[debian-edu-commits] [Git][debian-edu/debian-edu-config][personal/gber/fix-ldap-createuser-krb5] ldap-createuser-krb5: add support for additional groups
Guido Berhörster (@gber)
gitlab at salsa.debian.org
Mon Aug 7 08:24:11 BST 2023
Guido Berhörster pushed to branch personal/gber/fix-ldap-createuser-krb5 at Debian Edu / debian-edu-config
Commits:
13e57d3d by Guido Berhoerster at 2023-08-07T09:23:43+02:00
ldap-createuser-krb5: add support for additional groups
- - - - -
1 changed file:
- ldap-tools/ldap-createuser-krb5
Changes:
=====================================
ldap-tools/ldap-createuser-krb5
=====================================
@@ -9,7 +9,7 @@ set -e
function usage {
cat >&2 <<EOF
-Usage: $0 [-u uid] [-g gid] [-d department] <username> <gecos>
+Usage: $0 [-u uid] [-g gid] [-G group[,group]...] [-d department] <username> <gecos>
Create a user with a personal group and configure its kerberos
principal.
EOF
@@ -22,8 +22,9 @@ fi
NEWUID=
NEWGID=
+ADDITIONAL_GROUPS=
DEPT=
-while getopts "d:hg:u:" arg; do
+while getopts "d:hg:G:u:" arg; do
case $arg in
d)
DEPT="${OPTARG}"
@@ -31,6 +32,9 @@ while getopts "d:hg:u:" arg; do
g)
NEWGID="${OPTARG}"
;;
+ G)
+ ADDITIONAL_GROUPS="${OPTARG}"
+ ;;
u)
NEWUID="${OPTARG}"
;;
@@ -95,6 +99,7 @@ if [ -z "$NEWGID" ] ; then
ldif="$ldif
dn: cn=$USERNAME,$GROUPBASE
+changetype: add
objectClass: top
objectClass: posixGroup
cn: $USERNAME
@@ -106,6 +111,7 @@ fi
ldif="$ldif
dn: uid=$USERNAME,$USERBASE
+changetype: add
objectClass: top
objectClass: person
objectClass: organizationalPerson
@@ -133,9 +139,28 @@ krbPwdPolicyReference: cn=users,cn=${KRB5DOMAIN},cn=kerberos,$(debian-edu-ldapse
krbPrincipalName: $USERNAME@$KRB5DOMAIN
"
+oIFS="${IFS}"
+IFS=","
+set -- $ADDITIONAL_GROUPS
+IFS="${oIFS}"
+for group; do
+ group_dn="$(ldapsearch -x -LLL -o ldif-wrap=no "(&(objectClass=posixGroup)(cn=$group))" '')"
+ if [ -z "${group_dn}" ]; then
+ echo "group not found: ${group}" >&2
+ continue
+ fi
+ ldif="$ldif
+
+$group_dn
+changetype: modify
+add: memberUid
+memberUid: $USERNAME
+"
+done
+
echo "$ldif"
-if echo "$ldif" | ldapadd -ZZ -D "$admindn" -W -v -x ; then
+if echo "$ldif" | ldapmodify -ZZ -D "$admindn" -W -v -x ; then
# Set the kerberos password
kadmin.local -q "change_password $USERNAME@$KRB5DOMAIN"
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/13e57d3d7d94a7a2fe3fe459baa9ab7d96538102
--
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/13e57d3d7d94a7a2fe3fe459baa9ab7d96538102
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20230807/8ef35ba0/attachment-0001.htm>
More information about the debian-edu-commits
mailing list