ldapscripts-2.0.6/000755 001751 001751 00000000000 12564423237 015555 5ustar00martymacmartymac000000 000000 ldapscripts-2.0.6/COPYING000644 001751 001751 00000043131 12175650671 016614 0ustar00martymacmartymac000000 000000 GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things. To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it. For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software. Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations. Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all. The precise terms and conditions for copying, distribution and modification follow. GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does. 1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. b) You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License. c) If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program. In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following: a) Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, b) Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or, c) Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.) The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code. 4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it. 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License. 7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation. 10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Also add information on how to contact you by electronic and paper mail. If the program is interactive, make it output a short notice like this when it starts in an interactive mode: Gnomovision version 69, Copyright (C) year name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. , 1 April 1989 Ty Coon, President of Vice This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License. ldapscripts-2.0.6/Makefile000644 001751 001751 00000016644 12562660062 017225 0ustar00martymacmartymac000000 000000 # Makefile for the lapscripts # Copyright (C) 2007-2015 Ganaël LAPLANCHE # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. # Configuration / variables section DESTDIR = PREFIX = /usr/local # Identity SHELL= /bin/sh NAME = ldapscripts #SUFFIX = -devel VERSION = 2.0.6 # Default installation paths SBINDIR = $(PREFIX)/sbin MANDIR = $(PREFIX)/man ETCDIR = $(PREFIX)/etc/$(NAME) LIBDIR = $(PREFIX)/lib/$(NAME) # Files to install RUNFILE = runtime ETCFILE = ldapscripts.conf PWDFILE = ldapscripts.passwd SBINFILES = ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser \ ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \ ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \ ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \ ldaprenameuser MAN1FILES = ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \ ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \ ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \ ldapdeletegroup.1 ldapsetprimarygroup.1 ldapmodifygroup.1 ldaprenamegroup.1 \ ldapaddmachine.1 ldapdeleteuser.1 MAN5FILES = ldapscripts.5 TMPLFILES = ldapaddgroup.template.sample ldapaddmachine.template.sample \ ldapadduser.template.sample # Default target all: help # Help target help: @echo "Usage: make [VARIABLE=] " @echo "Valid variables :" @echo " DESTDIR : root target directory to install to (default = *empty*)" @echo " PREFIX : main target directory within DESTDIR (default = /usr/local)" @echo " SBINDIR : where to install scripts (default = PREFIX/sbin)" @echo " MANDIR : where to install man pages (default = PREFIX/man)" @echo " ETCDIR : where to install the configuration file (default = PREFIX/etc/ldapscripts)" @echo " LIBDIR : where to install the runtime file (default = PREFIX/lib/ldapscripts)" @echo "Valid targets :" @echo " configure : prepare sources for installation" @echo " install : install everything" @echo " uninstall : uninstall everything" @echo " clean : clean up sources" @echo " package : create a source tarball in /tmp" @echo " help : this help" @echo "Additional targets :" @echo " [un]installsbin : [un]install main scripts" @echo " [un]installman : [un]install man pages" @echo " [un]installetc : [un]install configuration and template files" @echo " [un]installlib : [un]install libraries [runtime file]" @echo " deinstall : synonym for uninstall" @echo " distclean : synonym for clean" @echo " mrproper : synonym for clean" # Configure target configure: @echo -n 'Configuring scripts... ' @sed 's|^BINDPWDFILE=.*|BINDPWDFILE=\"$(ETCDIR)/$(PWDFILE)\"|g' 'etc/$(ETCFILE)' > 'etc/$(ETCFILE).patched' @sed 's|^_CONFIGFILE=.*|_CONFIGFILE=\"$(ETCDIR)/$(ETCFILE)\"|g' 'lib/$(RUNFILE)' > 'lib/$(RUNFILE).patched' @for i in $(SBINFILES) ; do \ sed 's|^_RUNTIMEFILE=.*|_RUNTIMEFILE=\"$(LIBDIR)/$(RUNFILE)\"|g' "sbin/$$i" > "sbin/$$i.patched" ; \ done @echo 'ok.' # Install targets install: installsbin installman installetc installlib installsbin: configure @echo -n 'Installing scripts into $(DESTDIR)$(SBINDIR)... ' @install -d -m 755 '$(DESTDIR)$(SBINDIR)' 2>/dev/null @for i in $(SBINFILES) ; do \ install -m 750 "sbin/$$i.patched" "$(DESTDIR)$(SBINDIR)/$$i" ; \ done @echo 'ok.' installman: @echo -n 'Installing man files into $(DESTDIR)$(MANDIR)... ' @install -d -m 755 '$(DESTDIR)$(MANDIR)/man1' 2>/dev/null @for i in $(MAN1FILES) ; do \ cat "man/man1/$$i" | gzip - > "$(DESTDIR)$(MANDIR)/man1/`basename $$i`.gz" ; \ done @install -d -m 755 '$(DESTDIR)$(MANDIR)/man5' 2>/dev/null @for i in $(MAN5FILES) ; do \ cat "man/man5/$$i" | gzip - > "$(DESTDIR)$(MANDIR)/man5/`basename $$i`.gz" ; \ done @echo 'ok.' installetc: configure @echo -n 'Installing configuration files into $(DESTDIR)$(ETCDIR)... ' @install -d -m 755 '$(DESTDIR)$(ETCDIR)' 2>/dev/null @install -m 440 'etc/$(ETCFILE).patched' '$(DESTDIR)$(ETCDIR)/$(ETCFILE).sample' @if [ ! -f '$(DESTDIR)$(ETCDIR)/$(ETCFILE)' ]; then \ install -m 640 '$(DESTDIR)$(ETCDIR)/$(ETCFILE).sample' '$(DESTDIR)$(ETCDIR)/$(ETCFILE)'; \ fi @install -m 440 -b 'etc/$(PWDFILE)' '$(DESTDIR)$(ETCDIR)/$(PWDFILE).sample' @if [ ! -f '$(DESTDIR)$(ETCDIR)/$(PWDFILE)' ]; then \ install -m 640 '$(DESTDIR)$(ETCDIR)/$(PWDFILE).sample' '$(DESTDIR)$(ETCDIR)/$(PWDFILE)'; \ fi @for i in $(TMPLFILES) ; do \ install -m 440 "etc/$$i" '$(DESTDIR)$(ETCDIR)' ; \ done @echo 'ok.' installlib: configure @echo -n 'Installing library files into $(DESTDIR)$(LIBDIR)... ' @install -d -m 755 '$(DESTDIR)$(LIBDIR)' 2>/dev/null @install -m 440 'lib/$(RUNFILE).patched' '$(DESTDIR)$(LIBDIR)/$(RUNFILE)' @echo 'ok.' # Uninstall targets deinstall: uninstall uninstall: uninstallsbin uninstallman uninstalletc uninstalllib uninstallsbin: @echo -n 'Uninstalling scripts from $(DESTDIR)$(SBINDIR)... ' @for i in $(SBINFILES) ; do \ rm -f "$(DESTDIR)$(SBINDIR)/$$i" ; \ done @rmdir '$(DESTDIR)$(SBINDIR)' 2>/dev/null || true @echo 'ok.' uninstallman: @echo -n 'Uninstalling man files from $(DESTDIR)$(MANDIR)... ' @for i in $(MAN1FILES) ; do \ rm -f "$(DESTDIR)$(MANDIR)/man1/`basename $$i`.gz" ; \ done @rmdir '$(DESTDIR)$(MANDIR)/man1' 2>/dev/null || true @for i in $(MAN5FILES) ; do \ rm -f "$(DESTDIR)$(MANDIR)/man5/`basename $$i`.gz" ; \ done @rmdir '$(DESTDIR)$(MANDIR)/man5' 2>/dev/null || true @rmdir '$(MANDIR)' 2>/dev/null || true @echo 'ok.' uninstalletc: @echo -n 'Uninstalling configuration files from $(DESTDIR)$(ETCDIR)... ' @if cmp -s '$(DESTDIR)$(ETCDIR)/$(ETCFILE)' '$(DESTDIR)$(ETCDIR)/$(ETCFILE).sample'; then \ rm -f '$(DESTDIR)$(ETCDIR)/$(ETCFILE)'; \ fi @rm -f '$(DESTDIR)$(ETCDIR)/$(ETCFILE).sample' @if cmp -s '$(DESTDIR)$(ETCDIR)/$(PWDFILE)' '$(DESTDIR)$(ETCDIR)/$(PWDFILE).sample'; then \ rm -f '$(DESTDIR)$(ETCDIR)/$(PWDFILE)'; \ fi @rm -f '$(DESTDIR)$(ETCDIR)/$(PWDFILE).sample' @for i in $(TMPLFILES) ; do \ rm -f "$(DESTDIR)$(ETCDIR)/$$i" ; \ done @rmdir '$(DESTDIR)$(ETCDIR)' 2>/dev/null || true @echo 'ok.' uninstalllib: @echo -n 'Uninstalling library files from $(DESTDIR)$(LIBDIR)... ' @rm -f '$(DESTDIR)$(LIBDIR)/$(RUNFILE)' @rmdir '$(DESTDIR)$(LIBDIR)' 2>/dev/null || true @echo 'ok.' # Clean targets clean: @echo -n 'Cleaning sources... ' @rm -f 'etc/$(ETCFILE).patched' @rm -f 'lib/$(RUNFILE).patched' @for i in $(SBINFILES) ; do \ rm -f "sbin/$$i.patched" ; \ done @echo 'ok.' distclean: clean mrproper: clean # Source tarball target package: clean @echo -n 'Creating source tarball /tmp/$(NAME)-$(VERSION)$(SUFFIX).tgz... ' @echo '$(VERSION)$(SUFFIX)' > VERSION @(cd .. && tar c --exclude '.git' -zf /tmp/$(NAME)-$(VERSION)$(SUFFIX).tgz $(NAME)-$(VERSION)) @echo 'ok.' ldapscripts-2.0.6/README000644 001751 001751 00000012177 12175650671 016447 0ustar00martymacmartymac000000 000000 Ldapscripts - README file ************************* Description : ************* The ldapscripts are originally designed to be used within Samba 3.x's smb.conf file. They allow to manipulate POSIX entries for users, groups and machines in an LDAP directory. They are written in shell and need ldap client commands to work correctly (ldapadd, ldapdelete, ldapmodify, ldapsearch). Other scripts also are provided as simple tools to (manually) query your LDAP directory : ldapfinger, ldapid, lsldap (...). They are designed to be used under GNU/Linux or FreeBSD (any other recent UNIX-like should also work) and require several binaries that should come with your OS (uuencode, getent/pw, date, grep, sed, cut...). Latest version available on http://contribs.martymac.org Installing and configuring the ldapscripts : ******************************************** To install the scripts, just type in : # make install or, to define a special installation directory : # make PREFIX=/target/directory install Use 'make help' for more options. All the scripts will be copied (by default) to /usr/local/sbin and ldapscripts.conf will be copied to /usr/local/etc/ldapscripts. Keep in mind that the scripts are installed with quite restrictive rights. You may have to play with group rights or ACLs (if they are enabled on your system) to make the things work... Once installed, edit /usr/local/etc/ldapscripts/ldapscripts.conf to configure the ldapscripts. Then, just type in - e.g. : # ldapadduser foo foogroup See ldapscripts(5) for more details. Configuring your OpenLDAP server : ********************************** Be sure to include these schemas in your slapd.conf : - core.schema - cosine.schema (for the account objectClass) - nis.schema (for the posixAccount objectClass) or a modified RFC 2307bis compliant version of this file if you plan to use AUXILIARY posixGroup objectClasses together with groupOfNames or groupOfUniqueNames objectClasses (see GCLASS parameter in the ldapscripts.conf file). Using the ldapscripts with Samba 3.x : ************************************** To use the ldapscripts with Samba 3.x (e.g. for a Windows -> Samba migration), just add the following to your smb.conf file : # [...] add machine script = /usr/local/sbin/ldapaddmachine '%u' sambamachines add user script = /usr/local/sbin/ldapadduser '%u' sambausers add group script = /usr/local/sbin/ldapaddgroup '%g' add user to group script = /usr/local/sbin/ldapaddusertogroup '%u' '%g' delete user script = /usr/local/sbin/ldapdeleteuser '%u' delete group script = /usr/local/sbin/ldapdeletegroup '%g' delete user from group script = /usr/local/sbin/ldapdeleteuserfromgroup '%u' '%g' set primary group script = /usr/local/sbin/ldapsetprimarygroup '%u' '%g' rename user script = /usr/local/sbin/ldaprenameuser '%uold' '%unew' # [...] and make sure sambamachines and sambausers exist before attempting to do a "net rpc vampire"... Files : ******* * Various files : README : this file ! COPYING : the GPLv2 (or later) license CHANGELOG : the changelog file, of course VERSION : the current version of the ldapscripts TODO : ideas, remaining work Makefile : installation Makefile * Man pages : man/* : man pages * Configuration files : etc/ldapscripts.conf : configuration file etc/ldapadduser.template.sample : user LDIF template file etc/ldapaddgroup.template.sample : group LDIF template file etc/ldapaddmachine.template.sample : machine LDIF template file * 'Library' files lib/runtime : runtime file used by the scripts (contains functions, etc...) * Scripts that can be used in Samba configuration file (smb.conf) : sbin/ldapaddgroup : adds a POSIX group to LDAP sbin/ldapadduser : adds a POSIX user to LDAP sbin/ldapdeletegroup : deletes a POSIX group from LDAP sbin/ldapdeleteuserfromgroup : deletes a member from a group sbin/ldapsetprimarygroup : sets gidNumber of a POSIX user or machine account sbin/ldapaddmachine : adds a POSIX machine (user$) to LDAP sbin/ldapaddusertogroup : adds a member to a group sbin/ldapdeleteuser : deletes a POSIX user from LDAP sbin/ldaprenameuser : renames a POSIX user account in LDAP * Additional (useful) scripts not useable by Samba : sbin/ldapdeletemachine : deletes a POSIX machine account in LDAP sbin/ldapinit : initializes the LDAP tree with a minimal tree sbin/lsldap : performs a *big* recursive query on the LDAP server from the root dn sbin/ldapmodifyuser : modifies a POSIX user account in LDAP interactively sbin/ldapmodifymachine : modifies a POSIX machine account in LDAP interactively sbin/ldapmodifygroup : modifies a POSIX group account in LDAP interactively sbin/ldaprenamemachine : renames a POSIX machine account in LDAP sbin/ldaprenamegroup : renames a POSIX group in LDAP sbin/ldapsetpasswd : modifies a POSIX user account's password in LDAP sbin/ldapfinger : displays a user/machine/group POSIX account's details sbin/ldapid : displays a user's list of IDs sbin/ldapgid : displays a group's list of IDs Author / Licence : ****************** These scripts have been written by Ganaël LAPLANCHE (ganael.laplanche@martymac.org) and are available within the GPL license (see COPYING for details). Thanks for using the ldapscripts... Any feedback welcome :) ldapscripts-2.0.6/lib/000755 001751 001751 00000000000 12564421677 016331 5ustar00martymacmartymac000000 000000 ldapscripts-2.0.6/TODO000644 001751 001751 00000003236 12223213611 016232 0ustar00martymacmartymac000000 000000 TODO (ideas) : ************** - Ability to specify gecos and cn as command line arguments to ldapadduser - Ability to pass password to ldapsetpasswd in a secure way (via file) - Get rid of functions returning their results through shared variables - Call variables using the cleaner ${} syntax - Improve ldapid/ldapgid to dump the whole directory if no argument is given - Make the runtime file useable as a shell library : avoid exit in end_* functions - Send ldap clients error logs to stdout as well as to logfile - Allow use of DNs (instead of short names) as command arguments - Make some scripts useable with lower privileges than root : - Move ldapid, ldapfinger, ldapsetpasswd, lsldap to bin/ and set them suid - Allow common users to use these tools. It will require a kind of privilege separation not to bypass OpenLDAP ACLs (binding with user's account id necessary). - Ldapsetpasswd without any argument should change the caller's passwd if logname != root - Check for base (mandatory) binaries at install time (new 'test' target => sed, grep, ...) Better testing on configured/additional binaries at run time (e.g. add -f for each -x test) - Allow to use %g (goup name) in ldapadduser (for _HOMEDIR and _genpassword) - Add more options to the scripts (a better parsing will be necessary) - an option to ldapdeleteuser to delete users' home directories - a 'dry-run' option to display (only) LDIF data - an option to modify the home dirs (LDAP + directory + rights) of a user when renaming it ? - an option to modify related groups (memberUid's) when renaming/deleting a user/machine ? - an option to block deleting a group if it is a user's primary group ? ldapscripts-2.0.6/CHANGELOG000644 001751 001751 00000040031 12564422304 016757 0ustar00martymacmartymac000000 000000 2015/08/17 : ldapscripts 2.0.6 - Fix Launchpad bug #1218775 (prevent log_only() from failing when called from a script that contains a space in its name) - Fix Debian bug #719295 (use 'id' as a last resort to get user name) - Create logfile with restricted access rights => Those 3 patches were sent by: Alexander Gerasiov - Add syslog support => Thanks to Vincent Qéméner for this contribution (sent through Github) - Fix extracting templates in all locales - Allow modifying user passwords when using SASL => Thanks to Sunil Mohan Adapa for those contributions (sent through Github) 2013/09/10 : ldapscripts 2.0.5 - Add LDAP client common additional options Submitted by: Michael Bejer-Andersen 2013/07/23 : ldapscripts 2.0.4 - ldapaddusertogroup and ldapdeleteuserfromgroup are now able to work on groups located in sub-OUs of $GSUFFIX 2013/07/17 : ldapscripts 2.0.3 - Fix Debian bug #555561 See : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555561 2013/04/18 : ldapscripts 2.0.2 - Fix long lines wrapping bug Reported by: muzzol - Update Copyright dates 2011/04/19 : ldapscripts 2.0.1 - Fix man pages installation (broken by wrong `` -> $() substitutions in Makefile) 2011/04/18 : ldapscripts 2.0.0 - Next user and machine IDs now evolve independently (Debian bug #609148) : - they are guessed from their respective suffix - they are checked to avoid duplicates (against local and LDAP accounts) LDAP IDs are not re-used, except for the last ones (if previously released) in each suffix. If an ID is found to be used, the scripts will iterate (you really want to avoid that situation !) and use the first free ID. Given this behaviour, it is advised to clearly design user and machine ID ranges and correctly set UIDSTART and MIDSTART in ldapscripts.conf. You may want to use the following configuration (default) : UIDSTART=10000 MIDSTART=20000 This will leave 9999 free local system user accounts, 9999 free LDAP user accounts and 20000 to free LDAP machine accounts. Internals : - renamed _findlast{user,group,machine} functions to _findnext{uid,gid,mid} - functions _findnextuid and _findnextmid now look for accounts in their own suffix - functions _findnextuid, _findnextgid and _findnextmid now check if the resulting ID is used or not and return results through stdout - functions _grouptogid, _gidtogroup, _usertouid, _uidtouser and _uidtodn now return results through stdout and do not end_die anymore if no ID is found - replaced expr calls with shell arithmetic expansion calls $(()) - replaced `` calls with shell command substitution calls $() - use eval for each GETENT*CMD call to avoid a "command not found" error when expanding command names containing spaces, e.g. (on zsh) : $ COMMAND="getent passwd" ; $COMMAND martymac command not found: getent passwd 2011/02/08 : ldapscripts 1.10.0 - Added support for groupOfNames/groupOfUniqueNames group entries used in conjunction with RFC 2307bis AUXILIARY posixGroups. It is now possible to handle member users as, respectively, member or uniqueMember full DN entries. => thanks to Àngel "muzzol" Bosch for the original patches ! - Added initial support for SASL authentication => thanks to Brian Candler for the original patches ! - Now use 'logname' instead of 'id' to guess current user (sudo users will now be logged correctly and be able to run ldapid/ldapfinger without argument) - Cleaned log file messages format up - Updated WWW, Copyrights - Several other minor changes and fixes... 2009/07/16 : ldapscripts 1.9.0 - Fixed a few lines in man pages - Changed PASSWORDGEN's default value to not use uuencode anymore - Use 'id' command instead of 'logname' to guess current user (used by ldapfinger and ldapid) Be careful if you want to act on your own account using su/sudo ! - New DESTDIR variable in Makefile, to specify a global chroot as a target directory for installation => thanks to Alexander GQ Gerasiov for those 4 fixes ! - New 'ldapgid' command to display a group's list of IDs 2008/08/10 : ldapscripts 1.8.0 - No changes since 1.8.0rc1, but tests have been performed on Debian and Ubuntu with success, so let's rock ! (Adam, thanks again :)) 2008/08/08 : ldapscripts 1.8.0rc1 - HEADS UP ! The scripts are no longer named using a heading '_'. This prefix was used to differentiate extra commands not directly useable by Samba (in the smb.conf configuration file), but as the ldapscripts start being more and more used as everyday admin tools, a heading '_' just leads to confusion and annoyance. I have finally decided to remove them. Here is the renaming scheme : _ldapdeletemachine -> ldapdeletemachine _ldapfinger -> ldapfinger _ldapinit -> ldapinit _ldapmodifygroup -> ldapmodifygroup _ldapmodifymachine -> ldapmodifymachine _ldapmodifyuser -> ldapmodifyuser _ldaprenamegroup -> ldaprenamegroup _ldaprenamemachine -> ldaprenamemachine _lsldap -> lsldap And, to avoid collision with OpenLDAP's ldappasswd command : _ldappasswd -> ldapsetpasswd (T.H., I hope you'll enjoy that change ;-)) - HEADS UP (yes, again) ! Since the ldapscripts are admin-oriented, they are now installed to the sbin/ directory by default. This should not change lots of things for you since they were installed root/750 into bin/. The runtime file has also moved to the lib/ldapscripts directory. - added support for character set conversion : the ldapscripts now use (packagers should read : *depends on*) iconv (UTF-8 conversion) and uudecode (base64 decoding). See ICONVBIN, ICONVCHAR and UUDECODEBIN options in ldapscripts.conf. You can leave ICONVBIN and UUDECODEBIN unset to disable any kind of conversion (by default, character set conversion and base64 decoding are turned on, so you will have to set your local charset - ICONVCHAR - before using the scripts). - new 'ldapid' command shows a user's list of id (just like the 'id' command does). See ldapid(1) for more details. - ldapfinger : added -u, -g and -m options to force restricted lookups. Using ldapfinger with no argument now acts on current user (using logname(1)). - ldapinit : fixed Debian bug #421064 by adding a continue (-c) option to _ldapadd (and _ldapmodify) functions. ldapinit will now continue to initialize LDAP tree if a previous entry already exists. - ldapsetpasswd : fixed a bug in wrong exit result, introduced by the use of a temporary file for changing password (ldapscripts 1.7.1). - ldapadduser : fixed typo when preserving permissions from HOMESKEL (cp -P -> -p). - all errors/warnings are now reported to STDERR (new warn_log function replaces several echo_log calls). Contributed from Adam Sommer (thanks a lot !) : - added -h and --help options for each command. - resolver functions (uid/gid <-> user/group) now try to use LDAP if local lookup (using pw or getent) fails. As a consequence, the scripts will *not* accept to use unresolved entries anymore (e.g. when adding memberUids). - it is now possible to set PASSWORDGEN to ''. You then will be prompted for a new password when adding a user with the 'ldapadduser' command. - added support for keyword in LDIF templates This new feature is available for ldapadduser, ldapaddgroup, ldapaddmachine and ldapinit. A new _askattrs fonction has been added to the runtime file. To use this feature, you may specify : ------ attributeName: ------ for example : ------ description: Entry for in my LDAP directory ------ in the templates used by the 4 commands above. Be careful, only one (the first one) will be replaced per line. Multivalued attributes are allowed (you can add several attributes sharing the same name and the option). As a consequence, the ASKGECOS option has been removed, since it can be performed using an option for the gecos attribute. Do not forget to update your configuration file and templates ! Internals : - various typos and fixes - runtime : - new is_b64, _b64decode, _utf8encode, _utf8decode functions. - new _getattribute and _askpassword functions. - new is_like function. - _genpassword : do not eval PASSWORDGEN if empty or set to "". - mktempf : added more entropy to _TMPFILE naming using /dev/random. As a consequence, availability of /dev/random on the client system is now mandatory to run the scripts. - sed and grep arguments cleanup (removed unnecessary -E and -e). - Makefile : - RUNDIR has been renamed to LIBDIR. New [un]installlib targets to [un]install the runtime file. - Replaced mkdir calls with 'install -d' ones (may not be available on every system). - Do not overwrite/delete configuration files / password file anymore if files exist or has changed (differ from .sample ones). That's all folks ;-) 2007/11/28 : ldapscripts 1.7.2 - runtime : Use 'trap - ' to restore traps instead of the uncommon 'trap -' syntax - runtime : Fix _changepasswd by removing the trailing newline character in the temporary file (echo -n) 2007/10/13 : ldapscripts 1.7.1 - Fixes for CVE-2007-5373 see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5373 and http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=445582 1) Up to now, each ldap* command was called with the -w parameter, which allows to specify the bind password on the command line. Unfortunately, this could make the password appear to anybody performing a `ps` during the call. This is now avoided by using the -y parameter and a password file. -> A new BINDPWDFILE option has been added : it specifies the path to the bind password file. This file can be created by something like : 'echo -n 'password' > $BINDPWDFILE' and you can now safely remove (or comment) the BINDPWD parameter from your configuration file. 2) Changing a user password could also reveal the new password on the command line, because of the use of ldappasswd's -s option. This has been fixed by using a temporary file containing the new password (and ldappassword's -T option). -> [internals] New mktempf() and reltempf() functions have been added [For older versions of OpenLDAP, -y and -T parameters may not be available. It is still possible to use the old BINDPWD parameter. Just uncomment it from the configuration file and comment the BINDPWDFILE parameter (which takes precedence over BINDPWD). The ldapscripts will just behave as previously and use inline -w and -s parameters, warning you this is not secure way of running them.] 3) A similar problem related to sed expressions has been found : it may also lead to reveal a user's password to `ps` users. This is now fixed by using temporary files containing sed expressions (and sed's -f option). 4) A new test has been added to check if 'echo' and '[' are built-in or not. If not, you'll be warned that the ldapscripts may not be safe to use (because these commands manipulate passwords when creating temporary files). -> [internals] New is_builtin() function Note that these flaws depend largely on your kernel configuration : hardened kernels should not be impacted (e.g. if you use security.bsd.see_other_[u|g]ids sysctls on FreeBSD). It may also depend on the version of OpenLDAP client commands you run. Thanks a lot to Don and Madcoder for their help ! - Few fixes to avoid using non-standard 'if ! command's... 2007/09/03 : ldapscripts 1.7 - Fixed several typos and bugs - _ldapinit : new options : '-r' and '-s' to create only the root dn ('-r'), or regular OUs ('-s') - [internals] Added the ability to select depth when using _extractldif() - [internals] New is_integer function - _lsldap : new options : '-u', '-g' and '-m', to list only 'u'ser, 'g'roup or 'm'achine entries - New _ldapmodify{user,group,machine} interactive scripts to edit entries - Added a new $TMPDIR configuration variable (necessary for the new scripts) - Added _ldapmodify{user,group,machine}(1) manpages - Now bundled with a brand-new Makefile (old install script no more available) 2007/04/20 : ldapscripts 1.6 - Fixed typos - internal _ldapsearch() improved - New _ldapfinger command to display a user/machine/group POSIX account's details - ldapadduser : new option to set the defaults permissions when creating home directories (thanks to Guillaume Rousse) - It is now possible to use a full URI instead of a name for the SERVER directive (thanks to Guillaume Rousse) - It is now possible to use external LDIF templates when creating a user/machine/group (thanks to Guillaume Rousse) See TEMPLATES options in the ldapscripts.conf file and *.template.sample files in the etc/ directory - Now use 'sort -n' instead of 'sort -g' when extracting the last account from the directory (thanks to Rudi van Drunen) - Added a 'description' attribute for group accounts 2007/01/03 : ldapscripts 1.5 - Fixed typos (thanks to Mikael Lammentausta) - Small fixes to the install script - ldapadduser : use $_UID instead of $_USER while chown'ing homedir (thanks to Mikael Lammentausta) - ldapadduser : new option to ask for the gecos (thanks to Mikael Lammentausta) - ldapadduser : new option to copy skeleton files to home directories (thanks to Mikael Lammentausta) - ldapadduser : now skip user's home dir creation if it already exists - ldapadduser/ldapaddmachine : modified account description attributes : set to 'User account' or 'Machine account' - ldapadduser/ldapaddgroup/ldapaddmachine : use $_USER and $_GROUP instead of $1 when possible - New _ldappasswd script to modify a user's password (suggested by Mikael Lammentausta) 2006/01/05 : ldapscripts 1.4 - More code cleaning !!! Code now clean... (and bug-free ???) - thanks to Madcoder for the help he provided ! - Removed dependency to slappasswd !!! Using ldappasswd instead (included in the standard ldap-client commands) - Added new ldaprenameuser command (uses ldapmodrdn included in the standard ldap-client commands) Add this to Samba 3.0.21's configuration file : rename user script = ldaprenameuser '%uold' '%unew' Warning : renaming an entry (user/group/machine) only involves renaming its RDN ! This means may have to change manually the account's homedir (user) and modify each group to include the new rdn (user/machine) as a memberuid. - Also added useful _ldaprenamegroup and _ldaprenamemachine scripts (not used by Samba) - A user/machine is now searched using its uid (no more use of its cn) - Full command now shown in logs - Modified README - New TODO file - Man pages (section 1 for each script, section 5 for a global "ldapscripts" manual) 2005/10/01 : ldapscripts 1.3 Compatibility rework / code cleaning - the scripts now work on FreeBSD ! - no more calls to "source", use . instead - now using "=" instead of "==" in test - now return 1 instead of -1 when an error occurs - added possibility to specify the getent command, so you can use pw instead (for FreeBSD) - added auto-guess for this command if left blank in conf file - split the horrible conf file into a real conf file and a "runtime" file 2005/07/15 : ldapscript 1.2 - applied patch from Vincent Esposito to make sure uid/gid/mid found in LDAP is higher than *START ones - small documentation modifications 2005/02/18 : ldapscripts 1.1 - added _ldapinit command, to inititalize an LDAP directory with a minimal hierarchy - added support for home directories creation (see ldapscripts.conf) - no more need for backslashes in user home directories and user shell in ldapscripts.conf - added support for initializing (randomized) passwords when adding a user. - Passwords can also be recorded into a log file when performing a massive user creation (see ldapscripts.conf) 2005/02/07 : ldapscripts 1.0 ldapscripts-2.0.6/etc/000755 001751 001751 00000000000 12564421677 016336 5ustar00martymacmartymac000000 000000 ldapscripts-2.0.6/sbin/000755 001751 001751 00000000000 12564421677 016516 5ustar00martymacmartymac000000 000000 ldapscripts-2.0.6/man/000755 001751 001751 00000000000 12175650671 016332 5ustar00martymacmartymac000000 000000 ldapscripts-2.0.6/VERSION000644 001751 001751 00000000006 12564423246 016621 0ustar00martymacmartymac000000 000000 2.0.6 ldapscripts-2.0.6/man/man5/000755 001751 001751 00000000000 12564421677 017176 5ustar00martymacmartymac000000 000000 ldapscripts-2.0.6/man/man1/000755 001751 001751 00000000000 12564421677 017172 5ustar00martymacmartymac000000 000000 ldapscripts-2.0.6/man/man1/ldapmodifygroup.1000644 001751 001751 00000003465 12562660062 022460 0ustar00martymacmartymac000000 000000 .\" Copyright (C) 2007-2015 Ganaël LAPLANCHE .\" .\" This program is free software; you can redistribute it and/or .\" modify it under the terms of the GNU General Public License .\" as published by the Free Software Foundation; either version 2 .\" of the License, or (at your option) any later version. .\" .\" This program is distributed in the hope that it will be useful, .\" but WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, .\" USA. .\" .\" Ganael Laplanche .\" ganael.laplanche@martymac.org .\" http://contribs.martymac.org .\" .TH ldapmodifygroup 1 "August 22, 2007" .SH NAME ldapmodifygroup \- modifies a POSIX group account in LDAP interactively .SH SYNOPSIS .B ldapmodifygroup .RB .SH DESCRIPTION ldapmodifygroup first looks for the right entry to modify. Once found, the entry is presented and you are prompted to enter LDIF data to modify it as you would do using a standard LDIF file and ldapmodify(1). The DN of the entry being modified is already specified : just begin with a changeType attribute or any other one(s) of your choice (in this case, the defaut changeType is 'modify'). .SH OPTIONS .TP .B The name or gid of the group to modify. .SH "SEE ALSO" ldapmodifyuser(1), ldapmodifymachine(1), ldapscripts(5). .SH AVAILABILITY The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). The latest version of the ldapscripts is available on : .B http://contribs.martymac.org .SH BUGS No bug known. ldapscripts-2.0.6/man/man1/ldapaddgroup.1000644 001751 001751 00000002700 12562660062 021710 0ustar00martymacmartymac000000 000000 .\" Copyright (C) 2006-2015 Ganaël LAPLANCHE .\" .\" This program is free software; you can redistribute it and/or .\" modify it under the terms of the GNU General Public License .\" as published by the Free Software Foundation; either version 2 .\" of the License, or (at your option) any later version. .\" .\" This program is distributed in the hope that it will be useful, .\" but WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, .\" USA. .\" .\" Ganael Laplanche .\" ganael.laplanche@martymac.org .\" http://contribs.martymac.org .\" .TH ldapaddgroup 1 "January 1, 2006" .SH NAME ldapaddgroup \- adds a POSIX group entry to LDAP. .SH SYNOPSIS .B ldapaddgroup .RB .RB [gid] .SH OPTIONS .TP .B The name of the group to add. .TP .B [gid] The gid of the group to add. Automatically computed if not specified. .SH "SEE ALSO" ldapadduser(1), ldapaddmachine(1), ldapscripts(5). .SH AVAILABILITY The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). The latest version of the ldapscripts is available on : .B http://contribs.martymac.org .SH BUGS No bug known. ldapscripts-2.0.6/man/man1/ldapmodifymachine.1000644 001751 001751 00000003537 12562660062 022730 0ustar00martymacmartymac000000 000000 .\" Copyright (C) 2007-2015 Ganaël LAPLANCHE .\" .\" This program is free software; you can redistribute it and/or .\" modify it under the terms of the GNU General Public License .\" as published by the Free Software Foundation; either version 2 .\" of the License, or (at your option) any later version. .\" .\" This program is distributed in the hope that it will be useful, .\" but WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, .\" USA. .\" .\" Ganael Laplanche .\" ganael.laplanche@martymac.org .\" http://contribs.martymac.org .\" .TH ldapmodifymachine 1 "August 22, 2007" .SH NAME ldapmodifymachine \- modifies a POSIX machine account in LDAP interactively .SH SYNOPSIS .B ldapmodifymachine .RB .SH DESCRIPTION ldapmodifymachine first looks for the right entry to modify. Once found, the entry is presented and you are prompted to enter LDIF data to modify it as you would do using a standard LDIF file and ldapmodify(1). The DN of the entry being modified is already specified : just begin with a changeType attribute or any other one(s) of your choice (in this case, the defaut changeType is 'modify'). .SH OPTIONS .TP .B The name or uid of the machine to modify. .SH "SEE ALSO" ldapmodifyuser(1), ldapmodifygroup(1), ldapscripts(5). .SH AVAILABILITY The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). The latest version of the ldapscripts is available on : .B http://contribs.martymac.org .SH BUGS No bug known. ldapscripts-2.0.6/man/man1/ldapsetprimarygroup.1000644 001751 001751 00000003113 12562660062 023356 0ustar00martymacmartymac000000 000000 .\" Copyright (C) 2006-2015 Ganaël LAPLANCHE .\" .\" This program is free software; you can redistribute it and/or .\" modify it under the terms of the GNU General Public License .\" as published by the Free Software Foundation; either version 2 .\" of the License, or (at your option) any later version. .\" .\" This program is distributed in the hope that it will be useful, .\" but WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, .\" USA. .\" .\" Ganael Laplanche .\" ganael.laplanche@martymac.org .\" http://contribs.martymac.org .\" .TH ldapsetprimarygroup 1 "January 1, 2006" .SH NAME ldapsetprimarygroup \- modifies the gidNumber of a POSIX user or machine account in LDAP (sets a user's primary group in LDAP). .SH SYNOPSIS .B ldapsetprimarygroup .RB .RB .SH OPTIONS .TP .B The name or uid of the user to modify. .TP .B The new primary group name or gid of the specified user. .SH "SEE ALSO" ldapaddusertogroup(1), ldapdeleteuserfromgroup(1), ldapscripts(5). .SH AVAILABILITY The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). The latest version of the ldapscripts is available on : .B http://contribs.martymac.org .SH BUGS No bug known. ldapscripts-2.0.6/man/man1/ldaprenamemachine.1000644 001751 001751 00000003312 12562660062 022677 0ustar00martymacmartymac000000 000000 .\" Copyright (C) 2006-2015 Ganaël LAPLANCHE .\" .\" This program is free software; you can redistribute it and/or .\" modify it under the terms of the GNU General Public License .\" as published by the Free Software Foundation; either version 2 .\" of the License, or (at your option) any later version. .\" .\" This program is distributed in the hope that it will be useful, .\" but WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, .\" USA. .\" .\" Ganael Laplanche .\" ganael.laplanche@martymac.org .\" http://contribs.martymac.org .\" .TH ldaprenamemachine 1 "January 1, 2006" .SH NAME ldaprenamemachine \- renames a POSIX machine account in LDAP. .SH SYNOPSIS .B ldaprenamemachine .RB .RB .SH OPTIONS .TP .B The old name or uid of the machine to rename. .TP .B The new name of the machine. .SH "SEE ALSO" ldaprenameuser(1), ldaprenamegroup(1), ldapscripts(5). .SH AVAILABILITY The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). The latest version of the ldapscripts is available on : .B http://contribs.martymac.org .SH LIMITATIONS Group entries will NOT be updated. This means several groups may contain machines that NO LONGER exist after having renamed a machine. .SH BUGS No bug known. ldapscripts-2.0.6/man/man1/ldapadduser.1000644 001751 001751 00000003031 12562660062 021530 0ustar00martymacmartymac000000 000000 .\" Copyright (C) 2006-2015 Ganaël LAPLANCHE .\" .\" This program is free software; you can redistribute it and/or .\" modify it under the terms of the GNU General Public License .\" as published by the Free Software Foundation; either version 2 .\" of the License, or (at your option) any later version. .\" .\" This program is distributed in the hope that it will be useful, .\" but WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, .\" USA. .\" .\" Ganael Laplanche .\" ganael.laplanche@martymac.org .\" http://contribs.martymac.org .\" .TH ldapadduser 1 "January 1, 2006" .SH NAME ldapadduser \- adds a POSIX user account to LDAP. .SH SYNOPSIS .B ldapadduser .RB .RB .RB [uid] .SH OPTIONS .TP .B The name of the user to add. .TP .B The group name or the gid of the user to add. .TP .B [uid] The uid of the user to add. Automatically computed if not specified. .SH "SEE ALSO" ldapaddgroup(1), ldapaddmachine(1), ldapscripts(5). .SH AVAILABILITY The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). The latest version of the ldapscripts is available on : .B http://contribs.martymac.org .SH BUGS No bug known. ldapscripts-2.0.6/man/man1/ldapfinger.1000644 001751 001751 00000003542 12562660062 021362 0ustar00martymacmartymac000000 000000 .\" Copyright (C) 2007-2015 Ganaël LAPLANCHE .\" .\" This program is free software; you can redistribute it and/or .\" modify it under the terms of the GNU General Public License .\" as published by the Free Software Foundation; either version 2 .\" of the License, or (at your option) any later version. .\" .\" This program is distributed in the hope that it will be useful, .\" but WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, .\" USA. .\" .\" Ganael Laplanche .\" ganael.laplanche@martymac.org .\" http://contribs.martymac.org .\" .TH ldapfinger 1 "February 1, 2007" .SH NAME ldapfinger \- displays a user/machine/group POSIX account's details. .SH SYNOPSIS .B ldapfinger .RB [-u | -g | -m] [username | machinename | groupname | uid | gid] .SH OPTIONS .TP .B [username | machinename | groupname | uid | gid] The name or id of the user, machine (with an ending $) or group you want to display. You may use a wildcard here to look for substrings. e.g. 'marty*' or '*mart*'. Acts on current user if nothing is specified. .TP .B [-u] Look for users only (by default, search the whole directory). .TP .B [-g] Look for groups only (by default, search the whole directory). .TP .B [-m] Look for machines only (by default, search the whole directory). .SH "SEE ALSO" lsldap(1), ldapid(1), ldapgid(1), ldapscripts(5). .SH AVAILABILITY The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). The latest version of the ldapscripts is available on : .B http://contribs.martymac.org .SH BUGS No bug known. ldapscripts-2.0.6/man/man1/ldapgid.1000644 001751 001751 00000003427 12562660062 020655 0ustar00martymacmartymac000000 000000 .\" Copyright (C) 2009-2015 Ganaël LAPLANCHE .\" .\" This program is free software; you can redistribute it and/or .\" modify it under the terms of the GNU General Public License .\" as published by the Free Software Foundation; either version 2 .\" of the License, or (at your option) any later version. .\" .\" This program is distributed in the hope that it will be useful, .\" but WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, .\" USA. .\" .\" Ganael Laplanche .\" ganael.laplanche@martymac.org .\" http://contribs.martymac.org .\" .TH ldapgid 1 "January 23, 2009" .SH NAME ldapgid \- displays a group's list of IDs the way ldapid(1) does. .SH SYNOPSIS .B ldapgid .RB [-P] .SH DESCRIPTION .TP The following is displayed : gid=gidNumber(cn) users(primary)=uidNumber(uid)[,uidNumber(uid)...] users(secondary)=uidNumber(uid)[,uidNumber(uid)...]. .TP users(primary) lists users having the group declared as their primary group. users(secondary) lists users using the group as a secondary one. .SH OPTIONS .TP .B Group name or GID of a group to show information about. .TP .B [-P] Display group information as a /etc/group file entry. .SH "SEE ALSO" ldapid(1), lsldap(1), ldapfinger(1), ldapscripts(5). .SH AVAILABILITY The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). The latest version of the ldapscripts is available on : .B http://contribs.martymac.org .SH BUGS No bug known. ldapscripts-2.0.6/man/man1/ldapaddusertogroup.1000644 001751 001751 00000003265 12562660062 023161 0ustar00martymacmartymac000000 000000 .\" Copyright (C) 2006-2015 Ganaël LAPLANCHE .\" .\" This program is free software; you can redistribute it and/or .\" modify it under the terms of the GNU General Public License .\" as published by the Free Software Foundation; either version 2 .\" of the License, or (at your option) any later version. .\" .\" This program is distributed in the hope that it will be useful, .\" but WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, .\" USA. .\" .\" Ganael Laplanche .\" ganael.laplanche@martymac.org .\" http://contribs.martymac.org .\" .TH ldapaddusertogroup 1 "January 1, 2006" .SH NAME ldapaddusertogroup \- adds a member to a group in LDAP. .SH SYNOPSIS .B ldapaddusertogroup .RB .RB .SH OPTIONS .TP .B The name or the uid of the user to add. It can be a machine name (with an ending $) or a user name. When working with groupOfNames or groupOfUniqueNames group entries, a full DN can also be provided. .TP .B The name or the gid of the group that should welcome the new user. .SH "SEE ALSO" ldapdeleteuserfromgroup(1), ldapsetprimarygroup(1), ldapscripts(5). .SH AVAILABILITY The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). The latest version of the ldapscripts is available on : .B http://contribs.martymac.org .SH BUGS No bug known ldapscripts-2.0.6/man/man1/ldapdeletemachine.1000644 001751 001751 00000002735 12562660062 022702 0ustar00martymacmartymac000000 000000 .\" Copyright (C) 2006-2015 Ganaël LAPLANCHE .\" .\" This program is free software; you can redistribute it and/or .\" modify it under the terms of the GNU General Public License .\" as published by the Free Software Foundation; either version 2 .\" of the License, or (at your option) any later version. .\" .\" This program is distributed in the hope that it will be useful, .\" but WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, .\" USA. .\" .\" Ganael Laplanche .\" ganael.laplanche@martymac.org .\" http://contribs.martymac.org .\" .TH ldapdeletemachine 1 "January 1, 2006" .SH NAME ldapdeletemachine \- deletes a POSIX machine (user$) account from LDAP. .SH SYNOPSIS .B ldapdeletemachine .RB .SH OPTIONS .TP .B The name of the machine account (including the ending $) to delete. .SH "SEE ALSO" ldapdeleteuser(1), ldepdeletegroup(1), ldapscripts(5). .SH AVAILABILITY The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). The latest version of the ldapscripts is available on : .B http://contribs.martymac.org .SH BUGS No bug known. ldapscripts-2.0.6/man/man1/lsldap.1000644 001751 001751 00000003067 12562660062 020530 0ustar00martymacmartymac000000 000000 .\" Copyright (C) 2006-2015 Ganaël LAPLANCHE .\" .\" This program is free software; you can redistribute it and/or .\" modify it under the terms of the GNU General Public License .\" as published by the Free Software Foundation; either version 2 .\" of the License, or (at your option) any later version. .\" .\" This program is distributed in the hope that it will be useful, .\" but WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, .\" USA. .\" .\" Ganael Laplanche .\" ganael.laplanche@martymac.org .\" http://contribs.martymac.org .\" .TH lsldap 1 "January 1, 2006" .SH NAME lsldap \- performs a *big* query on the LDAP directory. .SH SYNOPSIS .B lsldap .RB [[-h] | [-u | -g | -m]] .SH OPTIONS .TP .B [-h] This help. .TP .B [-u] List users only (by default, try to list the whole directory). .TP .B [-g] List groups only (by default, try to list the whole directory). .TP .B [-m] List machines only (by default, try to list the whole directory). .SH "SEE ALSO" ldapfinger(1), ldapid(1), ldapgid(1), ldapscripts(5). .SH AVAILABILITY The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). The latest version of the ldapscripts is available on : .B http://contribs.martymac.org .SH BUGS No bug known. ldapscripts-2.0.6/man/man1/ldapdeletegroup.1000644 001751 001751 00000003057 12562660062 022430 0ustar00martymacmartymac000000 000000 .\" Copyright (C) 2006-2015 Ganaël LAPLANCHE .\" .\" This program is free software; you can redistribute it and/or .\" modify it under the terms of the GNU General Public License .\" as published by the Free Software Foundation; either version 2 .\" of the License, or (at your option) any later version. .\" .\" This program is distributed in the hope that it will be useful, .\" but WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, .\" USA. .\" .\" Ganael Laplanche .\" ganael.laplanche@martymac.org .\" http://contribs.martymac.org .\" .TH ldapdeletegroup 1 "January 1, 2006" .SH NAME ldapdeletegroup \- deletes a POSIX group account from LDAP. .SH SYNOPSIS .B ldapdeletegroup .RB .SH OPTIONS .TP .B The name or gid of the group to delete. .SH "SEE ALSO" ldapdeleteuser(1), ldapdeletemachine(1), ldapscripts(5). .SH AVAILABILITY The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). The latest version of the ldapscripts is available on : .B http://contribs.martymac.org .SH LIMITATIONS A user's primary group can be deleted ; the user entry will NOT be updated. This means the user will belong to a group that not longer exists. .SH BUGS No bug known. ldapscripts-2.0.6/man/man1/ldaprenamegroup.1000644 001751 001751 00000002732 12562660062 022434 0ustar00martymacmartymac000000 000000 .\" Copyright (C) 2006-2015 Ganaël LAPLANCHE .\" .\" This program is free software; you can redistribute it and/or .\" modify it under the terms of the GNU General Public License .\" as published by the Free Software Foundation; either version 2 .\" of the License, or (at your option) any later version. .\" .\" This program is distributed in the hope that it will be useful, .\" but WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, .\" USA. .\" .\" Ganael Laplanche .\" ganael.laplanche@martymac.org .\" http://contribs.martymac.org .\" .TH ldaprenamegroup 1 "January 1, 2006" .SH NAME ldaprenamegroup \- renames a POSIX group in LDAP. .SH SYNOPSIS .B ldaprenamegroup .RB .RB .SH OPTIONS .TP .B The old name or gid of the group to rename. .TP .B The new name of the group. .SH "SEE ALSO" ldaprenameuser(1), ldaprenamemachine(1), ldapscripts(5). .SH AVAILABILITY The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). The latest version of the ldapscripts is available on : .B http://contribs.martymac.org .SH BUGS No bug known. ldapscripts-2.0.6/man/man1/ldapdeleteuser.1000644 001751 001751 00000002612 12562660062 022246 0ustar00martymacmartymac000000 000000 .\" Copyright (C) 2006-2015 Ganaël LAPLANCHE .\" .\" This program is free software; you can redistribute it and/or .\" modify it under the terms of the GNU General Public License .\" as published by the Free Software Foundation; either version 2 .\" of the License, or (at your option) any later version. .\" .\" This program is distributed in the hope that it will be useful, .\" but WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, .\" USA. .\" .\" Ganael Laplanche .\" ganael.laplanche@martymac.org .\" http://contribs.martymac.org .\" .TH ldapdeleteuser 1 "January 1, 2006" .SH NAME ldapdeleteuser \- deletes a POSIX user account from LDAP. .SH SYNOPSIS .B ldapdeleteuser .RB .SH OPTIONS .TP .B The name or uid of the user to delete. .SH "SEE ALSO" ldapdeletegroup(1), ldapdeletemachine(1), ldapscripts(5). .SH AVAILABILITY The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). The latest version of the ldapscripts is available on : .B http://contribs.martymac.org .SH BUGS No bug known. ldapscripts-2.0.6/man/man1/ldapmodifyuser.1000644 001751 001751 00000003456 12562660062 022302 0ustar00martymacmartymac000000 000000 .\" Copyright (C) 2007-2015 Ganaël LAPLANCHE .\" .\" This program is free software; you can redistribute it and/or .\" modify it under the terms of the GNU General Public License .\" as published by the Free Software Foundation; either version 2 .\" of the License, or (at your option) any later version. .\" .\" This program is distributed in the hope that it will be useful, .\" but WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, .\" USA. .\" .\" Ganael Laplanche .\" ganael.laplanche@martymac.org .\" http://contribs.martymac.org .\" .TH ldapmodifyuser 1 "August 22, 2007" .SH NAME ldapmodifyuser \- modifies a POSIX user account in LDAP interactively .SH SYNOPSIS .B ldapmodifyuser .RB .SH DESCRIPTION ldapmodifyuser first looks for the right entry to modify. Once found, the entry is presented and you are prompted to enter LDIF data to modify it as you would do using a standard LDIF file and ldapmodify(1). The DN of the entry being modified is already specified : just begin with a changeType attribute or any other one(s) of your choice (in this case, the defaut changeType is 'modify'). .SH OPTIONS .TP .B The name or uid of the user to modify. .SH "SEE ALSO" ldapmodifygroup(1), ldapmodifymachine(1), ldapscripts(5). .SH AVAILABILITY The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). The latest version of the ldapscripts is available on : .B http://contribs.martymac.org .SH BUGS No bug known. ldapscripts-2.0.6/man/man1/ldapinit.1000644 001751 001751 00000002706 12562660062 021054 0ustar00martymacmartymac000000 000000 .\" Copyright (C) 2006-2015 Ganaël LAPLANCHE .\" .\" This program is free software; you can redistribute it and/or .\" modify it under the terms of the GNU General Public License .\" as published by the Free Software Foundation; either version 2 .\" of the License, or (at your option) any later version. .\" .\" This program is distributed in the hope that it will be useful, .\" but WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, .\" USA. .\" .\" Ganael Laplanche .\" ganael.laplanche@martymac.org .\" http://contribs.martymac.org .\" .TH ldapinit 1 "January 1, 2006" .SH NAME ldapinit \- initializes the LDAP directory with a minimal tree. .SH SYNOPSIS .B ldapinit .RB [[-h] | [-r | -s]] .SH OPTIONS .TP .B [-h] This help. .TP .B [-r] Create only the root DN. .TP .B [-s] Skip root DN creation (create only regular OUs). .SH "SEE ALSO" lsldap(1), ldapfinger(1), ldapid(1), ldapgid(1), ldapscripts(5). .SH AVAILABILITY The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). The latest version of the ldapscripts is available on : .B http://contribs.martymac.org .SH BUGS No bug known. ldapscripts-2.0.6/man/man1/ldapid.1000644 001751 001751 00000003131 12562660062 020476 0ustar00martymacmartymac000000 000000 .\" Copyright (C) 2008-2015 Ganaël LAPLANCHE .\" .\" This program is free software; you can redistribute it and/or .\" modify it under the terms of the GNU General Public License .\" as published by the Free Software Foundation; either version 2 .\" of the License, or (at your option) any later version. .\" .\" This program is distributed in the hope that it will be useful, .\" but WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, .\" USA. .\" .\" Ganael Laplanche .\" ganael.laplanche@martymac.org .\" http://contribs.martymac.org .\" .TH ldapid 1 "July 1, 2008" .SH NAME ldapid \- displays a user's list of IDs the way 'id' does. .TP The following is displayed : uid=uidNumber(uid) gid=gidNumber(cn) groups=gidNumber(cn)[,gidNumber(cn)...]. .SH SYNOPSIS .B ldapid .RB [-P] [username | uid] .SH OPTIONS .TP .B [username | uid] Login or UID of a user to show information about. Acts on current user if not specified. .TP .B [-P] Display user information as a password file entry. .SH "SEE ALSO" ldapgid(1), lsldap(1), ldapfinger(1), ldapscripts(5). .SH AVAILABILITY The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). The latest version of the ldapscripts is available on : .B http://contribs.martymac.org .SH BUGS No bug known. ldapscripts-2.0.6/man/man1/ldapdeleteuserfromgroup.1000644 001751 001751 00000003400 12562660062 024203 0ustar00martymacmartymac000000 000000 .\" Copyright (C) 2006-2015 Ganaël LAPLANCHE .\" .\" This program is free software; you can redistribute it and/or .\" modify it under the terms of the GNU General Public License .\" as published by the Free Software Foundation; either version 2 .\" of the License, or (at your option) any later version. .\" .\" This program is distributed in the hope that it will be useful, .\" but WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, .\" USA. .\" .\" Ganael Laplanche .\" ganael.laplanche@martymac.org .\" http://contribs.martymac.org .\" .TH ldapdeleteuserfromgroup 1 "January 1, 2006" .SH NAME ldapdeleteuserfromgroup \- deletes a member from a group in LDAP. .SH SYNOPSIS .B ldapdeleteuserfromgroup .RB .RB .SH OPTIONS .TP .B The name of the user to delete. It can be a machine name (with an ending $) or a user name. When working with groupOfNames or groupOfUniqueNames group entries, a full DN can also be provided to permit deletion of an entry that does not exist anymore in the directory. .TP .B The name or the gid of the group that should say goodbye to the user. .SH "SEE ALSO" ldapaddusertogroup(1), ldapsetprimarygroup(1), ldapscripts(5). .SH AVAILABILITY The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). The latest version of the ldapscripts is available on : .B http://contribs.martymac.org .SH BUGS No bug known. ldapscripts-2.0.6/man/man1/ldapsetpasswd.1000644 001751 001751 00000003765 12562660062 022134 0ustar00martymacmartymac000000 000000 .\" Copyright (C) 2006-2015 Ganaël LAPLANCHE .\" .\" This program is free software; you can redistribute it and/or .\" modify it under the terms of the GNU General Public License .\" as published by the Free Software Foundation; either version 2 .\" of the License, or (at your option) any later version. .\" .\" This program is distributed in the hope that it will be useful, .\" but WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, .\" USA. .\" .\" Ganael Laplanche .\" ganael.laplanche@martymac.org .\" http://contribs.martymac.org .\" .TH ldapsetpasswd 1 "November 1, 2006" .SH NAME ldapsetpasswd \- modifies a POSIX user account's password in LDAP. .SH SYNOPSIS .B ldapsetpasswd .RB .RB [encoded password] .SH OPTIONS .TP .B The name or uid of the user whose password has to be modified. .TP .B [encoded password] If specified this way, the password will be copied verbatim into the LDAP directory. If not specified, you will be prompted for a password that will be changed using the ldappasswd(1) command. .SH "SEE ALSO" ldapfinger(1), ldapid(1), ldapgid(1), ldapscripts(5). .SH AVAILABILITY The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). The latest version of the ldapscripts is available on : .B http://contribs.martymac.org .SH LIMITATIONS When used interactively, passwords generated with this command are propagated with the ldappasswd(1) command. Thus, the resulting format depends on the 'password-hash' option of your server's slapd.conf(5) file. You can always force an encoded password (using the hash format of your choice) by specifying it on the command line. .SH BUGS No bug known. ldapscripts-2.0.6/man/man1/ldapaddmachine.1000644 001751 001751 00000003250 12562660062 022161 0ustar00martymacmartymac000000 000000 .\" Copyright (C) 2006-2015 Ganaël LAPLANCHE .\" .\" This program is free software; you can redistribute it and/or .\" modify it under the terms of the GNU General Public License .\" as published by the Free Software Foundation; either version 2 .\" of the License, or (at your option) any later version. .\" .\" This program is distributed in the hope that it will be useful, .\" but WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, .\" USA. .\" .\" Ganael Laplanche .\" ganael.laplanche@martymac.org .\" http://contribs.martymac.org .\" .TH ldapaddmachine 1 "January 1, 2006" .SH NAME ldapaddmachine \- adds a POSIX machine (user$) account to LDAP. .SH SYNOPSIS .B ldapaddmachine .RB .RB .RB [uid] .SH OPTIONS .TP .B The name of the machine to add. It must include the ending dollar (the famous win32 machine name specification). .TP .B The group name or the gid of the machine to add. .TP .B [uid] The uid of the machine to add. Automatically computed if not specified. .SH "SEE ALSO" ldapadduser(1), ldapaddgroup(1), ldapscripts(5). .SH AVAILABILITY The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). The latest version of the ldapscripts is available on : .B http://contribs.martymac.org .SH BUGS No bug known. ldapscripts-2.0.6/man/man1/ldaprenameuser.1000644 001751 001751 00000003305 12562660062 022253 0ustar00martymacmartymac000000 000000 .\" Copyright (C) 2006-2015 Ganaël LAPLANCHE .\" .\" This program is free software; you can redistribute it and/or .\" modify it under the terms of the GNU General Public License .\" as published by the Free Software Foundation; either version 2 .\" of the License, or (at your option) any later version. .\" .\" This program is distributed in the hope that it will be useful, .\" but WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, .\" USA. .\" .\" Ganael Laplanche .\" ganael.laplanche@martymac.org .\" http://contribs.martymac.org .\" .TH _ldaprenameuser 1 "January 1, 2006" .SH NAME _ldaprenameuser \- renames a POSIX user account in LDAP. .SH SYNOPSIS .B _ldaprenameuser .RB .RB .SH OPTIONS .TP .B The old name or uid of the user to rename. .TP .B The new name of the user. .SH "SEE ALSO" ldaprenamegroup(1), ldaprenamemachine(1), ldapscripts(5). .SH AVAILABILITY The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). The latest version of the ldapscripts is available on : .B http://contribs.martymac.org .SH LIMITATIONS Group entries will NOT be updated. This means several groups may contain users that NO LONGER exist after having renamed a user. Home directories are NOT renamed (neither in he LDAP directory, nor on the filesystem). .SH BUGS No bug known. ldapscripts-2.0.6/man/man5/ldapscripts.5000644 001751 001751 00000011421 12562660062 021602 0ustar00martymacmartymac000000 000000 .\" Copyright (C) 2006-2015 Ganaël LAPLANCHE .\" .\" This program is free software; you can redistribute it and/or .\" modify it under the terms of the GNU General Public License .\" as published by the Free Software Foundation; either version 2 .\" of the License, or (at your option) any later version. .\" .\" This program is distributed in the hope that it will be useful, .\" but WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program; if not, write to the Free Software .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, .\" USA. .\" .\" Ganael Laplanche .\" ganael.laplanche@martymac.org .\" http://contribs.martymac.org .\" .TH ldapscripts 5 "January 1, 2006" .SH NAME ldapscripts \- Scripts to manage POSIX accounts in your LDAP directory. .SH DESCRIPTION The ldapscripts are a set of shell (sh) scripts designed to manage POSIX accounts in an OpenLDAP directory. They can be used as standalone tools or within Samba 3.x's smb.conf file. .SH REQUIREMENTS The main requirements are the OpenLDAP client tools (ldapadd, ldapsearch, ldapdelete, ...). Other commands are called in the scripts but should come with your OS (sed, grep, cut, ...). .SH CONFIGURATION The main configuration of the ldapscripts is usually the file /etc/ldapscripts/ldapscripts.conf (or /usr/local/etc/ldapscripts/ldapscripts.conf, depending on your system). Modify it to fit your needs before using the scripts. Each script also uses a "runtime" file, usually /usr/lib/ldapscripts/runtime (or /usr/local/lib/ldapscripts/runtime). You don't need to modify this file. .SH TEMPLATES Each script that adds information to the directory uses a template. Templates are directly embedded at the end of the scripts but it is also possible to use external template files (see GTEMPLATE, UTEMPLATE and MTEMPLATE variables in the configuration file). Each template consists of a preformatted LDIF file using special keywords that will be replaced on-the-fly. Sample files are provided for your convenience : ldapaddgroup.template.sample, ldapadduser.template.sample and ldapaddmachine.template.sample. It is strongly advised to use those files instead of modifying the embedded (default) templates in the scripts. Sample templates include every keyword you can use. One special additional keyword is the keyword that will trigger user input to get the attribute value interactively. .SH "USING AS STANDALONE TOOLS" Each script can be used as a standard command-line tool. Check their man pages to get help. .SH "USING WITH SAMBA 3.x" Each Samba 3.x smb.conf "xxx script" option has a matching script. Modify you smb.conf file this way to call them : .nf # [...] add machine script = /usr/local/sbin/ldapaddmachine '%u' sambamachines add user script = /usr/local/sbin/ldapadduser '%u' sambausers add group script = /usr/local/sbin/ldapaddgroup '%g' add user to group script = /usr/local/sbin/ldapaddusertogroup '%u' '%g' delete user script = /usr/local/sbin/ldapdeleteuser '%u' delete group script = /usr/local/sbin/ldapdeletegroup '%g' delete user from group script = /usr/local/sbin/ldapdeleteuserfromgroup '%u' '%g' set primary group script = /usr/local/sbin/ldapsetprimarygroup '%u' '%g' rename user script = /usr/local/sbin/ldaprenameuser '%uold' '%unew' # [...] .SH "SEE ALSO" ldapdeletemachine(1), ldapmodifymachine(1), ldaprenamemachine(1), ldapadduser(1), ldapdeleteuserfromgroup(1), ldapfinger(1), ldapid(1), ldapmodifyuser(1), lsldap(1), ldapaddusertogroup(1), ldaprenameuser(1), ldapinit(1), ldapsetpasswd(1), ldapaddgroup(1), ldapdeletegroup(1), ldapsetprimarygroup(1), ldapmodifygroup(1), ldaprenamegroup(1), ldapaddmachine(1), ldapdeleteuser(1). .SH AVAILABILITY The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). The latest version of the ldapscripts is available on : .B http://contribs.martymac.org .SH BUGS Sometimes, that kind of message may appear in the log file : .B "Additional information: value does not conform to assertion syntax". Setting slapd's debug level to 32 shows additional details : .B "get_ava: illegal value for attributeType uidNumber". This is *not* a bug : the ldapscripts tend to use the power of LDAP filters to easily find users (or groups) using either a uidNumber (numerical value) or a uid (string value). The following filter (used by ldapfinger(1)) will generate the above message if $_USER is a login : "(|(&(objectClass=posixAccount)(|(uid=$_USER)(uidNumber=$_USER)))(&(objectClass=posixGroup)(|(cn=$_USER)(gidNumber=$_USER))))" because filter part "(uidNumber=$_USER)" requires an integer but gets a string. You can mostly ignore those warnings. ldapscripts-2.0.6/sbin/ldapid000755 001751 001751 00000010225 12562660062 017670 0ustar00martymacmartymac000000 000000 #!/bin/sh # ldapid : displays a user's list of IDs # Copyright (C) 2008-2015 Ganaël LAPLANCHE # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. if [ "$1" = "-h" ] || [ "$1" = "--help" ] then echo "Usage : $0 [-P] [username | uid]" exit 1 fi # Source runtime file _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" . "$_RUNTIMEFILE" # Parse options case "$1" in "-P") # Passwd-like display requested if [ -z "$2" ] then # Current user _USER="$USER" else _USER="$2" fi ;; "") # Standard display requested (current user) _USER="$USER" ;; *) # Standard display requested (with arg) _USER="$1" ;; esac # Check username _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$_USER)(uidNumber=$_USER)))" [ -z "$_ENTRY" ] && end_die "User $_USER not found in LDAP" # Get each (common) attribute # uidNumber _getattribute "$_ENTRY" "uidNumber" [ -z "$_ATTRIBUTE" ] && end_die "Error getting user attribute from LDAP (uidNumber)" _UIDNUMBER="$_ATTRIBUTE" # uid (login) _getattribute "$_ENTRY" "uid" [ -z "$_ATTRIBUTE" ] && end_die "Error getting user attribute from LDAP (uid)" _UID="$_ATTRIBUTE" # gidNumber _getattribute "$_ENTRY" "gidNumber" [ -z "$_ATTRIBUTE" ] && end_die "Error getting user attribute from LDAP (gidNumber)" _PRIMARYGID="$_ATTRIBUTE" case "$1" in "-P") # Passwd-like display requested # Fetch additional attributes _getattribute "$_ENTRY" "gecos" _GECOS=${_ATTRIBUTE:-""} _getattribute "$_ENTRY" "homeDirectory" _HOMEDIR=${_ATTRIBUTE:-""} _getattribute "$_ENTRY" "loginShell" _SHELL=${_ATTRIBUTE:-""} _getattribute "$_ENTRY" "userPassword" _PASSWD=${_ATTRIBUTE:-""} is_yes "$_B64" && _PASSWD=$(echo -n $_PASSWD | _b64decode | _utf8decode) # Remove leading encoding scheme _PASSWD=$(echo $_PASSWD | sed "s|{.*}||") # Prepare output _OUTPUT="$_UID:$_PASSWD:$_UIDNUMBER:$_PRIMARYGID::0:0" _OUTPUT="$_OUTPUT:$_GECOS:$_HOMEDIR:$_SHELL" ;; *) # Standard display requested (current user) # Compute additional attribute : primary group name _PRIMARYGROUP=$(_gidtogroup "$_PRIMARYGID") [ -z "$_PRIMARYGROUP" ] && end_die "Cannot resolve gid $_PRIMARYGID to group : not found" # Prepare output _OUTPUT="uid=$_UIDNUMBER($_UID) gid=$_PRIMARYGID($_PRIMARYGROUP)" _OUTPUT="$_OUTPUT groups=$_PRIMARYGID($_PRIMARYGROUP)" # Get secondary groups (posixGroup) _SECONDARYGIDS=$(_ldapsearch "$GSUFFIX,$SUFFIX" "(&(objectClass=posixGroup)(memberUid=$_UID))" gidNumber | grep "gidNumber: " | sed "s|gidNumber: ||") for _SECONDARYGID in $_SECONDARYGIDS do _GID=$(_gidtogroup "$_SECONDARYGID") [ -z "$_GID" ] && end_die "Cannot resolve gid $_SECONDARYGID to group : not found" _OUTPUT="$_OUTPUT,$_SECONDARYGID($_GID)" done # Get member groups (groupOfNames, groupOfUniqueNames) if [ "$GCLASS" != "posixGroup" ] then _MEMBERGIDS=$(_ldapsearch "$GSUFFIX,$SUFFIX" "(&(objectClass=$GCLASS)($_GMEMBERATTR=$_ENTRY))" gidNumber | grep "gidNumber: " | sed "s|gidNumber: ||") _FIRSTPASS="" for _MEMBERGID in $_MEMBERGIDS do _GID=$(_gidtogroup "$_MEMBERGID") [ -z "$_GID" ] && end_die "Cannot resolve gid $_MEMBERGID to group : not found" if [ -z "$_FIRSTPASS" ] then _OUTPUT="$_OUTPUT groups(member)=$_MEMBERGID($_GID)" _FIRSTPASS="done" else _OUTPUT="$_OUTPUT,$_MEMBERGID($_GID)" fi done fi ;; esac # Display result echo $_OUTPUT && end_ok ldapscripts-2.0.6/sbin/lsldap000755 001751 001751 00000003173 12562660062 017716 0ustar00martymacmartymac000000 000000 #!/bin/sh # lsldap : performs a *big* query on the LDAP directory # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora # Copyright (C) 2006-2015 Ganaël LAPLANCHE # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. # WARNING : this script searches the whole directory as $BINDDN... # It may be *VERY* long and return a limited number of entries # Always use slapcat to backup your directory !!! if [ "$1" = "-h" ] || [ "$1" = "--help" ] then echo "Usage : $0 [[-h] | [-u | -g | -m]]" exit 1 fi # Source runtime file _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" . "$_RUNTIMEFILE" case "$1" in "-u") _ldapsearch "$USUFFIX,$SUFFIX" "(objectClass=posixAccount)" || end_die "No entry found" ;; "-g") _ldapsearch "$GSUFFIX,$SUFFIX" "(objectClass=$GCLASS)" || end_die "No entry found" ;; "-m") _ldapsearch "$MSUFFIX,$SUFFIX" "(objectClass=posixAccount)" || end_die "No entry found" ;; *) _ldapsearch "$SUFFIX" || end_die "No entry found" ;; esac end_ok ldapscripts-2.0.6/sbin/ldapmodifygroup000755 001751 001751 00000003447 12562660062 021650 0ustar00martymacmartymac000000 000000 #!/bin/sh # ldapmodifygroup : modifies a POSIX group account in LDAP interactively # Copyright (C) 2007-2015 Ganaël LAPLANCHE # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] then echo "Usage : $0 " exit 1 fi # Source runtime file _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" . "$_RUNTIMEFILE" # Find groupname : $1 must exist in LDAP ! _findentry "$GSUFFIX,$SUFFIX" "(&(objectClass=$GCLASS)(|(cn=$1)(gidNumber=$1)))" [ -z "$_ENTRY" ] && end_die "Group $1 not found in LDAP" # Allocate and create temp file mktempf echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" # Display entry echo "# About to modify the following entry :" _ldapsearch "$_ENTRY" # Edit entry echo "# Enter your modifications here, end with CTRL-D." echo "dn: $_ENTRY" cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" # Send modifications cat "$_TMPFILE" | _utf8encode | _ldapmodify if [ $? -ne 0 ] then reltempf end_die "Error modifying group entry $_ENTRY in LDAP" fi reltempf end_ok "Successfully modified group entry $_ENTRY in LDAP" ldapscripts-2.0.6/sbin/ldapmodifymachine000755 001751 001751 00000003540 12562660062 022112 0ustar00martymacmartymac000000 000000 #!/bin/sh # ldapmodifymachine : modifies a POSIX machine account in LDAP interactively # Copyright (C) 2007-2015 Ganaël LAPLANCHE # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] then echo "Usage : $0 " exit 1 fi # Source runtime file _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" . "$_RUNTIMEFILE" # Find machinename : $1 must exist in LDAP ! _findentry "$MSUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" [ -z "$_ENTRY" ] && end_die "Machine $1 not found in LDAP (missing ending \$ ?)" # Allocate and create temp file mktempf echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" # Display entry echo "# About to modify the following entry :" _ldapsearch "$_ENTRY" # Edit entry echo "# Enter your modifications here, end with CTRL-D." echo "dn: $_ENTRY" cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" # Send modifications cat "$_TMPFILE" | _utf8encode | _ldapmodify if [ $? -ne 0 ] then reltempf end_die "Error modifying machine entry $_ENTRY in LDAP" fi reltempf end_ok "Successfully modified machine entry $_ENTRY in LDAP" ldapscripts-2.0.6/sbin/ldapaddgroup000755 001751 001751 00000004131 12562660062 021100 0ustar00martymacmartymac000000 000000 #!/bin/sh # ldapaddgroup : adds a POSIX group entry to LDAP # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora # Copyright (C) 2006-2015 Ganaël LAPLANCHE # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] then echo "Usage : $0 [gid]" exit 1 fi # Source runtime file _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" . "$_RUNTIMEFILE" # Group name _GROUP="$1" # Group GID if [ -z "$2" ] # No argument, we must find a correct GID then _GID=$(_findnextgid) [ -z "_GID" ] && end_die "Cannot guess next free group id" else _GID="$2" fi # Use template if necessary if [ -n "$GTEMPLATE" ] && [ -r "$GTEMPLATE" ] then _getldif="cat $GTEMPLATE" else case $GCLASS in posixGroup) _getldif="_extractldif 2" ;; *) _getldif="_extractldif 3" ;; esac fi # Add user to LDAP $_getldif | _filterldif | _askattrs | _utf8encode | _ldapadd [ $? -eq 0 ] || end_die "Error adding group $_GROUP to LDAP" end_ok "Successfully added group $_GROUP to LDAP" # Ldif templates ################################# # # PosixGroup (level "2") : ##dn: cn=,, ##objectClass: ##cn: ##gidNumber: ##description: Group account # # Others (level "3") - RFC 2307bis : ###dn: cn=,, ###objectClass: posixGroup ###objectClass: ###cn: ###gidNumber: ###description: Group account ###: ldapscripts-2.0.6/sbin/ldapaddmachine000755 001751 001751 00000004126 12562660062 021354 0ustar00martymacmartymac000000 000000 #!/bin/sh # ldapaddmachine : adds a POSIX machine (user$) account to LDAP # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora # Copyright (C) 2006-2015 Ganaël LAPLANCHE # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. if [ -z "$1" ] || [ -z "$2" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] then echo "Usage : $0 [uid]" exit 1 fi # Source runtime file _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" . "$_RUNTIMEFILE" # Machine name = first argument _USER="$1" # Machine GID = second argument _GID=$(_grouptogid "$2") [ -z "$_GID" ] && end_die "Cannot resolve group $2 to gid : not found" # Machine UID if [ -z "$3" ] # No argument, we must find a correct UID then _UID=$(_findnextmid) [ -z "_UID" ] && end_die "Cannot guess next free machine id" else _UID="$3" fi # Use template if necessary if [ -n "$MTEMPLATE" ] && [ -r "$MTEMPLATE" ] then _getldif="cat $MTEMPLATE" else _getldif="_extractldif 2" fi # Add user to LDAP $_getldif | _filterldif | _askattrs | _utf8encode | _ldapadd [ $? -eq 0 ] || end_die "Error adding machine $_USER to LDAP" end_ok "Successfully added machine $_USER to LDAP" # Ldif template ################################## ##dn: uid=,, ##objectClass: account ##objectClass: posixAccount ##cn: ##uid: ##uidNumber: ##gidNumber: ##homeDirectory: /dev/null ##loginShell: /bin/false ##gecos: ##description: Machine account ldapscripts-2.0.6/sbin/ldapsetprimarygroup000755 001751 001751 00000003475 12562660062 022561 0ustar00martymacmartymac000000 000000 #!/bin/sh # ldapsetprimarygroup : modifies the gidNumber of a POSIX user or machine account in LDAP # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora # Copyright (C) 2006-2015 Ganaël LAPLANCHE # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. if [ -z "$1" ] || [ -z "$2" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] then echo "Usage : $0 " exit 1 fi # Source runtime file _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" . "$_RUNTIMEFILE" # Check username : $1 must exist in LDAP ! Lookup base = global $SUFFIX, to work on machine and user accounts _findentry "$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" [ -z "$_ENTRY" ] && end_die "User $1 not found" # Check groupname : $2 _GID=$(_grouptogid "$2") [ -z "$_GID" ] && end_die "Cannot resolve group $2 to gid : not found" # Modify user entry _extractldif 2 | _filterldif | _utf8encode | _ldapmodify [ $? -eq 0 ] || end_die "Error setting primary group for user $1 (to group $2)" end_ok "Successfully set primary group for user $1 (to group $2)" # Ldif template ################################## ##dn: ##changetype: modify ##replace: gidNumber ##gidNumber: ldapscripts-2.0.6/sbin/ldapaddusertogroup000755 001751 001751 00000005361 12562660062 022350 0ustar00martymacmartymac000000 000000 #!/bin/sh # ldapaddusertogroup : adds a member to a group in LDAP # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora # Copyright (C) 2006-2015 Ganaël LAPLANCHE # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. if [ -z "$1" ] || [ -z "$2" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] then echo "Usage : $0 " exit 1 fi # Source runtime file _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" . "$_RUNTIMEFILE" case $GCLASS in posixGroup) # Check username : $1 _UID=$(_uidtouser "$1") [ -z "$_UID" ] && end_die "Cannot resolve uid $1 to user : not found" # Check groupname : $2 must exist in LDAP ! _findentry "$GSUFFIX,$SUFFIX" "(&(objectClass=posixGroup)(!(memberUid=$_UID))(|(cn=$2)(gidNumber=$2)))" [ -z "$_ENTRY" ] && end_die "Group $2 not found (or $_UID already member of $2)" # Modify group entry _extractldif 2 | _filterldif | _utf8encode | _ldapmodify ;; *) if is_valid_dn "$1" then # DN supplied as first argument, check it : $1 must exist in LDAP ! _getattribute "$1" "uid" [ -z "$_ATTRIBUTE" ] && end_die "User DN $1 not found in LDAP" # DN is OK, keep it _UDN="$1" else # UID or username supplied, check it : $1 must exist in LDAP ! _UDN=$(_uidtodn "$1") [ -z "$_UDN" ] && end_die "Cannot resolve uid $1 to DN : not found" fi # Check groupname : $2 must exist in LDAP ! _findentry "$GSUFFIX,$SUFFIX" "(&(objectClass=$GCLASS)(!($_GMEMBERATTR=$_UDN))(|(cn=$2)(gidNumber=$2)))" [ -z "$_ENTRY" ] && end_die "Group $2 not found (or $_UDN already member of $2)" # Modify group entry _extractldif 3 | _filterldif | _utf8encode | _ldapmodify ;; esac [ $? -eq 0 ] || end_die "Error adding user ${_UID}${_UDN} to group $_ENTRY" end_ok "Successfully added user ${_UID}${_UDN} to group $_ENTRY" # Ldif templates ################################# # # PosixGroup (level "2") : ##dn: ##changetype: modify ##add: ##: # # Others (level "3") : ###dn: ###changetype: modify ###add: ###: ldapscripts-2.0.6/sbin/ldapdeleteuser000755 001751 001751 00000002577 12562660062 021450 0ustar00martymacmartymac000000 000000 #!/bin/sh # ldapdeleteuser : deletes a POSIX user account from LDAP # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora # Copyright (C) 2006-2015 Ganaël LAPLANCHE # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] then echo "Usage : $0 " exit 1 fi # Source runtime file _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" . "$_RUNTIMEFILE" # Find username : $1 must exist in LDAP ! _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" [ -z "$_ENTRY" ] && end_die "User $1 not found in LDAP" # Delete entry _ldapdelete "$_ENTRY" || end_die "Error deleting user $_ENTRY from LDAP" end_ok "Successfully deleted user $_ENTRY from LDAP" ldapscripts-2.0.6/sbin/ldapsetpasswd000755 001751 001751 00000004100 12562660062 021304 0ustar00martymacmartymac000000 000000 #!/bin/sh # ldapsetpasswd : modifies a POSIX user account's password in LDAP # Copyright (C) 2006-2015 Ganaël LAPLANCHE # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] then echo "Usage : $0 [encoded password]" exit 1 fi # Source runtime file _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" . "$_RUNTIMEFILE" # Find username : $1 must exist in LDAP ! _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" [ -z "$_ENTRY" ] && end_die "User $1 not found in LDAP" if [ -z "$2" ] # Have to prompt for a *clear* password then warn_log "Changing password for user $_ENTRY" # Ask for password _askpassword [ -z "$_PASSWORD" ] && end_die "Invalid password, please try again" # Change user's password _changepassword "$_PASSWORD" "$_ENTRY" [ $? -eq 0 ] || end_die "Error setting password for user $_ENTRY" end_ok "Successfully set password for user $_ENTRY" else # Have to use the *encoded* password given on the command line # Use LDIF info to modify the password _PASSWORD="$2" _extractldif 2 | _filterldif | _utf8encode | _ldapmodify [ $? -eq 0 ] || end_die "Error setting encoded password for user $_ENTRY" end_ok "Successfully set encoded password for user $_ENTRY" fi # Ldif template ################################## ##dn: ##changetype: modify ##replace: userPassword ##userPassword: ldapscripts-2.0.6/sbin/ldapdeletegroup000755 001751 001751 00000002600 12562660062 021611 0ustar00martymacmartymac000000 000000 #!/bin/sh # ldapdeletegroup : deletes a POSIX group account from LDAP # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora # Copyright (C) 2006-2015 Ganaël LAPLANCHE # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] then echo "Usage : $0 " exit 1 fi # Source runtime file _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" . "$_RUNTIMEFILE" # Find groupname : $1 must exist in LDAP ! _findentry "$GSUFFIX,$SUFFIX" "(&(objectClass=$GCLASS)(|(cn=$1)(gidNumber=$1)))" [ -z "$_ENTRY" ] && end_die "Group $1 not found in LDAP" # Delete entry _ldapdelete "$_ENTRY" || end_die "Error deleting group $_ENTRY from LDAP" end_ok "Successfully deleted group $_ENTRY from LDAP" ldapscripts-2.0.6/sbin/ldaprenamegroup000755 001751 001751 00000003424 12562660062 021623 0ustar00martymacmartymac000000 000000 #!/bin/sh # ldaprenamegroup : renames a POSIX group in LDAP # Copyright (C) 2006-2015 Ganaël LAPLANCHE # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. if [ -z "$1" ] || [ -z "$2" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] then echo "Usage : $0 " exit 1 fi # Source runtime file _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" . "$_RUNTIMEFILE" # Find dest groupname : $2 must not exist in LDAP ! # Note : as posixGroup is a common objectClass to all supported GCLASSes # (we use RFC 2307bis AUXILIARY posixGroups), look for it instead of $GCLASS, # which would be too specific here and could miss posixGroup-only entries. _findentry "$GSUFFIX,$SUFFIX" "(&(objectClass=posixGroup)(cn=$2))" [ -z "$_ENTRY" ] || end_die "Group $2 already exists in LDAP" # Find src groupname : $1 must exist in LDAP ! _findentry "$GSUFFIX,$SUFFIX" "(&(objectClass=$GCLASS)(|(cn=$1)(gidNumber=$1)))" [ -z "$_ENTRY" ] && end_die "Group $1 not found in LDAP" # Rename entry _ldaprename "$_ENTRY" "cn=$2" || end_die "Error renaming group $_ENTRY to $2 in LDAP" end_ok "Successfully renamed group $_ENTRY to $2 in LDAP" ldapscripts-2.0.6/sbin/ldapgid000755 001751 001751 00000012315 12562660062 020041 0ustar00martymacmartymac000000 000000 #!/bin/sh # ldapgid : displays a group's list of IDs # Copyright (C) 2009-2015 Ganaël LAPLANCHE # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] then echo "Usage : $0 [-P] " exit 1 fi # Source runtime file _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" . "$_RUNTIMEFILE" # Parse options case "$1" in "-P") # Passwd-like display requested [ -z "$2" ] && end_die 'Please specify a GID or a group name' _GROUP="$2" ;; *) # Standard display requested _GROUP="$1" ;; esac # Check groupname _findentry "$GSUFFIX,$SUFFIX" "(&(objectClass=$GCLASS)(|(cn=$_GROUP)(gidNumber=$_GROUP)))" [ -z "$_ENTRY" ] && end_die "Group $_GROUP not found in LDAP" # Get each (common) attribute # gidNumber _getattribute "$_ENTRY" "gidNumber" [ -z "$_ATTRIBUTE" ] && end_die "Error getting group attribute from LDAP (gidNumber)" _GIDNUMBER="$_ATTRIBUTE" # cn _getattribute "$_ENTRY" "cn" [ -z "$_ATTRIBUTE" ] && end_die "Error getting group attribute from LDAP (cn)" _CN="$_ATTRIBUTE" case "$1" in "-P") # Passwd-like display requested _OUTPUT="$_CN:*:$_GIDNUMBER:" # User list (memberUids, posixGroup) _SECONDARYUIDS=$(_ldapsearch "$_ENTRY" "" memberUid | grep "memberUid: " | sed "s|memberUid: ||") _FIRSTPASS="" for _SECONDARYUID in $_SECONDARYUIDS do if [ -z "$_FIRSTPASS" ] then _OUTPUT="$_OUTPUT$_SECONDARYUID" _FIRSTPASS="done" else _OUTPUT="$_OUTPUT,$_SECONDARYUID" fi done # User list (member DNs, groupOfNames/groupOfUniqueNames) if [ "$GCLASS" != "posixGroup" ] then _SECONDARYDNS=$(_ldapsearch "$_ENTRY" "" $_GMEMBERATTR | grep "$_GMEMBERATTR: " | sed "s|$_GMEMBERATTR: ||") _FIRSTPASS="" for _SECONDARYDN in $_SECONDARYDNS do # Skip dummy member [ "$_SECONDARYDN" = "$GDUMMYMEMBER" ] && continue # Try to find entry _getattribute "$_SECONDARYDN" "uid" [ -z "$_ATTRIBUTE" ] && end_die "Could not find member $_SECONDARYDN in LDAP" # Keep RDN (uid) only _SECONDARYDN="$_ATTRIBUTE" if [ -z "$_FIRSTPASS" ] then _OUTPUT="$_OUTPUT$_SECONDARYDN" _FIRSTPASS="done" else _OUTPUT="$_OUTPUT,$_SECONDARYDN" fi done fi ;; *) # Standard display requested _OUTPUT="gid=$_GIDNUMBER($_CN)" # User list (primary group) _PRIMARYUIDS=$(_ldapsearch "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(gidNumber=$_GIDNUMBER))" uidNumber | grep "uidNumber: " | sed "s|uidNumber: ||") _FIRSTPASS="" for _PRIMARYUID in $_PRIMARYUIDS do _UID=$(_uidtouser "$_PRIMARYUID") [ -z "$_UID" ] && end_die "Cannot resolve uid $_PRIMARYUID to user : not found" if [ -z "$_FIRSTPASS" ] then _OUTPUT="$_OUTPUT users(primary)=$_PRIMARYUID($_UID)" _FIRSTPASS="done" else _OUTPUT="$_OUTPUT,$_PRIMARYUID($_UID)" fi done # User list (memberUids, posixGroup) _SECONDARYUIDS=$(_ldapsearch "$_ENTRY" "" memberUid | grep "memberUid: " | sed "s|memberUid: ||") _FIRSTPASS="" for _SECONDARYUID in $_SECONDARYUIDS do _UID=$(_usertouid "$_SECONDARYUID") [ -z "$_UID" ] && end_die "Cannot resolve user $_SECONDARYUID to uid : not found" if [ -z "$_FIRSTPASS" ] then _OUTPUT="$_OUTPUT users(secondary)=$_UID($_SECONDARYUID)" _FIRSTPASS="done" else _OUTPUT="$_OUTPUT,$_UID($_SECONDARYUID)" fi done # User list (member DNs, groupOfNames/groupOfUniqueNames) if [ "$GCLASS" != "posixGroup" ] then _SECONDARYDNS=$(_ldapsearch "$_ENTRY" "" $_GMEMBERATTR | grep "$_GMEMBERATTR: " | sed "s|$_GMEMBERATTR: ||") _FIRSTPASS="" for _SECONDARYDN in $_SECONDARYDNS do # Skip dummy member [ "$_SECONDARYDN" = "$GDUMMYMEMBER" ] && continue # Try to find entry and get uidNumber _getattribute "$_SECONDARYDN" "uidNumber" [ -z "$_ATTRIBUTE" ] && end_die "Could not find member $_SECONDARYDN in LDAP" _UID="$_ATTRIBUTE" # Get uid _getattribute "$_SECONDARYDN" "uid" [ -z "$_ATTRIBUTE" ] && end_die "Could not find member $_SECONDARYDN in LDAP" # Keep RDN (uid) only _SECONDARYDN="$_ATTRIBUTE" if [ -z "$_FIRSTPASS" ] then _OUTPUT="$_OUTPUT users(members)=$_UID($_SECONDARYDN)" _FIRSTPASS="done" else _OUTPUT="$_OUTPUT,$_UID($_SECONDARYDN)" fi done fi ;; esac # Display result echo $_OUTPUT && end_ok ldapscripts-2.0.6/sbin/ldapinit000755 001751 001751 00000004737 12562660062 020252 0ustar00martymacmartymac000000 000000 #!/bin/sh # ldapinit : initializes the LDAP directory with a minimal tree # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora # Copyright (C) 2006-2015 Ganaël LAPLANCHE # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. if [ "$1" = "-h" ] || [ "$1" = "--help" ] then echo "Usage : $0 [-r | -s]" exit 1 fi # Source runtime file _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" . "$_RUNTIMEFILE" # Clean up suffix info _SUFFIX=$(echo $SUFFIX | cut -d ',' -f 1 | cut -d '=' -f 2) _USUFFIX=$(echo $USUFFIX | cut -d ',' -f 1 | cut -d '=' -f 2) _GSUFFIX=$(echo $GSUFFIX | cut -d ',' -f 1 | cut -d '=' -f 2) _MSUFFIX=$(echo $MSUFFIX | cut -d ',' -f 1 | cut -d '=' -f 2) # Whole operation result _RESULT=0 # First add the root DN if necessary if [ "$1" != "-s" ] then _extractldif 2 | _filterldif | _askattrs | _utf8encode | _ldapadd -c if [ $? -ne 0 ] then _RESULT=1 warn_log "Error(s) encountered while creating root DN" fi fi # Now add remaining stuff if [ "$1" != "-r" ] then _extractldif 3 | _filterldif | _askattrs | _utf8encode | _ldapadd -c if [ $? -ne 0 ] then _RESULT=1 warn_log "Error(s) encountered while creating regular OUs" fi fi [ $_RESULT -ne 0 ] && end_die "Error(s) encountered during LDAP initialization" end_ok "Successfully initialized LDAP tree" # Ldif template ################################## ##dn: ##objectClass: dcObject ##objectClass: organization ##dc: <_suffix> ##o: <_suffix> ##description: <_suffix> ## ###dn: , ###objectClass: top ###objectClass: organizationalUnit ###ou: <_usuffix> ### ###dn: , ###objectClass: top ###objectClass: organizationalUnit ###ou: <_gsuffix> ### ###dn: , ###objectClass: top ###objectClass: organizationalUnit ###ou: <_msuffix> ### ###dn: ou=Idmap, ###objectClass: organizationalUnit ###ou: Idmap ldapscripts-2.0.6/sbin/ldaprenamemachine000755 001751 001751 00000003213 12562660062 022067 0ustar00martymacmartymac000000 000000 #!/bin/sh # ldaprenamemachine : renames a POSIX machine account in LDAP # Copyright (C) 2006-2015 Ganaël LAPLANCHE # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. if [ -z "$1" ] || [ -z "$2" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] then echo "Usage : $0 " exit 1 fi # Source runtime file _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" . "$_RUNTIMEFILE" # Find dest machinename : $2 must not exist in LDAP ! _findentry "$MSUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(uid=$2))" [ -z "$_ENTRY" ] || end_die "Machine $2 already exists in LDAP" # Find src machinename : $1 must exist in LDAP ! _findentry "$MSUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" [ -z "$_ENTRY" ] && end_die "Machine $1 not found in LDAP (missing ending \$ ?)" # Rename entry _ldaprename "$_ENTRY" "uid=$2" || end_die "Error renaming machine $_ENTRY to $2 in LDAP" end_ok "Successfully renamed machine $_ENTRY to $2 in LDAP" ldapscripts-2.0.6/sbin/ldapdeletemachine000755 001751 001751 00000002701 12562660062 022063 0ustar00martymacmartymac000000 000000 #!/bin/sh # ldapdeletemachine : deletes a POSIX machine (user$) account from LDAP # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora # Copyright (C) 2006-2015 Ganaël LAPLANCHE # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] then echo "Usage : $0 " exit 1 fi # Source runtime file _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" . "$_RUNTIMEFILE" # Find machinename : $1 must exist in LDAP ! _findentry "$MSUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" [ -z "$_ENTRY" ] && end_die "Machine $1 not found in LDAP (missing ending \$ ?)" # Delete entry _ldapdelete "$_ENTRY" || end_die "Error deleting machine $_ENTRY from LDAP" end_ok "Successfully deleted machine $_ENTRY from LDAP" ldapscripts-2.0.6/sbin/ldapmodifyuser000755 001751 001751 00000003446 12562660062 021471 0ustar00martymacmartymac000000 000000 #!/bin/sh # ldapmodifyuser : modifies a POSIX user account in LDAP interactively # Copyright (C) 2007-2015 Ganaël LAPLANCHE # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] then echo "Usage : $0 " exit 1 fi # Source runtime file _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" . "$_RUNTIMEFILE" # Find username : $1 must exist in LDAP ! _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" [ -z "$_ENTRY" ] && end_die "User $1 not found in LDAP" # Allocate and create temp file mktempf echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" # Display entry echo "# About to modify the following entry :" _ldapsearch "$_ENTRY" # Edit entry echo "# Enter your modifications here, end with CTRL-D." echo "dn: $_ENTRY" cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" # Send modifications cat "$_TMPFILE" | _utf8encode | _ldapmodify if [ $? -ne 0 ] then reltempf end_die "Error modifying user entry $_ENTRY in LDAP" fi reltempf end_ok "Successfully modified user entry $_ENTRY in LDAP" ldapscripts-2.0.6/sbin/ldapdeleteuserfromgroup000755 001751 001751 00000005023 12562660062 023376 0ustar00martymacmartymac000000 000000 #!/bin/sh # ldapdeleteuserfromgroup : deletes a member from a group in LDAP # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora # Copyright (C) 2006-2015 Ganaël LAPLANCHE # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. if [ -z "$1" ] || [ -z "$2" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] then echo "Usage : $0 " exit 1 fi # Source runtime file _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" . "$_RUNTIMEFILE" case $GCLASS in posixGroup) # Set username _UID="$1" # Check groupname : $2 must exist in LDAP ! _findentry "$GSUFFIX,$SUFFIX" "(&(objectClass=posixGroup)(memberUid=$1)(|(cn=$2)(gidNumber=$2)))" [ -z "$_ENTRY" ] && end_die "Group $2 not found (or $_UID is not a member of group $2)" # Modify group entry _extractldif 2 | _filterldif | _utf8encode | _ldapmodify ;; *) if is_valid_dn "$1" then # DN supplied as first argument, use it as-is _UDN="$1" else # UID or username supplied, check it : $1 must exist in LDAP ! _UDN=$(_uidtodn "$1") [ -z "$_UDN" ] && end_die "Cannot resolve uid $1 to DN : not found" fi # Check groupname : $2 must exist in LDAP ! _findentry "$GSUFFIX,$SUFFIX" "(&(objectClass=$GCLASS)($_GMEMBERATTR=$_UDN)(|(cn=$2)(gidNumber=$2)))" [ -z "$_ENTRY" ] && end_die "Group $2 not found (or $_UDN is not a member of group $2)" # Modify group entry _extractldif 3 | _filterldif | _utf8encode | _ldapmodify ;; esac [ $? -eq 0 ] || end_die "Error deleting user ${_UID}${_UDN} from group $_ENTRY" end_ok "Successfully deleted user ${_UID}${_UDN} from group $_ENTRY" # Ldif templates ################################# # # PosixGroup (level "2") : ##dn: ##changetype: modify ##delete: ##: # # Others (level "3") : ###dn: ###changetype: modify ###delete: ###: ldapscripts-2.0.6/sbin/ldapadduser000755 001751 001751 00000006164 12562660062 020732 0ustar00martymacmartymac000000 000000 #!/bin/sh # ldapadduser : adds a POSIX user account to LDAP # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora # Copyright (C) 2006-2015 Ganaël LAPLANCHE # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. if [ -z "$1" ] || [ -z "$2" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] then echo "Usage : $0 [uid]" exit 1 fi # Source runtime file _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" . "$_RUNTIMEFILE" # Username = first argument _USER="$1" # User GID = second argument _GID=$(_grouptogid "$2") [ -z "$_GID" ] && end_die "Cannot resolve group $2 to gid : not found" # User UID if [ -z "$3" ] # No argument, we must find a correct UID then _UID=$(_findnextuid) [ -z "_UID" ] && end_die "Cannot guess next free user id" else _UID="$3" fi # Compute homedir _HOMEDIR=$(echo "$UHOMES" | sed "s|%u|$_USER|g") # Use template if necessary if [ -n "$UTEMPLATE" ] && [ -r "$UTEMPLATE" ] then _getldif="cat $UTEMPLATE" else _getldif="_extractldif 2" fi # Add user to LDAP $_getldif | _filterldif | _askattrs | _utf8encode | _ldapadd [ $? -eq 0 ] || end_die "Error adding user $_USER to LDAP" echo_log "Successfully added user $_USER to LDAP" # Generate or ask for user password if is_like "$PASSWORDGEN" "" then warn_log "Setting password for user $_USER" _askpassword else _genpassword "$_USER" fi # Add user password if [ -n "$_PASSWORD" ] then _changepassword "$_PASSWORD" "uid=$_USER,$USUFFIX,$SUFFIX" [ $? -eq 0 ] && echo_log "Successfully set password for user $_USER" else [ -n "$PASSWORDGEN" ] && warn_log "Warning : got invalid password for user $_USER (password not set)" fi # Create Home dir if is_yes "$CREATEHOMES" then if [ -e "$_HOMEDIR" ] then warn_log "Skipped home directory creation for user $_USER (already exists)" else # Create home by skel or mkdir if [ -d "$HOMESKEL" ] then cp -pR "$HOMESKEL/" "$_HOMEDIR" 2>>"$LOGFILE" 1>/dev/null else mkdir -p "$_HOMEDIR" 2>>"$LOGFILE" 1>/dev/null fi chmod "$HOMEPERMS" "$_HOMEDIR" 2>>"$LOGFILE" 1>/dev/null chown -R "$_UID":"$_GID" "$_HOMEDIR" 2>>"$LOGFILE" 1>/dev/null echo_log "Successfully created home directory for user $_USER" fi fi end_ok # Ldif template ################################## ##dn: uid=,, ##objectClass: account ##objectClass: posixAccount ##cn: ##uid: ##uidNumber: ##gidNumber: ##homeDirectory: ##loginShell: ##gecos: ##description: User account ldapscripts-2.0.6/sbin/ldapfinger000755 001751 001751 00000004052 12562660062 020547 0ustar00martymacmartymac000000 000000 #!/bin/sh # ldapfinger : displays a user/machine/group POSIX account's details # Copyright (C) 2006-2015 Ganaël LAPLANCHE # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. if [ "$1" = "-h" ] || [ "$1" = "--help" ] then echo "Usage : $0 [-u | -g | -m] [username | machinename | groupname | uid | gid]" exit 1 fi # Source runtime file _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" . "$_RUNTIMEFILE" # Parse options case "$1" in "-u" | "-m") if [ -z "$2" ] then # Current user _USER="$USER" else _USER="$2" fi ;; "-g") # Current user not useable (group required) [ -z "$2" ] && end_die 'Please specify a gid or groupname' _USER="$2" ;; "") # Current user _USER="$USER" ;; *) _USER="$1" ;; esac case "$1" in "-u") _ldapsearch "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$_USER)(uidNumber=$_USER)))" || end_die "No user found" ;; "-g") _ldapsearch "$GSUFFIX,$SUFFIX" "(&(objectClass=$GCLASS)(|(cn=$_USER)(gidNumber=$_USER)))" || end_die "No group found" ;; "-m") _ldapsearch "$MSUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$_USER)(uidNumber=$_USER)))" || end_die "No machine found" ;; *) _ldapsearch "$SUFFIX" "(|(&(objectClass=posixAccount)(|(uid=$_USER)(uidNumber=$_USER)))(&(objectClass=$GCLASS)(|(cn=$_USER)(gidNumber=$_USER))))" || end_die "No entry found" ;; esac end_ok ldapscripts-2.0.6/sbin/ldaprenameuser000755 001751 001751 00000003071 12562660062 021443 0ustar00martymacmartymac000000 000000 #!/bin/sh # ldaprenameuser : renames a POSIX user account in LDAP # Copyright (C) 2006-2015 Ganaël LAPLANCHE # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. if [ -z "$1" ] || [ -z "$2" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] then echo "Usage : $0 " exit 1 fi # Source runtime file _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" . "$_RUNTIMEFILE" # Find dest username : $2 must not exist in LDAP ! _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(uid=$2))" [ -z "$_ENTRY" ] || end_die "User $2 already exists in LDAP" # Find src username : $1 must exist in LDAP ! _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" [ -z "$_ENTRY" ] && end_die "User $1 not found in LDAP" # Rename entry _ldaprename "$_ENTRY" "uid=$2" || end_die "Error renaming user $_ENTRY to $2 in LDAP" end_ok "Successfully renamed user $_ENTRY to $2 in LDAP" ldapscripts-2.0.6/etc/ldapaddmachine.template.sample000644 001751 001751 00000000345 12175650671 024267 0ustar00martymacmartymac000000 000000 dn: uid=,, objectClass: account objectClass: posixAccount cn: uid: uidNumber: gidNumber: homeDirectory: /dev/null loginShell: /bin/false gecos: description: Machine account ldapscripts-2.0.6/etc/ldapaddgroup.template.sample000644 001751 001751 00000000162 12175650671 024014 0ustar00martymacmartymac000000 000000 dn: cn=,, objectClass: posixGroup cn: gidNumber: description: Group account ldapscripts-2.0.6/etc/ldapscripts.conf000644 001751 001751 00000013566 12562660062 021537 0ustar00martymacmartymac000000 000000 # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora # Copyright (C) 2006-2015 Ganaël LAPLANCHE # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. # LDAP server SERVER="ldap://localhost" # Suffixes SUFFIX="dc=example,dc=com" # Global suffix GSUFFIX="ou=Groups" # Groups ou (just under $SUFFIX) USUFFIX="ou=Users" # Users ou (just under $SUFFIX) MSUFFIX="ou=Machines" # Machines ou (just under $SUFFIX) # Authentication type # If empty, use simple authentication # Else, use the value as an SASL authentication mechanism SASLAUTH="" #SASLAUTH="GSSAPI" # Simple authentication parameters # The following BIND* parameters are ignored if SASLAUTH is set BINDDN="cn=Manager,dc=example,dc=com" # The following file contains the raw password of the BINDDN # Create it with something like : echo -n 'secret' > $BINDPWDFILE # WARNING !!!! Be careful not to make this file world-readable BINDPWDFILE="/etc/ldapscripts/ldapscripts.passwd" # For older versions of OpenLDAP, it is still possible to use # unsecure command-line passwords by defining the following option # AND commenting the previous one (BINDPWDFILE takes precedence) #BINDPWD="secret" # Start with these IDs *if no entry found in LDAP* GIDSTART="10000" # Group ID UIDSTART="10000" # User ID MIDSTART="20000" # Machine ID # Group membership management # ObjectCLass used for groups # Possible values : posixGroup, groupOfNames, groupOfUniqueNames (case-sensitive !) # Warning : when using groupOf*, be sure to be compliant with RFC 2307bis (AUXILIARY posixGroup). # Also, do not mix posixGroup and groupOf* entries up in you directory as, within RFC 2307bis, # the former is a subset of the latter. The ldapscripts wouldn't cope well with this configuration. GCLASS="posixGroup" # Leave "posixGroup" here if not sure ! # When using groupOfNames or groupOfUniqueNames, creating a group requires an initial # member. Specify it below, you will be able to remove it once groups are populated. #GDUMMYMEMBER="uid=dummy,$USUFFIX,$SUFFIX" # User properties USHELL="/bin/sh" UHOMES="/home/%u" # You may use %u for username here CREATEHOMES="no" # Create home directories and set rights ? HOMESKEL="/etc/skel" # Directory where the skeleton files are located. Ignored if undefined or nonexistant. HOMEPERMS="700" # Default permissions for home directories # User passwords generation # Command-line used to generate a password for added users. # You may use %u for username here ; special value "" will ask for a password interactively # WARNING !!!! This is evaluated, everything specified here will be run ! # WARNING(2) !!!! Some systems (Linux) use a blocking /dev/random (waiting for enough entropy). # In this case, consider using /dev/urandom instead. PASSWORDGEN="cat /dev/random | LC_ALL=C tr -dc 'a-zA-Z0-9' | head -c8" #PASSWORDGEN="pwgen" #PASSWORDGEN="echo changeme" #PASSWORDGEN="echo %u" #PASSWORDGEN="" # User passwords recording # you can keep trace of generated passwords setting PASSWORDFILE and RECORDPASSWORDS # (useful when performing a massive creation / net rpc vampire) # WARNING !!!! DO NOT FORGET TO DELETE THE GENERATED FILE WHEN DONE ! # WARNING !!!! DO NOT FORGET TO TURN OFF RECORDING WHEN DONE ! RECORDPASSWORDS="no" PASSWORDFILE="/var/log/ldapscripts_passwd.log" # Where to log : local file and/or syslog LOGTOFILE="yes" LOGFILE="/var/log/ldapscripts.log" LOGTOSYSLOG="no" SYSLOGFACILITY="local4" SYSLOGLEVEL="info" # Temporary folder TMPDIR="/tmp" # Various binaries used within the scripts # Warning : they also use uuencode, date, grep, sed, cut, which... # Please check they are installed before using these scripts # Note that many of them should come with your OS # OpenLDAP client commands LDAPSEARCHBIN="/usr/bin/ldapsearch" LDAPADDBIN="/usr/bin/ldapadd" LDAPDELETEBIN="/usr/bin/ldapdelete" LDAPMODIFYBIN="/usr/bin/ldapmodify" LDAPMODRDNBIN="/usr/bin/ldapmodrdn" LDAPPASSWDBIN="/usr/bin/ldappasswd" # OpenLDAP client common additional options # This allows for adding more configuration options to the OpenLDAP clients, e.g. '-ZZ' to enforce TLS #LDAPBINOPTS="-ZZ" # OpenLDAP ldapsearch-specific additional options # The following option disables long-line wrapping (which makes the scripts bug # when handling long lines). The option was introduced in OpenLDAP 2.4.24, so # comment it if you are using OpenLDAP < 2.4.24. LDAPSEARCHOPTS="-o ldif-wrap=no" # And here is an example to activate paged results #LDAPSEARCHOPTS="-E pr=500/noprompt" # Character set conversion : $ICONVCHAR <-> UTF-8 # Comment ICONVBIN to disable UTF-8 conversion ICONVBIN="/usr/bin/iconv" #ICONVCHAR="ISO-8859-15" # Base64 decoding # Comment UUDECODEBIN to disable Base64 decoding UUDECODEBIN="/usr/bin/uudecode" # Getent command to use - choose the ones used # on your system. Leave blank or comment for auto-guess. # GNU/Linux #GETENTPWCMD="getent passwd" #GETENTGRCMD="getent group" # FreeBSD #GETENTPWCMD="pw usershow" #GETENTGRCMD="pw groupshow" # Auto GETENTPWCMD="" GETENTGRCMD="" # You can specify custom LDIF templates here # Leave empty to use default templates # See *.template.sample for default templates #GTEMPLATE="/path/to/ldapaddgroup.template" #UTEMPLATE="/path/to/ldapadduser.template" #MTEMPLATE="/path/to/ldapaddmachine.template" GTEMPLATE="" UTEMPLATE="" MTEMPLATE="" ldapscripts-2.0.6/etc/ldapscripts.passwd000644 001751 001751 00000000006 12175650671 022101 0ustar00martymacmartymac000000 000000 secretldapscripts-2.0.6/etc/ldapadduser.template.sample000644 001751 001751 00000000334 12175650671 023637 0ustar00martymacmartymac000000 000000 dn: uid=,, objectClass: account objectClass: posixAccount cn: uid: uidNumber: gidNumber: homeDirectory: loginShell: gecos: description: User account ldapscripts-2.0.6/lib/runtime000644 001751 001751 00000056537 12562660062 017746 0ustar00martymacmartymac000000 000000 # runtime : this file is used by the ldapscripts, it sould not be used independently # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora # Copyright (C) 2006-2015 Ganaël LAPLANCHE # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, # USA. ### Useful functions ### # Tests a string # Input : string to test ($1), pattern ($2) # Output : true or false is_like () { echo "$1" | grep -qi "^$2$" } # Tests a string # Input : string to test ($1) # Output : true or false is_yes () { is_like "$1" "yes" } # Tests a string # Input : string to test ($1) # Output : true or false is_no () { is_like "$1" "no" } # Tests a string # Input : string to test ($1) # Output : true or false is_uri () { echo "$1" | grep -q '://' } # Tests a string # Input : string to test ($1) # Output : true or false is_valid_dn () { echo "$1" | grep -qE "^([^,=]+=[^,=]+,)+$SUFFIX$" } # Tests a string # Input : string to test ($1) # Output : true or false is_b64 () { echo "$1" | grep -q '^[^: ]*:: ' } # Tests a string # Input : string to test ($1) # Output : true or false is_integer () { echo "$1" | grep -qE '^[0-9]+$' } # Tests a string (a command name) and tells if it is built-in (true) or external (false) # Input : string to test ($1) # Output : true or false is_builtin () { LANG=C type "$1" 2>/dev/null | grep -qi 'built' } # Logs a string to $LOGFILE # Input : string to log ($1) # Output : nothing log_to_file () { if [ -n "$1" ] then if [ -n "$LOGFILE" ] then if [ ! -w "$LOGFILE" ] then _TMPMASK=$(umask) umask 0077 touch "$LOGFILE" 2>/dev/null if [ $? -ne 0 ] then echo "Unable to create $LOGFILE, exiting..." && exit 1 fi umask "$_TMPMASK" fi echo "$1" >> "$LOGFILE" fi fi } # Logs a string to syslog # Input : string to log ($1) # Output : nothing log_to_syslog () { if [ -n "$1" ] then SYSLOGFACILITY=${SYSLOGFACILITY:-"local4"} SYSLOGLEVEL=${SYSLOGLEVEL:-"info"} logger -it "$(basename $0)" -p "$SYSLOGFACILITY"."$SYSLOGLEVEL" "$1" fi } # Logs a string to $LOGFILE and/or to syslog # Input : string to log ($1) # Output : nothing log_only () { if [ "$LOGTOFILE" = "yes" ] then log_to_file "$1" fi if [ "$LOGTOSYSLOG" = "yes" ] then log_to_syslog "$1" fi } # Echoes (to STDOUT) and logs a string to $LOGFILE # Input : string to echo and log ($1) # Output : nothing echo_log () { [ -n "$1" ] && echo "$1" [ -n "$1" ] && log_only " -> $1" } # Echoes (to STDERR) and logs a string to $LOGFILE # Input : string to echo and log ($1) # Output : nothing warn_log () { [ -n "$1" ] && echo "$1" 1>&2 [ -n "$1" ] && log_only " -> $1" } # Echoes/logs $1, exits and returns 0 # Input : string to echo and log ($1) # Output : 0 end_ok () { [ -n "$1" ] && echo_log "$1" exit 0 } # Echoes/logs $1, exits and returns 1 # Input : string to echo and log ($1) # Output : 1 end_die () { [ -n "$1" ] && warn_log "$1" exit 1 } # Allocates and creates a temporary file $_TMPFILE under $TMPDIR # Output : nothing mktempf () { # Avoid creating two temporary files (must have been released before) [ -n "$_TMPFILE" ] && end_die "Error allocating temporary file $_TMPFILE" # Name temp file _TMPFILE="$TMPDIR/$(basename $0).$(date '+%Y%m%d-%H%M%S').$$.$(head -c4 /dev/random | od -t u4 | head -n 1 | awk '{print $2}')" # Catch CTRL-C to remove $_TMPFILE trap 'rm -f "$_TMPFILE" 2>/dev/null ; end_die "Interrupted - Removing temporary file $_TMPFILE"' 2 # Create temp file _TMPMASK=$(umask) umask 0077 touch "$_TMPFILE" 2>/dev/null || end_die "Error creating temporary file $_TMPFILE" umask "$_TMPMASK" } # Releases a previously allocated temporary file # Output : nothing reltempf () { # Clean up the temporary file and restore traps rm -f "$_TMPFILE" 2>/dev/null # Reset traps trap - 2 # Clean up name unset _TMPFILE } ### LDAP functions ### # Performs a search in the LDAP directory # Input : base ($1), filter ($2), attribute to display ($3) # Output : entry/entries found (stdout) _ldapsearch () { if [ -n "$SASLAUTH" ] then $LDAPSEARCHBIN $LDAPBINOPTS $LDAPSEARCHOPTS -Y "$SASLAUTH" -b "${1:-$SUFFIX}" -H "$SERVER" -s sub -LLL "${2:-(objectclass=*)}" "${3:-*}" 2>>"$LOGFILE" elif [ -n "$BINDPWDFILE" ] then $LDAPSEARCHBIN $LDAPBINOPTS $LDAPSEARCHOPTS -y "$BINDPWDFILE" -D "$BINDDN" -b "${1:-$SUFFIX}" -xH "$SERVER" -s sub -LLL "${2:-(objectclass=*)}" "${3:-*}" 2>>"$LOGFILE" else $LDAPSEARCHBIN $LDAPBINOPTS $LDAPSEARCHOPTS -w "$BINDPWD" -D "$BINDDN" -b "${1:-$SUFFIX}" -xH "$SERVER" -s sub -LLL "${2:-(objectclass=*)}" "${3:-*}" 2>>"$LOGFILE" fi } # Adds an entry to the LDAP directory # Input : LDIF - entry to add (stdin), optional '-c' (continue mode) option ($1) # Output : nothing _ldapadd () { case "$1" in "-c") _OPTIONS="-c" ;; "") unset _OPTIONS ;; *) unset _OPTIONS warn_log "Warning : invalid parameter supplied to _ldapadd(), ignoring..." ;; esac if [ -n "$SASLAUTH" ] then $LDAPADDBIN $LDAPBINOPTS $_OPTIONS -Y "$SASLAUTH" -H "$SERVER" 2>>"$LOGFILE" 1>/dev/null elif [ -n "$BINDPWDFILE" ] then $LDAPADDBIN $LDAPBINOPTS $_OPTIONS -y "$BINDPWDFILE" -D "$BINDDN" -xH "$SERVER" 2>>"$LOGFILE" 1>/dev/null else $LDAPADDBIN $LDAPBINOPTS $_OPTIONS -w "$BINDPWD" -D "$BINDDN" -xH "$SERVER" 2>>"$LOGFILE" 1>/dev/null fi } # Modifies an entry in the LDAP directory # Input : LDIF - modification information (stdin), optional '-c' (continue mode) option ($1) # Output : nothing _ldapmodify () { case "$1" in "-c") _OPTIONS="-c" ;; "") unset _OPTIONS ;; *) unset _OPTIONS warn_log "Warning : invalid parameter supplied to _ldapmodify(), ignoring..." ;; esac if [ -n "$SASLAUTH" ] then $LDAPMODIFYBIN $LDAPBINOPTS $_OPTIONS -Y "$SASLAUTH" -H "$SERVER" 2>>"$LOGFILE" 1>/dev/null elif [ -n "$BINDPWDFILE" ] then $LDAPMODIFYBIN $LDAPBINOPTS $_OPTIONS -y "$BINDPWDFILE" -D "$BINDDN" -xH "$SERVER" 2>>"$LOGFILE" 1>/dev/null else $LDAPMODIFYBIN $LDAPBINOPTS $_OPTIONS -w "$BINDPWD" -D "$BINDDN" -xH "$SERVER" 2>>"$LOGFILE" 1>/dev/null fi } # Renames an entry in the LDAP directory # Input : old dn ($1), new rdn ($2) # Output : nothing _ldaprename () { if [ -z "$1" ] || [ -z "$2" ] then end_die "_ldaprename : missing argument(s)" else if [ -n "$SASLAUTH" ] then $LDAPMODRDNBIN $LDAPBINOPTS -Y "$SASLAUTH" -H "$SERVER" -r "$1" "$2" 2>>"$LOGFILE" 1>/dev/null elif [ -n "$BINDPWDFILE" ] then $LDAPMODRDNBIN $LDAPBINOPTS -y "$BINDPWDFILE" -D "$BINDDN" -xH "$SERVER" -r "$1" "$2" 2>>"$LOGFILE" 1>/dev/null else $LDAPMODRDNBIN $LDAPBINOPTS -w "$BINDPWD" -D "$BINDDN" -xH "$SERVER" -r "$1" "$2" 2>>"$LOGFILE" 1>/dev/null fi fi } # Deletes an entry in the LDAP directory # Input : dn to delete ($1) # Output : nothing _ldapdelete () { [ -z "$1" ] && end_die "_ldapdelete : missing argument" if [ -n "$SASLAUTH" ] then $LDAPDELETEBIN $LDAPBINOPTS -Y "$SASLAUTH" -H "$SERVER" -r "$1" 2>>"$LOGFILE" 1>/dev/null elif [ -n "$BINDPWDFILE" ] then $LDAPDELETEBIN $LDAPBINOPTS -y "$BINDPWDFILE" -D "$BINDDN" -xH "$SERVER" -r "$1" 2>>"$LOGFILE" 1>/dev/null else $LDAPDELETEBIN $LDAPBINOPTS -w "$BINDPWD" -D "$BINDDN" -xH "$SERVER" -r "$1" 2>>"$LOGFILE" 1>/dev/null fi } # Extracts LDIF information from $0 (the current script itself) # selecting lines beginning with $1 occurrences of '#' # Input : depth ($1) # Output : extracted LDIF data (stdout) _extractldif () { if [ -n "$1" ] && is_integer "$1" then _EXTRACTDEPTH="$1" else warn_log "Warning : invalid depth supplied to _extractldif(), using default (2)..." _EXTRACTDEPTH='2' fi grep -a "^#\{$_EXTRACTDEPTH\}[^#]*$" "$0" | sed 's|^#*||' 2>>"$LOGFILE" } # Filters LDIF information # Input : Data to filter (stdin) # Output : Filtered data (stdout) _filterldif () { # Allocate and create temp file mktempf # Generate filter file cat 2>/dev/null << EOF > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" # Generated by ldapscripts - do not edit ! # Group attributes s||$_GROUP|g s||$GCLASS|g s||$_GMEMBERATTR|g s||$GDUMMYMEMBER|g # User attributes s||$_USER|g s||$_UID|g s||$_UDN|g s||$_GID|g s||$_HOMEDIR|g s||$USHELL|g s||$_PASSWORD|g s||$_ENTRY|g # Suffixes s||$SUFFIX|g s|<_suffix>|$_SUFFIX|g s||$USUFFIX|g s|<_usuffix>|$_USUFFIX|g s||$MSUFFIX|g s|<_msuffix>|$_MSUFFIX|g s||$GSUFFIX|g s|<_gsuffix>|$_GSUFFIX|g EOF # Use it sed -f "$_TMPFILE" 2>>"$LOGFILE" # Release temp file reltempf } # Ask interactively for attributes in LDIF templates # Input : Data to filter (stdin) # Output : Filtered data (stdout) _askattrs () { # Backup and set IFS _OLDIFS="$IFS" IFS="" # Allocate and create temp file mktempf # Backup STDIN _STDIN=$(cat) # Loop through STDIN and ask for values # to generate the sed filter ($_TMPFILE) _I=1 _LINES=$(echo $_STDIN | wc -l) _CURRENT="unknown" while [ $_I -le $_LINES ] do # Extract current line _LINE=$(echo $_STDIN | sed -n "${_I}p") # Keep current DN if echo "$_LINE" | grep -qi '^dn: ' then _CURRENT="$_LINE" fi # Is there a keyword in the line ? if echo "$_LINE" | grep -qiE '^[^: ]+: .*' then # Ask for attribute _ATTRNAME=$(echo "$_LINE" | cut -d ':' -f 1) echo -n "[$_CURRENT] Enter value for \"$_ATTRNAME\" : " 1>&2 read _ATTRVAL < /dev/tty # Generate sed filter echo "${_I}s||$_ATTRVAL|" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" fi _I=$(($_I + 1)) done # Use filter file echo $_STDIN | sed -f "$_TMPFILE" # Release temp file reltempf # Restore IFS IFS="$_OLDIFS" } # Converts local charset to UTF-8 # Input : Data to convert (stdin) # Output : Converted data (stdout) _utf8encode () { if [ -x "$ICONVBIN" ] && [ -n "$ICONVCHAR" ] then $ICONVBIN -f "$ICONVCHAR" -t UTF-8 2>>"$LOGFILE" else cat fi } ## Converts UTF-8 to local charset ## Input : Data to convert (stdin) ## Output : Converted data (stdout) _utf8decode () { if [ -x "$ICONVBIN" ] && [ -n "$ICONVCHAR" ] then $ICONVBIN -f UTF-8 -t "$ICONVCHAR" 2>>"$LOGFILE" else cat fi } ## Converts text (should be UTF-8) to base64 ## Input : Data to convert (stdin) ## Output : Converted data (stdout) #_b64encode () { # if [ -x "$UUENCODEBIN" ] # then # $UUENCODEBIN -m - 2>>"$LOGFILE" | grep -v -e "^begin-base64" -e "^=*$" 2>>"$LOGFILE" # else # cat # fi #} # Converts base64 to UTF-8 # Input : Data to convert (stdin) # Output : Converted data (stdout) _b64decode () { if [ -x "$UUDECODEBIN" ] then $UUDECODEBIN -mr 2>>"$LOGFILE" else cat fi } ### Nsswitch functions # Converts to gid any group passed in as name/gid # Input : the name or gid to convert ($1) # Output : the result of the conversion or "" if not found (stdout) _grouptogid () { [ -z "$1" ] && end_die "_grouptogid : missing argument" # Try local resolution _TMPGID=$(eval $GETENTGRCMD "$1" 2>/dev/null | head -n 1 | cut -d ":" -f 3) if [ -z "$_TMPGID" ] then # Try asking LDAP # As we are working with posixGroup attributes (cn, gidNumber) and using RFC 2307bis, # looking for posixGroup objectClasses is sufficient (looking for more specific $GCLASS may miss posixGroup-only entries). _TMPGID=$(_ldapsearch "$GSUFFIX,$SUFFIX" "(&(objectClass=posixGroup)(|(cn=$1)(gidNumber=$1)))" gidNumber | grep "gidNumber: " | head -n 1 | sed "s|gidNumber: ||") fi echo "$_TMPGID" unset _TMPGID } # Converts to name any group passed in as name/gid # Input : the name or gid to convert ($1) # Output : the result of the conversion or "" if not found (stdout) _gidtogroup () { [ -z "$1" ] && end_die "_gidtogroup : missing argument" # Try local resolution _TMPGID=$(eval $GETENTGRCMD "$1" 2>/dev/null | head -n 1 | cut -d ":" -f 1) if [ -z "$_TMPGID" ] then # Try asking LDAP # As we are working with posixGroup attributes (cn, gidNumber) and using RFC 2307bis, # looking for posixGroup objectClasses is sufficient (looking for more specific $GCLASS may miss posixGroup-only entries). _TMPGID=$(_ldapsearch "$GSUFFIX,$SUFFIX" "(&(objectClass=posixGroup)(|(cn=$1)(gidNumber=$1)))" cn | grep "cn: " | head -n 1 | sed "s|cn: ||") fi echo "$_TMPGID" unset _TMPGID } # Converts to uid any user passed in as name/uid # Input : the name or uid to convert ($1) # Output : the result of the conversion or "" if not found (stdout) _usertouid () { [ -z "$1" ] && end_die "_usertouid : missing argument" # Try local resolution _TMPUID=$(eval $GETENTPWCMD "$1" 2>/dev/null | head -n 1 | cut -d ":" -f 3) if [ -z "$_TMPUID" ] then # Try asking LDAP _TMPUID=$(_ldapsearch "$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" uidNumber | grep "uidNumber: " | head -n 1 | sed "s|uidNumber: ||") fi echo "$_TMPUID" unset _TMPUID } # Converts to name any user passed in as name/uid # Input : the name or uid to convert ($1) # Output : the result of the conversion or "" if not found (stdout) _uidtouser () { [ -z "$1" ] && end_die "_uidtouser : missing argument" # Try local resolution _TMPUID=$(eval $GETENTPWCMD "$1" 2>/dev/null | head -n 1 | cut -d ":" -f 1) if [ -z "$_TMPUID" ] then # Try asking LDAP _TMPUID=$(_ldapsearch "$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" uid | grep "uid: " | head -n 1 | sed "s|uid: ||") fi echo "$_TMPUID" unset _TMPUID } # Converts to LDAP DN any user passed in as name/uid # Input : the name or uid to convert ($1) # Output : the result of the conversion or "" if not found (stdout) _uidtodn () { [ -z "$1" ] && end_die "_uidtodn : missing argument" _TMPUDN=$(_ldapsearch "$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" dn | grep "dn: " | head -n 1 | sed "s|dn: ||") echo "$_TMPUDN" unset _TMPUDN } ## Converts to LDAP DN any group passed in as name/gid ## Input : the name or gid to convert ($1) ## Output : the result of the conversion or "" if not found (stdout) #_gidtodn () { # [ -z "$1" ] && end_die "_gidtodn : missing argument" # _TMPGDN=$(_ldapsearch "$GSUFFIX,$SUFFIX" "(&(objectClass=posixGroup)(|(cn=$1)(gidNumber=$1)))" dn | grep "dn: " | head -n 1 | sed "s|dn: ||") # echo "$_TMPGDN" # unset _TMPGDN #} ### LDAP advanced functions # Finds the next useable group ID # Input : nothing # Output : the first free ID found starting from $GIDSTART (stdout) _findnextgid () { # As we are looking for the last gidNumber of all group entry types and using RFC 2307bis, # looking for posixGroup objectClasses is sufficient (looking for more specific $GCLASS may miss posixGroup-only entries). _NEXTGID=$(_ldapsearch "$GSUFFIX,$SUFFIX" '(objectClass=posixGroup)' gidNumber | grep "gidNumber: " | sed "s|gidNumber: ||" | uniq | sort -n | tail -n 1) if [ -z "$_NEXTGID" ] || [ "$_NEXTGID" -lt "$GIDSTART" ] then _NEXTGID="$GIDSTART" else _NEXTGID=$(($_NEXTGID + 1)) fi # Is this ID free ? _TMPGID=$(_gidtogroup "$_NEXTGID") while [ -n "$_TMPGID" ] do _NEXTGID=$(($_NEXTGID + 1)) _TMPGID=$(_gidtogroup "$_NEXTGID") done unset _TMPGID echo "$_NEXTGID" unset _NEXTGID } # Finds the next useable machine ID # Input : nothing # Output : the first free ID found starting from $MIDSTART (stdout) _findnextmid () { # Note : adding a more specific filter such as '(uid=*$)' may miss non-machine (but POSIX) # entries here and while we are not interested in them, we still want to avoid ID conflicts _NEXTMID=$(_ldapsearch "$MSUFFIX,$SUFFIX" '(objectClass=posixAccount)' uidNumber | grep "uidNumber: " | sed "s|uidNumber: ||" | uniq | sort -n | tail -n 1) if [ -z "$_NEXTMID" ] || [ "$_NEXTMID" -lt "$MIDSTART" ] then _NEXTMID="$MIDSTART" else _NEXTMID=$(($_NEXTMID + 1)) fi # Is this ID free ? _TMPMID=$(_uidtouser "$_NEXTMID") while [ -n "$_TMPMID" ] do _NEXTMID=$(($_NEXTMID + 1)) _TMPMID=$(_uidtouser "$_NEXTMID") done unset _TMPMID echo "$_NEXTMID" unset _NEXTMID } # Finds the next useable user ID # Input : nothing # Output : the first free ID found starting from $UIDSTART (stdout) _findnextuid () { _NEXTUID=$(_ldapsearch "$USUFFIX,$SUFFIX" '(objectClass=posixAccount)' uidNumber | grep "uidNumber: " | sed "s|uidNumber: ||" | uniq | sort -n | tail -n 1) if [ -z "$_NEXTUID" ] || [ "$_NEXTUID" -lt "$UIDSTART" ] then _NEXTUID="$UIDSTART" else _NEXTUID=$(($_NEXTUID + 1)) fi # Is this ID free ? _TMPUID=$(_uidtouser "$_NEXTUID") while [ -n "$_TMPUID" ] do _NEXTUID=$(($_NEXTUID + 1)) _TMPUID=$(_uidtouser "$_NEXTUID") done unset _TMPUID echo "$_NEXTUID" unset _NEXTUID } # Finds a particular entry in the LDAP directory # Input : base ($1), filter ($2) # Output : the dn of the first matching entry found ($_ENTRY) _findentry () { _ENTRY=$(_ldapsearch "$1" "$2" dn | grep "dn: " | head -n 1 | sed "s|dn: ||") } # Get a particular attribute from LDAP # Input : entry DN ($1), attribute ($2) # Output : the requested attribute of the entry ($_ATTRIBUTE) # and if it is b64 encoded ($_B64) _getattribute () { _B64="NO" # Get raw attribute _ATTRIBUTE=$(_ldapsearch "$1" "" "$2" | grep "$2:\{1,2\} " | head -n 1) # Is it Base64 encoded ? is_b64 "$_ATTRIBUTE" && _B64="YES" # Get attribute value _ATTRIBUTE=$(echo "$_ATTRIBUTE" | sed "s|$2:\{1,2\} ||") } ### Other functions ### # Ask for password interactively # Input : nothing # Output : password entered ($_PASSWORD) # not set if input differed _askpassword () { echo -n "New Password: " stty -echo ; read _PASSWORD ; stty echo ; echo '' echo -n "Retype New Password: " stty -echo ; read _PASSWORD2 ; stty echo ; echo '' if [ "$_PASSWORD" != "$_PASSWORD2" ] then unset _PASSWORD warn_log "Mismatch !" fi unset _PASSWORD2 } # Generates a password using the $PASSWORDGEN variable # Input : the username related to the generation ($1) # Output : generated password ($_PASSWORD), # unset if PASSWORDGEN empty or set to "" _genpassword () { unset _PASSWORD if is_like "$PASSWORDGEN" "" then : else PASSWORDGEN=$(echo "$PASSWORDGEN" | sed "s|%u|$1|g") [ -n "$PASSWORDGEN" ] && _PASSWORD=$(eval $PASSWORDGEN) fi } # Changes a password for a particular DN # Input : new clear-text password ($1), user DN ($2) # Output : nothing _changepassword () { if [ -z "$1" ] || [ -z "$2" ] then end_die "_changepassword : missing argument(s)" else if is_yes "$RECORDPASSWORDS" then echo "$2 : $1" >> "$PASSWORDFILE" fi if [ -n "$SASLAUTH" ] || [ -n "$BINDPWDFILE" ] then ## Change password in a secure way # Allocate and create temp file mktempf # Generate password file echo -n "$1" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" # Change password if [ -n "$SASLAUTH" ] then $LDAPPASSWDBIN $LDAPBINOPTS -Y "$SASLAUTH" -H "$SERVER" -T "$_TMPFILE" "$2" 2>>"$LOGFILE" 1>/dev/null else # [ -n "$BINDPWDFILE" ] $LDAPPASSWDBIN $LDAPBINOPTS -y "$BINDPWDFILE" -D "$BINDDN" -xH "$SERVER" -T "$_TMPFILE" "$2" 2>>"$LOGFILE" 1>/dev/null fi _RESULT=$? # Release temp file reltempf # Return previous result return $_RESULT else ## Change password in the unsecure, old-fashioned way $LDAPPASSWDBIN $LDAPBINOPTS -w "$BINDPWD" -D "$BINDDN" -xH "$SERVER" -s "$1" "$2" 2>>"$LOGFILE" 1>/dev/null fi fi } ### Source configuration file _CONFIGFILE="/etc/ldapscripts/ldapscripts.conf" . "$_CONFIGFILE" || end_die "Unable to source configuration file ($_CONFIGFILE), exiting..." ### Checks and defaults ### # Check if ldap client tools are correctly configured if [ ! -x "$LDAPADDBIN" ] || [ ! -x "$LDAPDELETEBIN" ] || [ ! -x "$LDAPSEARCHBIN" ] || [ ! -x "$LDAPMODIFYBIN" ] || [ ! -x "$LDAPPASSWDBIN" ] || [ ! -x "$LDAPMODRDNBIN" ] then end_die "You must have OpenLDAP client commands installed before running these scripts" fi # Check if iconv is configured if [ -n "$ICONVBIN" ] then [ ! -x "$ICONVBIN" ] && end_die "You must have iconv installed before running these scripts" [ -z "$ICONVCHAR" ] && end_die "You must set ICONVCHAR before running these scripts" fi # Base64 configuration [ -n "$UUDECODEBIN" ] && [ ! -x "$UUDECODEBIN" ] && \ end_die "You must have uuencode installed before running these scripts" # Pseudo-random number generator [ ! -e /dev/random ] && end_die "You need a /dev/random special file to run these scripts" # Set USER variable to the user's login name (do not trust current $USER value) USER=$(logname 2>/dev/null) [ -n "$USER" ] || USER=$(id -un 2>/dev/null) # Check for bindpwd file if necessary if [ -z "$SASLAUTH" ] then if [ ! -f "$BINDPWDFILE" ] || [ ! -r "$BINDPWDFILE" ] then if [ -n "$BINDPWD" ] then warn_log "Warning : using command-line passwords, ldapscripts may not be safe" else end_die "Unable to read password file $BINDPWDFILE, exiting..." fi fi fi # Does the shell has built-in echo command ? # If not, print a warning message if is_builtin "echo" && is_builtin "[" then : else warn_log "Warning : 'echo' or '[' (test) is not built-in, ldapscripts may not be safe" fi # Check if a full URI has been given if is_uri "$SERVER" then : else SERVER="ldap://$SERVER" fi # Group membership management case $GCLASS in posixGroup) _GMEMBERATTR="memberUid" ;; groupOfNames) [ -z "$GDUMMYMEMBER" ] && end_die "Please specify a value for GDUMMYMEMBER" _GMEMBERATTR="member" ;; groupOfUniqueNames) [ -z "$GDUMMYMEMBER" ] && end_die "Please specify a value for GDUMMYMEMBER" _GMEMBERATTR="uniqueMember" ;; *) end_die "Invalid value specified for GCLASS, exiting..." ;; esac # Check homes, shell and logfile UHOMES=${UHOMES:-"/dev/null"} USHELL=${USHELL:-"/bin/false"} LOGFILE=${LOGFILE:-"/var/log/ldapscripts.log"} TMPDIR=${TMPDIR:-"/tmp"} # Check password file if password recording set if is_yes "$RECORDPASSWORDS" then PASSWORDFILE=${PASSWORDFILE:-"/var/log/ldapscripts_passwd.log"} if [ ! -w "$PASSWORDFILE" ] then touch "$PASSWORDFILE" 2>/dev/null || end_die "Unable to create password log file $PASSWORDFILE, exiting..." fi fi # Guess what kind of getent command to use if [ -z "$GETENTPWCMD" ] || [ -z "$GETENTGRCMD" ] then case $(uname) in Linux*) GETENTPWCMD="getent passwd" GETENTGRCMD="getent group" ;; FreeBSD*) GETENTPWCMD="pw usershow" GETENTGRCMD="pw groupshow" ;; *) GETENTPWCMD="getent passwd" GETENTGRCMD="getent group" ;; esac fi # Log command if [ "$LOGTOFILE" = "yes" ] then log_to_file "$(date '+%b %d %H:%M:%S') $(uname -n | sed 's|\..*$||') ldapscripts: $(basename "$0")($USER): $0 $*" fi if [ "$LOGTOSYSLOG" = "yes" ] then log_to_syslog "($USER): $0 $*" fi