From c5368f677d81741f3a28bc2bd16966234663f115 Mon Sep 17 00:00:00 2001 From: aewens Date: Thu, 3 Jan 2019 17:32:58 +0100 Subject: [PATCH] Added ldap user scripts --- README.md | 50 ++++++++++++++++++++++++++++++++++++++++++++++- bin/new_user | 43 ++++++++++++++++++++++++++++++++++++++++ bin/remove_user | 10 ++++++++++ etc/new_user.ldif | 21 ++++++++++++++++++++ 4 files changed, 123 insertions(+), 1 deletion(-) create mode 100755 bin/new_user create mode 100755 bin/remove_user create mode 100644 etc/new_user.ldif diff --git a/README.md b/README.md index c41f4e7..96fede4 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,51 @@ # ldap-users -OpenLDAP setup and user management tools \ No newline at end of file +OpenLDAP setup and user management tools. + +## sslca + +Can create CA and normal SSL certificates as well as using the CA to sign +certificates. Example: + +```bash + +$ sslca ca --name=ca --auto +$ sslca cert --name=test --host=$(hostnamne) +$ sslca sign --ca=ca --cert=test + +``` + +The first command will prompt you for a password which will be the same one +required when prompted for signing certificates. As well, the first time the +tool is used it will prompt the user to fill out the metadata to be used for +the certificates along with other defaults to use, all of which will be stored +in the sslca.conf file. + +## new_user + +Allows for simple creation of new users in the LDAP database along with running +any necessary scripts (e.g. creating / linking the home directory in /center). +Example: + +```bash + +$ new_user +$ new_user test bash + +``` + +The will be added using it's output from `which `, but must be a +shell included in /etc/shells to be of any use on login. + +## remove_user + +Similar to `new_user`, but removes the user from the LDAP database along with +undoing any actions the new_user performed (e.g. removing the user's home +directory). Example: + +```bash + +$ remove_user +$ remove_user test + +``` diff --git a/bin/new_user b/bin/new_user new file mode 100755 index 0000000..eaa7c63 --- /dev/null +++ b/bin/new_user @@ -0,0 +1,43 @@ +#!/bin/bash + +LDAP_DIR=/center/etc/ldap +HOME_DIR=/home/$1 +CHOME_DIR=/center$HOME_DIR +SECRET_DIR=/center/etc/secrets +SECRET=$SECRET_DIR/ldap.secret +LDIF=$LDAP_DIR/$1.ldif +PASSWD=$LDAP_DIR/$1.passwd +if [ -f $LDIF ]; then + rm $LDIF +fi +if [ -f $PASSWD ]; then + rm $PASSWD +fi +cp $LDAP_DIR/new_user.ldif $LDIF +touch $PASSWD +chmod 700 $PASSWD +slappasswd -g >> $PASSWD +DN="dc=tilde,dc=center" +SLAP=$(slappasswd -T $PASSWD) +TCID=$(($(cat /etc/passwd | cut -d":" -f1,3 | cut -d":" -f2 | sort -h | tail -n 1) + 1)) +HASH=$(head -c 32 /dev/urandom | base64 | sha256sum) +GECOS=${HASH::-4} +SHELL=$(which $2) + +sed -i "s#__DN__#$DN#" $LDIF +sed -i "s#__USER__#$1#" $LDIF +sed -i "s#__GROUP__#$1#" $LDIF +sed -i "s#__UID__#$TCID#" $LDIF +sed -i "s#__GID__#$TCID#" $LDIF +sed -i "s#__SHELL__#$SHELL#" $LDIF +sed -i "s#__GECOS__#$GECOS#" $LDIF +sed -i "s#__SLAP__#$SLAP#" $LDIF + +ldapadd -x -w $(cat $SECRET) -D "cn=Manager,$DN" -f $LDIF +if [ -d $HOME_DIR ]; then + rm -rf $HOME_DIR +fi +cp -rf /etc/skel $CHOME_DIR +chmod 711 $CHOME_DIR +chown -R $1:$1 $CHOME_DIR +ln -s $CHOME_DIR $HOME_DIR diff --git a/bin/remove_user b/bin/remove_user new file mode 100755 index 0000000..bb1b391 --- /dev/null +++ b/bin/remove_user @@ -0,0 +1,10 @@ +#!/bin/bash + +SECRET_DIR=/center/etc/secrets +SECRET=$SECRET_DIR/ldap.secret +DN="dc=tilde,dc=center" + +ldapdelete -x -w $(cat $SECRET) -D "cn=Manager,$DN" "uid=$1,ou=People,$DN" +ldapdelete -x -w $(cat $SECRET) -D "cn=Manager,$DN" "cn=$1,ou=Group,$DN" +rm -rf /home/$1 +rm -rf /center/home/$1 diff --git a/etc/new_user.ldif b/etc/new_user.ldif new file mode 100644 index 0000000..c3b55e5 --- /dev/null +++ b/etc/new_user.ldif @@ -0,0 +1,21 @@ +dn: uid=__USER__,ou=People,__DN__ +objectClass: top +objectClass: account +objectClass: posixAccount +objectClass: shadowAccount +cn: __USER__ +uid: __USER__ +uidNumber: __UID__ +gidNumber: __GID__ +homeDirectory: /home/__USER__ +loginShell: __SHELL__ +gecos: __GECOS__ +userPassword: __SLAP__ +shadowLastChange: 0 +shadowMax: 0 +shadowWarning: 0 + +dn: cn=__GROUP__,ou=Group,__DN__ +objectClass: top +objectClass: posixGroup +gidNumber: __GID__