[debian-edu-commits] [Git][debian-edu/debian-edu-config][personal/gber/fix-ldap-createuser-krb5] ldap-createuser-krb5: add support for additional groups

Guido Berhörster (@gber) gitlab at salsa.debian.org
Mon Aug 7 08:24:11 BST 2023 


Guido Berhörster pushed to branch personal/gber/fix-ldap-createuser-krb5 at Debian Edu / debian-edu-config


Commits:
13e57d3d by Guido Berhoerster at 2023-08-07T09:23:43+02:00
ldap-createuser-krb5: add support for additional groups

- - - - -


1 changed file:

- ldap-tools/ldap-createuser-krb5


Changes:

=====================================
ldap-tools/ldap-createuser-krb5
=====================================
@@ -9,7 +9,7 @@ set -e
 
 function usage {
     cat >&2 <<EOF
-Usage: $0 [-u uid] [-g gid] [-d department] <username> <gecos>
+Usage: $0 [-u uid] [-g gid] [-G group[,group]...] [-d department] <username> <gecos>
   Create a user with a personal group and configure its kerberos
   principal.
 EOF
@@ -22,8 +22,9 @@ fi
 
 NEWUID=
 NEWGID=
+ADDITIONAL_GROUPS=
 DEPT=
-while getopts "d:hg:u:" arg; do
+while getopts "d:hg:G:u:" arg; do
     case $arg in
     d)
         DEPT="${OPTARG}"
@@ -31,6 +32,9 @@ while getopts "d:hg:u:" arg; do
     g)
         NEWGID="${OPTARG}"
         ;;
+    G)
+        ADDITIONAL_GROUPS="${OPTARG}"
+        ;;
     u)
         NEWUID="${OPTARG}"
         ;;
@@ -95,6 +99,7 @@ if [ -z "$NEWGID" ] ; then
     ldif="$ldif
 
 dn: cn=$USERNAME,$GROUPBASE
+changetype: add
 objectClass: top
 objectClass: posixGroup
 cn: $USERNAME
@@ -106,6 +111,7 @@ fi
 ldif="$ldif
 
 dn: uid=$USERNAME,$USERBASE
+changetype: add
 objectClass: top
 objectClass: person
 objectClass: organizationalPerson
@@ -133,9 +139,28 @@ krbPwdPolicyReference: cn=users,cn=${KRB5DOMAIN},cn=kerberos,$(debian-edu-ldapse
 krbPrincipalName: $USERNAME@$KRB5DOMAIN
 "
 
+oIFS="${IFS}"
+IFS=","
+set -- $ADDITIONAL_GROUPS
+IFS="${oIFS}"
+for group; do
+    group_dn="$(ldapsearch -x -LLL -o ldif-wrap=no "(&(objectClass=posixGroup)(cn=$group))" '')"
+    if [ -z "${group_dn}" ]; then
+        echo "group not found: ${group}" >&2
+        continue
+    fi
+    ldif="$ldif
+
+$group_dn
+changetype: modify
+add: memberUid
+memberUid: $USERNAME
+"
+done
+
 echo "$ldif"
 
-if echo "$ldif" | ldapadd -ZZ -D "$admindn" -W -v -x ; then
+if echo "$ldif" | ldapmodify -ZZ -D "$admindn" -W -v -x ; then
 
     # Set the kerberos password
     kadmin.local -q "change_password $USERNAME@$KRB5DOMAIN"



View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/13e57d3d7d94a7a2fe3fe459baa9ab7d96538102

-- 
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/13e57d3d7d94a7a2fe3fe459baa9ab7d96538102
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20230807/8ef35ba0/attachment-0001.htm>

More information about the debian-edu-commits mailing list