Implement posix group for all users in LDAP.
This commit is contained in:
Andreas B. Mundt
parent
43cb4dcf13
commit
8c896c90e6
2 changed files with 36 additions and 0 deletions
|
|
@ -92,6 +92,16 @@
|
|||
bind_dn: "cn=admin,{{ basedn }}"
|
||||
bind_pw: "{{ ldap_admin_pwd['content'] | b64decode | replace('\n', '') }}"
|
||||
|
||||
- name: add group for all ldapusers
|
||||
ldap_entry:
|
||||
dn: "cn=ldapuser,ou=groups,{{ basedn }}"
|
||||
objectClass:
|
||||
- posixGroup
|
||||
attributes:
|
||||
gidNumber: 18000
|
||||
bind_dn: "cn=admin,{{ basedn }}"
|
||||
bind_pw: "{{ ldap_admin_pwd['content'] | b64decode | replace('\n', '') }}"
|
||||
|
||||
- name: provide simple script to manage ldap/kdc
|
||||
template:
|
||||
src: debian-lan.j2
|
||||
|
|
@ -128,6 +138,15 @@
|
|||
bind_pw: "{{ ldap_admin_pwd['content'] | b64decode | replace('\n', '') }}"
|
||||
when: foo_pwd is defined and foo_pwd | length > 0
|
||||
|
||||
- name: add dummy user foo to group ldapuser
|
||||
ldap_attr:
|
||||
dn: "cn=ldapuser,ou=groups,{{ basedn }}"
|
||||
name: memberUid
|
||||
values: foo
|
||||
bind_dn: "cn=admin,{{ basedn }}"
|
||||
bind_pw: "{{ ldap_admin_pwd['content'] | b64decode | replace('\n', '') }}"
|
||||
when: foo_pwd is defined and foo_pwd | length > 0
|
||||
|
||||
- name: allow ldap service in firewalld
|
||||
firewalld:
|
||||
zone: internal
|
||||
|
|
|
|||
|
|
@ -123,6 +123,14 @@ dn: cn=${id},ou=groups,$BASEDN
|
|||
objectClass: posixGroup
|
||||
gidNumber: ${gidNumber}
|
||||
##################################
|
||||
EOF
|
||||
|
||||
cat <<EOF | ldapmodify -H ldapi:/// -D "$LDAPADMIN" -w "$ADPASSWD" | sed '/^$/d'
|
||||
############## LDIF ##############
|
||||
dn: cn=ldapuser,ou=groups,$BASEDN
|
||||
add: memberUid
|
||||
memberUid: ${id}
|
||||
##################################
|
||||
EOF
|
||||
|
||||
if [ $KRB5 ] ; then
|
||||
|
|
@ -132,6 +140,7 @@ EOF
|
|||
echo "uidNumber: ${uidNumber} gidNumber: ${gidNumber}"
|
||||
cp -r /etc/skel ${HOMES}/${id}
|
||||
chown -R ${uidNumber}:${gidNumber} ${HOMES}/${id}
|
||||
#chmod -R o= ${HOMES}/${id}
|
||||
ls -nld ${HOMES}/${id}
|
||||
fi
|
||||
fi
|
||||
|
|
@ -150,6 +159,14 @@ del-user(){
|
|||
ldapdelete -v -H ldapi:/// -D "$LDAPADMIN" -w "$ADPASSWD" "uid=${id},ou=people,$BASEDN" "cn=${id},ou=groups,$BASEDN" 2>&1 \
|
||||
| sed '/ldap_initialize/d'
|
||||
|
||||
cat <<EOF | ldapmodify -H ldapi:/// -D "$LDAPADMIN" -w "$ADPASSWD" | sed '/^$/d'
|
||||
############## LDIF ##############
|
||||
dn: cn=ldapuser,ou=groups,$BASEDN
|
||||
delete: memberUid
|
||||
memberUid: ${id}
|
||||
##################################
|
||||
EOF
|
||||
|
||||
if [ -d ${HOMES}/${id} ] ; then
|
||||
KEEPDIR="${HOMES}/rm_$(date '+%Y%m%d')_${id}"
|
||||
mv ${HOMES}/${id} "${KEEPDIR}"
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue