--- /dev/null
+---
+ Makefile | 4 +--
+ lib/runtime | 15 ++++++++++++
+ man/man1/ldapaddsudo.1 | 54 +++++++++++++++++++++++++++++++++++++++++++
+ man/man1/ldapdeletesudo.1 | 46 +++++++++++++++++++++++++++++++++++++
+ man/man1/ldapdeleteuser.1 | 5 ++--
+ man/man1/ldapmodifysudo.1 | 57 ++++++++++++++++++++++++++++++++++++++++++++++
+ man/man1/ldapmodifyuser.1 | 15 ++++++++---
+ sbin/ldapdeletesudo | 38 ++++++++++++++++++++++++++++++
+ sbin/ldapdeleteuser | 5 ++++
+ sbin/ldapmodifysudo | 2 -
+ 10 files changed, 232 insertions(+), 9 deletions(-)
+
+--- a/sbin/ldapdeleteuser
++++ b/sbin/ldapdeleteuser
+@@ -46,6 +46,11 @@ _UDN="$_ENTRY"
+ # Delete entry
+ _ldapdelete "$_UDN" || end_die "Error deleting user $_UDN from LDAP"
+
++
++# Optionally, delete the sudoer entry if it exists
++_ldapdeletesudo $1
++[ $? -eq 2 ] && end_die "Found sudoEntry for user $_UDN but unable to delete"
++
+ # Finally, delete this user from all his secondary groups
+ case $GCLASS in
+ posixGroup)
+--- a/sbin/ldapmodifysudo
++++ b/sbin/ldapmodifysudo
+@@ -1,6 +1,6 @@
+ #!/bin/sh
+
+-# ldapmodifyuser : modifies a sudo entry in an LDAP directory
++# ldapmodifysudo : modifies a sudo entry in an LDAP directory
+
+ # Copyright (C) 2007-2013 Ganaël LAPLANCHE
+ # Copyright (C) 2014 Stephen Crooks
+--- /dev/null
++++ b/sbin/ldapdeletesudo
+@@ -0,0 +1,38 @@
++#!/bin/sh
++
++# ldapdeletesudo : deletes a sudoRole from LDAP
++
++# Copyright (C) 2005 Ganaël LAPLANCHE - Linagora
++# Copyright (C) 2006-2013 Ganaël LAPLANCHE
++# Copyright (c) 2015 Wind River Systems, Inc.
++#
++# This program is free software; you can redistribute it and/or
++# modify it under the terms of the GNU General Public License
++# as published by the Free Software Foundation; either version 2
++# of the License, or (at your option) any later version.
++#
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
++# USA.
++
++if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]
++then
++ echo "Usage : $0 <username>"
++ exit 1
++fi
++
++# Source runtime file
++_RUNTIMEFILE="/usr/lib/ldapscripts/runtime"
++. "$_RUNTIMEFILE"
++
++# Username = first argument
++_ldapdeletesudo "$1"
++[ $? -eq 0 ] || end_die "Unable to locate or delete sudoUser entry for $1"
++
++end_ok "Successfully deleted sudoUser entry for $1 from LDAP"
+--- a/man/man1/ldapmodifyuser.1
++++ b/man/man1/ldapmodifyuser.1
+@@ -1,4 +1,5 @@
+ .\" Copyright (C) 2007-2017 Ganaël LAPLANCHE
++.\" Copyright (c) 2015 Wind River Systems, Inc.
+ .\"
+ .\" This program is free software; you can redistribute it and/or
+ .\" modify it under the terms of the GNU General Public License
+@@ -19,14 +20,14 @@
+ .\" ganael.laplanche@martymac.org
+ .\" http://contribs.martymac.org
+ .\"
+-.TH ldapmodifyuser 1 "August 22, 2007"
++.TH ldapmodifyuser 1 "December 8, 2015"
+
+ .SH NAME
+ ldapmodifyuser \- modifies a POSIX user account in LDAP interactively
+
+ .SH SYNOPSIS
+ .B ldapmodifyuser
+-.RB <username | uid>
++.RB <username | uid> [<add | replace | delete> <field> <value>]
+
+ .SH DESCRIPTION
+ ldapmodifyuser first looks for the right entry to modify. Once found, the entry is presented and you
+@@ -34,13 +35,18 @@ are prompted to enter LDIF data to modif
+ The DN of the entry being modified is already specified : just begin with a changeType attribute or any
+ other one(s) of your choice (in this case, the defaut changeType is 'modify').
+
++Alternatively, if an optional "action" argument <add | replace | delete> is given, followed by a
++field - value pair then user will not be interactively prompted.
++
+ .SH OPTIONS
+ .TP
+-.B <username | uid>
++.B <username | uid> [<add | replace | delete> <field> <value>]
+ The name or uid of the user to modify.
++The optional "action" pertaining to this user entry.
++The field - value pair on which the action needs to be undertaken.
+
+ .SH "SEE ALSO"
+-ldapmodifygroup(1), ldapmodifymachine(1), ldapscripts(5).
++ldapmodifygroup(1), ldapmodifymachine(1), ldapmodifysudo(1), ldapscripts(5).
+
+ .SH AVAILABILITY
+ The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
+--- a/man/man1/ldapdeleteuser.1
++++ b/man/man1/ldapdeleteuser.1
+@@ -1,4 +1,5 @@
+ .\" Copyright (C) 2006-2017 Ganaël LAPLANCHE
++.\" Copyright (c) 2015 Wind River Systems, Inc.
+ .\"
+ .\" This program is free software; you can redistribute it and/or
+ .\" modify it under the terms of the GNU General Public License
+@@ -19,10 +20,10 @@
+ .\" ganael.laplanche@martymac.org
+ .\" http://contribs.martymac.org
+ .\"
+-.TH ldapdeleteuser 1 "January 1, 2006"
++.TH ldapdeleteuser 1 "December 8, 2015"
+
+ .SH NAME
+-ldapdeleteuser \- deletes a POSIX user account from LDAP.
++ldapdeleteuser \- deletes a POSIX user account, and its sudo entry, from LDAP.
+
+ .SH SYNOPSIS
+ .B ldapdeleteuser
+--- /dev/null
++++ b/man/man1/ldapaddsudo.1
+@@ -0,0 +1,54 @@
++.\" Copyright (C) 2006-2013 Ganaël LAPLANCHE
++.\" Copyright (c) 2015 Wind River Systems, Inc.
++.\"
++.\" This program is free software; you can redistribute it and/or
++.\" modify it under the terms of the GNU General Public License
++.\" as published by the Free Software Foundation; either version 2
++.\" of the License, or (at your option) any later version.
++.\"
++.\" This program is distributed in the hope that it will be useful,
++.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
++.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++.\" GNU General Public License for more details.
++.\"
++.\" You should have received a copy of the GNU General Public License
++.\" along with this program; if not, write to the Free Software
++.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
++.\" USA.
++.\"
++.\" Ganael Laplanche
++.\" ganael.laplanche@martymac.org
++.\" http://contribs.martymac.org
++.\"
++.TH ldapaddsudo 1 "December 8, 2015"
++
++.SH NAME
++ldapaddsudo \- adds a POSIX user account to the sudoer list in LDAP.
++
++.SH SYNOPSIS
++.B ldapaddsudo
++.RB <username>
++.RB <groupname | gid>
++.RB [uid]
++
++.SH OPTIONS
++.TP
++.B <username>
++The name of the user to add.
++.TP
++.B <groupname | gid>
++The group name or the gid of the user to add.
++.TP
++.B [uid]
++The uid of the user to add. Automatically computed if not specified.
++
++.SH "SEE ALSO"
++ldapadduser(1), ldapaddgroup(1), ldapaddmachine(1), ldapscripts(5).
++
++.SH AVAILABILITY
++The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
++The latest version of the ldapscripts is available on :
++.B http://contribs.martymac.org
++
++.SH BUGS
++No bug known.
+--- /dev/null
++++ b/man/man1/ldapmodifysudo.1
+@@ -0,0 +1,57 @@
++.\" Copyright (C) 2007-2013 Ganaël LAPLANCHE
++.\" Copyright (c) 2015 Wind River Systems, Inc.
++.\"
++.\" This program is free software; you can redistribute it and/or
++.\" modify it under the terms of the GNU General Public License
++.\" as published by the Free Software Foundation; either version 2
++.\" of the License, or (at your option) any later version.
++.\"
++.\" This program is distributed in the hope that it will be useful,
++.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
++.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++.\" GNU General Public License for more details.
++.\"
++.\" You should have received a copy of the GNU General Public License
++.\" along with this program; if not, write to the Free Software
++.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
++.\" USA.
++.\"
++.\" Ganael Laplanche
++.\" ganael.laplanche@martymac.org
++.\" http://contribs.martymac.org
++.\"
++.TH ldapmodifysudo 1 "December 8, 2015"
++
++.SH NAME
++ldapmodifysudo \- modifies the sudo entry of a POSIX user account in LDAP interactively
++
++.SH SYNOPSIS
++.B ldapmodifysudo
++.RB <username | uid> [<add | replace | delete> <field> <value>]
++
++.SH DESCRIPTION
++ldapmodifysudo first looks for the right entry to modify. Once found, the entry is presented and you
++are prompted to enter LDIF data to modify it as you would do using a standard LDIF file and ldapmodify(1).
++The DN of the entry being modified is already specified : just begin with a changeType attribute or any
++other one(s) of your choice (in this case, the defaut changeType is 'modify').
++
++Alternatively, if an optional "action" argument <add | replace | delete> is given, followed by a
++field - value pair then user will not be interactively prompted.
++
++.SH OPTIONS
++.TP
++.B <username | uid> [<add | replace | delete> <field> <value>]
++The name or uid of the user to modify.
++The optional "action" pertaining to this user entry.
++The field - value pair on which the action needs to be undertaken.
++
++.SH "SEE ALSO"
++ldapmodifygroup(1), ldapmodifymachine(1), ldapmodifyuser(1), ldapscripts(5).
++
++.SH AVAILABILITY
++The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
++The latest version of the ldapscripts is available on :
++.B http://contribs.martymac.org
++
++.SH BUGS
++No bug known.
+--- /dev/null
++++ b/man/man1/ldapdeletesudo.1
+@@ -0,0 +1,46 @@
++.\" Copyright (C) 2006-2013 Ganaël LAPLANCHE
++.\" Copyright (c) 2015 Wind River Systems, Inc.
++.\"
++.\" This program is free software; you can redistribute it and/or
++.\" modify it under the terms of the GNU General Public License
++.\" as published by the Free Software Foundation; either version 2
++.\" of the License, or (at your option) any later version.
++.\"
++.\" This program is distributed in the hope that it will be useful,
++.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
++.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
++.\" GNU General Public License for more details.
++.\"
++.\" You should have received a copy of the GNU General Public License
++.\" along with this program; if not, write to the Free Software
++.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
++.\" USA.
++.\"
++.\" Ganael Laplanche
++.\" ganael.laplanche@martymac.org
++.\" http://contribs.martymac.org
++.\"
++.TH ldapdeletesudo 1 "December 8, 2015"
++
++.SH NAME
++ldapdeletesudo \- deletes a sudo entry, for a POSIX user account, in LDAP
++
++.SH SYNOPSIS
++.B ldapdeletesudo
++.RB <username | uid>
++
++.SH OPTIONS
++.TP
++.B <username | uid>
++The name or uid of the user to delete.
++
++.SH "SEE ALSO"
++ldapdeletegroup(1), ldapdeletemachine(1), ldapdeleteuser(1), ldapscripts(5).
++
++.SH AVAILABILITY
++The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
++The latest version of the ldapscripts is available on :
++.B http://contribs.martymac.org
++
++.SH BUGS
++No bug known.
+--- a/Makefile
++++ b/Makefile
+@@ -41,12 +41,12 @@ SBINFILES = ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser |
+ ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \
+ ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \
+ ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \
+- ldaprenameuser ldapmodifysudo
++ ldaprenameuser ldapmodifysudo ldapdeletesudo
+ MAN1FILES = ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \
+ ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \
+ ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \
+ ldapdeletegroup.1 ldapsetprimarygroup.1 ldapmodifygroup.1 ldaprenamegroup.1 \
+- ldapaddmachine.1 ldapdeleteuser.1
++ ldapaddmachine.1 ldapdeleteuser.1 ldapaddsudo.1 ldapmodifysudo.1 ldapdeletesudo.1
+ MAN5FILES = ldapscripts.5
+ TMPLFILES = ldapaddgroup.template.sample ldapaddmachine.template.sample \
+ ldapadduser.template.sample
+--- a/lib/runtime
++++ b/lib/runtime
+@@ -294,6 +294,21 @@ _ldapdelete () {
+ fi
+ }
+
++# Deletes a sudoUser entry in the LDAP directory
++# Input : POSIX username whose sudo entry to delete ($1)
++# Output: 0 on successful delete
++# 1 on being unable to find sudoUser
++# 2 on being unable to delete found sudoUser entry
++_ldapdeletesudo () {
++ [ -z "$1" ] && end_die "_ldapdeletesudo : missing argument"
++ # Find the entry
++ _findentry "$SUFFIX" "(&(objectClass=sudoRole)(|(cn=$1)(sudoUser=$1)))"
++ [ -z "$_ENTRY" ] && return 1
++
++ # Now delete that entry
++ _ldapdelete "$_ENTRY" || return 2
++}
++
+ # Extracts LDIF information from $0 (the current script itself)
+ # selecting lines beginning with $1 occurrences of '#'
+ # Input : depth ($1)
Code Review / pti / rtp.git / blobdiff