3 lib/runtime | 15 ++++++++++++
4 man/man1/ldapaddsudo.1 | 54 +++++++++++++++++++++++++++++++++++++++++++
5 man/man1/ldapdeletesudo.1 | 46 +++++++++++++++++++++++++++++++++++++
6 man/man1/ldapdeleteuser.1 | 5 ++--
7 man/man1/ldapmodifysudo.1 | 57 ++++++++++++++++++++++++++++++++++++++++++++++
8 man/man1/ldapmodifyuser.1 | 15 ++++++++---
9 sbin/ldapdeletesudo | 38 ++++++++++++++++++++++++++++++
10 sbin/ldapdeleteuser | 5 ++++
11 sbin/ldapmodifysudo | 2 -
12 10 files changed, 232 insertions(+), 9 deletions(-)
14 --- a/sbin/ldapdeleteuser
15 +++ b/sbin/ldapdeleteuser
16 @@ -46,6 +46,11 @@ _UDN="$_ENTRY"
18 _ldapdelete "$_UDN" || end_die "Error deleting user $_UDN from LDAP"
21 +# Optionally, delete the sudoer entry if it exists
23 +[ $? -eq 2 ] && end_die "Found sudoEntry for user $_UDN but unable to delete"
25 # Finally, delete this user from all his secondary groups
28 --- a/sbin/ldapmodifysudo
29 +++ b/sbin/ldapmodifysudo
33 -# ldapmodifyuser : modifies a sudo entry in an LDAP directory
34 +# ldapmodifysudo : modifies a sudo entry in an LDAP directory
36 # Copyright (C) 2007-2013 Ganaël LAPLANCHE
37 # Copyright (C) 2014 Stephen Crooks
39 +++ b/sbin/ldapdeletesudo
43 +# ldapdeletesudo : deletes a sudoRole from LDAP
45 +# Copyright (C) 2005 Ganaël LAPLANCHE - Linagora
46 +# Copyright (C) 2006-2013 Ganaël LAPLANCHE
47 +# Copyright (c) 2015 Wind River Systems, Inc.
49 +# This program is free software; you can redistribute it and/or
50 +# modify it under the terms of the GNU General Public License
51 +# as published by the Free Software Foundation; either version 2
52 +# of the License, or (at your option) any later version.
54 +# This program is distributed in the hope that it will be useful,
55 +# but WITHOUT ANY WARRANTY; without even the implied warranty of
56 +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
57 +# GNU General Public License for more details.
59 +# You should have received a copy of the GNU General Public License
60 +# along with this program; if not, write to the Free Software
61 +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
64 +if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]
66 + echo "Usage : $0 <username>"
70 +# Source runtime file
71 +_RUNTIMEFILE="/usr/lib/ldapscripts/runtime"
74 +# Username = first argument
76 +[ $? -eq 0 ] || end_die "Unable to locate or delete sudoUser entry for $1"
78 +end_ok "Successfully deleted sudoUser entry for $1 from LDAP"
79 --- a/man/man1/ldapmodifyuser.1
80 +++ b/man/man1/ldapmodifyuser.1
82 .\" Copyright (C) 2007-2017 Ganaël LAPLANCHE
83 +.\" Copyright (c) 2015 Wind River Systems, Inc.
85 .\" This program is free software; you can redistribute it and/or
86 .\" modify it under the terms of the GNU General Public License
88 .\" ganael.laplanche@martymac.org
89 .\" http://contribs.martymac.org
91 -.TH ldapmodifyuser 1 "August 22, 2007"
92 +.TH ldapmodifyuser 1 "December 8, 2015"
95 ldapmodifyuser \- modifies a POSIX user account in LDAP interactively
100 +.RB <username | uid> [<add | replace | delete> <field> <value>]
103 ldapmodifyuser first looks for the right entry to modify. Once found, the entry is presented and you
104 @@ -34,13 +35,18 @@ are prompted to enter LDIF data to modif
105 The DN of the entry being modified is already specified : just begin with a changeType attribute or any
106 other one(s) of your choice (in this case, the defaut changeType is 'modify').
108 +Alternatively, if an optional "action" argument <add | replace | delete> is given, followed by a
109 +field - value pair then user will not be interactively prompted.
114 +.B <username | uid> [<add | replace | delete> <field> <value>]
115 The name or uid of the user to modify.
116 +The optional "action" pertaining to this user entry.
117 +The field - value pair on which the action needs to be undertaken.
120 -ldapmodifygroup(1), ldapmodifymachine(1), ldapscripts(5).
121 +ldapmodifygroup(1), ldapmodifymachine(1), ldapmodifysudo(1), ldapscripts(5).
124 The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
125 --- a/man/man1/ldapdeleteuser.1
126 +++ b/man/man1/ldapdeleteuser.1
128 .\" Copyright (C) 2006-2017 Ganaël LAPLANCHE
129 +.\" Copyright (c) 2015 Wind River Systems, Inc.
131 .\" This program is free software; you can redistribute it and/or
132 .\" modify it under the terms of the GNU General Public License
134 .\" ganael.laplanche@martymac.org
135 .\" http://contribs.martymac.org
137 -.TH ldapdeleteuser 1 "January 1, 2006"
138 +.TH ldapdeleteuser 1 "December 8, 2015"
141 -ldapdeleteuser \- deletes a POSIX user account from LDAP.
142 +ldapdeleteuser \- deletes a POSIX user account, and its sudo entry, from LDAP.
147 +++ b/man/man1/ldapaddsudo.1
149 +.\" Copyright (C) 2006-2013 Ganaël LAPLANCHE
150 +.\" Copyright (c) 2015 Wind River Systems, Inc.
152 +.\" This program is free software; you can redistribute it and/or
153 +.\" modify it under the terms of the GNU General Public License
154 +.\" as published by the Free Software Foundation; either version 2
155 +.\" of the License, or (at your option) any later version.
157 +.\" This program is distributed in the hope that it will be useful,
158 +.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
159 +.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
160 +.\" GNU General Public License for more details.
162 +.\" You should have received a copy of the GNU General Public License
163 +.\" along with this program; if not, write to the Free Software
164 +.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
167 +.\" Ganael Laplanche
168 +.\" ganael.laplanche@martymac.org
169 +.\" http://contribs.martymac.org
171 +.TH ldapaddsudo 1 "December 8, 2015"
174 +ldapaddsudo \- adds a POSIX user account to the sudoer list in LDAP.
179 +.RB <groupname | gid>
185 +The name of the user to add.
187 +.B <groupname | gid>
188 +The group name or the gid of the user to add.
191 +The uid of the user to add. Automatically computed if not specified.
194 +ldapadduser(1), ldapaddgroup(1), ldapaddmachine(1), ldapscripts(5).
197 +The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
198 +The latest version of the ldapscripts is available on :
199 +.B http://contribs.martymac.org
204 +++ b/man/man1/ldapmodifysudo.1
206 +.\" Copyright (C) 2007-2013 Ganaël LAPLANCHE
207 +.\" Copyright (c) 2015 Wind River Systems, Inc.
209 +.\" This program is free software; you can redistribute it and/or
210 +.\" modify it under the terms of the GNU General Public License
211 +.\" as published by the Free Software Foundation; either version 2
212 +.\" of the License, or (at your option) any later version.
214 +.\" This program is distributed in the hope that it will be useful,
215 +.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
216 +.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
217 +.\" GNU General Public License for more details.
219 +.\" You should have received a copy of the GNU General Public License
220 +.\" along with this program; if not, write to the Free Software
221 +.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
224 +.\" Ganael Laplanche
225 +.\" ganael.laplanche@martymac.org
226 +.\" http://contribs.martymac.org
228 +.TH ldapmodifysudo 1 "December 8, 2015"
231 +ldapmodifysudo \- modifies the sudo entry of a POSIX user account in LDAP interactively
235 +.RB <username | uid> [<add | replace | delete> <field> <value>]
238 +ldapmodifysudo first looks for the right entry to modify. Once found, the entry is presented and you
239 +are prompted to enter LDIF data to modify it as you would do using a standard LDIF file and ldapmodify(1).
240 +The DN of the entry being modified is already specified : just begin with a changeType attribute or any
241 +other one(s) of your choice (in this case, the defaut changeType is 'modify').
243 +Alternatively, if an optional "action" argument <add | replace | delete> is given, followed by a
244 +field - value pair then user will not be interactively prompted.
248 +.B <username | uid> [<add | replace | delete> <field> <value>]
249 +The name or uid of the user to modify.
250 +The optional "action" pertaining to this user entry.
251 +The field - value pair on which the action needs to be undertaken.
254 +ldapmodifygroup(1), ldapmodifymachine(1), ldapmodifyuser(1), ldapscripts(5).
257 +The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
258 +The latest version of the ldapscripts is available on :
259 +.B http://contribs.martymac.org
264 +++ b/man/man1/ldapdeletesudo.1
266 +.\" Copyright (C) 2006-2013 Ganaël LAPLANCHE
267 +.\" Copyright (c) 2015 Wind River Systems, Inc.
269 +.\" This program is free software; you can redistribute it and/or
270 +.\" modify it under the terms of the GNU General Public License
271 +.\" as published by the Free Software Foundation; either version 2
272 +.\" of the License, or (at your option) any later version.
274 +.\" This program is distributed in the hope that it will be useful,
275 +.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
276 +.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
277 +.\" GNU General Public License for more details.
279 +.\" You should have received a copy of the GNU General Public License
280 +.\" along with this program; if not, write to the Free Software
281 +.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
284 +.\" Ganael Laplanche
285 +.\" ganael.laplanche@martymac.org
286 +.\" http://contribs.martymac.org
288 +.TH ldapdeletesudo 1 "December 8, 2015"
291 +ldapdeletesudo \- deletes a sudo entry, for a POSIX user account, in LDAP
295 +.RB <username | uid>
300 +The name or uid of the user to delete.
303 +ldapdeletegroup(1), ldapdeletemachine(1), ldapdeleteuser(1), ldapscripts(5).
306 +The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
307 +The latest version of the ldapscripts is available on :
308 +.B http://contribs.martymac.org
314 @@ -41,12 +41,12 @@ SBINFILES = ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser |
315 ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \
316 ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \
317 ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \
318 - ldaprenameuser ldapmodifysudo
319 + ldaprenameuser ldapmodifysudo ldapdeletesudo
320 MAN1FILES = ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \
321 ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \
322 ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \
323 ldapdeletegroup.1 ldapsetprimarygroup.1 ldapmodifygroup.1 ldaprenamegroup.1 \
324 - ldapaddmachine.1 ldapdeleteuser.1
325 + ldapaddmachine.1 ldapdeleteuser.1 ldapaddsudo.1 ldapmodifysudo.1 ldapdeletesudo.1
326 MAN5FILES = ldapscripts.5
327 TMPLFILES = ldapaddgroup.template.sample ldapaddmachine.template.sample \
328 ldapadduser.template.sample
331 @@ -294,6 +294,21 @@ _ldapdelete () {
335 +# Deletes a sudoUser entry in the LDAP directory
336 +# Input : POSIX username whose sudo entry to delete ($1)
337 +# Output: 0 on successful delete
338 +# 1 on being unable to find sudoUser
339 +# 2 on being unable to delete found sudoUser entry
340 +_ldapdeletesudo () {
341 + [ -z "$1" ] && end_die "_ldapdeletesudo : missing argument"
343 + _findentry "$SUFFIX" "(&(objectClass=sudoRole)(|(cn=$1)(sudoUser=$1)))"
344 + [ -z "$_ENTRY" ] && return 1
346 + # Now delete that entry
347 + _ldapdelete "$_ENTRY" || return 2
350 # Extracts LDIF information from $0 (the current script itself)
351 # selecting lines beginning with $1 occurrences of '#'