3 man/man1/ldapusersetup.1 | 60 +++++++++++
4 sbin/ldapusersetup | 254 +++++++++++++++++++++++++++++++++++++++++++++++
5 3 files changed, 317 insertions(+), 2 deletions(-)
6 create mode 100644 man/man1/ldapusersetup.1
7 create mode 100644 sbin/ldapusersetup
9 diff --git a/sbin/ldapusersetup b/sbin/ldapusersetup
11 index 0000000..27d12dc
13 +++ b/sbin/ldapusersetup
17 +# ldapusersetup : interactive setup for adding users to LDAP
19 +# Copyright (c) 2015 Wind River Systems, Inc.
21 +# This program is free software; you can redistribute it and/or
22 +# modify it under the terms of the GNU General Public License
23 +# as published by the Free Software Foundation; either version 2
24 +# of the License, or (at your option) any later version.
26 +# This program is distributed in the hope that it will be useful,
27 +# but WITHOUT ANY WARRANTY; without even the implied warranty of
28 +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
29 +# GNU General Public License for more details.
31 +# You should have received a copy of the GNU General Public License
32 +# along with this program; if not, write to the Free Software
33 +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
36 +if [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$#" -eq 1 ]
38 + echo "Usage : $0 [-u <username | uid> <field> <value>]
39 +where accepted field(s) are as follows:
40 +--sudo : whether to add this user to sudoer list
41 +--secondgroup <grp> : the secondary group to add this user to
42 +--passmax <value> : the shadowMax value for this user
43 +--passwarning <value> : the shadowWarning value for this user"
47 +# Source runtime file
48 +_RUNTIMEFILE="/usr/lib/ldapscripts/runtime"
52 +_DEFAULTGRP2="sys_protected"
53 +_BASHSHELL="/bin/bash"
54 +_DEFAULTSHADOWMAX="90"
55 +_DEFAULTSHADOWWARNING="2"
58 +### Helper functions ###
60 +# Gets input from user and validates it.
61 +# Will only return if input meets validation
62 +# criteria otherwise will just sit there.
64 +# Input : input string ($1), valid output options ($2)
65 +# Output: the validated input
66 +# Note : the validation list must be an array
68 +declare -a optionAry=("${!2}")
70 + read -p "$1" _output
71 + # convert to lower case
72 + _output2=${_output,,}
73 + # check if output is a valid option
74 + if [[ "${optionAry[@]}" =~ "$_output2" ]]; then
77 + echo "Invalid input \"$_output\". Allowed options: ${optionAry[@]}" >&2
83 +# Delete an ldap user if it exists
84 +# and exit with error
85 +# Input : username ($1), exit msg ($2)
92 +# Add an ldap user and exit on failure
93 +# Input : username ($1)
96 + ldapadduser "$1" users
97 + [ $? -eq 0 ] || end_die "Critical setup error: cannot add user"
100 +# Replace Login Shell and call Rollback on failure
101 +# Input : username ($1), shell to set ($2)
103 +LdapAddLoginShell () {
104 + # Support bash only now.
105 + _SHELL="$_BASHSHELL"
106 + # Replace the login shell
107 + ldapmodifyuser $1 replace loginShell $_SHELL &> /dev/null
108 + [ $? -eq 0 ] || LdapRollback $1 "Critical setup error: cannot set login shell"
111 +# Add user to sudoer list
112 +# Input : username ($1)
113 +# Output : true or false
115 + ldapaddsudo "$1" 2> /dev/null
117 + echo_log "Non critical setup error: cannot add to sudoer list"
120 +# Add user to a secondary user group
121 +# Input : username ($1), user group ($2)
122 +# Output : true or false
123 +LdapSecondaryGroup () {
125 + [ -z "$2" ] && _newGrp=$_DEFAULTGRP2
127 + ldapaddusertogroup $1 $_newGrp
129 + echo_log "Non critical setup error: cannot add $1 to $_newGrp"
132 +# Update shadowMax for user
133 +# Input : username ($1), shadow Max value ($2)
135 +LdapUpdateShadowMax () {
137 + ! [[ "$2" =~ ^[0-9]+$ ]] || [ -z "$2" ] \
138 + && _newShadow=$_DEFAULTSHADOWMAX
140 + ldapmodifyuser $1 replace shadowMax $_newShadow
141 + echo "Updating password expiry to $_newShadow days"
144 +# Update shadowWarning for user
145 +# Input : username ($1), shadow Warning value ($2)
147 +LdapUpdateShadowWarning () {
149 + ! [[ "$2" =~ ^[0-9]+$ ]] || [ -z "$2" ] \
150 + && _newWarning=$_DEFAULTSHADOWWARNING
152 + ldapmodifyuser $1 replace shadowWarning $_newWarning
153 + echo "Updating password expiry to $_newWarning days"
156 +# Since this setup script is meant to be a
157 +# wrapper on top of existing ldap scripts,
158 +# it share invoke those... we could have achieved
159 +# loose coupling by not relying on helpers but
160 +# at the expense of massively redundant code
162 +declare -a helper_scripts=("ldapadduser" "ldapaddsudo" "ldapmodifyuser" "ldapaddusertogroup" "$_BASHSHELL")
164 +# Do some quick sanity tests to make sure
165 +# helper scripts are present
166 +for src in "${helper_scripts[@]}"; do
167 + if ! type "$src" &>/dev/null; then
168 + end_die "Cannot locate $src. Update your PATH variable"
172 +if [ "$#" -eq 0 ]; then
173 + # This setup collects all attributes
174 + # interactively during runtime
175 + echo -n "Enter username to add to LDAP: "
177 + LdapAddUser "$_username"
179 + # Replace the login shell. Only bash is supported now.
180 + LdapAddLoginShell "$_username"
182 + # Should sudo be activated for this user
183 + echo -n "Add $_username to sudoer list? (yes/NO): "
185 + CONFIRM=${CONFIRM,,}
189 + LdapAddSudo "$_username"
192 + # Add to secondary user group
193 + shellInput="Add $_username to secondary user group? (yes/NO): "
194 + options=( "yes", "no" )
195 + CONFIRM=`LdapUserInput "$shellInput" options[@]`
198 + echo -n "Secondary group to add user to? [$_DEFAULTGRP2]: "
200 + LdapSecondaryGroup $_username $_grp2
203 + # Set password expiry
204 + echo -n "Enter days after which user password must \
205 +be changed [$_DEFAULTSHADOWMAX]: "
207 + LdapUpdateShadowMax $_username $_shadowMax
209 + # Set password warning
210 + echo -n "Enter days before password is to expire that \
211 +user is warned [$_DEFAULTSHADOWWARNING]: "
212 + read _shadowWarning
213 + LdapUpdateShadowWarning $_username $_shadowWarning
216 + # we have to read command line option
222 + -u|--user) # compulsory
229 + --passmax) # optional
233 + --passwarning) # optional
234 + _shadowWarning="$2"
237 + --secondgroup) # optional
250 + [ -z "$_username" ] && end_die "No username argument specified"
251 + LdapAddUser $_username
253 + # Change Login Shell
254 + LdapAddLoginShell $_username "$_loginshell"
256 + # Add sudo if required
259 + LdapAddSudo "$_username"
262 + # Add secondary group if required
263 + [ -z "$_grpConfirm" ] || LdapSecondaryGroup $_username $_grp2
265 + # Password modifications
266 + LdapUpdateShadowMax $_username $_shadowMax
267 + LdapUpdateShadowWarning $_username $_shadowWarning
269 diff --git a/Makefile b/Makefile
270 index f81c272..6e5b193 100644
273 @@ -41,12 +41,13 @@ SBINFILES = ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser l
274 ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \
275 ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \
276 ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \
277 - ldaprenameuser ldapmodifysudo ldapdeletesudo
278 + ldaprenameuser ldapmodifysudo ldapdeletesudo ldapusersetup
279 MAN1FILES = ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \
280 ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \
281 ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \
282 ldapdeletegroup.1 ldapsetprimarygroup.1 ldapmodifygroup.1 ldaprenamegroup.1 \
283 - ldapaddmachine.1 ldapdeleteuser.1 ldapaddsudo.1 ldapmodifysudo.1 ldapdeletesudo.1
284 + ldapaddmachine.1 ldapdeleteuser.1 ldapaddsudo.1 ldapmodifysudo.1 \
285 + ldapdeletesudo.1 ldapusersetup.1
286 MAN5FILES = ldapscripts.5
287 TMPLFILES = ldapaddgroup.template.sample ldapaddmachine.template.sample \
288 ldapadduser.template.sample
289 diff --git a/man/man1/ldapusersetup.1 b/man/man1/ldapusersetup.1
291 index 0000000..9b3129b
293 +++ b/man/man1/ldapusersetup.1
295 +.\" Copyright (c) 2015 Wind River Systems, Inc.
297 +.\" This program is free software; you can redistribute it and/or
298 +.\" modify it under the terms of the GNU General Public License
299 +.\" as published by the Free Software Foundation; either version 2
300 +.\" of the License, or (at your option) any later version.
302 +.\" This program is distributed in the hope that it will be useful,
303 +.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
304 +.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
305 +.\" GNU General Public License for more details.
307 +.\" You should have received a copy of the GNU General Public License
308 +.\" along with this program; if not, write to the Free Software
309 +.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
313 +.\" knasim@windriver.com
315 +.TH ldapusersetup 1 "December 16, 2015"
318 +ldapusersetup \- wizard for adding an LDAP user to CGCS.
324 +ldapusersetup interactively walks through the process of creating an LDAP user
325 +for access to CGCS services. The user is prompted for:
327 +- if a sudoEntry needs to be created
328 +- if a secondary user group needs to be added
329 +- user password expiry and warning configuration
330 +Alternatively, the user may provide these parameters as command line actions.
331 +Look at the OPTIONS section for more information.
333 +To delete the user and all its group associations, simply use ldapdeleteuser(1)
337 +.B [-u <username | uid> <field> <value>]
338 +The name or uid of the user to modify.
339 +The following fields are available as long format options:
340 +--sudo : whether to add this user to sudoer list
341 +--secondgroup <grp> : the secondary group to add this user to
342 +--passmax <value> : the shadowMax value for this user
343 +--passwarning <value> : the shadowWarning value for this user"
346 +ldapdeleteuser(1), ldapaddgroup(1), ldapaddusertogroup(1), ldapmodifyuser(1), ldapscripts(5).
349 +The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
350 +The latest version of the ldapscripts is available on :
351 +.B http://contribs.martymac.org