Add optional posix group handling to script.
This commit is contained in:
Andreas B. Mundt
parent
dd284d6abd
commit
902a87e258
1 changed files with 12 additions and 5 deletions
|
|
@ -8,7 +8,7 @@ set -eu
|
||||||
usage(){
|
usage(){
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
Usage:
|
Usage:
|
||||||
$(basename $0) adduser <uid> <password> [<given name>] [<family name>]
|
$(basename $0) adduser <uid> <password> [<given name>] [<family name>] [<group>]
|
||||||
$(basename $0) deluser <uid>
|
$(basename $0) deluser <uid>
|
||||||
$(basename $0) delhost <hostname>
|
$(basename $0) delhost <hostname>
|
||||||
$(basename $0) ldapvi
|
$(basename $0) ldapvi
|
||||||
|
|
@ -17,6 +17,7 @@ Usage:
|
||||||
<uid>: User ID (login name)
|
<uid>: User ID (login name)
|
||||||
<password>: Password
|
<password>: Password
|
||||||
<given name>, <family name>: LDAP attributes 'givenName' and 'sn'. If omitted, <uid> is used.
|
<given name>, <family name>: LDAP attributes 'givenName' and 'sn'. If omitted, <uid> is used.
|
||||||
|
<group>: If given, the user is added to this posix group, which must already exist.
|
||||||
<file>: File containing lines of the form:
|
<file>: File containing lines of the form:
|
||||||
|
|
||||||
adduser <uid 1> <password 1> [<given name 1>] [<family name 1>]
|
adduser <uid 1> <password 1> [<given name 1>] [<family name 1>]
|
||||||
|
|
@ -66,6 +67,7 @@ id="$2"
|
||||||
pw="${3:-""}"
|
pw="${3:-""}"
|
||||||
gn="${4:-$2}"
|
gn="${4:-$2}"
|
||||||
sn="${5:-$2}"
|
sn="${5:-$2}"
|
||||||
|
grp="${6:-""}"
|
||||||
|
|
||||||
domain="$(hostname -d)"
|
domain="$(hostname -d)"
|
||||||
|
|
||||||
|
|
@ -125,13 +127,15 @@ gidNumber: ${gidNumber}
|
||||||
##################################
|
##################################
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
cat <<EOF | ldapmodify -H ldapi:/// -D "$LDAPADMIN" -w "$ADPASSWD" | sed '/^$/d'
|
if [ -n "$grp" ] ; then
|
||||||
|
cat <<EOF | ldapmodify -H ldapi:/// -D "$LDAPADMIN" -w "$ADPASSWD" | sed '/^$/d'
|
||||||
############## LDIF ##############
|
############## LDIF ##############
|
||||||
dn: cn=ldapuser,ou=groups,$BASEDN
|
dn: cn=${grp},ou=groups,$BASEDN
|
||||||
add: memberUid
|
add: memberUid
|
||||||
memberUid: ${id}
|
memberUid: ${id}
|
||||||
##################################
|
##################################
|
||||||
EOF
|
EOF
|
||||||
|
fi
|
||||||
|
|
||||||
if [ $KRB5 ] ; then
|
if [ $KRB5 ] ; then
|
||||||
kadmin.local -q "add_principal -policy default -pw \"$pw\" -x dn=\"uid=${id},ou=people,$BASEDN\" ${id}" \
|
kadmin.local -q "add_principal -policy default -pw \"$pw\" -x dn=\"uid=${id},ou=people,$BASEDN\" ${id}" \
|
||||||
|
|
@ -160,13 +164,16 @@ del-user(){
|
||||||
ldapdelete -v -H ldapi:/// -D "$LDAPADMIN" -w "$ADPASSWD" "uid=${id},ou=people,$BASEDN" "cn=${id},ou=groups,$BASEDN" 2>&1 \
|
ldapdelete -v -H ldapi:/// -D "$LDAPADMIN" -w "$ADPASSWD" "uid=${id},ou=people,$BASEDN" "cn=${id},ou=groups,$BASEDN" 2>&1 \
|
||||||
| sed '/ldap_initialize/d'
|
| sed '/ldap_initialize/d'
|
||||||
|
|
||||||
cat <<EOF | ldapmodify -H ldapi:/// -D "$LDAPADMIN" -w "$ADPASSWD" | sed '/^$/d'
|
for grp in $(ldapsearch -Y EXTERNAL -H ldapi:/// -LLL -b "ou=groups,$BASEDN" "(&(objectClass=posixGroup)(memberUid=${id}))" cn 2>/dev/null \
|
||||||
|
| grep cn: | cut -d ' ' -f2) ; do
|
||||||
|
cat <<EOF | ldapmodify -H ldapi:/// -D "$LDAPADMIN" -w "$ADPASSWD" | sed '/^$/d'
|
||||||
############## LDIF ##############
|
############## LDIF ##############
|
||||||
dn: cn=ldapuser,ou=groups,$BASEDN
|
dn: cn=${grp},ou=groups,$BASEDN
|
||||||
delete: memberUid
|
delete: memberUid
|
||||||
memberUid: ${id}
|
memberUid: ${id}
|
||||||
##################################
|
##################################
|
||||||
EOF
|
EOF
|
||||||
|
done
|
||||||
|
|
||||||
if [ -d ${HOMES}/${id:0:1}/${id} ] ; then
|
if [ -d ${HOMES}/${id:0:1}/${id} ] ; then
|
||||||
KEEPDIR="${HOMES}/${id:0:1}/rm_$(date '+%Y%m%d')_${id}"
|
KEEPDIR="${HOMES}/${id:0:1}/rm_$(date '+%Y%m%d')_${id}"
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue