Added ldap user scripts
This commit is contained in:
parent
6353678653
commit
c5368f677d
50
README.md
50
README.md
|
@ -1,3 +1,51 @@
|
|||
# ldap-users
|
||||
|
||||
OpenLDAP setup and user management tools
|
||||
OpenLDAP setup and user management tools.
|
||||
|
||||
## sslca
|
||||
|
||||
Can create CA and normal SSL certificates as well as using the CA to sign
|
||||
certificates. Example:
|
||||
|
||||
```bash
|
||||
|
||||
$ sslca ca --name=ca --auto
|
||||
$ sslca cert --name=test --host=$(hostnamne)
|
||||
$ sslca sign --ca=ca --cert=test
|
||||
|
||||
```
|
||||
|
||||
The first command will prompt you for a password which will be the same one
|
||||
required when prompted for signing certificates. As well, the first time the
|
||||
tool is used it will prompt the user to fill out the metadata to be used for
|
||||
the certificates along with other defaults to use, all of which will be stored
|
||||
in the sslca.conf file.
|
||||
|
||||
## new_user
|
||||
|
||||
Allows for simple creation of new users in the LDAP database along with running
|
||||
any necessary scripts (e.g. creating / linking the home directory in /center).
|
||||
Example:
|
||||
|
||||
```bash
|
||||
|
||||
$ new_user <username> <shell>
|
||||
$ new_user test bash
|
||||
|
||||
```
|
||||
|
||||
The <shell> will be added using it's output from `which <shell>`, but must be a
|
||||
shell included in /etc/shells to be of any use on login.
|
||||
|
||||
## remove_user
|
||||
|
||||
Similar to `new_user`, but removes the user from the LDAP database along with
|
||||
undoing any actions the new_user performed (e.g. removing the user's home
|
||||
directory). Example:
|
||||
|
||||
```bash
|
||||
|
||||
$ remove_user <username>
|
||||
$ remove_user test
|
||||
|
||||
```
|
||||
|
|
|
@ -0,0 +1,43 @@
|
|||
#!/bin/bash
|
||||
|
||||
LDAP_DIR=/center/etc/ldap
|
||||
HOME_DIR=/home/$1
|
||||
CHOME_DIR=/center$HOME_DIR
|
||||
SECRET_DIR=/center/etc/secrets
|
||||
SECRET=$SECRET_DIR/ldap.secret
|
||||
LDIF=$LDAP_DIR/$1.ldif
|
||||
PASSWD=$LDAP_DIR/$1.passwd
|
||||
if [ -f $LDIF ]; then
|
||||
rm $LDIF
|
||||
fi
|
||||
if [ -f $PASSWD ]; then
|
||||
rm $PASSWD
|
||||
fi
|
||||
cp $LDAP_DIR/new_user.ldif $LDIF
|
||||
touch $PASSWD
|
||||
chmod 700 $PASSWD
|
||||
slappasswd -g >> $PASSWD
|
||||
DN="dc=tilde,dc=center"
|
||||
SLAP=$(slappasswd -T $PASSWD)
|
||||
TCID=$(($(cat /etc/passwd | cut -d":" -f1,3 | cut -d":" -f2 | sort -h | tail -n 1) + 1))
|
||||
HASH=$(head -c 32 /dev/urandom | base64 | sha256sum)
|
||||
GECOS=${HASH::-4}
|
||||
SHELL=$(which $2)
|
||||
|
||||
sed -i "s#__DN__#$DN#" $LDIF
|
||||
sed -i "s#__USER__#$1#" $LDIF
|
||||
sed -i "s#__GROUP__#$1#" $LDIF
|
||||
sed -i "s#__UID__#$TCID#" $LDIF
|
||||
sed -i "s#__GID__#$TCID#" $LDIF
|
||||
sed -i "s#__SHELL__#$SHELL#" $LDIF
|
||||
sed -i "s#__GECOS__#$GECOS#" $LDIF
|
||||
sed -i "s#__SLAP__#$SLAP#" $LDIF
|
||||
|
||||
ldapadd -x -w $(cat $SECRET) -D "cn=Manager,$DN" -f $LDIF
|
||||
if [ -d $HOME_DIR ]; then
|
||||
rm -rf $HOME_DIR
|
||||
fi
|
||||
cp -rf /etc/skel $CHOME_DIR
|
||||
chmod 711 $CHOME_DIR
|
||||
chown -R $1:$1 $CHOME_DIR
|
||||
ln -s $CHOME_DIR $HOME_DIR
|
|
@ -0,0 +1,10 @@
|
|||
#!/bin/bash
|
||||
|
||||
SECRET_DIR=/center/etc/secrets
|
||||
SECRET=$SECRET_DIR/ldap.secret
|
||||
DN="dc=tilde,dc=center"
|
||||
|
||||
ldapdelete -x -w $(cat $SECRET) -D "cn=Manager,$DN" "uid=$1,ou=People,$DN"
|
||||
ldapdelete -x -w $(cat $SECRET) -D "cn=Manager,$DN" "cn=$1,ou=Group,$DN"
|
||||
rm -rf /home/$1
|
||||
rm -rf /center/home/$1
|
|
@ -0,0 +1,21 @@
|
|||
dn: uid=__USER__,ou=People,__DN__
|
||||
objectClass: top
|
||||
objectClass: account
|
||||
objectClass: posixAccount
|
||||
objectClass: shadowAccount
|
||||
cn: __USER__
|
||||
uid: __USER__
|
||||
uidNumber: __UID__
|
||||
gidNumber: __GID__
|
||||
homeDirectory: /home/__USER__
|
||||
loginShell: __SHELL__
|
||||
gecos: __GECOS__
|
||||
userPassword: __SLAP__
|
||||
shadowLastChange: 0
|
||||
shadowMax: 0
|
||||
shadowWarning: 0
|
||||
|
||||
dn: cn=__GROUP__,ou=Group,__DN__
|
||||
objectClass: top
|
||||
objectClass: posixGroup
|
||||
gidNumber: __GID__
|
Loading…
Reference in New Issue