From be6ce995198e9239f39ac0ebcedd972f85bc847a Mon Sep 17 00:00:00 2001 From: Tomek Dubrownik Date: Sun, 26 Aug 2012 21:33:59 +0200 Subject: [PATCH] initial public commit --- README | 8 ++++++ bin/activate | 5 ++++ bin/add-dn-to-ldap-group | 11 ++++++++ bin/add-to-posix-group | 11 ++++++++ bin/add-to-wiki | 4 +++ bin/add-user | 25 +++++++++++++++++ bin/add-user-to-ldap-group | 9 +++++++ bin/all-users | 4 +++ bin/commit | 11 ++++++++ bin/create-posix-group | 16 +++++++++++ bin/discard | 6 +++++ bin/enable-itanic-shell | 7 +++++ bin/enable-proliant-shell | 7 +++++ bin/enable-vpn | 4 +++ bin/enable-xmpp | 4 +++ bin/grant-member-privileges | 7 +++++ bin/help | 10 +++++++ bin/messages | 4 +++ bin/msg | 6 +++++ bin/raw-add-user | 46 ++++++++++++++++++++++++++++++++ bin/replace-attribute | 6 +++++ bin/set-shell | 5 ++++ bin/show-ldif | 10 +++++++ bin/show-pending | 10 +++++++ bin/validate | 6 +++++ lib/adminrc | 17 ++++++++++++ lib/common.sh | 53 +++++++++++++++++++++++++++++++++++++ 27 files changed, 312 insertions(+) create mode 100644 README create mode 100755 bin/activate create mode 100755 bin/add-dn-to-ldap-group create mode 100755 bin/add-to-posix-group create mode 100755 bin/add-to-wiki create mode 100755 bin/add-user create mode 100755 bin/add-user-to-ldap-group create mode 100755 bin/all-users create mode 100755 bin/commit create mode 100755 bin/create-posix-group create mode 100755 bin/discard create mode 100755 bin/enable-itanic-shell create mode 100755 bin/enable-proliant-shell create mode 100755 bin/enable-vpn create mode 100755 bin/enable-xmpp create mode 100755 bin/grant-member-privileges create mode 100755 bin/help create mode 100755 bin/messages create mode 100755 bin/msg create mode 100755 bin/raw-add-user create mode 100755 bin/replace-attribute create mode 100755 bin/set-shell create mode 100755 bin/show-ldif create mode 100755 bin/show-pending create mode 100755 bin/validate create mode 100644 lib/adminrc create mode 100644 lib/common.sh diff --git a/README b/README new file mode 100644 index 0000000..81532f5 --- /dev/null +++ b/README @@ -0,0 +1,8 @@ +Bash scripts for Hackerspace.pl LDAP administration. + +To activate, type bin/activate. + +To get help, type help. + +The effects of issued commands end up in a buffer file, by default ~/.ldap-admin.ldif . To make them persistent, issue the commit command. If successful, it will clear the buffer. Otherwise the buffer will remain unchanged. + diff --git a/bin/activate b/bin/activate new file mode 100755 index 0000000..fc90366 --- /dev/null +++ b/bin/activate @@ -0,0 +1,5 @@ +#!/bin/sh +#% activate +#% Starts an LDAP admin shell. Exit with ^D. Recursion at your own goddamn risk. +BIN_DIR=`readlink -f "$0" | xargs dirname` +BIN_DIR=$BIN_DIR bash --rcfile $BIN_DIR/../lib/adminrc -s diff --git a/bin/add-dn-to-ldap-group b/bin/add-dn-to-ldap-group new file mode 100755 index 0000000..e705b36 --- /dev/null +++ b/bin/add-dn-to-ldap-group @@ -0,0 +1,11 @@ +#!/bin/bash +#% add-dn-to-ldap-group dn group +#% Add dn to group. group should be a regular LDAP groupOfNames +. $LIB_DIR/common.sh +if [[ $# < 2 ]]; then + show-usage + exit 1 +fi +tag-begin "Add DN $1 to group $2" +basic-attr-op add $2 member $1 +tag-end diff --git a/bin/add-to-posix-group b/bin/add-to-posix-group new file mode 100755 index 0000000..4f33756 --- /dev/null +++ b/bin/add-to-posix-group @@ -0,0 +1,11 @@ +#!/bin/bash +#% add-to-posix-group login group +#% Add user (identified by login) to group. group should be a posixGroup +. $LIB_DIR/common.sh +if [[ $# < 2 ]]; then + show-usage + exit 1 +fi +tag-begin "Add user $1 to posix group $2" +basic-attr-op add "$2" memberUid "$1" +tag-end diff --git a/bin/add-to-wiki b/bin/add-to-wiki new file mode 100755 index 0000000..d9a1254 --- /dev/null +++ b/bin/add-to-wiki @@ -0,0 +1,4 @@ +#!/bin/bash +#% add-to-wiki user +#% Give user access to wiki. +add-user-to-ldap-group $1 'cn=user,dc=wiki,dc=hackerspace,dc=pl' diff --git a/bin/add-user b/bin/add-user new file mode 100755 index 0000000..7e1db3b --- /dev/null +++ b/bin/add-user @@ -0,0 +1,25 @@ +#!/bin/bash +#% add-user [--full] +#% (Interactively) adds a user to LDAP. +#% --full : grant full member privileges (add to itanic-shell, xmpp and vpn) +. $LIB_DIR/common.sh + +function readvar() { + vname=$1 + prompt=${2:-$1} + echo -n "$prompt: " + read $vname +} + +uid=$((`maxuid`+1)) +readvar login "Login" +readvar cn "Full name" +readvar email "Email" + +raw-add-user $login "$cn" "$email" +add-to-wiki $login +create-posix-group $login $uid + +if [ "$1" = "--full" ]; then + grant-member-privileges $login +fi diff --git a/bin/add-user-to-ldap-group b/bin/add-user-to-ldap-group new file mode 100755 index 0000000..9484540 --- /dev/null +++ b/bin/add-user-to-ldap-group @@ -0,0 +1,9 @@ +#!/bin/bash +#% add-user-to-ldap-group login groupdn +#% Add user with login=login to group groupdn. groupdn should be a regular LDAP groupOfNames +. $LIB_DIR/common.sh +if [[ $# < 2 ]]; then + show-usage + exit 1 +fi +add-dn-to-ldap-group "uid=$1,ou=People,dc=hackerspace,dc=pl" "$2" diff --git a/bin/all-users b/bin/all-users new file mode 100755 index 0000000..9a42746 --- /dev/null +++ b/bin/all-users @@ -0,0 +1,4 @@ +#!/bin/bash +#% all-users +#% List the logins of all users in LDAP +ldapsearch -x -ZZ -b 'ou=People,dc=hackerspace,dc=pl' | grep ^uid: | cut -d' ' -f2 diff --git a/bin/commit b/bin/commit new file mode 100755 index 0000000..a48cde4 --- /dev/null +++ b/bin/commit @@ -0,0 +1,11 @@ +#!/bin/bash +#% commit +#% Attempt to commit the buffer to the LDAP server using your credentials. + +. $LIB_DIR/common.sh +ldapmodify -x -ZZ -W -D $ME -f $LDIF_BASE +if [ $? -eq 0 ]; then + discard +else + echo "Modification failed!" >&2 +fi diff --git a/bin/create-posix-group b/bin/create-posix-group new file mode 100755 index 0000000..a9ad845 --- /dev/null +++ b/bin/create-posix-group @@ -0,0 +1,16 @@ +#!/bin/bash +#% create-posix-group name gid +#% Creates a posix group with name and gid +. $LIB_DIR/common.sh + +tag-begin "Create group $1 (gid: $2)" +push < $LDIF_BASE diff --git a/bin/enable-itanic-shell b/bin/enable-itanic-shell new file mode 100755 index 0000000..e5c8562 --- /dev/null +++ b/bin/enable-itanic-shell @@ -0,0 +1,7 @@ +#!/bin/bash +#% enable-itanic-shell user +#% Give user shell access to itanic. User still needs a valid login shell. +add-to-posix-group $1 'cn=itanic-shell,ou=Group,dc=hackerspace,dc=pl' +msg "A home directory on itanic is needed for $1." +msg "You can create it by running:" +msg " [itanic ~ #] cp -R /etc/skel /home/$1" diff --git a/bin/enable-proliant-shell b/bin/enable-proliant-shell new file mode 100755 index 0000000..d9dd071 --- /dev/null +++ b/bin/enable-proliant-shell @@ -0,0 +1,7 @@ +#!/bin/bash +#% enable-proliant-shell user +#% Give user shell access to proliant User still needs a valid login shell. +add-to-posix-group $1 'cn=proliant-shell,ou=Group,dc=hackerspace,dc=pl' +msg "A home directory on itanic is needed for $1." +msg "You can create it by running:" +msg " [proliant ~ #] cp -R /etc/skel /home/$1" diff --git a/bin/enable-vpn b/bin/enable-vpn new file mode 100755 index 0000000..03c327c --- /dev/null +++ b/bin/enable-vpn @@ -0,0 +1,4 @@ +#!/bin/bash +#% enable-vpn user +#% Give user access to VPN +add-user-to-ldap-group $1 'cn=vpn-users,ou=Group,dc=hackerspace,dc=pl' diff --git a/bin/enable-xmpp b/bin/enable-xmpp new file mode 100755 index 0000000..a5ea3a8 --- /dev/null +++ b/bin/enable-xmpp @@ -0,0 +1,4 @@ +#!/bin/bash +#% enable-xmpp user +#% Give user access to XMPP. +add-user-to-ldap-group $1 'cn=xmpp-users,ou=Group,dc=hackerspace,dc=pl' diff --git a/bin/grant-member-privileges b/bin/grant-member-privileges new file mode 100755 index 0000000..6aad73b --- /dev/null +++ b/bin/grant-member-privileges @@ -0,0 +1,7 @@ +#!/bin/bash +#% grant-member-privileges user +#% shortcut - adds user to itanic-shell, vpn-users and xmpp-users. +enable-itanic-shell $1 +enable-xmpp $1 +enable-vpn $1 +set-shell $1 /bin/bash diff --git a/bin/help b/bin/help new file mode 100755 index 0000000..020c8d7 --- /dev/null +++ b/bin/help @@ -0,0 +1,10 @@ +#!/bin/bash +#% help [command] +#% Describe command. If command is not given, show this message. +CMD=${1:-help} +grep '^#%.*' `which $CMD` | sed -e "s/^#%//" +if [[ "$CMD" == "help" ]]; then + echo + echo "Available commands are:" + ls $BIN_DIR +fi diff --git a/bin/messages b/bin/messages new file mode 100755 index 0000000..2b768ea --- /dev/null +++ b/bin/messages @@ -0,0 +1,4 @@ +#!/bin/bash +#% show-messages +#% Shows messages recorded by not-yet-commited commands. +show-ldif | grep "#!" | sed -e "s/#!//" diff --git a/bin/msg b/bin/msg new file mode 100755 index 0000000..2ced794 --- /dev/null +++ b/bin/msg @@ -0,0 +1,6 @@ +#!/bin/bash +#% msg message +#% INTERNAL/DEV: record a message for the admin shell user. It will be emitted upon calling and after commiting changes. +. $LIB_DIR/common.sh +push <<<"#!`date`: $@" +echo "$@" diff --git a/bin/raw-add-user b/bin/raw-add-user new file mode 100755 index 0000000..4c3a5ff --- /dev/null +++ b/bin/raw-add-user @@ -0,0 +1,46 @@ +#!/bin/bash +#% raw-add-user login "Full Name" "email" +#% INTERNAL add user + +. $LIB_DIR/common.sh +login="$1" +cn="$2" +email="$3" +idnumber=$(( `maxuid` + 1)) +gecos=`sed -e "y/ąćęłńóśźżĄĆĘŁŃÓŚŹŻ/acelnoszzACELNOSZZ/" <<<"$cn"` +read -r gn sn <<<"$cn" + + +tag-begin "Adding user $login" +push <&2 + return 1 +else + cat $LDIF_BASE +fi diff --git a/bin/show-pending b/bin/show-pending new file mode 100755 index 0000000..30926b7 --- /dev/null +++ b/bin/show-pending @@ -0,0 +1,10 @@ +#!/bin/bash +#% show-pending +#% Show operations not yet commited in symbolic form + +if [ $LDAP_SHELL -ne 1 ]; then + echo "Not running in LDAP shell mode" >&2 + return 1 +else + grep "^#%" $LDIF_BASE | sed -e "s/^#%//" +fi diff --git a/bin/validate b/bin/validate new file mode 100755 index 0000000..7ba23c0 --- /dev/null +++ b/bin/validate @@ -0,0 +1,6 @@ +#!/bin/bash +#% validate +#% Attempt to validate the buffer of pending operations. +#% This will probably not catch constraint violations and missing DNs. Sorry. + +(ldapmodify -x -n -ZZ -f $LDIF_BASE && echo "Everything seems fine.") || echo "Something's wrong." diff --git a/lib/adminrc b/lib/adminrc new file mode 100644 index 0000000..c89c8b1 --- /dev/null +++ b/lib/adminrc @@ -0,0 +1,17 @@ +. ~/.bashrc # for convenience +export LDAP_SHELL=1 +export TAG_PREFIX="#%" +export TAG_DEPTH=0 +export LDIF_BASE=~/.ldap-admin.ldif +PS1="(ldap)$PS1" +export BASE_DIR="${BIN_DIR%/bin}" +export LIB_DIR="$BASE_DIR/lib" +export ME="uid=$USER,ou=People,dc=hackerspace,dc=pl" +PATH="$PATH:$BIN_DIR" +touch $LDIF_BASE +chmod 600 $LDIF_BASE + +alias help="$BIN_DIR/help" +alias import_common=". $LIB_DIR/common.sh" + +echo "Type \"help\" for available commands." diff --git a/lib/common.sh b/lib/common.sh new file mode 100644 index 0000000..ddf703b --- /dev/null +++ b/lib/common.sh @@ -0,0 +1,53 @@ +#!/bin/bash +LDAP_SHELL=${LDAP_SHELL:-0} +function push() { + if [ $LDAP_SHELL -ne 1 ]; then + cat $@ + else + cat $@ >> $LDIF_BASE + fi +} + +function pop() { + if [ $LDAP_SHELL -eq 1 ]; then + : + fi +} + +function discard() { + : > $LDIF_BASE +} + +function basic-attr-op() { +tag-begin "$1 attribute $3 on DN $2 (value $4)" +push <