initial public commit
This commit is contained in:
commit
be6ce99519
27 changed files with 312 additions and 0 deletions
8
README
Normal file
8
README
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
Bash scripts for Hackerspace.pl LDAP administration.
|
||||||
|
|
||||||
|
To activate, type bin/activate.
|
||||||
|
|
||||||
|
To get help, type help.
|
||||||
|
|
||||||
|
The effects of issued commands end up in a buffer file, by default ~/.ldap-admin.ldif . To make them persistent, issue the commit command. If successful, it will clear the buffer. Otherwise the buffer will remain unchanged.
|
||||||
|
|
5
bin/activate
Executable file
5
bin/activate
Executable file
|
@ -0,0 +1,5 @@
|
||||||
|
#!/bin/sh
|
||||||
|
#% activate
|
||||||
|
#% Starts an LDAP admin shell. Exit with ^D. Recursion at your own goddamn risk.
|
||||||
|
BIN_DIR=`readlink -f "$0" | xargs dirname`
|
||||||
|
BIN_DIR=$BIN_DIR bash --rcfile $BIN_DIR/../lib/adminrc -s
|
11
bin/add-dn-to-ldap-group
Executable file
11
bin/add-dn-to-ldap-group
Executable file
|
@ -0,0 +1,11 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#% add-dn-to-ldap-group dn group
|
||||||
|
#% Add dn to group. group should be a regular LDAP groupOfNames
|
||||||
|
. $LIB_DIR/common.sh
|
||||||
|
if [[ $# < 2 ]]; then
|
||||||
|
show-usage
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
tag-begin "Add DN $1 to group $2"
|
||||||
|
basic-attr-op add $2 member $1
|
||||||
|
tag-end
|
11
bin/add-to-posix-group
Executable file
11
bin/add-to-posix-group
Executable file
|
@ -0,0 +1,11 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#% add-to-posix-group login group
|
||||||
|
#% Add user (identified by login) to group. group should be a posixGroup
|
||||||
|
. $LIB_DIR/common.sh
|
||||||
|
if [[ $# < 2 ]]; then
|
||||||
|
show-usage
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
tag-begin "Add user $1 to posix group $2"
|
||||||
|
basic-attr-op add "$2" memberUid "$1"
|
||||||
|
tag-end
|
4
bin/add-to-wiki
Executable file
4
bin/add-to-wiki
Executable file
|
@ -0,0 +1,4 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#% add-to-wiki user
|
||||||
|
#% Give user access to wiki.
|
||||||
|
add-user-to-ldap-group $1 'cn=user,dc=wiki,dc=hackerspace,dc=pl'
|
25
bin/add-user
Executable file
25
bin/add-user
Executable file
|
@ -0,0 +1,25 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#% add-user [--full]
|
||||||
|
#% (Interactively) adds a user to LDAP.
|
||||||
|
#% --full : grant full member privileges (add to itanic-shell, xmpp and vpn)
|
||||||
|
. $LIB_DIR/common.sh
|
||||||
|
|
||||||
|
function readvar() {
|
||||||
|
vname=$1
|
||||||
|
prompt=${2:-$1}
|
||||||
|
echo -n "$prompt: "
|
||||||
|
read $vname
|
||||||
|
}
|
||||||
|
|
||||||
|
uid=$((`maxuid`+1))
|
||||||
|
readvar login "Login"
|
||||||
|
readvar cn "Full name"
|
||||||
|
readvar email "Email"
|
||||||
|
|
||||||
|
raw-add-user $login "$cn" "$email"
|
||||||
|
add-to-wiki $login
|
||||||
|
create-posix-group $login $uid
|
||||||
|
|
||||||
|
if [ "$1" = "--full" ]; then
|
||||||
|
grant-member-privileges $login
|
||||||
|
fi
|
9
bin/add-user-to-ldap-group
Executable file
9
bin/add-user-to-ldap-group
Executable file
|
@ -0,0 +1,9 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#% add-user-to-ldap-group login groupdn
|
||||||
|
#% Add user with login=login to group groupdn. groupdn should be a regular LDAP groupOfNames
|
||||||
|
. $LIB_DIR/common.sh
|
||||||
|
if [[ $# < 2 ]]; then
|
||||||
|
show-usage
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
add-dn-to-ldap-group "uid=$1,ou=People,dc=hackerspace,dc=pl" "$2"
|
4
bin/all-users
Executable file
4
bin/all-users
Executable file
|
@ -0,0 +1,4 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#% all-users
|
||||||
|
#% List the logins of all users in LDAP
|
||||||
|
ldapsearch -x -ZZ -b 'ou=People,dc=hackerspace,dc=pl' | grep ^uid: | cut -d' ' -f2
|
11
bin/commit
Executable file
11
bin/commit
Executable file
|
@ -0,0 +1,11 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#% commit
|
||||||
|
#% Attempt to commit the buffer to the LDAP server using your credentials.
|
||||||
|
|
||||||
|
. $LIB_DIR/common.sh
|
||||||
|
ldapmodify -x -ZZ -W -D $ME -f $LDIF_BASE
|
||||||
|
if [ $? -eq 0 ]; then
|
||||||
|
discard
|
||||||
|
else
|
||||||
|
echo "Modification failed!" >&2
|
||||||
|
fi
|
16
bin/create-posix-group
Executable file
16
bin/create-posix-group
Executable file
|
@ -0,0 +1,16 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#% create-posix-group name gid
|
||||||
|
#% Creates a posix group with name and gid
|
||||||
|
. $LIB_DIR/common.sh
|
||||||
|
|
||||||
|
tag-begin "Create group $1 (gid: $2)"
|
||||||
|
push <<EOF
|
||||||
|
dn: cn=$1,ou=Group,dc=hackerspace,dc=pl
|
||||||
|
changetype: add
|
||||||
|
objectClass: posixGroup
|
||||||
|
cn: $1
|
||||||
|
gidNumber: $2
|
||||||
|
userPassword: {crypt}x
|
||||||
|
|
||||||
|
EOF
|
||||||
|
tag-end
|
6
bin/discard
Executable file
6
bin/discard
Executable file
|
@ -0,0 +1,6 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#% discard
|
||||||
|
#% Clear *ALL* pending operations
|
||||||
|
|
||||||
|
read -p "Are you sure you want to discard ALL pending operations? (y/N)"
|
||||||
|
[ "$REPLY" == "y" ] && : > $LDIF_BASE
|
7
bin/enable-itanic-shell
Executable file
7
bin/enable-itanic-shell
Executable file
|
@ -0,0 +1,7 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#% enable-itanic-shell user
|
||||||
|
#% Give user shell access to itanic. User still needs a valid login shell.
|
||||||
|
add-to-posix-group $1 'cn=itanic-shell,ou=Group,dc=hackerspace,dc=pl'
|
||||||
|
msg "A home directory on itanic is needed for $1."
|
||||||
|
msg "You can create it by running:"
|
||||||
|
msg " [itanic ~ #] cp -R /etc/skel /home/$1"
|
7
bin/enable-proliant-shell
Executable file
7
bin/enable-proliant-shell
Executable file
|
@ -0,0 +1,7 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#% enable-proliant-shell user
|
||||||
|
#% Give user shell access to proliant User still needs a valid login shell.
|
||||||
|
add-to-posix-group $1 'cn=proliant-shell,ou=Group,dc=hackerspace,dc=pl'
|
||||||
|
msg "A home directory on itanic is needed for $1."
|
||||||
|
msg "You can create it by running:"
|
||||||
|
msg " [proliant ~ #] cp -R /etc/skel /home/$1"
|
4
bin/enable-vpn
Executable file
4
bin/enable-vpn
Executable file
|
@ -0,0 +1,4 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#% enable-vpn user
|
||||||
|
#% Give user access to VPN
|
||||||
|
add-user-to-ldap-group $1 'cn=vpn-users,ou=Group,dc=hackerspace,dc=pl'
|
4
bin/enable-xmpp
Executable file
4
bin/enable-xmpp
Executable file
|
@ -0,0 +1,4 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#% enable-xmpp user
|
||||||
|
#% Give user access to XMPP.
|
||||||
|
add-user-to-ldap-group $1 'cn=xmpp-users,ou=Group,dc=hackerspace,dc=pl'
|
7
bin/grant-member-privileges
Executable file
7
bin/grant-member-privileges
Executable file
|
@ -0,0 +1,7 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#% grant-member-privileges user
|
||||||
|
#% shortcut - adds user to itanic-shell, vpn-users and xmpp-users.
|
||||||
|
enable-itanic-shell $1
|
||||||
|
enable-xmpp $1
|
||||||
|
enable-vpn $1
|
||||||
|
set-shell $1 /bin/bash
|
10
bin/help
Executable file
10
bin/help
Executable file
|
@ -0,0 +1,10 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#% help [command]
|
||||||
|
#% Describe command. If command is not given, show this message.
|
||||||
|
CMD=${1:-help}
|
||||||
|
grep '^#%.*' `which $CMD` | sed -e "s/^#%//"
|
||||||
|
if [[ "$CMD" == "help" ]]; then
|
||||||
|
echo
|
||||||
|
echo "Available commands are:"
|
||||||
|
ls $BIN_DIR
|
||||||
|
fi
|
4
bin/messages
Executable file
4
bin/messages
Executable file
|
@ -0,0 +1,4 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#% show-messages
|
||||||
|
#% Shows messages recorded by not-yet-commited commands.
|
||||||
|
show-ldif | grep "#!" | sed -e "s/#!//"
|
6
bin/msg
Executable file
6
bin/msg
Executable file
|
@ -0,0 +1,6 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#% msg message
|
||||||
|
#% INTERNAL/DEV: record a message for the admin shell user. It will be emitted upon calling and after commiting changes.
|
||||||
|
. $LIB_DIR/common.sh
|
||||||
|
push <<<"#!`date`: $@"
|
||||||
|
echo "$@"
|
46
bin/raw-add-user
Executable file
46
bin/raw-add-user
Executable file
|
@ -0,0 +1,46 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#% raw-add-user login "Full Name" "email"
|
||||||
|
#% INTERNAL add user
|
||||||
|
|
||||||
|
. $LIB_DIR/common.sh
|
||||||
|
login="$1"
|
||||||
|
cn="$2"
|
||||||
|
email="$3"
|
||||||
|
idnumber=$(( `maxuid` + 1))
|
||||||
|
gecos=`sed -e "y/ąćęłńóśźżĄĆĘŁŃÓŚŹŻ/acelnoszzACELNOSZZ/" <<<"$cn"`
|
||||||
|
read -r gn sn <<<"$cn"
|
||||||
|
|
||||||
|
|
||||||
|
tag-begin "Adding user $login"
|
||||||
|
push <<EOF
|
||||||
|
dn: uid=$login,ou=People,dc=hackerspace,dc=pl
|
||||||
|
changeType: add
|
||||||
|
objectClass: inetLocalMailRecipient
|
||||||
|
objectClass: person
|
||||||
|
objectClass: organizationalPerson
|
||||||
|
objectClass: inetOrgPerson
|
||||||
|
objectClass: posixAccount
|
||||||
|
objectClass: top
|
||||||
|
objectClass: shadowAccount
|
||||||
|
objectClass: ldapPublicKey
|
||||||
|
objectClass: hsMember
|
||||||
|
shadowLastChange: 15022
|
||||||
|
shadowMax: 99999
|
||||||
|
shadowWarning: 7
|
||||||
|
loginShell: /bin/false
|
||||||
|
uidNumber: $idnumber
|
||||||
|
gidNumber: $idnumber
|
||||||
|
homeDirectory: /home/$login
|
||||||
|
cn: $cn
|
||||||
|
gecos: $gecos
|
||||||
|
givenName: $gn
|
||||||
|
surname: $sn
|
||||||
|
uid: $login
|
||||||
|
mail: $email
|
||||||
|
mailRoutingAddress: $email
|
||||||
|
userPassword: {crypt}x
|
||||||
|
mailHost: hackerspace.pl
|
||||||
|
|
||||||
|
EOF
|
||||||
|
tag-end
|
||||||
|
msg "Don't forget to set a password for $login."
|
6
bin/replace-attribute
Executable file
6
bin/replace-attribute
Executable file
|
@ -0,0 +1,6 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#% replace-attribute targetDn attrName newValue
|
||||||
|
#% Replace the value of attribute attrName on targetDn, whatever that happens to mean
|
||||||
|
|
||||||
|
. $LIB_DIR/common.sh
|
||||||
|
basic-attr-op 'replace' $@
|
5
bin/set-shell
Executable file
5
bin/set-shell
Executable file
|
@ -0,0 +1,5 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#% set-shell user [shell]
|
||||||
|
#% Sets the login shell for user to shell (defaults to /bin/bash)
|
||||||
|
loginShell=${2:-/bin/bash}
|
||||||
|
replace-attribute "uid=$1,ou=People,dc=hackerspace,dc=pl" loginShell $loginShell
|
10
bin/show-ldif
Executable file
10
bin/show-ldif
Executable file
|
@ -0,0 +1,10 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#% show-ldif
|
||||||
|
#% Show operations not yet commited in ldif form
|
||||||
|
|
||||||
|
if [ $LDAP_SHELL -ne 1 ]; then
|
||||||
|
echo "Not running in LDAP shell mode" >&2
|
||||||
|
return 1
|
||||||
|
else
|
||||||
|
cat $LDIF_BASE
|
||||||
|
fi
|
10
bin/show-pending
Executable file
10
bin/show-pending
Executable file
|
@ -0,0 +1,10 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#% show-pending
|
||||||
|
#% Show operations not yet commited in symbolic form
|
||||||
|
|
||||||
|
if [ $LDAP_SHELL -ne 1 ]; then
|
||||||
|
echo "Not running in LDAP shell mode" >&2
|
||||||
|
return 1
|
||||||
|
else
|
||||||
|
grep "^#%" $LDIF_BASE | sed -e "s/^#%//"
|
||||||
|
fi
|
6
bin/validate
Executable file
6
bin/validate
Executable file
|
@ -0,0 +1,6 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#% validate
|
||||||
|
#% Attempt to validate the buffer of pending operations.
|
||||||
|
#% This will probably not catch constraint violations and missing DNs. Sorry.
|
||||||
|
|
||||||
|
(ldapmodify -x -n -ZZ -f $LDIF_BASE && echo "Everything seems fine.") || echo "Something's wrong."
|
17
lib/adminrc
Normal file
17
lib/adminrc
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
. ~/.bashrc # for convenience
|
||||||
|
export LDAP_SHELL=1
|
||||||
|
export TAG_PREFIX="#%"
|
||||||
|
export TAG_DEPTH=0
|
||||||
|
export LDIF_BASE=~/.ldap-admin.ldif
|
||||||
|
PS1="(ldap)$PS1"
|
||||||
|
export BASE_DIR="${BIN_DIR%/bin}"
|
||||||
|
export LIB_DIR="$BASE_DIR/lib"
|
||||||
|
export ME="uid=$USER,ou=People,dc=hackerspace,dc=pl"
|
||||||
|
PATH="$PATH:$BIN_DIR"
|
||||||
|
touch $LDIF_BASE
|
||||||
|
chmod 600 $LDIF_BASE
|
||||||
|
|
||||||
|
alias help="$BIN_DIR/help"
|
||||||
|
alias import_common=". $LIB_DIR/common.sh"
|
||||||
|
|
||||||
|
echo "Type \"help\" for available commands."
|
53
lib/common.sh
Normal file
53
lib/common.sh
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
#!/bin/bash
|
||||||
|
LDAP_SHELL=${LDAP_SHELL:-0}
|
||||||
|
function push() {
|
||||||
|
if [ $LDAP_SHELL -ne 1 ]; then
|
||||||
|
cat $@
|
||||||
|
else
|
||||||
|
cat $@ >> $LDIF_BASE
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
function pop() {
|
||||||
|
if [ $LDAP_SHELL -eq 1 ]; then
|
||||||
|
:
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
function discard() {
|
||||||
|
: > $LDIF_BASE
|
||||||
|
}
|
||||||
|
|
||||||
|
function basic-attr-op() {
|
||||||
|
tag-begin "$1 attribute $3 on DN $2 (value $4)"
|
||||||
|
push <<EOF
|
||||||
|
dn: $2
|
||||||
|
changetype: modify
|
||||||
|
$1: $3
|
||||||
|
$3: $4
|
||||||
|
|
||||||
|
EOF
|
||||||
|
tag-end
|
||||||
|
}
|
||||||
|
|
||||||
|
function maxgid() {
|
||||||
|
ldapsearch -x -ZZ -b 'ou=Group,dc=hackerspace,dc=pl' | grep gidNumber | cut -d' ' -f2 | sort -n | tail -n1
|
||||||
|
}
|
||||||
|
|
||||||
|
function maxuid() {
|
||||||
|
ldapsearch -x -ZZ -b 'ou=People,dc=hackerspace,dc=pl' | grep uidNumber | cut -d' ' -f2 | sort -n | tail -n1
|
||||||
|
}
|
||||||
|
|
||||||
|
function show-usage() {
|
||||||
|
$BIN_DIR/help `basename $0`
|
||||||
|
}
|
||||||
|
|
||||||
|
function tag-begin() {
|
||||||
|
push <<<"$TAG_PREFIX`printf "%*c" $((4 * $TAG_DEPTH )) " "; date`: $@"
|
||||||
|
((TAG_DEPTH+=1))
|
||||||
|
}
|
||||||
|
|
||||||
|
function tag-end() {
|
||||||
|
((TAG_DEPTH-=1))
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue