Added ldap user scripts
This commit is contained in:
parent
6353678653
commit
c5368f677d
50
README.md
50
README.md
|
@ -1,3 +1,51 @@
|
||||||
# ldap-users
|
# ldap-users
|
||||||
|
|
||||||
OpenLDAP setup and user management tools
|
OpenLDAP setup and user management tools.
|
||||||
|
|
||||||
|
## sslca
|
||||||
|
|
||||||
|
Can create CA and normal SSL certificates as well as using the CA to sign
|
||||||
|
certificates. Example:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
|
||||||
|
$ sslca ca --name=ca --auto
|
||||||
|
$ sslca cert --name=test --host=$(hostnamne)
|
||||||
|
$ sslca sign --ca=ca --cert=test
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
The first command will prompt you for a password which will be the same one
|
||||||
|
required when prompted for signing certificates. As well, the first time the
|
||||||
|
tool is used it will prompt the user to fill out the metadata to be used for
|
||||||
|
the certificates along with other defaults to use, all of which will be stored
|
||||||
|
in the sslca.conf file.
|
||||||
|
|
||||||
|
## new_user
|
||||||
|
|
||||||
|
Allows for simple creation of new users in the LDAP database along with running
|
||||||
|
any necessary scripts (e.g. creating / linking the home directory in /center).
|
||||||
|
Example:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
|
||||||
|
$ new_user <username> <shell>
|
||||||
|
$ new_user test bash
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
The <shell> will be added using it's output from `which <shell>`, but must be a
|
||||||
|
shell included in /etc/shells to be of any use on login.
|
||||||
|
|
||||||
|
## remove_user
|
||||||
|
|
||||||
|
Similar to `new_user`, but removes the user from the LDAP database along with
|
||||||
|
undoing any actions the new_user performed (e.g. removing the user's home
|
||||||
|
directory). Example:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
|
||||||
|
$ remove_user <username>
|
||||||
|
$ remove_user test
|
||||||
|
|
||||||
|
```
|
||||||
|
|
|
@ -0,0 +1,43 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
LDAP_DIR=/center/etc/ldap
|
||||||
|
HOME_DIR=/home/$1
|
||||||
|
CHOME_DIR=/center$HOME_DIR
|
||||||
|
SECRET_DIR=/center/etc/secrets
|
||||||
|
SECRET=$SECRET_DIR/ldap.secret
|
||||||
|
LDIF=$LDAP_DIR/$1.ldif
|
||||||
|
PASSWD=$LDAP_DIR/$1.passwd
|
||||||
|
if [ -f $LDIF ]; then
|
||||||
|
rm $LDIF
|
||||||
|
fi
|
||||||
|
if [ -f $PASSWD ]; then
|
||||||
|
rm $PASSWD
|
||||||
|
fi
|
||||||
|
cp $LDAP_DIR/new_user.ldif $LDIF
|
||||||
|
touch $PASSWD
|
||||||
|
chmod 700 $PASSWD
|
||||||
|
slappasswd -g >> $PASSWD
|
||||||
|
DN="dc=tilde,dc=center"
|
||||||
|
SLAP=$(slappasswd -T $PASSWD)
|
||||||
|
TCID=$(($(cat /etc/passwd | cut -d":" -f1,3 | cut -d":" -f2 | sort -h | tail -n 1) + 1))
|
||||||
|
HASH=$(head -c 32 /dev/urandom | base64 | sha256sum)
|
||||||
|
GECOS=${HASH::-4}
|
||||||
|
SHELL=$(which $2)
|
||||||
|
|
||||||
|
sed -i "s#__DN__#$DN#" $LDIF
|
||||||
|
sed -i "s#__USER__#$1#" $LDIF
|
||||||
|
sed -i "s#__GROUP__#$1#" $LDIF
|
||||||
|
sed -i "s#__UID__#$TCID#" $LDIF
|
||||||
|
sed -i "s#__GID__#$TCID#" $LDIF
|
||||||
|
sed -i "s#__SHELL__#$SHELL#" $LDIF
|
||||||
|
sed -i "s#__GECOS__#$GECOS#" $LDIF
|
||||||
|
sed -i "s#__SLAP__#$SLAP#" $LDIF
|
||||||
|
|
||||||
|
ldapadd -x -w $(cat $SECRET) -D "cn=Manager,$DN" -f $LDIF
|
||||||
|
if [ -d $HOME_DIR ]; then
|
||||||
|
rm -rf $HOME_DIR
|
||||||
|
fi
|
||||||
|
cp -rf /etc/skel $CHOME_DIR
|
||||||
|
chmod 711 $CHOME_DIR
|
||||||
|
chown -R $1:$1 $CHOME_DIR
|
||||||
|
ln -s $CHOME_DIR $HOME_DIR
|
|
@ -0,0 +1,10 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
SECRET_DIR=/center/etc/secrets
|
||||||
|
SECRET=$SECRET_DIR/ldap.secret
|
||||||
|
DN="dc=tilde,dc=center"
|
||||||
|
|
||||||
|
ldapdelete -x -w $(cat $SECRET) -D "cn=Manager,$DN" "uid=$1,ou=People,$DN"
|
||||||
|
ldapdelete -x -w $(cat $SECRET) -D "cn=Manager,$DN" "cn=$1,ou=Group,$DN"
|
||||||
|
rm -rf /home/$1
|
||||||
|
rm -rf /center/home/$1
|
|
@ -0,0 +1,21 @@
|
||||||
|
dn: uid=__USER__,ou=People,__DN__
|
||||||
|
objectClass: top
|
||||||
|
objectClass: account
|
||||||
|
objectClass: posixAccount
|
||||||
|
objectClass: shadowAccount
|
||||||
|
cn: __USER__
|
||||||
|
uid: __USER__
|
||||||
|
uidNumber: __UID__
|
||||||
|
gidNumber: __GID__
|
||||||
|
homeDirectory: /home/__USER__
|
||||||
|
loginShell: __SHELL__
|
||||||
|
gecos: __GECOS__
|
||||||
|
userPassword: __SLAP__
|
||||||
|
shadowLastChange: 0
|
||||||
|
shadowMax: 0
|
||||||
|
shadowWarning: 0
|
||||||
|
|
||||||
|
dn: cn=__GROUP__,ou=Group,__DN__
|
||||||
|
objectClass: top
|
||||||
|
objectClass: posixGroup
|
||||||
|
gidNumber: __GID__
|
Loading…
Reference in New Issue