[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: User/group account management scripts



On Fri, Jun 11, 1999 at 02:43:11PM -0400, Kevin Myer wrote:
> Before I whip something up to handle this, I am wondering if someone is
> using a set of scripts to manage users and groups on an LDAP server for
> use with UNIX systems.  I don't particularly feel like reinventing the
> wheel but I need to come up with something that willmodify an LDAP
> directory instead of the /etc/passwd and /etc/group file, like useradd and
> groupadd do.

Here's my useradd replacement script.
-pete


--cut below---
#!/usr/bin/perl -w
#
# copyright(c) 1999 by Peter Royal
# peter.royal@pobox.com
# redistribute under the same license as perl
use strict;

# relates my groups #'s to the name
my %groups = qw(110 Production
             111 Advertising
             112 Editorial
             113 Administration
             114 Business
	     115 Operations);

# user.to.add is a file that has this format
# groupname:Real Name:userid:password
#
open(USERS,'/usr/local/etc/user.to.add') or die "Can't open list o peeps: $!";
# we also create a file to add users to cyrus imap
open(IMAP, '>/tmp/imap') or die "Can't create imap file: $!";
# ldif for the ldap stuff
open(LDAP, '>/tmp/ldap') or die "can't create ldap file: $!";
# shell commands for the home directories
open(CMDS, '>/tmp/cmds') or die "can't create commands file: $!\n";

# setup the authentification stuff for cyrus
print IMAP "proc getpw {} {\n";
print IMAP "     set product [list #USER# #PASSWORD#]\n";
print IMAP '     return $product\n';
print IMAP "}\n";
print IMAP "cyradm connect pinky pinky\n";
print IMAP "pinky authenticate -user root -pwcommand getpw\n";

# change permissions to hide stuff, since above bit has a password in it.
chmod 0660, '/tmp/imap';
chmod 0600, '/tmp/ldap';
chmod 0600, '/tmp/cmds';

while (<USERS>) {
    chomp;
    my($gid,$realname,$username,$password) = split(/:/);
    my $gidNumber = (getgrnam($gid))[2];
    my $uidNumber = inc_uid(get_uid());
    my $cryptpw = crypt($password, join('', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64]));

    # /etc/skel has a skeleton home directory in it.. copy that.
    print CMDS "cd /home\n";
    print CMDS "cp -p -R /etc/skel/ .\n";
    print CMDS "mv skel $username\n";
    print CMDS "chmod 700 /home/$username\n";
    print CMDS "chown $username -R /home/$username\n";
    print CMDS "chgrp $gid -R /home/$username\n";

    # this links the proper login batch file for samba for our users
    print CMDS "/bin/ln -s sys/$gid.bat /home/samba/netlogon/$username.bat\n";
    print CMDS "/bin/chown osi /home/samba/netlogon/$username.bat\n";
    print CMDS "/bin/chgrp osi /home/samba/netlogon/$username.bat\n";

    # create the neccessary mailboxes and give root permission to muck with them
    print IMAP "pinky createmailbox user.$username\n";
    print IMAP "pinky createmailbox user.$username.Drafts\n";
    print IMAP "pinky createmailbox user.$username.Sent\n";
    print IMAP "pinky setaclmailbox user.$username root ad\n";

    # get first/last name
    $_ = $realname;
    my @tmp = split(/\s+/);
    my $sn = $tmp[$#tmp];
    pop(@tmp);
    my $givenname=join(' ',@tmp);

    # ldif stuff
    print LDAP "dn: cn=$realname,ou=People,o=The Independent Florida Alligator, o=Campus Communications Inc., c=US\n";
    print LDAP "uid: $username\n";
    print LDAP "cn: $realname\n";
    print LDAP "sn: $sn\n";
    print LDAP "givenname: $givenname\n";
    print LDAP "objectClass: top\n";
    print LDAP "mail: $username\@alligator.org\n";
    print LDAP "employeeType: Student\n";
    print LDAP "department: $groups{$gidNumber}\n";
    print LDAP "objectClass: alligatorPerson\n";
    print LDAP "objectClass: posixAccount\n";
    print LDAP "objectClass: shadowAccount\n";
    print LDAP "userPassword: {crypt}$cryptpw\n";
    print LDAP "loginShell: /bin/false\n";
    print LDAP "uidNumber: $uidNumber\n";
    print LDAP "gidNumber: $gidNumber\n";
    print LDAP "homeDirectory: /home/$username\n";
    print LDAP "gecos: $realname\n\n";

    # add user to local memo broadcast list
    open(MAIL, "| mail majordomo");
    print MAIL "approve supercede subscribe memos-all $username\@alligator.org\n";
    close(MAIL);
}
close(IMAP);
close(LDAP);
close(CMDS);
do_system("ldapadd","-D","cn=Manager, o=Campus Communications Inc., c=US","-w","#PASSWORD#","-f","/tmp/ldap");
do_system("cyradm","-file","/tmp/imap");
do_system("/bin/sh","/tmp/cmds");
# clean up after us.
#do_system("rm","-f","/tmp/imap /tmp/ldap /tmp/cmds");


# we use this file so we know what the top most UID is..
sub get_uid {
    open(COUNT, '/usr/local/etc/top_uid') or die "could not open uid file: $!\n";
    my $count = <COUNT>;
    close(COUNT);
    return $count;
}

sub inc_uid {
    my $current = shift;
    $current += 1;
    open(COUNT, '>/usr/local/etc/top_uid') or die "could not open uid file: $!\n";
    print COUNT $current;
    close(COUNT);
    return $current;
}

sub do_system {
    system(@_) == 0 or die "system @_ failed: $?\n";
}

-- 
(peter.royal|osi)@pobox.com - http://pobox.com/~osi
"god invented turn signals for a reason"
uin#153025