Re: bash script for adding computers

[Jim C <jcllings@tsunamicomm.net>]

I've already given this a try.  Either the bash "here" document isn't 
working as described or I've got the syntax wrong (always a possibility) 
or ldapadd is not set up for it... Something makes me think that ldapadd 
might just be a wrapper for ldapmodify.  If this were true then perhaps 
the correct route might be to go straight to ldapmodify and not use 
ldapadd at all.  This also might help explain why previous attempts to 
write bash scripts for this purpose have not gone so well.

Another idea might be that we can create (or borrow?) a file descriptor 
(without createing a file?) and thus fake the existance of a file.  If 
we can do this and then store the ldif portion of the script in it, we 
might then be able to pass it to ldapadd.  This is essentially what the 
here document does but I am implying that there might be another way to 
do it, i.e. that the here documents functionality might be composed of 
other functionalities that exist outside of the here document.

Yet another idea is to create the ldif file in memory instead of on 
disk, if that were possible.

Lastly, I would like to mention that the script below could be 
re-enginered as an addendum to the /etc/init.d/ldap startup script such 
that the value of the next available user id could be maintained in a 
shell variable.  Something to think about, although I am not sure how 
desireable it would be.  There might be security issues (i.e. Do users 
have write access to root's shell varialbes?) or perhaps locking issues 
if things get dicey.

Jim C.

Aaron wrote:
> It reads from standart input. Try:
> ldapadd -x -D $binddn -w $pw4binddn << EOF
> #stuff you want to do here
> EOF
>
> -Aaron
>
> Try
> --- Jim C <jcllings@tsunamicomm.net> wrote:
>
> > OK, I've gotten this far on the bash script I was
> > writing to add a
> > machine.  It searches the base for uidNumbers, it
> > sorts the numbers from
> > largest to smallest, takes the first one and adds
> > one to it.  No sweat
> > right?
> >
> > Here is the kicker,how do you get the data to
> > ldapadd without creating
> > an ldif file?  I've tried an assortment of
> > redirection techniques and 
> > I've also tried the bash "here" document.  In
> > theory, this should be 
> > possible but I am having a really tough time
> > figureing out the syntax.
> >
> > #!/bin/bash
> >
> > binddn="cn=root,dc=microverse,dc=net"
> > pw4binddn="passwordgoeshere"
> > ldaphost="ldap://localhost";
> > base="ou=Computers,dc=microverse,dc=net"
> > minimumUID=500
> > groupnum=421
> >
> > store=`ldapsearch -LLL -D $binddn -H $ldaphost
> > -b$base -x "(cn=*)"
> > uidNumber | \
> >                                                 
> > grep uidNumber | \
> >                                                 
> > sed -e 's/^uidNumber:
> > //' | sort -nr | head -n 1`
> >
> > #It is best not to start at 0 or 1 as these could be
> > privledged.
> >
> > if [ "$store" = "" ]
> >          then
> >          store=$minimumUID
> > else
> >          store=`expr $store + 1`
> > fi
> >
> > #ldapadd -x -D $binddn -w $pw4binddn
> > line1="dn:
> > uid=$1,ou=Computers,dc=microverse,dc=net\n";
> > line2="objectClass: top\n"
> > line3="objectClass: account\n"
> > line4="objectClass: posixAccount\n"
> > line5="uidNumber: $store\n"
> > line6="uid: $1\n"
> > line7="cn: $1\n"
> > line8="gidNumber: $groupnum\n"
> > line9="homeDirectory: /dev/null\n"
> > line10="loginShell: /bin/false\n"
> > line11="gecos: Machine Account\n"
> > line12="description: Machine Account\n"
> >
> > cat $line1 $line2 $line3 $line4 $line5 $line6 $line7
> > $line8 $line9
> > $line10 $line11 $line12 > ldapadd -x -D $binddn -w
> > $pw4binddn
> >
> > echo -e
>
> $line1$line2$line3$line4$line5$line6$line7$line8$line9$line10$line11$line12
>
> >
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com