Added ldap user scripts

README.md

@@ -1,3 +1,51 @@
 # ldap-users
 
-OpenLDAP setup and user management tools
+OpenLDAP setup and user management tools.
+
+## sslca
+
+Can create CA and normal SSL certificates as well as using the CA to sign 
+certificates. Example:
+
+```bash
+
+$ sslca ca --name=ca --auto
+$ sslca cert --name=test --host=$(hostnamne)
+$ sslca sign --ca=ca --cert=test
+
+```
+
+The first command will prompt you for a password which will be the same one 
+required when prompted for signing certificates. As well, the first time the 
+tool is used it will prompt the user to fill out the metadata to be used for 
+the certificates along with other defaults to use, all of which will be stored 
+in the sslca.conf file.
+
+## new_user
+
+Allows for simple creation of new users in the LDAP database along with running 
+any necessary scripts (e.g. creating / linking the home directory in /center). 
+Example:
+
+```bash
+
+$ new_user <username> <shell>
+$ new_user test bash
+
+```
+
+The <shell> will be added using it's output from `which <shell>`, but must be a 
+shell included in /etc/shells to be of any use on login.
+
+## remove_user
+
+Similar to `new_user`, but removes the user from the LDAP database along with 
+undoing any actions the new_user performed (e.g. removing the user's home 
+directory). Example:
+
+```bash
+
+$ remove_user <username>
+$ remove_user test
+
+```

bin/new_user

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+LDAP_DIR=/center/etc/ldap
+HOME_DIR=/home/$1
+CHOME_DIR=/center$HOME_DIR
+SECRET_DIR=/center/etc/secrets
+SECRET=$SECRET_DIR/ldap.secret
+LDIF=$LDAP_DIR/$1.ldif
+PASSWD=$LDAP_DIR/$1.passwd
+if [ -f $LDIF ]; then
+    rm $LDIF
+fi
+if [ -f $PASSWD ]; then
+    rm $PASSWD
+fi
+cp $LDAP_DIR/new_user.ldif $LDIF
+touch $PASSWD
+chmod 700 $PASSWD
+slappasswd -g >> $PASSWD
+DN="dc=tilde,dc=center"
+SLAP=$(slappasswd -T $PASSWD)
+TCID=$(($(cat /etc/passwd | cut -d":" -f1,3 | cut -d":" -f2 | sort -h | tail -n 1) + 1))
+HASH=$(head -c 32 /dev/urandom | base64 | sha256sum)
+GECOS=${HASH::-4}
+SHELL=$(which $2)
+
+sed -i "s#__DN__#$DN#" $LDIF
+sed -i "s#__USER__#$1#" $LDIF
+sed -i "s#__GROUP__#$1#" $LDIF
+sed -i "s#__UID__#$TCID#" $LDIF
+sed -i "s#__GID__#$TCID#" $LDIF
+sed -i "s#__SHELL__#$SHELL#" $LDIF
+sed -i "s#__GECOS__#$GECOS#" $LDIF
+sed -i "s#__SLAP__#$SLAP#" $LDIF
+
+ldapadd -x -w $(cat $SECRET) -D "cn=Manager,$DN" -f $LDIF
+if [ -d $HOME_DIR ]; then
+    rm -rf $HOME_DIR
+fi
+cp -rf /etc/skel $CHOME_DIR
+chmod 711 $CHOME_DIR
+chown -R $1:$1 $CHOME_DIR
+ln -s $CHOME_DIR $HOME_DIR

bin/remove_user

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+SECRET_DIR=/center/etc/secrets
+SECRET=$SECRET_DIR/ldap.secret
+DN="dc=tilde,dc=center"
+
+ldapdelete -x -w $(cat $SECRET) -D "cn=Manager,$DN" "uid=$1,ou=People,$DN"
+ldapdelete -x -w $(cat $SECRET) -D "cn=Manager,$DN" "cn=$1,ou=Group,$DN"
+rm -rf /home/$1
+rm -rf /center/home/$1

etc/new_user.ldif

@@ -0,0 +1,21 @@
+dn: uid=__USER__,ou=People,__DN__
+objectClass: top
+objectClass: account
+objectClass: posixAccount
+objectClass: shadowAccount
+cn: __USER__
+uid: __USER__
+uidNumber: __UID__
+gidNumber: __GID__
+homeDirectory: /home/__USER__
+loginShell: __SHELL__
+gecos: __GECOS__
+userPassword: __SLAP__
+shadowLastChange: 0
+shadowMax: 0
+shadowWarning: 0
+
+dn: cn=__GROUP__,ou=Group,__DN__
+objectClass: top
+objectClass: posixGroup
+gidNumber: __GID__