | awk '{print $1}') if [ "$oldmd5" != "$newmd5" ] then cp $targetfile.new $targetfile service bind9 restart fi rm $targetfile.new exit 0