From 87683e24b12b5171f9e0f4f814f63f76848a341d Mon Sep 17 00:00:00 2001 From: joey <> Date: Sun, 23 Jan 2005 19:14:18 +0000 Subject: [PATCH] Added ud-roleadd for adding role accounts to LDAP (Copyright note copied from ud-useradd due to a lot of copied code) --- debian/rules | 2 +- ud-roleadd | 108 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 109 insertions(+), 1 deletion(-) create mode 100755 ud-roleadd diff --git a/debian/rules b/debian/rules index 7f997f1..b13c7ab 100755 --- a/debian/rules +++ b/debian/rules @@ -36,7 +36,7 @@ binary-indep: build echo "userdir_gpg" >> $(i)/$(pysite)/userdir_ldap.pth install -m 644 userdir_ldap.py userdir_gpg.py \ $(i)/$(pysite)/userdir_ldap/ - install -m 755 {ud-forwardlist,ud-gpgimport,ud-info,ud-ldapshow,ud-userimport,ud-mailgate,ud-generate,ud-passchk,ud-useradd,ud-replicate,ud-xearth,ud-fingerserv,ud-echelon,ud-groupadd,ud-host,ud-zoneupdate} $(i)/usr/bin/ + install -m 755 {ud-forwardlist,ud-gpgimport,ud-info,ud-ldapshow,ud-userimport,ud-mailgate,ud-generate,ud-passchk,ud-useradd,ud-replicate,ud-xearth,ud-fingerserv,ud-echelon,ud-groupadd,ud-host,ud-zoneupdate,ud-roleadd} $(i)/usr/bin/ install -m 755 sigcheck $(i)/usr/bin/ install -m 644 debian/ud-replicate.cron.d $(i)/etc/cron.d/ud-replicate diff --git a/ud-roleadd b/ud-roleadd new file mode 100755 index 0000000..08f28ac --- /dev/null +++ b/ud-roleadd @@ -0,0 +1,108 @@ +#!/usr/bin/env python +# -*- mode: python -*- + +# Copyright (c) 1999-2000 Jason Gunthorpe +# Copyright (c) 2001-2003 James Troup +# Copyright (c) 2004-2005 Joey Schulze +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +import string, time, ldap, getopt, sys, os, pwd +from userdir_ldap import * + +# This tries to search for a free UID. There are two possible ways to do +# this, one is to fetch all the entires and pick the highest, the other +# is to randomly guess uids until one is free. This uses the former. +# Regrettably ldap doesn't have an integer attribute comparision function +# so we can only cut the search down slightly + +# [JT] This is broken with Woody LDAP and the Schema; for now just +# search through all UIDs. +def GetFreeID(l): + Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL, + "uidNumber=*",["uidNumber"]) + HighestUID = 0 + for I in Attrs: + ID = int(GetAttr(I,"uidNumber","0")) + if ID > HighestUID: + HighestUID = ID + return HighestUID + 1 + +# Main starts here +AdminUser = pwd.getpwuid(os.getuid())[0] + +# Process options +(options, arguments) = getopt.getopt(sys.argv[1:], "u:") +for (switch, val) in options: + if (switch == '-u'): + AdminUser = val + +l = passwdAccessLDAP(LDAPServer, BaseDn, AdminUser) + +while 1: + account = raw_input("Who are you going to add? ") + if account == "": + sys.exit(0) + + Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid=" + account) + if len(Attrs) == 0: + break + + print "That account already exists." + +Res = raw_input("Name for GECOS field? ") +if Res != "": + cn = Res + +# GID +Res = raw_input("Group ID Number? ") +if Res != "": + gidNumber = Group2GID(Res) + +# UID +uidNumber = GetFreeID(l) + +# Now we have all the bits of information. +print "------------" +print "Final information collected:" +print " Username %s:" % cn +print " Assigned UID:",uidNumber," GID:", gidNumber +print " GECOS Field: \"%s,,,,\"" % cn +print " Login Shell: /bin/false" +Res = raw_input("Continue [No/yes]? ") +if Res != "yes": + sys.exit(1) + +# Submit the modification request +Dn = "uid=" + account + "," + BaseDn +print "Updating LDAP directory..", +sys.stdout.flush() + +Details = [("uid",account), + ("objectClass", + ("top","inetOrgPerson","debianAccount","shadowAccount","debianRoleAccount")), + ("uidNumber",str(uidNumber)), + ("gidNumber",str(gidNumber)), + ("gecos",cn+",,,,"), + ("loginShell","/bin/false"), + ("cn",cn), + ("shadowLastChange",str(int(time.time()/24/60/60))), + ("shadowMin","0"), + ("shadowMax","99999"), + ("shadowWarning","7"), + ("userPassword","{crypt}*")] +l.add_s(Dn,Details) + +print -- 2.20.1