X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=ud-useradd;h=c51c944313cc7d0a1afefd294d6f04609eccbafa;hb=a2a411f850434571a393c4de5a15f0840eda55ad;hp=6c2e19d4f43286566b79793b6067a4c1d0ab6f53;hpb=e0e50b8b7715311495617621fec4e2ed64a35bfe;p=mirror%2Fuserdir-ldap.git diff --git a/ud-useradd b/ud-useradd index 6c2e19d..c51c944 100755 --- a/ud-useradd +++ b/ud-useradd @@ -9,15 +9,17 @@ from userdir_gpg import *; # this, one is to fetch all the entires and pick the highest, the other # is to randomly guess uids until one is free. This uses the former. # Regrettably ldap doesn't have an integer attribute comparision function -# so we can only cut the search down slightly +# so we can only cut the search down slightly + +# [JT] This is broken with Woody LDAP and the Schema; for now just +# search through all UIDs. def GetFreeID(l): - HighestUID = 1400; - Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL, - "uidnumber>="+str(HighestUID),["uidnumber"]); + Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL, + "uidNumber=*",["uidNumber"]); HighestUID = 0; for I in Attrs: - ID = int(GetAttr(I,"uidnumber","0")); - if ID > HighestUID: + ID = int(GetAttr(I,"uidNumber","0")); + if ID > HighestUID: HighestUID = ID; return HighestUID + 1; @@ -67,8 +69,8 @@ while (1): print "A matching key was found:" GPGPrintKeyInfo(Keys[0]); break; - -# Crack up the email address from the key into a best guess + +# Crack up the email address from the key into a best guess # first/middle/last name Addr = SplitEmail(Keys[0][2]); (cn,mn,sn) = NameSplit(re.sub('["]','',Addr[0])) @@ -76,8 +78,8 @@ email = Addr[1] + '@' + Addr[2]; account = Addr[1]; privsub = email; -gidnumber = str(DefaultGID); -uidnumber = 0; +gidNumber = str(DefaultGID); +uidNumber = 0; # Decide if we should use IDEA encryption UsePGP2 = 0; @@ -89,7 +91,7 @@ while len(Keys[0][1]) < 40: if Res == "": break; -Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"keyfingerprint=" + Keys[0][1]); +Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"keyFingerPrint=" + Keys[0][1]); if len(Attrs) != 0: print "*** This key already belongs to",GetAttr(Attrs[0],"uid"); account = GetAttr(Attrs[0],"uid"); @@ -108,10 +110,10 @@ while 1: if Res == "yes": # Update mode, fetch the default values from the directory Update = 1; - privsub = GetAttr(Attrs[0],"privatesub"); - gidnumber = GetAttr(Attrs[0],"gidnumber"); - uidnumber = GetAttr(Attrs[0],"uidnumber"); - email = GetAttr(Attrs[0],"emailforward"); + privsub = GetAttr(Attrs[0],"privateSub"); + gidNumber = GetAttr(Attrs[0],"gidNumber"); + uidNumber = GetAttr(Attrs[0],"uidNumber"); + email = GetAttr(Attrs[0],"emailForward"); cn = GetAttr(Attrs[0],"cn"); sn = GetAttr(Attrs[0],"sn"); mn = GetAttr(Attrs[0],"mn"); @@ -139,13 +141,13 @@ if Res != "": privsub = Res; # GID -Res = raw_input("Group ID Number [" + gidnumber + "]? "); +Res = raw_input("Group ID Number [" + gidNumber + "]? "); if Res != "": - gidnumber = Res; + gidNumber = Res; # UID -if uidnumber == 0: - uidnumber = GetFreeID(l); +if uidNumber == 0: + uidNumber = GetFreeID(l); # Generate a random password if Update == 0 or ForceMail == 1: @@ -170,14 +172,14 @@ else: Pass = None; # Now we have all the bits of information. -if mn != "": +if mn != "": FullName = "%s %s %s" % (cn,mn,sn); else: FullName = "%s %s" % (cn,sn); print "------------"; print "Final information collected:" print " %s <%s@%s>:" % (FullName,account,EmailAppend); -print " Assigned UID:",uidnumber," GID:", gidnumber; +print " Assigned UID:",uidNumber," GID:", gidNumber; print " Email forwarded to:",email; print " Private Subscription:",privsub; print " GECOS Field: \"%s,,,,\"" % (FullName); @@ -196,64 +198,68 @@ Subst["__LOGIN__"] = account; Subst["__PRIVATE__"] = privsub; Subst["__EMAIL__"] = email; Subst["__PASSWORD__"] = CryptedPass; -#Subst["__LISTPASS__"] = string.strip(open(pwd.getpwuid(os.getuid())[5]+"/.debian-lists_passwd","r").read()); - -# Generate the LDAP request -Rec = [(ldap.MOD_REPLACE,"uid",account), - (ldap.MOD_REPLACE,"uidNumber",str(uidnumber)), - (ldap.MOD_REPLACE,"gidNumber",str(gidnumber)), - (ldap.MOD_REPLACE,"gecos",FullName+",,,,"), - (ldap.MOD_REPLACE,"loginShell","/bin/bash"), - (ldap.MOD_REPLACE,"keyfingerprint",Keys[0][1]), - (ldap.MOD_REPLACE,"cn",cn), - (ldap.MOD_REPLACE,"mn",mn), - (ldap.MOD_REPLACE,"sn",sn), - (ldap.MOD_REPLACE,"emailforward",email), - (ldap.MOD_REPLACE,"shadowLastChange",str(int(time.time()/24/60/60))), - (ldap.MOD_REPLACE,"shadowMin","0"), - (ldap.MOD_REPLACE,"shadowMax","99999"), - (ldap.MOD_REPLACE,"shadowWarning","7"), - (ldap.MOD_REPLACE,"shadowInactive",""), - (ldap.MOD_REPLACE,"shadowExpire","")]; -if privsub != " ": - Rec.append((ldap.MOD_REPLACE,"privatesub",privsub)); -if Pass != None: - Rec.append((ldap.MOD_REPLACE,"userPassword","{crypt}"+Pass)); -# Submit the modification request +# Submit the modification request Dn = "uid=" + account + "," + BaseDn; print "Updating LDAP directory..", sys.stdout.flush(); -try: - l.add_s(Dn,[("uid",account), - ("objectclass","top"), - ("objectclass","account"), - ("objectclass","posixAccount"), - ("objectclass","shadowAccount"), - ("objectclass","debiandeveloper")]); -except ldap.ALREADY_EXISTS: - pass; -# Send the modify request -l.modify_s(Dn,Rec); +if Update == 0: + # New account + Details = [("uid",account), + ("objectClass", + ("top","inetOrgPerson","debianAccount","shadowAccount","debianDeveloper")), + ("uidNumber",str(uidNumber)), + ("gidNumber",str(gidNumber)), + ("gecos",FullName+",,,,"), + ("loginShell","/bin/bash"), + ("keyFingerPrint",Keys[0][1]), + ("cn",cn), + ("sn",sn), + ("emailForward",email), + ("shadowLastChange",str(int(time.time()/24/60/60))), + ("shadowMin","0"), + ("shadowMax","99999"), + ("shadowWarning","7"), + ("privateSub",privsub), + ("userPassword","{crypt}"+Pass)]; + if mn: + Details.append(("mn",mn)); + l.add_s(Dn,Details); +else: + # Modification + Rec = [(ldap.MOD_REPLACE,"uidNumber",str(uidNumber)), + (ldap.MOD_REPLACE,"gidNumber",str(gidNumber)), + (ldap.MOD_REPLACE,"gecos",FullName+",,,,"), + (ldap.MOD_REPLACE,"loginShell","/bin/bash"), + (ldap.MOD_REPLACE,"keyFingerPrint",Keys[0][1]), + (ldap.MOD_REPLACE,"cn",cn), + (ldap.MOD_REPLACE,"mn",mn), + (ldap.MOD_REPLACE,"sn",sn), + (ldap.MOD_REPLACE,"emailForward",email), + (ldap.MOD_REPLACE,"shadowLastChange",str(int(time.time()/24/60/60))), + (ldap.MOD_REPLACE,"shadowMin","0"), + (ldap.MOD_REPLACE,"shadowMax","99999"), + (ldap.MOD_REPLACE,"shadowWarning","7"), + (ldap.MOD_REPLACE,"shadowInactive",""), + (ldap.MOD_REPLACE,"shadowExpire","")]; + if privsub != " ": + Rec.append((ldap.MOD_REPLACE,"privateSub",privsub)); + if Pass != None: + Rec.append((ldap.MOD_REPLACE,"userPassword","{crypt}"+Pass)); + # Do it + l.modify_s(Dn,Rec); + print; # Abort email sends for an update operation if Update == 1 and ForceMail == 0: print "Account is not new, Not sending mails" sys.exit(0); - -# Do the subscription/welcome message -#if privsub != " ": -# Sub = TemplateSubst(Subst,open(TemplatesDir+"/list-subscribe","r").read()); -# Child = os.popen("/usr/sbin/sendmail -t","w"); -# Child.write(Sub); -# if Child.close() != None: -# raise Error, "Sendmail gave a non-zero return code"; - + # Send the Welcome message print "Sending Welcome Email" -Reply = TemplateSubst(Subst,open(TemplatesDir+"/welcome-message-"+gidnumber,"r").read()); +Reply = TemplateSubst(Subst,open(TemplatesDir+"/welcome-message-"+gidNumber,"r").read()); Child = os.popen("/usr/sbin/sendmail -t","w"); #Child = os.popen("cat","w"); Child.write(Reply);