[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: User/group account management scripts
On Fri, Jun 11, 1999 at 02:43:11PM -0400, Kevin Myer wrote:
> Before I whip something up to handle this, I am wondering if someone is
> using a set of scripts to manage users and groups on an LDAP server for
> use with UNIX systems. I don't particularly feel like reinventing the
> wheel but I need to come up with something that willmodify an LDAP
> directory instead of the /etc/passwd and /etc/group file, like useradd and
> groupadd do.
Here's my useradd replacement script.
-pete
--cut below---
#!/usr/bin/perl -w
#
# copyright(c) 1999 by Peter Royal
# peter.royal@pobox.com
# redistribute under the same license as perl
use strict;
# relates my groups #'s to the name
my %groups = qw(110 Production
111 Advertising
112 Editorial
113 Administration
114 Business
115 Operations);
# user.to.add is a file that has this format
# groupname:Real Name:userid:password
#
open(USERS,'/usr/local/etc/user.to.add') or die "Can't open list o peeps: $!";
# we also create a file to add users to cyrus imap
open(IMAP, '>/tmp/imap') or die "Can't create imap file: $!";
# ldif for the ldap stuff
open(LDAP, '>/tmp/ldap') or die "can't create ldap file: $!";
# shell commands for the home directories
open(CMDS, '>/tmp/cmds') or die "can't create commands file: $!\n";
# setup the authentification stuff for cyrus
print IMAP "proc getpw {} {\n";
print IMAP " set product [list #USER# #PASSWORD#]\n";
print IMAP ' return $product\n';
print IMAP "}\n";
print IMAP "cyradm connect pinky pinky\n";
print IMAP "pinky authenticate -user root -pwcommand getpw\n";
# change permissions to hide stuff, since above bit has a password in it.
chmod 0660, '/tmp/imap';
chmod 0600, '/tmp/ldap';
chmod 0600, '/tmp/cmds';
while (<USERS>) {
chomp;
my($gid,$realname,$username,$password) = split(/:/);
my $gidNumber = (getgrnam($gid))[2];
my $uidNumber = inc_uid(get_uid());
my $cryptpw = crypt($password, join('', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64]));
# /etc/skel has a skeleton home directory in it.. copy that.
print CMDS "cd /home\n";
print CMDS "cp -p -R /etc/skel/ .\n";
print CMDS "mv skel $username\n";
print CMDS "chmod 700 /home/$username\n";
print CMDS "chown $username -R /home/$username\n";
print CMDS "chgrp $gid -R /home/$username\n";
# this links the proper login batch file for samba for our users
print CMDS "/bin/ln -s sys/$gid.bat /home/samba/netlogon/$username.bat\n";
print CMDS "/bin/chown osi /home/samba/netlogon/$username.bat\n";
print CMDS "/bin/chgrp osi /home/samba/netlogon/$username.bat\n";
# create the neccessary mailboxes and give root permission to muck with them
print IMAP "pinky createmailbox user.$username\n";
print IMAP "pinky createmailbox user.$username.Drafts\n";
print IMAP "pinky createmailbox user.$username.Sent\n";
print IMAP "pinky setaclmailbox user.$username root ad\n";
# get first/last name
$_ = $realname;
my @tmp = split(/\s+/);
my $sn = $tmp[$#tmp];
pop(@tmp);
my $givenname=join(' ',@tmp);
# ldif stuff
print LDAP "dn: cn=$realname,ou=People,o=The Independent Florida Alligator, o=Campus Communications Inc., c=US\n";
print LDAP "uid: $username\n";
print LDAP "cn: $realname\n";
print LDAP "sn: $sn\n";
print LDAP "givenname: $givenname\n";
print LDAP "objectClass: top\n";
print LDAP "mail: $username\@alligator.org\n";
print LDAP "employeeType: Student\n";
print LDAP "department: $groups{$gidNumber}\n";
print LDAP "objectClass: alligatorPerson\n";
print LDAP "objectClass: posixAccount\n";
print LDAP "objectClass: shadowAccount\n";
print LDAP "userPassword: {crypt}$cryptpw\n";
print LDAP "loginShell: /bin/false\n";
print LDAP "uidNumber: $uidNumber\n";
print LDAP "gidNumber: $gidNumber\n";
print LDAP "homeDirectory: /home/$username\n";
print LDAP "gecos: $realname\n\n";
# add user to local memo broadcast list
open(MAIL, "| mail majordomo");
print MAIL "approve supercede subscribe memos-all $username\@alligator.org\n";
close(MAIL);
}
close(IMAP);
close(LDAP);
close(CMDS);
do_system("ldapadd","-D","cn=Manager, o=Campus Communications Inc., c=US","-w","#PASSWORD#","-f","/tmp/ldap");
do_system("cyradm","-file","/tmp/imap");
do_system("/bin/sh","/tmp/cmds");
# clean up after us.
#do_system("rm","-f","/tmp/imap /tmp/ldap /tmp/cmds");
# we use this file so we know what the top most UID is..
sub get_uid {
open(COUNT, '/usr/local/etc/top_uid') or die "could not open uid file: $!\n";
my $count = <COUNT>;
close(COUNT);
return $count;
}
sub inc_uid {
my $current = shift;
$current += 1;
open(COUNT, '>/usr/local/etc/top_uid') or die "could not open uid file: $!\n";
print COUNT $current;
close(COUNT);
return $current;
}
sub do_system {
system(@_) == 0 or die "system @_ failed: $?\n";
}
--
(peter.royal|osi)@pobox.com - http://pobox.com/~osi
"god invented turn signals for a reason"
uin#153025