├── .gitignore ├── CHANGELOG ├── COPYING ├── Makefile ├── README ├── TODO ├── VERSION ├── etc ├── ldapaddgroup.template.sample ├── ldapaddmachine.template.sample ├── ldapadduser.template.sample ├── ldapscripts.conf └── ldapscripts.passwd ├── lib └── runtime ├── man ├── man1 │ ├── ldapaddgroup.1 │ ├── ldapaddmachine.1 │ ├── ldapadduser.1 │ ├── ldapaddusertogroup.1 │ ├── ldapdeletegroup.1 │ ├── ldapdeletemachine.1 │ ├── ldapdeleteuser.1 │ ├── ldapdeleteuserfromgroup.1 │ ├── ldapfinger.1 │ ├── ldapgid.1 │ ├── ldapid.1 │ ├── ldapinit.1 │ ├── ldapmodifygroup.1 │ ├── ldapmodifymachine.1 │ ├── ldapmodifyuser.1 │ ├── ldaprenamegroup.1 │ ├── ldaprenamemachine.1 │ ├── ldaprenameuser.1 │ ├── ldapsetpasswd.1 │ ├── ldapsetprimarygroup.1 │ └── lsldap.1 └── man5 │ └── ldapscripts.5 └── sbin ├── ldapaddgroup ├── ldapaddmachine ├── ldapadduser ├── ldapaddusertogroup ├── ldapdeletegroup ├── ldapdeletemachine ├── ldapdeleteuser ├── ldapdeleteuserfromgroup ├── ldapfinger ├── ldapgid ├── ldapid ├── ldapinit ├── ldapmodifygroup ├── ldapmodifymachine ├── ldapmodifyuser ├── ldaprenamegroup ├── ldaprenamemachine ├── ldaprenameuser ├── ldapsetpasswd ├── ldapsetprimarygroup └── lsldap /.gitignore: -------------------------------------------------------------------------------- 1 | *.patched 2 | -------------------------------------------------------------------------------- /CHANGELOG: -------------------------------------------------------------------------------- 1 | ????/??/?? : ldapscripts 2.0.9 2 | - Allow renaming a machine account's password with ldapsetpasswd 3 | => Reported by Andrew Gallaghe on Github (closes issue #12) 4 | 5 | 2017/05/12 : ldapscripts 2.0.8 6 | - Honour LDAPSCRIPTS_CONF environment variable 7 | => Reported by James Valleroy on Github (closes issue #6) 8 | - Rename a user's group memberships when renaming a user 9 | => Reported by Peter Walz on Github (closes issue #7) 10 | 11 | 2016/06/20 : ldapscripts 2.0.7 12 | - Fix Ubuntu bug #1292143 13 | Remove a user from his secondary groups when deleting him 14 | => Reported by Matej Pastor on Launchpad and relayed by Alexander Gerasiov on SF. 15 | Initial patch by Kam Nasim, thanks! 16 | 17 | 2015/08/17 : ldapscripts 2.0.6 18 | - Fix Launchpad bug #1218775 19 | (prevent log_only() from failing when called 20 | from a script that contains a space in its name) 21 | - Fix Debian bug #719295 22 | (use 'id' as a last resort to get user name) 23 | - Create logfile with restricted access rights 24 | => Those 3 patches were sent by: Alexander Gerasiov 25 | 26 | - Add syslog support 27 | => Thanks to Vincent Qéméner for this contribution (sent through Github) 28 | 29 | - Fix extracting templates in all locales 30 | - Allow modifying user passwords when using SASL 31 | => Thanks to Sunil Mohan Adapa for those contributions (sent through Github) 32 | 33 | 2013/09/10 : ldapscripts 2.0.5 34 | - Add LDAP client common additional options 35 | Submitted by: Michael Bejer-Andersen 36 | 37 | 2013/07/23 : ldapscripts 2.0.4 38 | - ldapaddusertogroup and ldapdeleteuserfromgroup are now able to work on 39 | groups located in sub-OUs of $GSUFFIX 40 | 41 | 2013/07/17 : ldapscripts 2.0.3 42 | - Fix Debian bug #555561 43 | See : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555561 44 | 45 | 2013/04/18 : ldapscripts 2.0.2 46 | - Fix long lines wrapping bug 47 | Reported by: muzzol 48 | - Update Copyright dates 49 | 50 | 2011/04/19 : ldapscripts 2.0.1 51 | - Fix man pages installation 52 | (broken by wrong `` -> $() substitutions in Makefile) 53 | 54 | 2011/04/18 : ldapscripts 2.0.0 55 | - Next user and machine IDs now evolve independently (Debian bug #609148) : 56 | - they are guessed from their respective suffix 57 | - they are checked to avoid duplicates (against local and LDAP accounts) 58 | LDAP IDs are not re-used, except for the last ones (if previously released) 59 | in each suffix. If an ID is found to be used, the scripts will iterate 60 | (you really want to avoid that situation !) and use the first free ID. 61 | 62 | Given this behaviour, it is advised to clearly design user and machine 63 | ID ranges and correctly set UIDSTART and MIDSTART in ldapscripts.conf. 64 | 65 | You may want to use the following configuration (default) : 66 | UIDSTART=10000 67 | MIDSTART=20000 68 | 69 | This will leave 9999 free local system user accounts, 9999 free LDAP user 70 | accounts and 20000 to free LDAP machine accounts. 71 | 72 | Internals : 73 | - renamed _findlast{user,group,machine} functions to _findnext{uid,gid,mid} 74 | - functions _findnextuid and _findnextmid now look for accounts in their own 75 | suffix 76 | - functions _findnextuid, _findnextgid and _findnextmid now check if the 77 | resulting ID is used or not and return results through stdout 78 | - functions _grouptogid, _gidtogroup, _usertouid, _uidtouser and _uidtodn now 79 | return results through stdout and do not end_die anymore if no ID is found 80 | - replaced expr calls with shell arithmetic expansion calls $(()) 81 | - replaced `` calls with shell command substitution calls $() 82 | - use eval for each GETENT*CMD call to avoid a "command not found" error when 83 | expanding command names containing spaces, e.g. (on zsh) : 84 | $ COMMAND="getent passwd" ; $COMMAND martymac 85 | command not found: getent passwd 86 | 87 | 2011/02/08 : ldapscripts 1.10.0 88 | - Added support for groupOfNames/groupOfUniqueNames group entries 89 | used in conjunction with RFC 2307bis AUXILIARY posixGroups. 90 | It is now possible to handle member users as, respectively, member 91 | or uniqueMember full DN entries. 92 | 93 | => thanks to Àngel "muzzol" Bosch for the original patches ! 94 | 95 | - Added initial support for SASL authentication 96 | 97 | => thanks to Brian Candler for the original patches ! 98 | 99 | - Now use 'logname' instead of 'id' to guess current user 100 | (sudo users will now be logged correctly and be able to run 101 | ldapid/ldapfinger without argument) 102 | - Cleaned log file messages format up 103 | - Updated WWW, Copyrights 104 | - Several other minor changes and fixes... 105 | 106 | 2009/07/16 : ldapscripts 1.9.0 107 | - Fixed a few lines in man pages 108 | - Changed PASSWORDGEN's default value to not use uuencode anymore 109 | - Use 'id' command instead of 'logname' to guess current user (used by ldapfinger and ldapid) 110 | Be careful if you want to act on your own account using su/sudo ! 111 | - New DESTDIR variable in Makefile, to specify a global chroot as a target directory for installation 112 | 113 | => thanks to Alexander GQ Gerasiov for those 4 fixes ! 114 | 115 | - New 'ldapgid' command to display a group's list of IDs 116 | 117 | 2008/08/10 : ldapscripts 1.8.0 118 | - No changes since 1.8.0rc1, but tests have been performed 119 | on Debian and Ubuntu with success, so let's rock ! 120 | (Adam, thanks again :)) 121 | 122 | 2008/08/08 : ldapscripts 1.8.0rc1 123 | - HEADS UP ! The scripts are no longer named using a heading '_'. This 124 | prefix was used to differentiate extra commands not directly useable by Samba 125 | (in the smb.conf configuration file), but as the ldapscripts start being more 126 | and more used as everyday admin tools, a heading '_' just leads to confusion 127 | and annoyance. I have finally decided to remove them. 128 | Here is the renaming scheme : 129 | 130 | _ldapdeletemachine -> ldapdeletemachine 131 | _ldapfinger -> ldapfinger 132 | _ldapinit -> ldapinit 133 | _ldapmodifygroup -> ldapmodifygroup 134 | _ldapmodifymachine -> ldapmodifymachine 135 | _ldapmodifyuser -> ldapmodifyuser 136 | _ldaprenamegroup -> ldaprenamegroup 137 | _ldaprenamemachine -> ldaprenamemachine 138 | _lsldap -> lsldap 139 | 140 | And, to avoid collision with OpenLDAP's ldappasswd command : 141 | 142 | _ldappasswd -> ldapsetpasswd 143 | 144 | (T.H., I hope you'll enjoy that change ;-)) 145 | 146 | - HEADS UP (yes, again) ! Since the ldapscripts are admin-oriented, they 147 | are now installed to the sbin/ directory by default. This should not change 148 | lots of things for you since they were installed root/750 into bin/. 149 | The runtime file has also moved to the lib/ldapscripts directory. 150 | 151 | - added support for character set conversion : the ldapscripts now use 152 | (packagers should read : *depends on*) iconv (UTF-8 conversion) and 153 | uudecode (base64 decoding). 154 | See ICONVBIN, ICONVCHAR and UUDECODEBIN options in ldapscripts.conf. 155 | You can leave ICONVBIN and UUDECODEBIN unset to disable any kind of 156 | conversion (by default, character set conversion and base64 decoding 157 | are turned on, so you will have to set your local charset - ICONVCHAR - 158 | before using the scripts). 159 | - new 'ldapid' command shows a user's list of id (just like the 'id' 160 | command does). See ldapid(1) for more details. 161 | - ldapfinger : added -u, -g and -m options to force restricted lookups. 162 | Using ldapfinger with no argument now acts on current user (using 163 | logname(1)). 164 | - ldapinit : fixed Debian bug #421064 by adding a continue (-c) option to _ldapadd 165 | (and _ldapmodify) functions. ldapinit will now continue to initialize LDAP tree 166 | if a previous entry already exists. 167 | - ldapsetpasswd : fixed a bug in wrong exit result, introduced by the use 168 | of a temporary file for changing password (ldapscripts 1.7.1). 169 | - ldapadduser : fixed typo when preserving permissions from HOMESKEL (cp -P -> -p). 170 | - all errors/warnings are now reported to STDERR (new warn_log function replaces 171 | several echo_log calls). 172 | 173 | Contributed from Adam Sommer (thanks a lot !) : 174 | - added -h and --help options for each command. 175 | - resolver functions (uid/gid <-> user/group) now try to use LDAP if 176 | local lookup (using pw or getent) fails. As a consequence, the scripts 177 | will *not* accept to use unresolved entries anymore (e.g. when adding 178 | memberUids). 179 | - it is now possible to set PASSWORDGEN to ''. You then will be prompted 180 | for a new password when adding a user with the 'ldapadduser' command. 181 | - added support for keyword in LDIF templates 182 | This new feature is available for ldapadduser, ldapaddgroup, ldapaddmachine 183 | and ldapinit. A new _askattrs fonction has been added to the runtime file. 184 | To use this feature, you may specify : 185 | ------ 186 | attributeName: 187 | ------ 188 | for example : 189 | ------ 190 | description: Entry for in my LDAP directory 191 | ------ 192 | in the templates used by the 4 commands above. Be careful, only one (the 193 | first one) will be replaced per line. Multivalued attributes are allowed (you can 194 | add several attributes sharing the same name and the option). 195 | 196 | As a consequence, the ASKGECOS option has been removed, since it can be performed 197 | using an option for the gecos attribute. Do not forget to update your 198 | configuration file and templates ! 199 | 200 | Internals : 201 | - various typos and fixes 202 | - runtime : 203 | - new is_b64, _b64decode, _utf8encode, _utf8decode functions. 204 | - new _getattribute and _askpassword functions. 205 | - new is_like function. 206 | - _genpassword : do not eval PASSWORDGEN if empty or set to "". 207 | - mktempf : added more entropy to _TMPFILE naming using /dev/random. 208 | As a consequence, availability of /dev/random on the client system 209 | is now mandatory to run the scripts. 210 | - sed and grep arguments cleanup (removed unnecessary -E and -e). 211 | - Makefile : 212 | - RUNDIR has been renamed to LIBDIR. 213 | New [un]installlib targets to [un]install the runtime file. 214 | - Replaced mkdir calls with 'install -d' ones 215 | (may not be available on every system). 216 | - Do not overwrite/delete configuration files / password file anymore 217 | if files exist or has changed (differ from .sample ones). 218 | 219 | That's all folks ;-) 220 | 221 | 2007/11/28 : ldapscripts 1.7.2 222 | - runtime : Use 'trap - ' to restore traps instead of the uncommon 'trap -' syntax 223 | - runtime : Fix _changepasswd by removing the trailing newline character in the temporary file (echo -n) 224 | 225 | 2007/10/13 : ldapscripts 1.7.1 226 | - Fixes for CVE-2007-5373 227 | see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5373 228 | and http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=445582 229 | 230 | 1) Up to now, each ldap* command was called with the -w parameter, which allows to 231 | specify the bind password on the command line. Unfortunately, this could make the 232 | password appear to anybody performing a `ps` during the call. This is now avoided 233 | by using the -y parameter and a password file. 234 | 235 | -> A new BINDPWDFILE option has been added : it specifies the path to the bind 236 | password file. This file can be created by something like : 237 | 'echo -n 'password' > $BINDPWDFILE' and you can now safely remove (or comment) the 238 | BINDPWD parameter from your configuration file. 239 | 240 | 2) Changing a user password could also reveal the new password on the command line, 241 | because of the use of ldappasswd's -s option. This has been fixed by using a temporary 242 | file containing the new password (and ldappassword's -T option). 243 | 244 | -> [internals] New mktempf() and reltempf() functions have been added 245 | 246 | [For older versions of OpenLDAP, -y and -T parameters may not be available. It is still 247 | possible to use the old BINDPWD parameter. Just uncomment it from the configuration file 248 | and comment the BINDPWDFILE parameter (which takes precedence over BINDPWD). The 249 | ldapscripts will just behave as previously and use inline -w and -s parameters, warning 250 | you this is not secure way of running them.] 251 | 252 | 3) A similar problem related to sed expressions has been found : it may also lead to 253 | reveal a user's password to `ps` users. This is now fixed by using temporary files 254 | containing sed expressions (and sed's -f option). 255 | 256 | 4) A new test has been added to check if 'echo' and '[' are built-in or not. If not, 257 | you'll be warned that the ldapscripts may not be safe to use (because these commands 258 | manipulate passwords when creating temporary files). 259 | 260 | -> [internals] New is_builtin() function 261 | 262 | Note that these flaws depend largely on your kernel configuration : hardened kernels 263 | should not be impacted (e.g. if you use security.bsd.see_other_[u|g]ids sysctls on 264 | FreeBSD). It may also depend on the version of OpenLDAP client commands you run. 265 | 266 | Thanks a lot to Don and Madcoder for their help ! 267 | 268 | - Few fixes to avoid using non-standard 'if ! command's... 269 | 270 | 2007/09/03 : ldapscripts 1.7 271 | - Fixed several typos and bugs 272 | - _ldapinit : new options : '-r' and '-s' to create only the root dn ('-r'), or regular OUs ('-s') 273 | - [internals] Added the ability to select depth when using _extractldif() 274 | - [internals] New is_integer function 275 | - _lsldap : new options : '-u', '-g' and '-m', to list only 'u'ser, 'g'roup or 'm'achine entries 276 | - New _ldapmodify{user,group,machine} interactive scripts to edit entries 277 | - Added a new $TMPDIR configuration variable (necessary for the new scripts) 278 | - Added _ldapmodify{user,group,machine}(1) manpages 279 | - Now bundled with a brand-new Makefile (old install script no more available) 280 | 281 | 2007/04/20 : ldapscripts 1.6 282 | - Fixed typos 283 | - internal _ldapsearch() improved 284 | - New _ldapfinger command to display a user/machine/group POSIX account's details 285 | - ldapadduser : new option to set the defaults permissions when creating home directories (thanks to Guillaume Rousse) 286 | - It is now possible to use a full URI instead of a name for the SERVER directive (thanks to Guillaume Rousse) 287 | - It is now possible to use external LDIF templates when creating a user/machine/group (thanks to Guillaume Rousse) 288 | See TEMPLATES options in the ldapscripts.conf file and *.template.sample files in the etc/ directory 289 | - Now use 'sort -n' instead of 'sort -g' when extracting the last account from the directory (thanks to Rudi van Drunen) 290 | - Added a 'description' attribute for group accounts 291 | 292 | 2007/01/03 : ldapscripts 1.5 293 | - Fixed typos (thanks to Mikael Lammentausta) 294 | - Small fixes to the install script 295 | - ldapadduser : use $_UID instead of $_USER while chown'ing homedir (thanks to Mikael Lammentausta) 296 | - ldapadduser : new option to ask for the gecos (thanks to Mikael Lammentausta) 297 | - ldapadduser : new option to copy skeleton files to home directories (thanks to Mikael Lammentausta) 298 | - ldapadduser : now skip user's home dir creation if it already exists 299 | - ldapadduser/ldapaddmachine : modified account description attributes : set to 'User account' or 'Machine account' 300 | - ldapadduser/ldapaddgroup/ldapaddmachine : use $_USER and $_GROUP instead of $1 when possible 301 | - New _ldappasswd script to modify a user's password (suggested by Mikael Lammentausta) 302 | 303 | 2006/01/05 : ldapscripts 1.4 304 | - More code cleaning !!! Code now clean... (and bug-free ???) - thanks to Madcoder for the help he provided ! 305 | - Removed dependency to slappasswd !!! Using ldappasswd instead (included in the standard ldap-client commands) 306 | - Added new ldaprenameuser command (uses ldapmodrdn included in the standard ldap-client commands) 307 | Add this to Samba 3.0.21's configuration file : rename user script = ldaprenameuser '%uold' '%unew' 308 | Warning : renaming an entry (user/group/machine) only involves renaming its RDN ! 309 | This means may have to change manually the account's homedir (user) and modify each group to include the new 310 | rdn (user/machine) as a memberuid. 311 | - Also added useful _ldaprenamegroup and _ldaprenamemachine scripts (not used by Samba) 312 | - A user/machine is now searched using its uid (no more use of its cn) 313 | - Full command now shown in logs 314 | - Modified README 315 | - New TODO file 316 | - Man pages (section 1 for each script, section 5 for a global "ldapscripts" manual) 317 | 318 | 2005/10/01 : ldapscripts 1.3 319 | Compatibility rework / code cleaning - the scripts now work on FreeBSD ! 320 | - no more calls to "source", use . instead 321 | - now using "=" instead of "==" in test 322 | - now return 1 instead of -1 when an error occurs 323 | - added possibility to specify the getent command, so you can use pw instead (for FreeBSD) 324 | - added auto-guess for this command if left blank in conf file 325 | - split the horrible conf file into a real conf file and a "runtime" file 326 | 327 | 2005/07/15 : ldapscript 1.2 328 | - applied patch from Vincent Esposito to make sure uid/gid/mid found in LDAP is higher than *START ones 329 | - small documentation modifications 330 | 331 | 2005/02/18 : ldapscripts 1.1 332 | - added _ldapinit command, to inititalize an LDAP directory with a minimal hierarchy 333 | - added support for home directories creation (see ldapscripts.conf) 334 | - no more need for backslashes in user home directories and user shell in ldapscripts.conf 335 | - added support for initializing (randomized) passwords when adding a user. 336 | - Passwords can also be recorded into a log file when performing a massive user creation (see ldapscripts.conf) 337 | 338 | 2005/02/07 : ldapscripts 1.0 339 | -------------------------------------------------------------------------------- /COPYING: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 2, June 1991 3 | 4 | Copyright (C) 1989, 1991 Free Software Foundation, Inc. 5 | 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 6 | Everyone is permitted to copy and distribute verbatim copies 7 | of this license document, but changing it is not allowed. 8 | 9 | Preamble 10 | 11 | The licenses for most software are designed to take away your 12 | freedom to share and change it. By contrast, the GNU General Public 13 | License is intended to guarantee your freedom to share and change free 14 | software--to make sure the software is free for all its users. This 15 | General Public License applies to most of the Free Software 16 | Foundation's software and to any other program whose authors commit to 17 | using it. (Some other Free Software Foundation software is covered by 18 | the GNU Library General Public License instead.) You can apply it to 19 | your programs, too. 20 | 21 | When we speak of free software, we are referring to freedom, not 22 | price. Our General Public Licenses are designed to make sure that you 23 | have the freedom to distribute copies of free software (and charge for 24 | this service if you wish), that you receive source code or can get it 25 | if you want it, that you can change the software or use pieces of it 26 | in new free programs; and that you know you can do these things. 27 | 28 | To protect your rights, we need to make restrictions that forbid 29 | anyone to deny you these rights or to ask you to surrender the rights. 30 | These restrictions translate to certain responsibilities for you if you 31 | distribute copies of the software, or if you modify it. 32 | 33 | For example, if you distribute copies of such a program, whether 34 | gratis or for a fee, you must give the recipients all the rights that 35 | you have. You must make sure that they, too, receive or can get the 36 | source code. And you must show them these terms so they know their 37 | rights. 38 | 39 | We protect your rights with two steps: (1) copyright the software, and 40 | (2) offer you this license which gives you legal permission to copy, 41 | distribute and/or modify the software. 42 | 43 | Also, for each author's protection and ours, we want to make certain 44 | that everyone understands that there is no warranty for this free 45 | software. If the software is modified by someone else and passed on, we 46 | want its recipients to know that what they have is not the original, so 47 | that any problems introduced by others will not reflect on the original 48 | authors' reputations. 49 | 50 | Finally, any free program is threatened constantly by software 51 | patents. We wish to avoid the danger that redistributors of a free 52 | program will individually obtain patent licenses, in effect making the 53 | program proprietary. To prevent this, we have made it clear that any 54 | patent must be licensed for everyone's free use or not licensed at all. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | GNU GENERAL PUBLIC LICENSE 60 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 61 | 62 | 0. This License applies to any program or other work which contains 63 | a notice placed by the copyright holder saying it may be distributed 64 | under the terms of this General Public License. The "Program", below, 65 | refers to any such program or work, and a "work based on the Program" 66 | means either the Program or any derivative work under copyright law: 67 | that is to say, a work containing the Program or a portion of it, 68 | either verbatim or with modifications and/or translated into another 69 | language. (Hereinafter, translation is included without limitation in 70 | the term "modification".) Each licensee is addressed as "you". 71 | 72 | Activities other than copying, distribution and modification are not 73 | covered by this License; they are outside its scope. The act of 74 | running the Program is not restricted, and the output from the Program 75 | is covered only if its contents constitute a work based on the 76 | Program (independent of having been made by running the Program). 77 | Whether that is true depends on what the Program does. 78 | 79 | 1. You may copy and distribute verbatim copies of the Program's 80 | source code as you receive it, in any medium, provided that you 81 | conspicuously and appropriately publish on each copy an appropriate 82 | copyright notice and disclaimer of warranty; keep intact all the 83 | notices that refer to this License and to the absence of any warranty; 84 | and give any other recipients of the Program a copy of this License 85 | along with the Program. 86 | 87 | You may charge a fee for the physical act of transferring a copy, and 88 | you may at your option offer warranty protection in exchange for a fee. 89 | 90 | 2. You may modify your copy or copies of the Program or any portion 91 | of it, thus forming a work based on the Program, and copy and 92 | distribute such modifications or work under the terms of Section 1 93 | above, provided that you also meet all of these conditions: 94 | 95 | a) You must cause the modified files to carry prominent notices 96 | stating that you changed the files and the date of any change. 97 | 98 | b) You must cause any work that you distribute or publish, that in 99 | whole or in part contains or is derived from the Program or any 100 | part thereof, to be licensed as a whole at no charge to all third 101 | parties under the terms of this License. 102 | 103 | c) If the modified program normally reads commands interactively 104 | when run, you must cause it, when started running for such 105 | interactive use in the most ordinary way, to print or display an 106 | announcement including an appropriate copyright notice and a 107 | notice that there is no warranty (or else, saying that you provide 108 | a warranty) and that users may redistribute the program under 109 | these conditions, and telling the user how to view a copy of this 110 | License. (Exception: if the Program itself is interactive but 111 | does not normally print such an announcement, your work based on 112 | the Program is not required to print an announcement.) 113 | 114 | These requirements apply to the modified work as a whole. If 115 | identifiable sections of that work are not derived from the Program, 116 | and can be reasonably considered independent and separate works in 117 | themselves, then this License, and its terms, do not apply to those 118 | sections when you distribute them as separate works. But when you 119 | distribute the same sections as part of a whole which is a work based 120 | on the Program, the distribution of the whole must be on the terms of 121 | this License, whose permissions for other licensees extend to the 122 | entire whole, and thus to each and every part regardless of who wrote it. 123 | 124 | Thus, it is not the intent of this section to claim rights or contest 125 | your rights to work written entirely by you; rather, the intent is to 126 | exercise the right to control the distribution of derivative or 127 | collective works based on the Program. 128 | 129 | In addition, mere aggregation of another work not based on the Program 130 | with the Program (or with a work based on the Program) on a volume of 131 | a storage or distribution medium does not bring the other work under 132 | the scope of this License. 133 | 134 | 3. You may copy and distribute the Program (or a work based on it, 135 | under Section 2) in object code or executable form under the terms of 136 | Sections 1 and 2 above provided that you also do one of the following: 137 | 138 | a) Accompany it with the complete corresponding machine-readable 139 | source code, which must be distributed under the terms of Sections 140 | 1 and 2 above on a medium customarily used for software interchange; or, 141 | 142 | b) Accompany it with a written offer, valid for at least three 143 | years, to give any third party, for a charge no more than your 144 | cost of physically performing source distribution, a complete 145 | machine-readable copy of the corresponding source code, to be 146 | distributed under the terms of Sections 1 and 2 above on a medium 147 | customarily used for software interchange; or, 148 | 149 | c) Accompany it with the information you received as to the offer 150 | to distribute corresponding source code. (This alternative is 151 | allowed only for noncommercial distribution and only if you 152 | received the program in object code or executable form with such 153 | an offer, in accord with Subsection b above.) 154 | 155 | The source code for a work means the preferred form of the work for 156 | making modifications to it. For an executable work, complete source 157 | code means all the source code for all modules it contains, plus any 158 | associated interface definition files, plus the scripts used to 159 | control compilation and installation of the executable. However, as a 160 | special exception, the source code distributed need not include 161 | anything that is normally distributed (in either source or binary 162 | form) with the major components (compiler, kernel, and so on) of the 163 | operating system on which the executable runs, unless that component 164 | itself accompanies the executable. 165 | 166 | If distribution of executable or object code is made by offering 167 | access to copy from a designated place, then offering equivalent 168 | access to copy the source code from the same place counts as 169 | distribution of the source code, even though third parties are not 170 | compelled to copy the source along with the object code. 171 | 172 | 4. You may not copy, modify, sublicense, or distribute the Program 173 | except as expressly provided under this License. Any attempt 174 | otherwise to copy, modify, sublicense or distribute the Program is 175 | void, and will automatically terminate your rights under this License. 176 | However, parties who have received copies, or rights, from you under 177 | this License will not have their licenses terminated so long as such 178 | parties remain in full compliance. 179 | 180 | 5. You are not required to accept this License, since you have not 181 | signed it. However, nothing else grants you permission to modify or 182 | distribute the Program or its derivative works. These actions are 183 | prohibited by law if you do not accept this License. Therefore, by 184 | modifying or distributing the Program (or any work based on the 185 | Program), you indicate your acceptance of this License to do so, and 186 | all its terms and conditions for copying, distributing or modifying 187 | the Program or works based on it. 188 | 189 | 6. Each time you redistribute the Program (or any work based on the 190 | Program), the recipient automatically receives a license from the 191 | original licensor to copy, distribute or modify the Program subject to 192 | these terms and conditions. You may not impose any further 193 | restrictions on the recipients' exercise of the rights granted herein. 194 | You are not responsible for enforcing compliance by third parties to 195 | this License. 196 | 197 | 7. If, as a consequence of a court judgment or allegation of patent 198 | infringement or for any other reason (not limited to patent issues), 199 | conditions are imposed on you (whether by court order, agreement or 200 | otherwise) that contradict the conditions of this License, they do not 201 | excuse you from the conditions of this License. If you cannot 202 | distribute so as to satisfy simultaneously your obligations under this 203 | License and any other pertinent obligations, then as a consequence you 204 | may not distribute the Program at all. For example, if a patent 205 | license would not permit royalty-free redistribution of the Program by 206 | all those who receive copies directly or indirectly through you, then 207 | the only way you could satisfy both it and this License would be to 208 | refrain entirely from distribution of the Program. 209 | 210 | If any portion of this section is held invalid or unenforceable under 211 | any particular circumstance, the balance of the section is intended to 212 | apply and the section as a whole is intended to apply in other 213 | circumstances. 214 | 215 | It is not the purpose of this section to induce you to infringe any 216 | patents or other property right claims or to contest validity of any 217 | such claims; this section has the sole purpose of protecting the 218 | integrity of the free software distribution system, which is 219 | implemented by public license practices. Many people have made 220 | generous contributions to the wide range of software distributed 221 | through that system in reliance on consistent application of that 222 | system; it is up to the author/donor to decide if he or she is willing 223 | to distribute software through any other system and a licensee cannot 224 | impose that choice. 225 | 226 | This section is intended to make thoroughly clear what is believed to 227 | be a consequence of the rest of this License. 228 | 229 | 8. If the distribution and/or use of the Program is restricted in 230 | certain countries either by patents or by copyrighted interfaces, the 231 | original copyright holder who places the Program under this License 232 | may add an explicit geographical distribution limitation excluding 233 | those countries, so that distribution is permitted only in or among 234 | countries not thus excluded. In such case, this License incorporates 235 | the limitation as if written in the body of this License. 236 | 237 | 9. The Free Software Foundation may publish revised and/or new versions 238 | of the General Public License from time to time. Such new versions will 239 | be similar in spirit to the present version, but may differ in detail to 240 | address new problems or concerns. 241 | 242 | Each version is given a distinguishing version number. If the Program 243 | specifies a version number of this License which applies to it and "any 244 | later version", you have the option of following the terms and conditions 245 | either of that version or of any later version published by the Free 246 | Software Foundation. If the Program does not specify a version number of 247 | this License, you may choose any version ever published by the Free Software 248 | Foundation. 249 | 250 | 10. If you wish to incorporate parts of the Program into other free 251 | programs whose distribution conditions are different, write to the author 252 | to ask for permission. For software which is copyrighted by the Free 253 | Software Foundation, write to the Free Software Foundation; we sometimes 254 | make exceptions for this. Our decision will be guided by the two goals 255 | of preserving the free status of all derivatives of our free software and 256 | of promoting the sharing and reuse of software generally. 257 | 258 | NO WARRANTY 259 | 260 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY 261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN 262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES 263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED 264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS 266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE 267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, 268 | REPAIR OR CORRECTION. 269 | 270 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR 272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, 273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING 274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED 275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY 276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER 277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE 278 | POSSIBILITY OF SUCH DAMAGES. 279 | 280 | END OF TERMS AND CONDITIONS 281 | 282 | How to Apply These Terms to Your New Programs 283 | 284 | If you develop a new program, and you want it to be of the greatest 285 | possible use to the public, the best way to achieve this is to make it 286 | free software which everyone can redistribute and change under these terms. 287 | 288 | To do so, attach the following notices to the program. It is safest 289 | to attach them to the start of each source file to most effectively 290 | convey the exclusion of warranty; and each file should have at least 291 | the "copyright" line and a pointer to where the full notice is found. 292 | 293 | 294 | Copyright (C) 295 | 296 | This program is free software; you can redistribute it and/or modify 297 | it under the terms of the GNU General Public License as published by 298 | the Free Software Foundation; either version 2 of the License, or 299 | (at your option) any later version. 300 | 301 | This program is distributed in the hope that it will be useful, 302 | but WITHOUT ANY WARRANTY; without even the implied warranty of 303 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 304 | GNU General Public License for more details. 305 | 306 | You should have received a copy of the GNU General Public License 307 | along with this program; if not, write to the Free Software 308 | Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 309 | 310 | 311 | Also add information on how to contact you by electronic and paper mail. 312 | 313 | If the program is interactive, make it output a short notice like this 314 | when it starts in an interactive mode: 315 | 316 | Gnomovision version 69, Copyright (C) year name of author 317 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 318 | This is free software, and you are welcome to redistribute it 319 | under certain conditions; type `show c' for details. 320 | 321 | The hypothetical commands `show w' and `show c' should show the appropriate 322 | parts of the General Public License. Of course, the commands you use may 323 | be called something other than `show w' and `show c'; they could even be 324 | mouse-clicks or menu items--whatever suits your program. 325 | 326 | You should also get your employer (if you work as a programmer) or your 327 | school, if any, to sign a "copyright disclaimer" for the program, if 328 | necessary. Here is a sample; alter the names: 329 | 330 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program 331 | `Gnomovision' (which makes passes at compilers) written by James Hacker. 332 | 333 | , 1 April 1989 334 | Ty Coon, President of Vice 335 | 336 | This General Public License does not permit incorporating your program into 337 | proprietary programs. If your program is a subroutine library, you may 338 | consider it more useful to permit linking proprietary applications with the 339 | library. If this is what you want to do, use the GNU Library General 340 | Public License instead of this License. 341 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # Makefile for the lapscripts 2 | 3 | # Copyright (C) 2007-2019 Ganaël LAPLANCHE 4 | # 5 | # This program is free software; you can redistribute it and/or 6 | # modify it under the terms of the GNU General Public License 7 | # as published by the Free Software Foundation; either version 2 8 | # of the License, or (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program; if not, write to the Free Software 17 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 18 | # USA. 19 | 20 | # Configuration / variables section 21 | DESTDIR = 22 | PREFIX = /usr/local 23 | 24 | # Identity 25 | SHELL= /bin/sh 26 | NAME = ldapscripts 27 | #SUFFIX = -devel 28 | VERSION = 2.0.9 29 | 30 | # Default installation paths 31 | SBINDIR = $(PREFIX)/sbin 32 | MANDIR = $(PREFIX)/man 33 | ETCDIR = $(PREFIX)/etc/$(NAME) 34 | LIBDIR = $(PREFIX)/lib/$(NAME) 35 | 36 | # Files to install 37 | RUNFILE = runtime 38 | ETCFILE = ldapscripts.conf 39 | PWDFILE = ldapscripts.passwd 40 | SBINFILES = ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser \ 41 | ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \ 42 | ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \ 43 | ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \ 44 | ldaprenameuser 45 | MAN1FILES = ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \ 46 | ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \ 47 | ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \ 48 | ldapdeletegroup.1 ldapsetprimarygroup.1 ldapmodifygroup.1 ldaprenamegroup.1 \ 49 | ldapaddmachine.1 ldapdeleteuser.1 50 | MAN5FILES = ldapscripts.5 51 | TMPLFILES = ldapaddgroup.template.sample ldapaddmachine.template.sample \ 52 | ldapadduser.template.sample 53 | 54 | # Default target 55 | all: help 56 | 57 | # Help target 58 | help: 59 | @echo "Usage: make [VARIABLE=] " 60 | @echo "Valid variables :" 61 | @echo " DESTDIR : root target directory to install to (default = *empty*)" 62 | @echo " PREFIX : main target directory within DESTDIR (default = /usr/local)" 63 | @echo " SBINDIR : where to install scripts (default = PREFIX/sbin)" 64 | @echo " MANDIR : where to install man pages (default = PREFIX/man)" 65 | @echo " ETCDIR : where to install the configuration file (default = PREFIX/etc/ldapscripts)" 66 | @echo " LIBDIR : where to install the runtime file (default = PREFIX/lib/ldapscripts)" 67 | @echo "Valid targets :" 68 | @echo " configure : prepare sources for installation" 69 | @echo " install : install everything" 70 | @echo " uninstall : uninstall everything" 71 | @echo " clean : clean up sources" 72 | @echo " package : create a source tarball in /tmp" 73 | @echo " help : this help" 74 | @echo "Additional targets :" 75 | @echo " [un]installsbin : [un]install main scripts" 76 | @echo " [un]installman : [un]install man pages" 77 | @echo " [un]installetc : [un]install configuration and template files" 78 | @echo " [un]installlib : [un]install libraries [runtime file]" 79 | @echo " deinstall : synonym for uninstall" 80 | @echo " distclean : synonym for clean" 81 | @echo " mrproper : synonym for clean" 82 | 83 | # Configure target 84 | configure: 85 | @echo -n 'Configuring scripts... ' 86 | @sed 's|^BINDPWDFILE=.*|BINDPWDFILE="$(ETCDIR)/$(PWDFILE)"|g' 'etc/$(ETCFILE)' > 'etc/$(ETCFILE).patched' 87 | @sed '/^_CONFIGFILE=/s|^\(.*"\).*\(".*\)|\1$(ETCDIR)/$(ETCFILE)\2|g' 'lib/$(RUNFILE)' > 'lib/$(RUNFILE).patched' 88 | @for i in $(SBINFILES) ; do \ 89 | sed 's|^_RUNTIMEFILE=.*|_RUNTIMEFILE="$(LIBDIR)/$(RUNFILE)"|g' "sbin/$$i" > "sbin/$$i.patched" ; \ 90 | done 91 | @echo 'ok.' 92 | 93 | # Install targets 94 | install: installsbin installman installetc installlib 95 | installsbin: configure 96 | @echo -n 'Installing scripts into $(DESTDIR)$(SBINDIR)... ' 97 | @install -d -m 755 '$(DESTDIR)$(SBINDIR)' 2>/dev/null 98 | @for i in $(SBINFILES) ; do \ 99 | install -m 750 "sbin/$$i.patched" "$(DESTDIR)$(SBINDIR)/$$i" ; \ 100 | done 101 | @echo 'ok.' 102 | 103 | installman: 104 | @echo -n 'Installing man files into $(DESTDIR)$(MANDIR)... ' 105 | @install -d -m 755 '$(DESTDIR)$(MANDIR)/man1' 2>/dev/null 106 | @for i in $(MAN1FILES) ; do \ 107 | cat "man/man1/$$i" | gzip - > "$(DESTDIR)$(MANDIR)/man1/`basename $$i`.gz" ; \ 108 | done 109 | @install -d -m 755 '$(DESTDIR)$(MANDIR)/man5' 2>/dev/null 110 | @for i in $(MAN5FILES) ; do \ 111 | cat "man/man5/$$i" | gzip - > "$(DESTDIR)$(MANDIR)/man5/`basename $$i`.gz" ; \ 112 | done 113 | @echo 'ok.' 114 | 115 | installetc: configure 116 | @echo -n 'Installing configuration files into $(DESTDIR)$(ETCDIR)... ' 117 | @install -d -m 755 '$(DESTDIR)$(ETCDIR)' 2>/dev/null 118 | @install -m 440 'etc/$(ETCFILE).patched' '$(DESTDIR)$(ETCDIR)/$(ETCFILE).sample' 119 | @if [ ! -f '$(DESTDIR)$(ETCDIR)/$(ETCFILE)' ]; then \ 120 | install -m 640 '$(DESTDIR)$(ETCDIR)/$(ETCFILE).sample' '$(DESTDIR)$(ETCDIR)/$(ETCFILE)'; \ 121 | fi 122 | @install -m 440 -b 'etc/$(PWDFILE)' '$(DESTDIR)$(ETCDIR)/$(PWDFILE).sample' 123 | @if [ ! -f '$(DESTDIR)$(ETCDIR)/$(PWDFILE)' ]; then \ 124 | install -m 640 '$(DESTDIR)$(ETCDIR)/$(PWDFILE).sample' '$(DESTDIR)$(ETCDIR)/$(PWDFILE)'; \ 125 | fi 126 | @for i in $(TMPLFILES) ; do \ 127 | install -m 440 "etc/$$i" '$(DESTDIR)$(ETCDIR)' ; \ 128 | done 129 | @echo 'ok.' 130 | 131 | installlib: configure 132 | @echo -n 'Installing library files into $(DESTDIR)$(LIBDIR)... ' 133 | @install -d -m 755 '$(DESTDIR)$(LIBDIR)' 2>/dev/null 134 | @install -m 440 'lib/$(RUNFILE).patched' '$(DESTDIR)$(LIBDIR)/$(RUNFILE)' 135 | @echo 'ok.' 136 | 137 | # Uninstall targets 138 | deinstall: uninstall 139 | uninstall: uninstallsbin uninstallman uninstalletc uninstalllib 140 | uninstallsbin: 141 | @echo -n 'Uninstalling scripts from $(DESTDIR)$(SBINDIR)... ' 142 | @for i in $(SBINFILES) ; do \ 143 | rm -f "$(DESTDIR)$(SBINDIR)/$$i" ; \ 144 | done 145 | @rmdir '$(DESTDIR)$(SBINDIR)' 2>/dev/null || true 146 | @echo 'ok.' 147 | 148 | uninstallman: 149 | @echo -n 'Uninstalling man files from $(DESTDIR)$(MANDIR)... ' 150 | @for i in $(MAN1FILES) ; do \ 151 | rm -f "$(DESTDIR)$(MANDIR)/man1/`basename $$i`.gz" ; \ 152 | done 153 | @rmdir '$(DESTDIR)$(MANDIR)/man1' 2>/dev/null || true 154 | @for i in $(MAN5FILES) ; do \ 155 | rm -f "$(DESTDIR)$(MANDIR)/man5/`basename $$i`.gz" ; \ 156 | done 157 | @rmdir '$(DESTDIR)$(MANDIR)/man5' 2>/dev/null || true 158 | @rmdir '$(MANDIR)' 2>/dev/null || true 159 | @echo 'ok.' 160 | 161 | uninstalletc: 162 | @echo -n 'Uninstalling configuration files from $(DESTDIR)$(ETCDIR)... ' 163 | @if cmp -s '$(DESTDIR)$(ETCDIR)/$(ETCFILE)' '$(DESTDIR)$(ETCDIR)/$(ETCFILE).sample'; then \ 164 | rm -f '$(DESTDIR)$(ETCDIR)/$(ETCFILE)'; \ 165 | fi 166 | @rm -f '$(DESTDIR)$(ETCDIR)/$(ETCFILE).sample' 167 | @if cmp -s '$(DESTDIR)$(ETCDIR)/$(PWDFILE)' '$(DESTDIR)$(ETCDIR)/$(PWDFILE).sample'; then \ 168 | rm -f '$(DESTDIR)$(ETCDIR)/$(PWDFILE)'; \ 169 | fi 170 | @rm -f '$(DESTDIR)$(ETCDIR)/$(PWDFILE).sample' 171 | @for i in $(TMPLFILES) ; do \ 172 | rm -f "$(DESTDIR)$(ETCDIR)/$$i" ; \ 173 | done 174 | @rmdir '$(DESTDIR)$(ETCDIR)' 2>/dev/null || true 175 | @echo 'ok.' 176 | 177 | uninstalllib: 178 | @echo -n 'Uninstalling library files from $(DESTDIR)$(LIBDIR)... ' 179 | @rm -f '$(DESTDIR)$(LIBDIR)/$(RUNFILE)' 180 | @rmdir '$(DESTDIR)$(LIBDIR)' 2>/dev/null || true 181 | @echo 'ok.' 182 | 183 | # Clean targets 184 | clean: 185 | @echo -n 'Cleaning sources... ' 186 | @rm -f 'etc/$(ETCFILE).patched' 187 | @rm -f 'lib/$(RUNFILE).patched' 188 | @for i in $(SBINFILES) ; do \ 189 | rm -f "sbin/$$i.patched" ; \ 190 | done 191 | @echo 'ok.' 192 | distclean: clean 193 | mrproper: clean 194 | 195 | # Source tarball target 196 | package: clean 197 | @echo -n 'Creating source tarball /tmp/$(NAME)-$(VERSION)$(SUFFIX).tgz... ' 198 | @echo '$(VERSION)$(SUFFIX)' > VERSION 199 | @(cd .. && tar c --exclude '.git' -zf /tmp/$(NAME)-$(VERSION)$(SUFFIX).tgz $(NAME)-$(VERSION)) 200 | @echo 'ok.' 201 | 202 | -------------------------------------------------------------------------------- /README: -------------------------------------------------------------------------------- 1 | Ldapscripts - README file 2 | ************************* 3 | 4 | Description : 5 | ************* 6 | 7 | The ldapscripts are originally designed to be used within Samba 3.x's 8 | smb.conf file. They allow to manipulate POSIX entries for users, groups 9 | and machines in an LDAP directory. They are written in shell and need ldap 10 | client commands to work correctly (ldapadd, ldapdelete, ldapmodify, 11 | ldapsearch). Other scripts also are provided as simple tools to (manually) 12 | query your LDAP directory : ldapfinger, ldapid, lsldap (...). 13 | 14 | They are designed to be used under GNU/Linux or FreeBSD (any other 15 | recent UNIX-like should also work) and require several binaries that should 16 | come with your OS (uuencode, getent/pw, date, grep, sed, cut...). 17 | 18 | Latest version available on http://contribs.martymac.org 19 | 20 | Installing and configuring the ldapscripts : 21 | ******************************************** 22 | 23 | To install the scripts, just type in : 24 | # make install 25 | or, to define a special installation directory : 26 | # make PREFIX=/target/directory install 27 | 28 | Use 'make help' for more options. 29 | 30 | All the scripts will be copied (by default) to /usr/local/sbin and 31 | ldapscripts.conf will be copied to /usr/local/etc/ldapscripts. 32 | 33 | Keep in mind that the scripts are installed with quite restrictive rights. 34 | You may have to play with group rights or ACLs (if they are enabled 35 | on your system) to make the things work... 36 | 37 | Once installed, edit /usr/local/etc/ldapscripts/ldapscripts.conf to 38 | configure the ldapscripts. 39 | 40 | Then, just type in - e.g. : 41 | # ldapadduser foo foogroup 42 | 43 | See ldapscripts(5) for more details. 44 | 45 | Configuring your OpenLDAP server : 46 | ********************************** 47 | 48 | Be sure to include these schemas in your slapd.conf : 49 | 50 | - core.schema 51 | - cosine.schema (for the account objectClass) 52 | - nis.schema (for the posixAccount objectClass) or a modified 53 | RFC 2307bis compliant version of this file if you plan to use 54 | AUXILIARY posixGroup objectClasses together with groupOfNames 55 | or groupOfUniqueNames objectClasses (see GCLASS parameter in 56 | the ldapscripts.conf file). 57 | 58 | Using the ldapscripts with Samba 3.x : 59 | ************************************** 60 | 61 | To use the ldapscripts with Samba 3.x (e.g. for a Windows -> Samba migration), 62 | just add the following to your smb.conf file : 63 | 64 | # [...] 65 | add machine script = /usr/local/sbin/ldapaddmachine '%u' sambamachines 66 | add user script = /usr/local/sbin/ldapadduser '%u' sambausers 67 | add group script = /usr/local/sbin/ldapaddgroup '%g' 68 | add user to group script = /usr/local/sbin/ldapaddusertogroup '%u' '%g' 69 | delete user script = /usr/local/sbin/ldapdeleteuser '%u' 70 | delete group script = /usr/local/sbin/ldapdeletegroup '%g' 71 | delete user from group script = /usr/local/sbin/ldapdeleteuserfromgroup '%u' '%g' 72 | set primary group script = /usr/local/sbin/ldapsetprimarygroup '%u' '%g' 73 | rename user script = /usr/local/sbin/ldaprenameuser '%uold' '%unew' 74 | # [...] 75 | 76 | and make sure sambamachines and sambausers exist before attempting to 77 | do a "net rpc vampire"... 78 | 79 | Files : 80 | ******* 81 | 82 | * Various files : 83 | 84 | README : this file ! 85 | COPYING : the GPLv2 (or later) license 86 | CHANGELOG : the changelog file, of course 87 | VERSION : the current version of the ldapscripts 88 | TODO : ideas, remaining work 89 | Makefile : installation Makefile 90 | 91 | * Man pages : 92 | 93 | man/* : man pages 94 | 95 | * Configuration files : 96 | 97 | etc/ldapscripts.conf : configuration file 98 | etc/ldapadduser.template.sample : user LDIF template file 99 | etc/ldapaddgroup.template.sample : group LDIF template file 100 | etc/ldapaddmachine.template.sample : machine LDIF template file 101 | 102 | * 'Library' files 103 | 104 | lib/runtime : runtime file used by the scripts (contains functions, etc...) 105 | 106 | * Scripts that can be used in Samba configuration file (smb.conf) : 107 | 108 | sbin/ldapaddgroup : adds a POSIX group to LDAP 109 | sbin/ldapadduser : adds a POSIX user to LDAP 110 | sbin/ldapdeletegroup : deletes a POSIX group from LDAP 111 | sbin/ldapdeleteuserfromgroup : deletes a member from a group 112 | sbin/ldapsetprimarygroup : sets gidNumber of a POSIX user or machine account 113 | sbin/ldapaddmachine : adds a POSIX machine (user$) to LDAP 114 | sbin/ldapaddusertogroup : adds a member to a group 115 | sbin/ldapdeleteuser : deletes a POSIX user from LDAP 116 | sbin/ldaprenameuser : renames a POSIX user account in LDAP 117 | 118 | * Additional (useful) scripts not useable by Samba : 119 | 120 | sbin/ldapdeletemachine : deletes a POSIX machine account in LDAP 121 | sbin/ldapinit : initializes the LDAP tree with a minimal tree 122 | sbin/lsldap : performs a *big* recursive query on the LDAP server from the root dn 123 | sbin/ldapmodifyuser : modifies a POSIX user account in LDAP interactively 124 | sbin/ldapmodifymachine : modifies a POSIX machine account in LDAP interactively 125 | sbin/ldapmodifygroup : modifies a POSIX group account in LDAP interactively 126 | sbin/ldaprenamemachine : renames a POSIX machine account in LDAP 127 | sbin/ldaprenamegroup : renames a POSIX group in LDAP 128 | sbin/ldapsetpasswd : modifies a POSIX user or machine account's password in LDAP 129 | sbin/ldapfinger : displays a user/machine/group POSIX account's details 130 | sbin/ldapid : displays a user's list of IDs 131 | sbin/ldapgid : displays a group's list of IDs 132 | 133 | Environment : 134 | ************* 135 | 136 | You can set the LDAPSCRIPTS_CONF environment variable to override default 137 | configuration file's location. 138 | 139 | Author / Licence : 140 | ****************** 141 | 142 | These scripts have been written by Ganaël LAPLANCHE (ganael.laplanche@martymac.org) 143 | and are available within the GPL license (see COPYING for details). 144 | 145 | Thanks for using the ldapscripts... Any feedback welcome :) 146 | -------------------------------------------------------------------------------- /TODO: -------------------------------------------------------------------------------- 1 | TODO (ideas) : 2 | ************** 3 | 4 | - Ability to specify gecos and cn as command line arguments to ldapadduser 5 | - Ability to pass password to ldapsetpasswd in a secure way (via file) 6 | 7 | - Get rid of functions returning their results through shared variables 8 | - Call variables using the cleaner ${} syntax 9 | - Improve ldapid/ldapgid to dump the whole directory if no argument is given 10 | - Make the runtime file useable as a shell library : avoid exit in end_* functions 11 | - Send ldap clients error logs to stdout as well as to logfile 12 | - Allow use of DNs (instead of short names) as command arguments 13 | - Make some scripts useable with lower privileges than root : 14 | - Move ldapid, ldapfinger, ldapsetpasswd, lsldap to bin/ and set them suid 15 | - Allow common users to use these tools. It will require a kind of privilege separation 16 | not to bypass OpenLDAP ACLs (binding with user's account id necessary). 17 | - Ldapsetpasswd without any argument should change the caller's passwd if logname != root 18 | - Check for base (mandatory) binaries at install time (new 'test' target => sed, grep, ...) 19 | Better testing on configured/additional binaries at run time (e.g. add -f for each -x test) 20 | - Allow to use %g (goup name) in ldapadduser (for _HOMEDIR and _genpassword) 21 | - Add more options to the scripts (a better parsing will be necessary) 22 | - an option to ldapdeleteuser to delete users' home directories 23 | - a 'dry-run' option to display (only) LDIF data 24 | - an option to modify the home dirs (LDAP + directory + rights) of a user when renaming it ? 25 | - an option to modify related groups (memberUid's) when renaming/deleting a user/machine ? 26 | - an option to block deleting a group if it is a user's primary group ? 27 | - Add scripts to easily get/set a single attribute 28 | -------------------------------------------------------------------------------- /VERSION: -------------------------------------------------------------------------------- 1 | 2.0.9 2 | -------------------------------------------------------------------------------- /etc/ldapaddgroup.template.sample: -------------------------------------------------------------------------------- 1 | dn: cn=,, 2 | objectClass: posixGroup 3 | cn: 4 | gidNumber: 5 | description: Group account 6 | -------------------------------------------------------------------------------- /etc/ldapaddmachine.template.sample: -------------------------------------------------------------------------------- 1 | dn: uid=,, 2 | objectClass: account 3 | objectClass: posixAccount 4 | cn: 5 | uid: 6 | uidNumber: 7 | gidNumber: 8 | homeDirectory: /dev/null 9 | loginShell: /bin/false 10 | gecos: 11 | description: Machine account 12 | -------------------------------------------------------------------------------- /etc/ldapadduser.template.sample: -------------------------------------------------------------------------------- 1 | dn: uid=,, 2 | objectClass: account 3 | objectClass: posixAccount 4 | cn: 5 | uid: 6 | uidNumber: 7 | gidNumber: 8 | homeDirectory: 9 | loginShell: 10 | gecos: 11 | description: User account 12 | -------------------------------------------------------------------------------- /etc/ldapscripts.conf: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora 2 | # Copyright (C) 2006-2019 Ganaël LAPLANCHE 3 | # 4 | # This program is free software; you can redistribute it and/or 5 | # modify it under the terms of the GNU General Public License 6 | # as published by the Free Software Foundation; either version 2 7 | # of the License, or (at your option) any later version. 8 | # 9 | # This program is distributed in the hope that it will be useful, 10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 | # GNU General Public License for more details. 13 | # 14 | # You should have received a copy of the GNU General Public License 15 | # along with this program; if not, write to the Free Software 16 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 17 | # USA. 18 | 19 | # LDAP server 20 | SERVER="ldap://localhost" 21 | 22 | # Suffixes 23 | SUFFIX="dc=example,dc=com" # Global suffix 24 | GSUFFIX="ou=Groups" # Groups ou (just under $SUFFIX) 25 | USUFFIX="ou=Users" # Users ou (just under $SUFFIX) 26 | MSUFFIX="ou=Machines" # Machines ou (just under $SUFFIX) 27 | 28 | # Authentication type 29 | # If empty, use simple authentication 30 | # Else, use the value as an SASL authentication mechanism 31 | SASLAUTH="" 32 | #SASLAUTH="GSSAPI" 33 | 34 | # Simple authentication parameters 35 | # The following BIND* parameters are ignored if SASLAUTH is set 36 | BINDDN="cn=Manager,dc=example,dc=com" 37 | # The following file contains the raw password of the BINDDN 38 | # Create it with something like : echo -n 'secret' > $BINDPWDFILE 39 | # WARNING !!!! Be careful not to make this file world-readable 40 | BINDPWDFILE="/etc/ldapscripts/ldapscripts.passwd" 41 | # For older versions of OpenLDAP, it is still possible to use 42 | # unsecure command-line passwords by defining the following option 43 | # AND commenting the previous one (BINDPWDFILE takes precedence) 44 | #BINDPWD="secret" 45 | 46 | # Start with these IDs *if no entry found in LDAP* 47 | GIDSTART="10000" # Group ID 48 | UIDSTART="10000" # User ID 49 | MIDSTART="20000" # Machine ID 50 | 51 | # Group membership management 52 | # ObjectCLass used for groups 53 | # Possible values : posixGroup, groupOfNames, groupOfUniqueNames (case-sensitive !) 54 | # Warning : when using groupOf*, be sure to be compliant with RFC 2307bis (AUXILIARY posixGroup). 55 | # Also, do not mix posixGroup and groupOf* entries up in you directory as, within RFC 2307bis, 56 | # the former is a subset of the latter. The ldapscripts wouldn't cope well with this configuration. 57 | GCLASS="posixGroup" # Leave "posixGroup" here if not sure ! 58 | # When using groupOfNames or groupOfUniqueNames, creating a group requires an initial 59 | # member. Specify it below, you will be able to remove it once groups are populated. 60 | #GDUMMYMEMBER="uid=dummy,$USUFFIX,$SUFFIX" 61 | 62 | # User properties 63 | USHELL="/bin/sh" 64 | UHOMES="/home/%u" # You may use %u for username here 65 | CREATEHOMES="no" # Create home directories and set rights ? 66 | HOMESKEL="/etc/skel" # Directory where the skeleton files are located. Ignored if undefined or nonexistant. 67 | HOMEPERMS="700" # Default permissions for home directories 68 | 69 | # User passwords generation 70 | # Command-line used to generate a password for added users. 71 | # You may use %u for username here ; special value "" will ask for a password interactively 72 | # WARNING !!!! This is evaluated, everything specified here will be run ! 73 | # WARNING(2) !!!! Some systems (Linux) use a blocking /dev/random (waiting for enough entropy). 74 | # In this case, consider using /dev/urandom instead. 75 | PASSWORDGEN="cat /dev/random | LC_ALL=C tr -dc 'a-zA-Z0-9' | head -c8" 76 | #PASSWORDGEN="pwgen" 77 | #PASSWORDGEN="echo changeme" 78 | #PASSWORDGEN="echo %u" 79 | #PASSWORDGEN="" 80 | 81 | # User passwords recording 82 | # you can keep trace of generated passwords setting PASSWORDFILE and RECORDPASSWORDS 83 | # (useful when performing a massive creation / net rpc vampire) 84 | # WARNING !!!! DO NOT FORGET TO DELETE THE GENERATED FILE WHEN DONE ! 85 | # WARNING !!!! DO NOT FORGET TO TURN OFF RECORDING WHEN DONE ! 86 | RECORDPASSWORDS="no" 87 | PASSWORDFILE="/var/log/ldapscripts_passwd.log" 88 | 89 | # Where to log : local file and/or syslog 90 | LOGTOFILE="yes" 91 | LOGFILE="/var/log/ldapscripts.log" 92 | LOGTOSYSLOG="no" 93 | SYSLOGFACILITY="local4" 94 | SYSLOGLEVEL="info" 95 | 96 | # Temporary folder 97 | TMPDIR="/tmp" 98 | 99 | # Various binaries used within the scripts 100 | # Warning : they also use uuencode, date, grep, sed, cut, which... 101 | # Please check they are installed before using these scripts 102 | # Note that many of them should come with your OS 103 | 104 | # OpenLDAP client commands 105 | LDAPSEARCHBIN="/usr/bin/ldapsearch" 106 | LDAPADDBIN="/usr/bin/ldapadd" 107 | LDAPDELETEBIN="/usr/bin/ldapdelete" 108 | LDAPMODIFYBIN="/usr/bin/ldapmodify" 109 | LDAPMODRDNBIN="/usr/bin/ldapmodrdn" 110 | LDAPPASSWDBIN="/usr/bin/ldappasswd" 111 | 112 | # OpenLDAP client common additional options 113 | # This allows for adding more configuration options to the OpenLDAP clients, e.g. '-ZZ' to enforce TLS 114 | #LDAPBINOPTS="-ZZ" 115 | 116 | # OpenLDAP ldapsearch-specific additional options 117 | # The following option disables long-line wrapping (which makes the scripts bug 118 | # when handling long lines). The option was introduced in OpenLDAP 2.4.24, so 119 | # comment it if you are using OpenLDAP < 2.4.24. 120 | LDAPSEARCHOPTS="-o ldif-wrap=no" 121 | # And here is an example to activate paged results 122 | #LDAPSEARCHOPTS="-E pr=500/noprompt" 123 | 124 | # Character set conversion : $ICONVCHAR <-> UTF-8 125 | # Comment ICONVBIN to disable UTF-8 conversion 126 | ICONVBIN="/usr/bin/iconv" 127 | #ICONVCHAR="ISO-8859-15" 128 | 129 | # Base64 decoding 130 | # Comment UUDECODEBIN to disable Base64 decoding 131 | UUDECODEBIN="/usr/bin/uudecode" 132 | 133 | # Getent command to use - choose the ones used 134 | # on your system. Leave blank or comment for auto-guess. 135 | # GNU/Linux 136 | #GETENTPWCMD="getent passwd" 137 | #GETENTGRCMD="getent group" 138 | # FreeBSD 139 | #GETENTPWCMD="pw usershow" 140 | #GETENTGRCMD="pw groupshow" 141 | # Auto 142 | GETENTPWCMD="" 143 | GETENTGRCMD="" 144 | 145 | # You can specify custom LDIF templates here 146 | # Leave empty to use default templates 147 | # See *.template.sample for default templates 148 | #GTEMPLATE="/path/to/ldapaddgroup.template" 149 | #UTEMPLATE="/path/to/ldapadduser.template" 150 | #MTEMPLATE="/path/to/ldapaddmachine.template" 151 | GTEMPLATE="" 152 | UTEMPLATE="" 153 | MTEMPLATE="" 154 | -------------------------------------------------------------------------------- /etc/ldapscripts.passwd: -------------------------------------------------------------------------------- 1 | secret -------------------------------------------------------------------------------- /lib/runtime: -------------------------------------------------------------------------------- 1 | # runtime : this file is used by the ldapscripts, it sould not be used independently 2 | 3 | # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora 4 | # Copyright (C) 2006-2019 Ganaël LAPLANCHE 5 | # 6 | # This program is free software; you can redistribute it and/or 7 | # modify it under the terms of the GNU General Public License 8 | # as published by the Free Software Foundation; either version 2 9 | # of the License, or (at your option) any later version. 10 | # 11 | # This program is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with this program; if not, write to the Free Software 18 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 19 | # USA. 20 | 21 | ### Useful functions ### 22 | 23 | # Tests a string 24 | # Input : string to test ($1), pattern ($2) 25 | # Output : true or false 26 | is_like () { 27 | echo "$1" | grep -qi "^$2$" 28 | } 29 | 30 | # Tests a string 31 | # Input : string to test ($1) 32 | # Output : true or false 33 | is_yes () { 34 | is_like "$1" "yes" 35 | } 36 | 37 | # Tests a string 38 | # Input : string to test ($1) 39 | # Output : true or false 40 | is_no () { 41 | is_like "$1" "no" 42 | } 43 | 44 | # Tests a string 45 | # Input : string to test ($1) 46 | # Output : true or false 47 | is_uri () { 48 | echo "$1" | grep -q '://' 49 | } 50 | 51 | # Tests a string 52 | # Input : string to test ($1) 53 | # Output : true or false 54 | is_valid_dn () { 55 | echo "$1" | grep -qE "^([^,=]+=[^,=]+,)+$SUFFIX$" 56 | } 57 | 58 | # Tests a string 59 | # Input : string to test ($1) 60 | # Output : true or false 61 | is_b64 () { 62 | echo "$1" | grep -q '^[^: ]*:: ' 63 | } 64 | 65 | # Tests a string 66 | # Input : string to test ($1) 67 | # Output : true or false 68 | is_integer () { 69 | echo "$1" | grep -qE '^[0-9]+$' 70 | } 71 | 72 | # Tests a string (a command name) and tells if it is built-in (true) or external (false) 73 | # Input : string to test ($1) 74 | # Output : true or false 75 | is_builtin () { 76 | LANG=C type "$1" 2>/dev/null | grep -qi 'built' 77 | } 78 | 79 | # Logs a string to $LOGFILE 80 | # Input : string to log ($1) 81 | # Output : nothing 82 | log_to_file () { 83 | if [ -n "$1" ] 84 | then 85 | if [ -n "$LOGFILE" ] 86 | then 87 | if [ ! -w "$LOGFILE" ] 88 | then 89 | _TMPMASK=$(umask) 90 | umask 0077 91 | touch "$LOGFILE" 2>/dev/null 92 | if [ $? -ne 0 ] 93 | then 94 | echo "Unable to create $LOGFILE, exiting..." && exit 1 95 | fi 96 | umask "$_TMPMASK" 97 | fi 98 | echo "$1" >> "$LOGFILE" 99 | fi 100 | fi 101 | } 102 | 103 | # Logs a string to syslog 104 | # Input : string to log ($1) 105 | # Output : nothing 106 | log_to_syslog () { 107 | if [ -n "$1" ] 108 | then 109 | SYSLOGFACILITY=${SYSLOGFACILITY:-"local4"} 110 | SYSLOGLEVEL=${SYSLOGLEVEL:-"info"} 111 | logger -it "$(basename $0)" -p "$SYSLOGFACILITY"."$SYSLOGLEVEL" "$1" 112 | fi 113 | } 114 | 115 | # Logs a string to $LOGFILE and/or to syslog 116 | # Input : string to log ($1) 117 | # Output : nothing 118 | log_only () { 119 | if [ "$LOGTOFILE" = "yes" ] 120 | then 121 | log_to_file "$1" 122 | fi 123 | if [ "$LOGTOSYSLOG" = "yes" ] 124 | then 125 | log_to_syslog "$1" 126 | fi 127 | } 128 | 129 | # Echoes (to STDOUT) and logs a string to $LOGFILE 130 | # Input : string to echo and log ($1) 131 | # Output : nothing 132 | echo_log () { 133 | [ -n "$1" ] && echo "$1" 134 | [ -n "$1" ] && log_only " -> $1" 135 | } 136 | 137 | # Echoes (to STDERR) and logs a string to $LOGFILE 138 | # Input : string to echo and log ($1) 139 | # Output : nothing 140 | warn_log () { 141 | [ -n "$1" ] && echo "$1" 1>&2 142 | [ -n "$1" ] && log_only " -> $1" 143 | } 144 | 145 | # Echoes/logs $1, exits and returns 0 146 | # Input : string to echo and log ($1) 147 | # Output : 0 148 | end_ok () { 149 | [ -n "$1" ] && echo_log "$1" 150 | exit 0 151 | } 152 | 153 | # Echoes/logs $1, exits and returns 1 154 | # Input : string to echo and log ($1) 155 | # Output : 1 156 | end_die () { 157 | [ -n "$1" ] && warn_log "$1" 158 | exit 1 159 | } 160 | 161 | # Allocates and creates a temporary file $_TMPFILE under $TMPDIR 162 | # Output : nothing 163 | mktempf () { 164 | # Avoid creating two temporary files (must have been released before) 165 | [ -n "$_TMPFILE" ] && end_die "Error allocating temporary file $_TMPFILE" 166 | # Name temp file 167 | _TMPFILE="$TMPDIR/$(basename $0).$(date '+%Y%m%d-%H%M%S').$$.$(head -c4 /dev/random | od -t u4 | head -n 1 | awk '{print $2}')" 168 | # Catch CTRL-C to remove $_TMPFILE 169 | trap 'rm -f "$_TMPFILE" 2>/dev/null ; end_die "Interrupted - Removing temporary file $_TMPFILE"' 2 170 | # Create temp file 171 | _TMPMASK=$(umask) 172 | umask 0077 173 | touch "$_TMPFILE" 2>/dev/null || end_die "Error creating temporary file $_TMPFILE" 174 | umask "$_TMPMASK" 175 | } 176 | 177 | # Releases a previously allocated temporary file 178 | # Output : nothing 179 | reltempf () { 180 | # Clean up the temporary file and restore traps 181 | rm -f "$_TMPFILE" 2>/dev/null 182 | # Reset traps 183 | trap - 2 184 | # Clean up name 185 | unset _TMPFILE 186 | } 187 | 188 | ### LDAP functions ### 189 | 190 | # Performs a search in the LDAP directory 191 | # Input : base ($1), filter ($2), attribute to display ($3) 192 | # Output : entry/entries found (stdout) 193 | _ldapsearch () { 194 | if [ -n "$SASLAUTH" ] 195 | then 196 | $LDAPSEARCHBIN $LDAPBINOPTS $LDAPSEARCHOPTS -Y "$SASLAUTH" -b "${1:-$SUFFIX}" -H "$SERVER" -s sub -LLL "${2:-(objectclass=*)}" "${3:-*}" 2>>"$LOGFILE" 197 | elif [ -n "$BINDPWDFILE" ] 198 | then 199 | $LDAPSEARCHBIN $LDAPBINOPTS $LDAPSEARCHOPTS -y "$BINDPWDFILE" -D "$BINDDN" -b "${1:-$SUFFIX}" -xH "$SERVER" -s sub -LLL "${2:-(objectclass=*)}" "${3:-*}" 2>>"$LOGFILE" 200 | else 201 | $LDAPSEARCHBIN $LDAPBINOPTS $LDAPSEARCHOPTS -w "$BINDPWD" -D "$BINDDN" -b "${1:-$SUFFIX}" -xH "$SERVER" -s sub -LLL "${2:-(objectclass=*)}" "${3:-*}" 2>>"$LOGFILE" 202 | fi 203 | } 204 | 205 | # Adds an entry to the LDAP directory 206 | # Input : LDIF - entry to add (stdin), optional '-c' (continue mode) option ($1) 207 | # Output : nothing 208 | _ldapadd () { 209 | case "$1" in 210 | "-c") 211 | _OPTIONS="-c" 212 | ;; 213 | "") 214 | unset _OPTIONS 215 | ;; 216 | *) 217 | unset _OPTIONS 218 | warn_log "Warning : invalid parameter supplied to _ldapadd(), ignoring..." 219 | ;; 220 | esac 221 | 222 | if [ -n "$SASLAUTH" ] 223 | then 224 | $LDAPADDBIN $LDAPBINOPTS $_OPTIONS -Y "$SASLAUTH" -H "$SERVER" 2>>"$LOGFILE" 1>/dev/null 225 | elif [ -n "$BINDPWDFILE" ] 226 | then 227 | $LDAPADDBIN $LDAPBINOPTS $_OPTIONS -y "$BINDPWDFILE" -D "$BINDDN" -xH "$SERVER" 2>>"$LOGFILE" 1>/dev/null 228 | else 229 | $LDAPADDBIN $LDAPBINOPTS $_OPTIONS -w "$BINDPWD" -D "$BINDDN" -xH "$SERVER" 2>>"$LOGFILE" 1>/dev/null 230 | fi 231 | } 232 | 233 | # Modifies an entry in the LDAP directory 234 | # Input : LDIF - modification information (stdin), optional '-c' (continue mode) option ($1) 235 | # Output : nothing 236 | _ldapmodify () { 237 | case "$1" in 238 | "-c") 239 | _OPTIONS="-c" 240 | ;; 241 | "") 242 | unset _OPTIONS 243 | ;; 244 | *) 245 | unset _OPTIONS 246 | warn_log "Warning : invalid parameter supplied to _ldapmodify(), ignoring..." 247 | ;; 248 | esac 249 | 250 | if [ -n "$SASLAUTH" ] 251 | then 252 | $LDAPMODIFYBIN $LDAPBINOPTS $_OPTIONS -Y "$SASLAUTH" -H "$SERVER" 2>>"$LOGFILE" 1>/dev/null 253 | elif [ -n "$BINDPWDFILE" ] 254 | then 255 | $LDAPMODIFYBIN $LDAPBINOPTS $_OPTIONS -y "$BINDPWDFILE" -D "$BINDDN" -xH "$SERVER" 2>>"$LOGFILE" 1>/dev/null 256 | else 257 | $LDAPMODIFYBIN $LDAPBINOPTS $_OPTIONS -w "$BINDPWD" -D "$BINDDN" -xH "$SERVER" 2>>"$LOGFILE" 1>/dev/null 258 | fi 259 | } 260 | 261 | # Renames an entry in the LDAP directory 262 | # Input : old dn ($1), new rdn ($2) 263 | # Output : nothing 264 | _ldaprename () { 265 | if [ -z "$1" ] || [ -z "$2" ] 266 | then 267 | end_die "_ldaprename : missing argument(s)" 268 | else 269 | if [ -n "$SASLAUTH" ] 270 | then 271 | $LDAPMODRDNBIN $LDAPBINOPTS -Y "$SASLAUTH" -H "$SERVER" -r "$1" "$2" 2>>"$LOGFILE" 1>/dev/null 272 | elif [ -n "$BINDPWDFILE" ] 273 | then 274 | $LDAPMODRDNBIN $LDAPBINOPTS -y "$BINDPWDFILE" -D "$BINDDN" -xH "$SERVER" -r "$1" "$2" 2>>"$LOGFILE" 1>/dev/null 275 | else 276 | $LDAPMODRDNBIN $LDAPBINOPTS -w "$BINDPWD" -D "$BINDDN" -xH "$SERVER" -r "$1" "$2" 2>>"$LOGFILE" 1>/dev/null 277 | fi 278 | fi 279 | } 280 | 281 | # Deletes an entry in the LDAP directory 282 | # Input : dn to delete ($1) 283 | # Output : nothing 284 | _ldapdelete () { 285 | [ -z "$1" ] && end_die "_ldapdelete : missing argument" 286 | if [ -n "$SASLAUTH" ] 287 | then 288 | $LDAPDELETEBIN $LDAPBINOPTS -Y "$SASLAUTH" -H "$SERVER" -r "$1" 2>>"$LOGFILE" 1>/dev/null 289 | elif [ -n "$BINDPWDFILE" ] 290 | then 291 | $LDAPDELETEBIN $LDAPBINOPTS -y "$BINDPWDFILE" -D "$BINDDN" -xH "$SERVER" -r "$1" 2>>"$LOGFILE" 1>/dev/null 292 | else 293 | $LDAPDELETEBIN $LDAPBINOPTS -w "$BINDPWD" -D "$BINDDN" -xH "$SERVER" -r "$1" 2>>"$LOGFILE" 1>/dev/null 294 | fi 295 | } 296 | 297 | # Extracts LDIF information from $0 (the current script itself) 298 | # selecting lines beginning with $1 occurrences of '#' 299 | # Input : depth ($1) 300 | # Output : extracted LDIF data (stdout) 301 | _extractldif () { 302 | if [ -n "$1" ] && is_integer "$1" 303 | then 304 | _EXTRACTDEPTH="$1" 305 | else 306 | warn_log "Warning : invalid depth supplied to _extractldif(), using default (2)..." 307 | _EXTRACTDEPTH='2' 308 | fi 309 | grep -a "^#\{$_EXTRACTDEPTH\}[^#]*$" "$0" | sed 's|^#*||' 2>>"$LOGFILE" 310 | } 311 | 312 | # Filters LDIF information 313 | # Input : Data to filter (stdin) 314 | # Output : Filtered data (stdout) 315 | _filterldif () { 316 | # Allocate and create temp file 317 | mktempf 318 | 319 | # Generate filter file 320 | cat 2>/dev/null << EOF > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" 321 | # Generated by ldapscripts - do not edit ! 322 | # Group attributes 323 | s||$_GROUP|g 324 | s||$GCLASS|g 325 | s||$_GMEMBERATTR|g 326 | s||$GDUMMYMEMBER|g 327 | # User attributes 328 | s||$_USER|g 329 | s||$_UID|g 330 | s||$_NEWUID|g 331 | s||$_UDN|g 332 | s||$_NEWUDN|g 333 | s||$_GID|g 334 | s||$_HOMEDIR|g 335 | s||$USHELL|g 336 | s||$_PASSWORD|g 337 | s||$_ENTRY|g 338 | # Suffixes 339 | s||$SUFFIX|g 340 | s|<_suffix>|$_SUFFIX|g 341 | s||$USUFFIX|g 342 | s|<_usuffix>|$_USUFFIX|g 343 | s||$MSUFFIX|g 344 | s|<_msuffix>|$_MSUFFIX|g 345 | s||$GSUFFIX|g 346 | s|<_gsuffix>|$_GSUFFIX|g 347 | EOF 348 | 349 | # Use it 350 | sed -f "$_TMPFILE" 2>>"$LOGFILE" 351 | 352 | # Release temp file 353 | reltempf 354 | } 355 | 356 | # Ask interactively for attributes in LDIF templates 357 | # Input : Data to filter (stdin) 358 | # Output : Filtered data (stdout) 359 | _askattrs () { 360 | # Backup and set IFS 361 | _OLDIFS="$IFS" 362 | IFS="" 363 | 364 | # Allocate and create temp file 365 | mktempf 366 | 367 | # Backup STDIN 368 | _STDIN=$(cat) 369 | 370 | # Loop through STDIN and ask for values 371 | # to generate the sed filter ($_TMPFILE) 372 | _I=1 373 | _LINES=$(echo $_STDIN | wc -l) 374 | _CURRENT="unknown" 375 | while [ $_I -le $_LINES ] 376 | do 377 | # Extract current line 378 | _LINE=$(echo $_STDIN | sed -n "${_I}p") 379 | 380 | # Keep current DN 381 | if echo "$_LINE" | grep -qi '^dn: ' 382 | then 383 | _CURRENT="$_LINE" 384 | fi 385 | 386 | # Is there a keyword in the line ? 387 | if echo "$_LINE" | grep -qiE '^[^: ]+: .*' 388 | then 389 | # Ask for attribute 390 | _ATTRNAME=$(echo "$_LINE" | cut -d ':' -f 1) 391 | echo -n "[$_CURRENT] Enter value for \"$_ATTRNAME\" : " 1>&2 392 | read _ATTRVAL < /dev/tty 393 | # Generate sed filter 394 | echo "${_I}s||$_ATTRVAL|" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" 395 | fi 396 | 397 | _I=$(($_I + 1)) 398 | done 399 | 400 | # Use filter file 401 | echo $_STDIN | sed -f "$_TMPFILE" 402 | 403 | # Release temp file 404 | reltempf 405 | 406 | # Restore IFS 407 | IFS="$_OLDIFS" 408 | } 409 | 410 | # Converts local charset to UTF-8 411 | # Input : Data to convert (stdin) 412 | # Output : Converted data (stdout) 413 | _utf8encode () { 414 | if [ -x "$ICONVBIN" ] && [ -n "$ICONVCHAR" ] 415 | then 416 | $ICONVBIN -f "$ICONVCHAR" -t UTF-8 2>>"$LOGFILE" 417 | else 418 | cat 419 | fi 420 | } 421 | 422 | ## Converts UTF-8 to local charset 423 | ## Input : Data to convert (stdin) 424 | ## Output : Converted data (stdout) 425 | _utf8decode () { 426 | if [ -x "$ICONVBIN" ] && [ -n "$ICONVCHAR" ] 427 | then 428 | $ICONVBIN -f UTF-8 -t "$ICONVCHAR" 2>>"$LOGFILE" 429 | else 430 | cat 431 | fi 432 | } 433 | 434 | ## Converts text (should be UTF-8) to base64 435 | ## Input : Data to convert (stdin) 436 | ## Output : Converted data (stdout) 437 | #_b64encode () { 438 | # if [ -x "$UUENCODEBIN" ] 439 | # then 440 | # $UUENCODEBIN -m - 2>>"$LOGFILE" | grep -v -e "^begin-base64" -e "^=*$" 2>>"$LOGFILE" 441 | # else 442 | # cat 443 | # fi 444 | #} 445 | 446 | # Converts base64 to UTF-8 447 | # Input : Data to convert (stdin) 448 | # Output : Converted data (stdout) 449 | _b64decode () { 450 | if [ -x "$UUDECODEBIN" ] 451 | then 452 | $UUDECODEBIN -mr 2>>"$LOGFILE" 453 | else 454 | cat 455 | fi 456 | } 457 | 458 | ### Nsswitch functions 459 | 460 | # Converts to gid any group passed in as name/gid 461 | # Input : the name or gid to convert ($1) 462 | # Output : the result of the conversion or "" if not found (stdout) 463 | _grouptogid () { 464 | [ -z "$1" ] && end_die "_grouptogid : missing argument" 465 | # Try local resolution 466 | _TMPGID=$(eval $GETENTGRCMD "$1" 2>/dev/null | head -n 1 | cut -d ":" -f 3) 467 | if [ -z "$_TMPGID" ] 468 | then 469 | # Try asking LDAP 470 | # As we are working with posixGroup attributes (cn, gidNumber) and using RFC 2307bis, 471 | # looking for posixGroup objectClasses is sufficient (looking for more specific $GCLASS may miss posixGroup-only entries). 472 | _TMPGID=$(_ldapsearch "$GSUFFIX,$SUFFIX" "(&(objectClass=posixGroup)(|(cn=$1)(gidNumber=$1)))" gidNumber | grep "gidNumber: " | head -n 1 | sed "s|gidNumber: ||") 473 | fi 474 | echo "$_TMPGID" 475 | unset _TMPGID 476 | } 477 | 478 | # Converts to name any group passed in as name/gid 479 | # Input : the name or gid to convert ($1) 480 | # Output : the result of the conversion or "" if not found (stdout) 481 | _gidtogroup () { 482 | [ -z "$1" ] && end_die "_gidtogroup : missing argument" 483 | # Try local resolution 484 | _TMPGID=$(eval $GETENTGRCMD "$1" 2>/dev/null | head -n 1 | cut -d ":" -f 1) 485 | if [ -z "$_TMPGID" ] 486 | then 487 | # Try asking LDAP 488 | # As we are working with posixGroup attributes (cn, gidNumber) and using RFC 2307bis, 489 | # looking for posixGroup objectClasses is sufficient (looking for more specific $GCLASS may miss posixGroup-only entries). 490 | _TMPGID=$(_ldapsearch "$GSUFFIX,$SUFFIX" "(&(objectClass=posixGroup)(|(cn=$1)(gidNumber=$1)))" cn | grep "cn: " | head -n 1 | sed "s|cn: ||") 491 | fi 492 | echo "$_TMPGID" 493 | unset _TMPGID 494 | } 495 | 496 | # Converts to uid any user passed in as name/uid 497 | # Input : the name or uid to convert ($1) 498 | # Output : the result of the conversion or "" if not found (stdout) 499 | _usertouid () { 500 | [ -z "$1" ] && end_die "_usertouid : missing argument" 501 | # Try local resolution 502 | _TMPUID=$(eval $GETENTPWCMD "$1" 2>/dev/null | head -n 1 | cut -d ":" -f 3) 503 | if [ -z "$_TMPUID" ] 504 | then 505 | # Try asking LDAP 506 | _TMPUID=$(_ldapsearch "$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" uidNumber | grep "uidNumber: " | head -n 1 | sed "s|uidNumber: ||") 507 | fi 508 | echo "$_TMPUID" 509 | unset _TMPUID 510 | } 511 | 512 | # Converts to name any user passed in as name/uid 513 | # Input : the name or uid to convert ($1) 514 | # Output : the result of the conversion or "" if not found (stdout) 515 | _uidtouser () { 516 | [ -z "$1" ] && end_die "_uidtouser : missing argument" 517 | # Try local resolution 518 | _TMPUID=$(eval $GETENTPWCMD "$1" 2>/dev/null | head -n 1 | cut -d ":" -f 1) 519 | if [ -z "$_TMPUID" ] 520 | then 521 | # Try asking LDAP 522 | _TMPUID=$(_ldapsearch "$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" uid | grep "uid: " | head -n 1 | sed "s|uid: ||") 523 | fi 524 | echo "$_TMPUID" 525 | unset _TMPUID 526 | } 527 | 528 | # Converts to LDAP DN any user passed in as name/uid 529 | # Input : the name or uid to convert ($1) 530 | # Output : the result of the conversion or "" if not found (stdout) 531 | _uidtodn () { 532 | [ -z "$1" ] && end_die "_uidtodn : missing argument" 533 | _TMPUDN=$(_ldapsearch "$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" dn | grep "dn: " | head -n 1 | sed "s|dn: ||") 534 | echo "$_TMPUDN" 535 | unset _TMPUDN 536 | } 537 | 538 | ## Converts to LDAP DN any group passed in as name/gid 539 | ## Input : the name or gid to convert ($1) 540 | ## Output : the result of the conversion or "" if not found (stdout) 541 | #_gidtodn () { 542 | # [ -z "$1" ] && end_die "_gidtodn : missing argument" 543 | # _TMPGDN=$(_ldapsearch "$GSUFFIX,$SUFFIX" "(&(objectClass=posixGroup)(|(cn=$1)(gidNumber=$1)))" dn | grep "dn: " | head -n 1 | sed "s|dn: ||") 544 | # echo "$_TMPGDN" 545 | # unset _TMPGDN 546 | #} 547 | 548 | ### LDAP advanced functions 549 | 550 | # Finds the next useable group ID 551 | # Input : nothing 552 | # Output : the first free ID found starting from $GIDSTART (stdout) 553 | _findnextgid () { 554 | # As we are looking for the last gidNumber of all group entry types and using RFC 2307bis, 555 | # looking for posixGroup objectClasses is sufficient (looking for more specific $GCLASS may miss posixGroup-only entries). 556 | _NEXTGID=$(_ldapsearch "$GSUFFIX,$SUFFIX" '(objectClass=posixGroup)' gidNumber | grep "gidNumber: " | sed "s|gidNumber: ||" | uniq | sort -n | tail -n 1) 557 | if [ -z "$_NEXTGID" ] || [ "$_NEXTGID" -lt "$GIDSTART" ] 558 | then 559 | _NEXTGID="$GIDSTART" 560 | else 561 | _NEXTGID=$(($_NEXTGID + 1)) 562 | fi 563 | 564 | # Is this ID free ? 565 | _TMPGID=$(_gidtogroup "$_NEXTGID") 566 | while [ -n "$_TMPGID" ] 567 | do 568 | _NEXTGID=$(($_NEXTGID + 1)) 569 | _TMPGID=$(_gidtogroup "$_NEXTGID") 570 | done 571 | 572 | unset _TMPGID 573 | echo "$_NEXTGID" 574 | unset _NEXTGID 575 | } 576 | 577 | # Finds the next useable machine ID 578 | # Input : nothing 579 | # Output : the first free ID found starting from $MIDSTART (stdout) 580 | _findnextmid () { 581 | # Note : adding a more specific filter such as '(uid=*$)' may miss non-machine (but POSIX) 582 | # entries here and while we are not interested in them, we still want to avoid ID conflicts 583 | _NEXTMID=$(_ldapsearch "$MSUFFIX,$SUFFIX" '(objectClass=posixAccount)' uidNumber | grep "uidNumber: " | sed "s|uidNumber: ||" | uniq | sort -n | tail -n 1) 584 | if [ -z "$_NEXTMID" ] || [ "$_NEXTMID" -lt "$MIDSTART" ] 585 | then 586 | _NEXTMID="$MIDSTART" 587 | else 588 | _NEXTMID=$(($_NEXTMID + 1)) 589 | fi 590 | 591 | # Is this ID free ? 592 | _TMPMID=$(_uidtouser "$_NEXTMID") 593 | while [ -n "$_TMPMID" ] 594 | do 595 | _NEXTMID=$(($_NEXTMID + 1)) 596 | _TMPMID=$(_uidtouser "$_NEXTMID") 597 | done 598 | 599 | unset _TMPMID 600 | echo "$_NEXTMID" 601 | unset _NEXTMID 602 | } 603 | 604 | # Finds the next useable user ID 605 | # Input : nothing 606 | # Output : the first free ID found starting from $UIDSTART (stdout) 607 | _findnextuid () { 608 | _NEXTUID=$(_ldapsearch "$USUFFIX,$SUFFIX" '(objectClass=posixAccount)' uidNumber | grep "uidNumber: " | sed "s|uidNumber: ||" | uniq | sort -n | tail -n 1) 609 | if [ -z "$_NEXTUID" ] || [ "$_NEXTUID" -lt "$UIDSTART" ] 610 | then 611 | _NEXTUID="$UIDSTART" 612 | else 613 | _NEXTUID=$(($_NEXTUID + 1)) 614 | fi 615 | 616 | # Is this ID free ? 617 | _TMPUID=$(_uidtouser "$_NEXTUID") 618 | while [ -n "$_TMPUID" ] 619 | do 620 | _NEXTUID=$(($_NEXTUID + 1)) 621 | _TMPUID=$(_uidtouser "$_NEXTUID") 622 | done 623 | 624 | unset _TMPUID 625 | echo "$_NEXTUID" 626 | unset _NEXTUID 627 | } 628 | 629 | # Finds a particular entry in the LDAP directory 630 | # Input : base ($1), filter ($2) 631 | # Output : the dn of the first matching entry found ($_ENTRY) 632 | _findentry () { 633 | _ENTRY=$(_ldapsearch "$1" "$2" dn | grep "dn: " | head -n 1 | sed "s|dn: ||") 634 | } 635 | 636 | # Finds a list of entries in the LDAP directory 637 | # Input : base ($1), filter ($2) 638 | # Output : a list of dns for all the matching entries found ($_ENTRIES) 639 | _findentries () { 640 | _ENTRIES=$(_ldapsearch "$1" "$2" dn | grep "dn: " | sed "s|dn: ||") 641 | } 642 | 643 | # Get a particular attribute from LDAP 644 | # Input : entry DN ($1), attribute ($2) 645 | # Output : the requested attribute of the entry ($_ATTRIBUTE) 646 | # and if it is b64 encoded ($_B64) 647 | _getattribute () { 648 | _B64="NO" 649 | # Get raw attribute 650 | _ATTRIBUTE=$(_ldapsearch "$1" "" "$2" | grep "$2:\{1,2\} " | head -n 1) 651 | # Is it Base64 encoded ? 652 | is_b64 "$_ATTRIBUTE" && _B64="YES" 653 | # Get attribute value 654 | _ATTRIBUTE=$(echo "$_ATTRIBUTE" | sed "s|$2:\{1,2\} ||") 655 | } 656 | 657 | ### Other functions ### 658 | 659 | # Ask for password interactively 660 | # Input : nothing 661 | # Output : password entered ($_PASSWORD) 662 | # not set if input differed 663 | _askpassword () { 664 | echo -n "New Password: " 665 | stty -echo ; read _PASSWORD ; stty echo ; echo '' 666 | echo -n "Retype New Password: " 667 | stty -echo ; read _PASSWORD2 ; stty echo ; echo '' 668 | if [ "$_PASSWORD" != "$_PASSWORD2" ] 669 | then 670 | unset _PASSWORD 671 | warn_log "Mismatch !" 672 | fi 673 | unset _PASSWORD2 674 | } 675 | 676 | # Generates a password using the $PASSWORDGEN variable 677 | # Input : the username related to the generation ($1) 678 | # Output : generated password ($_PASSWORD), 679 | # unset if PASSWORDGEN empty or set to "" 680 | _genpassword () { 681 | unset _PASSWORD 682 | if is_like "$PASSWORDGEN" "" 683 | then 684 | : 685 | else 686 | PASSWORDGEN=$(echo "$PASSWORDGEN" | sed "s|%u|$1|g") 687 | [ -n "$PASSWORDGEN" ] && _PASSWORD=$(eval $PASSWORDGEN) 688 | fi 689 | } 690 | 691 | # Changes a password for a particular DN 692 | # Input : new clear-text password ($1), user DN ($2) 693 | # Output : nothing 694 | _changepassword () { 695 | if [ -z "$1" ] || [ -z "$2" ] 696 | then 697 | end_die "_changepassword : missing argument(s)" 698 | else 699 | if is_yes "$RECORDPASSWORDS" 700 | then 701 | echo "$2 : $1" >> "$PASSWORDFILE" 702 | fi 703 | 704 | if [ -n "$SASLAUTH" ] || [ -n "$BINDPWDFILE" ] 705 | then 706 | ## Change password in a secure way 707 | # Allocate and create temp file 708 | mktempf 709 | # Generate password file 710 | echo -n "$1" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" 711 | # Change password 712 | if [ -n "$SASLAUTH" ] 713 | then 714 | $LDAPPASSWDBIN $LDAPBINOPTS -Y "$SASLAUTH" -H "$SERVER" -T "$_TMPFILE" "$2" 2>>"$LOGFILE" 1>/dev/null 715 | else # [ -n "$BINDPWDFILE" ] 716 | $LDAPPASSWDBIN $LDAPBINOPTS -y "$BINDPWDFILE" -D "$BINDDN" -xH "$SERVER" -T "$_TMPFILE" "$2" 2>>"$LOGFILE" 1>/dev/null 717 | fi 718 | _RESULT=$? 719 | # Release temp file 720 | reltempf 721 | # Return previous result 722 | return $_RESULT 723 | else 724 | ## Change password in the unsecure, old-fashioned way 725 | $LDAPPASSWDBIN $LDAPBINOPTS -w "$BINDPWD" -D "$BINDDN" -xH "$SERVER" -s "$1" "$2" 2>>"$LOGFILE" 1>/dev/null 726 | fi 727 | fi 728 | } 729 | 730 | ### Source configuration file 731 | 732 | _CONFIGFILE=${LDAPSCRIPTS_CONF:="/etc/ldapscripts/ldapscripts.conf"} 733 | . "$_CONFIGFILE" || end_die "Unable to source configuration file ($_CONFIGFILE), exiting..." 734 | 735 | ### Checks and defaults ### 736 | 737 | # Check if ldap client tools are correctly configured 738 | if [ ! -x "$LDAPADDBIN" ] || [ ! -x "$LDAPDELETEBIN" ] || [ ! -x "$LDAPSEARCHBIN" ] || [ ! -x "$LDAPMODIFYBIN" ] || [ ! -x "$LDAPPASSWDBIN" ] || [ ! -x "$LDAPMODRDNBIN" ] 739 | then 740 | end_die "You must have OpenLDAP client commands installed before running these scripts" 741 | fi 742 | 743 | # Check if iconv is configured 744 | if [ -n "$ICONVBIN" ] 745 | then 746 | [ ! -x "$ICONVBIN" ] && end_die "You must have iconv installed before running these scripts" 747 | [ -z "$ICONVCHAR" ] && end_die "You must set ICONVCHAR before running these scripts" 748 | fi 749 | 750 | # Base64 configuration 751 | [ -n "$UUDECODEBIN" ] && [ ! -x "$UUDECODEBIN" ] && \ 752 | end_die "You must have uuencode installed before running these scripts" 753 | 754 | # Pseudo-random number generator 755 | [ ! -e /dev/random ] && end_die "You need a /dev/random special file to run these scripts" 756 | 757 | # Set USER variable to the user's login name (do not trust current $USER value) 758 | USER=$(logname 2>/dev/null) 759 | [ -n "$USER" ] || USER=$(id -un 2>/dev/null) 760 | 761 | # Check for bindpwd file if necessary 762 | if [ -z "$SASLAUTH" ] 763 | then 764 | if [ ! -f "$BINDPWDFILE" ] || [ ! -r "$BINDPWDFILE" ] 765 | then 766 | if [ -n "$BINDPWD" ] 767 | then 768 | warn_log "Warning : using command-line passwords, ldapscripts may not be safe" 769 | else 770 | end_die "Unable to read password file $BINDPWDFILE, exiting..." 771 | fi 772 | fi 773 | fi 774 | 775 | # Does the shell has built-in echo command ? 776 | # If not, print a warning message 777 | if is_builtin "echo" && is_builtin "[" 778 | then 779 | : 780 | else 781 | warn_log "Warning : 'echo' or '[' (test) is not built-in, ldapscripts may not be safe" 782 | fi 783 | 784 | # Check if a full URI has been given 785 | if is_uri "$SERVER" 786 | then 787 | : 788 | else 789 | SERVER="ldap://$SERVER" 790 | fi 791 | 792 | # Group membership management 793 | case $GCLASS in 794 | posixGroup) 795 | _GMEMBERATTR="memberUid" 796 | ;; 797 | groupOfNames) 798 | [ -z "$GDUMMYMEMBER" ] && end_die "Please specify a value for GDUMMYMEMBER" 799 | _GMEMBERATTR="member" 800 | ;; 801 | groupOfUniqueNames) 802 | [ -z "$GDUMMYMEMBER" ] && end_die "Please specify a value for GDUMMYMEMBER" 803 | _GMEMBERATTR="uniqueMember" 804 | ;; 805 | *) 806 | end_die "Invalid value specified for GCLASS, exiting..." 807 | ;; 808 | esac 809 | 810 | # Check homes, shell and logfile 811 | UHOMES=${UHOMES:-"/dev/null"} 812 | USHELL=${USHELL:-"/bin/false"} 813 | LOGFILE=${LOGFILE:-"/var/log/ldapscripts.log"} 814 | TMPDIR=${TMPDIR:-"/tmp"} 815 | 816 | # Check password file if password recording set 817 | if is_yes "$RECORDPASSWORDS" 818 | then 819 | PASSWORDFILE=${PASSWORDFILE:-"/var/log/ldapscripts_passwd.log"} 820 | if [ ! -w "$PASSWORDFILE" ] 821 | then 822 | touch "$PASSWORDFILE" 2>/dev/null || end_die "Unable to create password log file $PASSWORDFILE, exiting..." 823 | fi 824 | fi 825 | 826 | # Guess what kind of getent command to use 827 | if [ -z "$GETENTPWCMD" ] || [ -z "$GETENTGRCMD" ] 828 | then 829 | case $(uname) in 830 | Linux*) 831 | GETENTPWCMD="getent passwd" 832 | GETENTGRCMD="getent group" 833 | ;; 834 | FreeBSD*) 835 | GETENTPWCMD="pw usershow" 836 | GETENTGRCMD="pw groupshow" 837 | ;; 838 | *) 839 | GETENTPWCMD="getent passwd" 840 | GETENTGRCMD="getent group" 841 | ;; 842 | esac 843 | fi 844 | 845 | # Log command 846 | if [ "$LOGTOFILE" = "yes" ] 847 | then 848 | log_to_file "$(date '+%b %d %H:%M:%S') $(uname -n | sed 's|\..*$||') ldapscripts: $(basename "$0")($USER): $0 $*" 849 | fi 850 | if [ "$LOGTOSYSLOG" = "yes" ] 851 | then 852 | log_to_syslog "($USER): $0 $*" 853 | fi 854 | -------------------------------------------------------------------------------- /man/man1/ldapaddgroup.1: -------------------------------------------------------------------------------- 1 | .\" Copyright (C) 2006-2019 Ganaël LAPLANCHE 2 | .\" 3 | .\" This program is free software; you can redistribute it and/or 4 | .\" modify it under the terms of the GNU General Public License 5 | .\" as published by the Free Software Foundation; either version 2 6 | .\" of the License, or (at your option) any later version. 7 | .\" 8 | .\" This program is distributed in the hope that it will be useful, 9 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | .\" GNU General Public License for more details. 12 | .\" 13 | .\" You should have received a copy of the GNU General Public License 14 | .\" along with this program; if not, write to the Free Software 15 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 16 | .\" USA. 17 | .\" 18 | .\" Ganael Laplanche 19 | .\" ganael.laplanche@martymac.org 20 | .\" http://contribs.martymac.org 21 | .\" 22 | .TH ldapaddgroup 1 "January 1, 2006" 23 | 24 | .SH NAME 25 | ldapaddgroup \- adds a POSIX group entry to LDAP. 26 | 27 | .SH SYNOPSIS 28 | .B ldapaddgroup 29 | .RB 30 | .RB [gid] 31 | 32 | .SH OPTIONS 33 | .TP 34 | .B 35 | The name of the group to add. 36 | .TP 37 | .B [gid] 38 | The gid of the group to add. Automatically computed if not specified. 39 | 40 | .SH "SEE ALSO" 41 | ldapadduser(1), ldapaddmachine(1), ldapscripts(5). 42 | 43 | .SH AVAILABILITY 44 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). 45 | The latest version of the ldapscripts is available on : 46 | .B http://contribs.martymac.org 47 | 48 | .SH BUGS 49 | No bug known. 50 | -------------------------------------------------------------------------------- /man/man1/ldapaddmachine.1: -------------------------------------------------------------------------------- 1 | .\" Copyright (C) 2006-2019 Ganaël LAPLANCHE 2 | .\" 3 | .\" This program is free software; you can redistribute it and/or 4 | .\" modify it under the terms of the GNU General Public License 5 | .\" as published by the Free Software Foundation; either version 2 6 | .\" of the License, or (at your option) any later version. 7 | .\" 8 | .\" This program is distributed in the hope that it will be useful, 9 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | .\" GNU General Public License for more details. 12 | .\" 13 | .\" You should have received a copy of the GNU General Public License 14 | .\" along with this program; if not, write to the Free Software 15 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 16 | .\" USA. 17 | .\" 18 | .\" Ganael Laplanche 19 | .\" ganael.laplanche@martymac.org 20 | .\" http://contribs.martymac.org 21 | .\" 22 | .TH ldapaddmachine 1 "January 1, 2006" 23 | 24 | .SH NAME 25 | ldapaddmachine \- adds a POSIX machine (user$) account to LDAP. 26 | 27 | .SH SYNOPSIS 28 | .B ldapaddmachine 29 | .RB 30 | .RB 31 | .RB [uid] 32 | 33 | .SH OPTIONS 34 | .TP 35 | .B 36 | The name of the machine to add. It must include the ending dollar (the famous win32 machine name specification). 37 | .TP 38 | .B 39 | The group name or the gid of the machine to add. 40 | .TP 41 | .B [uid] 42 | The uid of the machine to add. Automatically computed if not specified. 43 | 44 | .SH "SEE ALSO" 45 | ldapadduser(1), ldapaddgroup(1), ldapscripts(5). 46 | 47 | .SH AVAILABILITY 48 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). 49 | The latest version of the ldapscripts is available on : 50 | .B http://contribs.martymac.org 51 | 52 | .SH BUGS 53 | No bug known. 54 | -------------------------------------------------------------------------------- /man/man1/ldapadduser.1: -------------------------------------------------------------------------------- 1 | .\" Copyright (C) 2006-2019 Ganaël LAPLANCHE 2 | .\" 3 | .\" This program is free software; you can redistribute it and/or 4 | .\" modify it under the terms of the GNU General Public License 5 | .\" as published by the Free Software Foundation; either version 2 6 | .\" of the License, or (at your option) any later version. 7 | .\" 8 | .\" This program is distributed in the hope that it will be useful, 9 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | .\" GNU General Public License for more details. 12 | .\" 13 | .\" You should have received a copy of the GNU General Public License 14 | .\" along with this program; if not, write to the Free Software 15 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 16 | .\" USA. 17 | .\" 18 | .\" Ganael Laplanche 19 | .\" ganael.laplanche@martymac.org 20 | .\" http://contribs.martymac.org 21 | .\" 22 | .TH ldapadduser 1 "January 1, 2006" 23 | 24 | .SH NAME 25 | ldapadduser \- adds a POSIX user account to LDAP. 26 | 27 | .SH SYNOPSIS 28 | .B ldapadduser 29 | .RB 30 | .RB 31 | .RB [uid] 32 | 33 | .SH OPTIONS 34 | .TP 35 | .B 36 | The name of the user to add. 37 | .TP 38 | .B 39 | The group name or the gid of the user to add. 40 | .TP 41 | .B [uid] 42 | The uid of the user to add. Automatically computed if not specified. 43 | 44 | .SH "SEE ALSO" 45 | ldapaddgroup(1), ldapaddmachine(1), ldapscripts(5). 46 | 47 | .SH AVAILABILITY 48 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). 49 | The latest version of the ldapscripts is available on : 50 | .B http://contribs.martymac.org 51 | 52 | .SH BUGS 53 | No bug known. 54 | -------------------------------------------------------------------------------- /man/man1/ldapaddusertogroup.1: -------------------------------------------------------------------------------- 1 | .\" Copyright (C) 2006-2019 Ganaël LAPLANCHE 2 | .\" 3 | .\" This program is free software; you can redistribute it and/or 4 | .\" modify it under the terms of the GNU General Public License 5 | .\" as published by the Free Software Foundation; either version 2 6 | .\" of the License, or (at your option) any later version. 7 | .\" 8 | .\" This program is distributed in the hope that it will be useful, 9 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | .\" GNU General Public License for more details. 12 | .\" 13 | .\" You should have received a copy of the GNU General Public License 14 | .\" along with this program; if not, write to the Free Software 15 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 16 | .\" USA. 17 | .\" 18 | .\" Ganael Laplanche 19 | .\" ganael.laplanche@martymac.org 20 | .\" http://contribs.martymac.org 21 | .\" 22 | .TH ldapaddusertogroup 1 "January 1, 2006" 23 | 24 | .SH NAME 25 | ldapaddusertogroup \- adds a member to a group in LDAP. 26 | 27 | .SH SYNOPSIS 28 | .B ldapaddusertogroup 29 | .RB 30 | .RB 31 | 32 | .SH OPTIONS 33 | .TP 34 | .B 35 | The name or the uid of the user to add. It can be a machine name (with an ending $) or a user name. 36 | When working with groupOfNames or groupOfUniqueNames group entries, a full DN can also be provided. 37 | .TP 38 | .B 39 | The name or the gid of the group that should welcome the new user. 40 | 41 | .SH "SEE ALSO" 42 | ldapdeleteuserfromgroup(1), ldapsetprimarygroup(1), ldapscripts(5). 43 | 44 | .SH AVAILABILITY 45 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). 46 | The latest version of the ldapscripts is available on : 47 | .B http://contribs.martymac.org 48 | 49 | .SH BUGS 50 | No bug known 51 | -------------------------------------------------------------------------------- /man/man1/ldapdeletegroup.1: -------------------------------------------------------------------------------- 1 | .\" Copyright (C) 2006-2019 Ganaël LAPLANCHE 2 | .\" 3 | .\" This program is free software; you can redistribute it and/or 4 | .\" modify it under the terms of the GNU General Public License 5 | .\" as published by the Free Software Foundation; either version 2 6 | .\" of the License, or (at your option) any later version. 7 | .\" 8 | .\" This program is distributed in the hope that it will be useful, 9 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | .\" GNU General Public License for more details. 12 | .\" 13 | .\" You should have received a copy of the GNU General Public License 14 | .\" along with this program; if not, write to the Free Software 15 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 16 | .\" USA. 17 | .\" 18 | .\" Ganael Laplanche 19 | .\" ganael.laplanche@martymac.org 20 | .\" http://contribs.martymac.org 21 | .\" 22 | .TH ldapdeletegroup 1 "January 1, 2006" 23 | 24 | .SH NAME 25 | ldapdeletegroup \- deletes a POSIX group account from LDAP. 26 | 27 | .SH SYNOPSIS 28 | .B ldapdeletegroup 29 | .RB 30 | 31 | .SH OPTIONS 32 | .TP 33 | .B 34 | The name or gid of the group to delete. 35 | 36 | .SH "SEE ALSO" 37 | ldapdeleteuser(1), ldapdeletemachine(1), ldapscripts(5). 38 | 39 | .SH AVAILABILITY 40 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). 41 | The latest version of the ldapscripts is available on : 42 | .B http://contribs.martymac.org 43 | 44 | .SH LIMITATIONS 45 | A user's primary group can be deleted ; the user entry will NOT be updated. This means the user will belong to a group that not longer exists. 46 | 47 | .SH BUGS 48 | No bug known. 49 | -------------------------------------------------------------------------------- /man/man1/ldapdeletemachine.1: -------------------------------------------------------------------------------- 1 | .\" Copyright (C) 2006-2019 Ganaël LAPLANCHE 2 | .\" 3 | .\" This program is free software; you can redistribute it and/or 4 | .\" modify it under the terms of the GNU General Public License 5 | .\" as published by the Free Software Foundation; either version 2 6 | .\" of the License, or (at your option) any later version. 7 | .\" 8 | .\" This program is distributed in the hope that it will be useful, 9 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | .\" GNU General Public License for more details. 12 | .\" 13 | .\" You should have received a copy of the GNU General Public License 14 | .\" along with this program; if not, write to the Free Software 15 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 16 | .\" USA. 17 | .\" 18 | .\" Ganael Laplanche 19 | .\" ganael.laplanche@martymac.org 20 | .\" http://contribs.martymac.org 21 | .\" 22 | .TH ldapdeletemachine 1 "January 1, 2006" 23 | 24 | .SH NAME 25 | ldapdeletemachine \- deletes a POSIX machine (user$) account from LDAP. 26 | 27 | .SH SYNOPSIS 28 | .B ldapdeletemachine 29 | .RB 30 | 31 | .SH OPTIONS 32 | .TP 33 | .B 34 | The name of the machine account (including the ending $) to delete. 35 | 36 | .SH "SEE ALSO" 37 | ldapdeleteuser(1), ldepdeletegroup(1), ldapscripts(5). 38 | 39 | .SH AVAILABILITY 40 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). 41 | The latest version of the ldapscripts is available on : 42 | .B http://contribs.martymac.org 43 | 44 | .SH BUGS 45 | No bug known. 46 | -------------------------------------------------------------------------------- /man/man1/ldapdeleteuser.1: -------------------------------------------------------------------------------- 1 | .\" Copyright (C) 2006-2019 Ganaël LAPLANCHE 2 | .\" 3 | .\" This program is free software; you can redistribute it and/or 4 | .\" modify it under the terms of the GNU General Public License 5 | .\" as published by the Free Software Foundation; either version 2 6 | .\" of the License, or (at your option) any later version. 7 | .\" 8 | .\" This program is distributed in the hope that it will be useful, 9 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | .\" GNU General Public License for more details. 12 | .\" 13 | .\" You should have received a copy of the GNU General Public License 14 | .\" along with this program; if not, write to the Free Software 15 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 16 | .\" USA. 17 | .\" 18 | .\" Ganael Laplanche 19 | .\" ganael.laplanche@martymac.org 20 | .\" http://contribs.martymac.org 21 | .\" 22 | .TH ldapdeleteuser 1 "January 1, 2006" 23 | 24 | .SH NAME 25 | ldapdeleteuser \- deletes a POSIX user account from LDAP. 26 | 27 | .SH SYNOPSIS 28 | .B ldapdeleteuser 29 | .RB 30 | 31 | .SH OPTIONS 32 | .TP 33 | .B 34 | The name or uid of the user to delete. 35 | 36 | .SH "SEE ALSO" 37 | ldapdeletegroup(1), ldapdeletemachine(1), ldapscripts(5). 38 | 39 | .SH AVAILABILITY 40 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). 41 | The latest version of the ldapscripts is available on : 42 | .B http://contribs.martymac.org 43 | 44 | .SH BUGS 45 | No bug known. 46 | -------------------------------------------------------------------------------- /man/man1/ldapdeleteuserfromgroup.1: -------------------------------------------------------------------------------- 1 | .\" Copyright (C) 2006-2019 Ganaël LAPLANCHE 2 | .\" 3 | .\" This program is free software; you can redistribute it and/or 4 | .\" modify it under the terms of the GNU General Public License 5 | .\" as published by the Free Software Foundation; either version 2 6 | .\" of the License, or (at your option) any later version. 7 | .\" 8 | .\" This program is distributed in the hope that it will be useful, 9 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | .\" GNU General Public License for more details. 12 | .\" 13 | .\" You should have received a copy of the GNU General Public License 14 | .\" along with this program; if not, write to the Free Software 15 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 16 | .\" USA. 17 | .\" 18 | .\" Ganael Laplanche 19 | .\" ganael.laplanche@martymac.org 20 | .\" http://contribs.martymac.org 21 | .\" 22 | .TH ldapdeleteuserfromgroup 1 "January 1, 2006" 23 | 24 | .SH NAME 25 | ldapdeleteuserfromgroup \- deletes a member from a group in LDAP. 26 | 27 | .SH SYNOPSIS 28 | .B ldapdeleteuserfromgroup 29 | .RB 30 | .RB 31 | 32 | .SH OPTIONS 33 | .TP 34 | .B 35 | The name of the user to delete. It can be a machine name (with an ending $) or a user name. 36 | When working with groupOfNames or groupOfUniqueNames group entries, a full DN can also be 37 | provided to permit deletion of an entry that does not exist anymore in the directory. 38 | .TP 39 | .B 40 | The name or the gid of the group that should say goodbye to the user. 41 | 42 | .SH "SEE ALSO" 43 | ldapaddusertogroup(1), ldapsetprimarygroup(1), ldapscripts(5). 44 | 45 | .SH AVAILABILITY 46 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). 47 | The latest version of the ldapscripts is available on : 48 | .B http://contribs.martymac.org 49 | 50 | .SH BUGS 51 | No bug known. 52 | -------------------------------------------------------------------------------- /man/man1/ldapfinger.1: -------------------------------------------------------------------------------- 1 | .\" Copyright (C) 2007-2019 Ganaël LAPLANCHE 2 | .\" 3 | .\" This program is free software; you can redistribute it and/or 4 | .\" modify it under the terms of the GNU General Public License 5 | .\" as published by the Free Software Foundation; either version 2 6 | .\" of the License, or (at your option) any later version. 7 | .\" 8 | .\" This program is distributed in the hope that it will be useful, 9 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | .\" GNU General Public License for more details. 12 | .\" 13 | .\" You should have received a copy of the GNU General Public License 14 | .\" along with this program; if not, write to the Free Software 15 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 16 | .\" USA. 17 | .\" 18 | .\" Ganael Laplanche 19 | .\" ganael.laplanche@martymac.org 20 | .\" http://contribs.martymac.org 21 | .\" 22 | .TH ldapfinger 1 "February 1, 2007" 23 | 24 | .SH NAME 25 | ldapfinger \- displays a user/machine/group POSIX account's details. 26 | 27 | .SH SYNOPSIS 28 | .B ldapfinger 29 | .RB [-u | -g | -m] [username | machinename | groupname | uid | gid] 30 | 31 | .SH OPTIONS 32 | .TP 33 | .B [username | machinename | groupname | uid | gid] 34 | The name or id of the user, machine (with an ending $) or group you want to display. You may use a wildcard here to look for substrings. e.g. 'marty*' or '*mart*'. Acts on current user if nothing is specified. 35 | .TP 36 | .B [-u] 37 | Look for users only (by default, search the whole directory). 38 | .TP 39 | .B [-g] 40 | Look for groups only (by default, search the whole directory). 41 | .TP 42 | .B [-m] 43 | Look for machines only (by default, search the whole directory). 44 | 45 | .SH "SEE ALSO" 46 | lsldap(1), ldapid(1), ldapgid(1), ldapscripts(5). 47 | 48 | .SH AVAILABILITY 49 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). 50 | The latest version of the ldapscripts is available on : 51 | .B http://contribs.martymac.org 52 | 53 | .SH BUGS 54 | No bug known. 55 | -------------------------------------------------------------------------------- /man/man1/ldapgid.1: -------------------------------------------------------------------------------- 1 | .\" Copyright (C) 2009-2019 Ganaël LAPLANCHE 2 | .\" 3 | .\" This program is free software; you can redistribute it and/or 4 | .\" modify it under the terms of the GNU General Public License 5 | .\" as published by the Free Software Foundation; either version 2 6 | .\" of the License, or (at your option) any later version. 7 | .\" 8 | .\" This program is distributed in the hope that it will be useful, 9 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | .\" GNU General Public License for more details. 12 | .\" 13 | .\" You should have received a copy of the GNU General Public License 14 | .\" along with this program; if not, write to the Free Software 15 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 16 | .\" USA. 17 | .\" 18 | .\" Ganael Laplanche 19 | .\" ganael.laplanche@martymac.org 20 | .\" http://contribs.martymac.org 21 | .\" 22 | .TH ldapgid 1 "January 23, 2009" 23 | 24 | .SH NAME 25 | ldapgid \- displays a group's list of IDs the way ldapid(1) does. 26 | 27 | .SH SYNOPSIS 28 | .B ldapgid 29 | .RB [-P] 30 | 31 | .SH DESCRIPTION 32 | .TP 33 | The following is displayed : gid=gidNumber(cn) users(primary)=uidNumber(uid)[,uidNumber(uid)...] users(secondary)=uidNumber(uid)[,uidNumber(uid)...]. 34 | .TP 35 | users(primary) lists users having the group declared as their primary group. users(secondary) lists users using the group as a secondary one. 36 | 37 | .SH OPTIONS 38 | .TP 39 | .B 40 | Group name or GID of a group to show information about. 41 | .TP 42 | .B [-P] 43 | Display group information as a /etc/group file entry. 44 | 45 | .SH "SEE ALSO" 46 | ldapid(1), lsldap(1), ldapfinger(1), ldapscripts(5). 47 | 48 | .SH AVAILABILITY 49 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). 50 | The latest version of the ldapscripts is available on : 51 | .B http://contribs.martymac.org 52 | 53 | .SH BUGS 54 | No bug known. 55 | -------------------------------------------------------------------------------- /man/man1/ldapid.1: -------------------------------------------------------------------------------- 1 | .\" Copyright (C) 2008-2019 Ganaël LAPLANCHE 2 | .\" 3 | .\" This program is free software; you can redistribute it and/or 4 | .\" modify it under the terms of the GNU General Public License 5 | .\" as published by the Free Software Foundation; either version 2 6 | .\" of the License, or (at your option) any later version. 7 | .\" 8 | .\" This program is distributed in the hope that it will be useful, 9 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | .\" GNU General Public License for more details. 12 | .\" 13 | .\" You should have received a copy of the GNU General Public License 14 | .\" along with this program; if not, write to the Free Software 15 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 16 | .\" USA. 17 | .\" 18 | .\" Ganael Laplanche 19 | .\" ganael.laplanche@martymac.org 20 | .\" http://contribs.martymac.org 21 | .\" 22 | .TH ldapid 1 "July 1, 2008" 23 | 24 | .SH NAME 25 | ldapid \- displays a user's list of IDs the way 'id' does. 26 | .TP 27 | The following is displayed : uid=uidNumber(uid) gid=gidNumber(cn) groups=gidNumber(cn)[,gidNumber(cn)...]. 28 | 29 | .SH SYNOPSIS 30 | .B ldapid 31 | .RB [-P] [username | uid] 32 | 33 | .SH OPTIONS 34 | .TP 35 | .B [username | uid] 36 | Login or UID of a user to show information about. Acts on current user if not specified. 37 | .TP 38 | .B [-P] 39 | Display user information as a password file entry. 40 | 41 | .SH "SEE ALSO" 42 | ldapgid(1), lsldap(1), ldapfinger(1), ldapscripts(5). 43 | 44 | .SH AVAILABILITY 45 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). 46 | The latest version of the ldapscripts is available on : 47 | .B http://contribs.martymac.org 48 | 49 | .SH BUGS 50 | No bug known. 51 | -------------------------------------------------------------------------------- /man/man1/ldapinit.1: -------------------------------------------------------------------------------- 1 | .\" Copyright (C) 2006-2019 Ganaël LAPLANCHE 2 | .\" 3 | .\" This program is free software; you can redistribute it and/or 4 | .\" modify it under the terms of the GNU General Public License 5 | .\" as published by the Free Software Foundation; either version 2 6 | .\" of the License, or (at your option) any later version. 7 | .\" 8 | .\" This program is distributed in the hope that it will be useful, 9 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | .\" GNU General Public License for more details. 12 | .\" 13 | .\" You should have received a copy of the GNU General Public License 14 | .\" along with this program; if not, write to the Free Software 15 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 16 | .\" USA. 17 | .\" 18 | .\" Ganael Laplanche 19 | .\" ganael.laplanche@martymac.org 20 | .\" http://contribs.martymac.org 21 | .\" 22 | .TH ldapinit 1 "January 1, 2006" 23 | 24 | .SH NAME 25 | ldapinit \- initializes the LDAP directory with a minimal tree. 26 | 27 | .SH SYNOPSIS 28 | .B ldapinit 29 | .RB [[-h] | [-r | -s]] 30 | 31 | .SH OPTIONS 32 | .TP 33 | .B [-h] 34 | This help. 35 | .TP 36 | .B [-r] 37 | Create only the root DN. 38 | .TP 39 | .B [-s] 40 | Skip root DN creation (create only regular OUs). 41 | 42 | .SH "SEE ALSO" 43 | lsldap(1), ldapfinger(1), ldapid(1), ldapgid(1), ldapscripts(5). 44 | 45 | .SH AVAILABILITY 46 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). 47 | The latest version of the ldapscripts is available on : 48 | .B http://contribs.martymac.org 49 | 50 | .SH BUGS 51 | No bug known. 52 | -------------------------------------------------------------------------------- /man/man1/ldapmodifygroup.1: -------------------------------------------------------------------------------- 1 | .\" Copyright (C) 2007-2019 Ganaël LAPLANCHE 2 | .\" 3 | .\" This program is free software; you can redistribute it and/or 4 | .\" modify it under the terms of the GNU General Public License 5 | .\" as published by the Free Software Foundation; either version 2 6 | .\" of the License, or (at your option) any later version. 7 | .\" 8 | .\" This program is distributed in the hope that it will be useful, 9 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | .\" GNU General Public License for more details. 12 | .\" 13 | .\" You should have received a copy of the GNU General Public License 14 | .\" along with this program; if not, write to the Free Software 15 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 16 | .\" USA. 17 | .\" 18 | .\" Ganael Laplanche 19 | .\" ganael.laplanche@martymac.org 20 | .\" http://contribs.martymac.org 21 | .\" 22 | .TH ldapmodifygroup 1 "August 22, 2007" 23 | 24 | .SH NAME 25 | ldapmodifygroup \- modifies a POSIX group account in LDAP interactively 26 | 27 | .SH SYNOPSIS 28 | .B ldapmodifygroup 29 | .RB 30 | 31 | .SH DESCRIPTION 32 | ldapmodifygroup first looks for the right entry to modify. Once found, the entry is presented and you 33 | are prompted to enter LDIF data to modify it as you would do using a standard LDIF file and ldapmodify(1). 34 | The DN of the entry being modified is already specified : just begin with a changeType attribute or any 35 | other one(s) of your choice (in this case, the defaut changeType is 'modify'). 36 | 37 | .SH OPTIONS 38 | .TP 39 | .B 40 | The name or gid of the group to modify. 41 | 42 | .SH "SEE ALSO" 43 | ldapmodifyuser(1), ldapmodifymachine(1), ldapscripts(5). 44 | 45 | .SH AVAILABILITY 46 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). 47 | The latest version of the ldapscripts is available on : 48 | .B http://contribs.martymac.org 49 | 50 | .SH BUGS 51 | No bug known. 52 | -------------------------------------------------------------------------------- /man/man1/ldapmodifymachine.1: -------------------------------------------------------------------------------- 1 | .\" Copyright (C) 2007-2019 Ganaël LAPLANCHE 2 | .\" 3 | .\" This program is free software; you can redistribute it and/or 4 | .\" modify it under the terms of the GNU General Public License 5 | .\" as published by the Free Software Foundation; either version 2 6 | .\" of the License, or (at your option) any later version. 7 | .\" 8 | .\" This program is distributed in the hope that it will be useful, 9 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | .\" GNU General Public License for more details. 12 | .\" 13 | .\" You should have received a copy of the GNU General Public License 14 | .\" along with this program; if not, write to the Free Software 15 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 16 | .\" USA. 17 | .\" 18 | .\" Ganael Laplanche 19 | .\" ganael.laplanche@martymac.org 20 | .\" http://contribs.martymac.org 21 | .\" 22 | .TH ldapmodifymachine 1 "August 22, 2007" 23 | 24 | .SH NAME 25 | ldapmodifymachine \- modifies a POSIX machine account in LDAP interactively 26 | 27 | .SH SYNOPSIS 28 | .B ldapmodifymachine 29 | .RB 30 | 31 | .SH DESCRIPTION 32 | ldapmodifymachine first looks for the right entry to modify. Once found, the entry is presented and you 33 | are prompted to enter LDIF data to modify it as you would do using a standard LDIF file and ldapmodify(1). 34 | The DN of the entry being modified is already specified : just begin with a changeType attribute or any 35 | other one(s) of your choice (in this case, the defaut changeType is 'modify'). 36 | 37 | .SH OPTIONS 38 | .TP 39 | .B 40 | The name or uid of the machine to modify. 41 | 42 | .SH "SEE ALSO" 43 | ldapmodifyuser(1), ldapmodifygroup(1), ldapscripts(5). 44 | 45 | .SH AVAILABILITY 46 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). 47 | The latest version of the ldapscripts is available on : 48 | .B http://contribs.martymac.org 49 | 50 | .SH BUGS 51 | No bug known. 52 | -------------------------------------------------------------------------------- /man/man1/ldapmodifyuser.1: -------------------------------------------------------------------------------- 1 | .\" Copyright (C) 2007-2019 Ganaël LAPLANCHE 2 | .\" 3 | .\" This program is free software; you can redistribute it and/or 4 | .\" modify it under the terms of the GNU General Public License 5 | .\" as published by the Free Software Foundation; either version 2 6 | .\" of the License, or (at your option) any later version. 7 | .\" 8 | .\" This program is distributed in the hope that it will be useful, 9 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | .\" GNU General Public License for more details. 12 | .\" 13 | .\" You should have received a copy of the GNU General Public License 14 | .\" along with this program; if not, write to the Free Software 15 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 16 | .\" USA. 17 | .\" 18 | .\" Ganael Laplanche 19 | .\" ganael.laplanche@martymac.org 20 | .\" http://contribs.martymac.org 21 | .\" 22 | .TH ldapmodifyuser 1 "August 22, 2007" 23 | 24 | .SH NAME 25 | ldapmodifyuser \- modifies a POSIX user account in LDAP interactively 26 | 27 | .SH SYNOPSIS 28 | .B ldapmodifyuser 29 | .RB 30 | 31 | .SH DESCRIPTION 32 | ldapmodifyuser first looks for the right entry to modify. Once found, the entry is presented and you 33 | are prompted to enter LDIF data to modify it as you would do using a standard LDIF file and ldapmodify(1). 34 | The DN of the entry being modified is already specified : just begin with a changeType attribute or any 35 | other one(s) of your choice (in this case, the defaut changeType is 'modify'). 36 | 37 | .SH OPTIONS 38 | .TP 39 | .B 40 | The name or uid of the user to modify. 41 | 42 | .SH "SEE ALSO" 43 | ldapmodifygroup(1), ldapmodifymachine(1), ldapscripts(5). 44 | 45 | .SH AVAILABILITY 46 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). 47 | The latest version of the ldapscripts is available on : 48 | .B http://contribs.martymac.org 49 | 50 | .SH BUGS 51 | No bug known. 52 | -------------------------------------------------------------------------------- /man/man1/ldaprenamegroup.1: -------------------------------------------------------------------------------- 1 | .\" Copyright (C) 2006-2019 Ganaël LAPLANCHE 2 | .\" 3 | .\" This program is free software; you can redistribute it and/or 4 | .\" modify it under the terms of the GNU General Public License 5 | .\" as published by the Free Software Foundation; either version 2 6 | .\" of the License, or (at your option) any later version. 7 | .\" 8 | .\" This program is distributed in the hope that it will be useful, 9 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | .\" GNU General Public License for more details. 12 | .\" 13 | .\" You should have received a copy of the GNU General Public License 14 | .\" along with this program; if not, write to the Free Software 15 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 16 | .\" USA. 17 | .\" 18 | .\" Ganael Laplanche 19 | .\" ganael.laplanche@martymac.org 20 | .\" http://contribs.martymac.org 21 | .\" 22 | .TH ldaprenamegroup 1 "January 1, 2006" 23 | 24 | .SH NAME 25 | ldaprenamegroup \- renames a POSIX group in LDAP. 26 | 27 | .SH SYNOPSIS 28 | .B ldaprenamegroup 29 | .RB 30 | .RB 31 | 32 | .SH OPTIONS 33 | .TP 34 | .B 35 | The old name or gid of the group to rename. 36 | .TP 37 | .B 38 | The new name of the group. 39 | 40 | .SH "SEE ALSO" 41 | ldaprenameuser(1), ldaprenamemachine(1), ldapscripts(5). 42 | 43 | .SH AVAILABILITY 44 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). 45 | The latest version of the ldapscripts is available on : 46 | .B http://contribs.martymac.org 47 | 48 | .SH BUGS 49 | No bug known. 50 | -------------------------------------------------------------------------------- /man/man1/ldaprenamemachine.1: -------------------------------------------------------------------------------- 1 | .\" Copyright (C) 2006-2019 Ganaël LAPLANCHE 2 | .\" 3 | .\" This program is free software; you can redistribute it and/or 4 | .\" modify it under the terms of the GNU General Public License 5 | .\" as published by the Free Software Foundation; either version 2 6 | .\" of the License, or (at your option) any later version. 7 | .\" 8 | .\" This program is distributed in the hope that it will be useful, 9 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | .\" GNU General Public License for more details. 12 | .\" 13 | .\" You should have received a copy of the GNU General Public License 14 | .\" along with this program; if not, write to the Free Software 15 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 16 | .\" USA. 17 | .\" 18 | .\" Ganael Laplanche 19 | .\" ganael.laplanche@martymac.org 20 | .\" http://contribs.martymac.org 21 | .\" 22 | .TH ldaprenamemachine 1 "January 1, 2006" 23 | 24 | .SH NAME 25 | ldaprenamemachine \- renames a POSIX machine account in LDAP. 26 | 27 | .SH SYNOPSIS 28 | .B ldaprenamemachine 29 | .RB 30 | .RB 31 | 32 | .SH OPTIONS 33 | .TP 34 | .B 35 | The old name or uid of the machine to rename. 36 | .TP 37 | .B 38 | The new name of the machine. 39 | 40 | .SH "SEE ALSO" 41 | ldaprenameuser(1), ldaprenamegroup(1), ldapscripts(5). 42 | 43 | .SH AVAILABILITY 44 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). 45 | The latest version of the ldapscripts is available on : 46 | .B http://contribs.martymac.org 47 | 48 | .SH LIMITATIONS 49 | Group entries will NOT be updated. This means several groups may contain machines that NO LONGER exist after having renamed a machine. 50 | 51 | .SH BUGS 52 | No bug known. 53 | -------------------------------------------------------------------------------- /man/man1/ldaprenameuser.1: -------------------------------------------------------------------------------- 1 | .\" Copyright (C) 2006-2019 Ganaël LAPLANCHE 2 | .\" 3 | .\" This program is free software; you can redistribute it and/or 4 | .\" modify it under the terms of the GNU General Public License 5 | .\" as published by the Free Software Foundation; either version 2 6 | .\" of the License, or (at your option) any later version. 7 | .\" 8 | .\" This program is distributed in the hope that it will be useful, 9 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | .\" GNU General Public License for more details. 12 | .\" 13 | .\" You should have received a copy of the GNU General Public License 14 | .\" along with this program; if not, write to the Free Software 15 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 16 | .\" USA. 17 | .\" 18 | .\" Ganael Laplanche 19 | .\" ganael.laplanche@martymac.org 20 | .\" http://contribs.martymac.org 21 | .\" 22 | .TH _ldaprenameuser 1 "January 1, 2006" 23 | 24 | .SH NAME 25 | _ldaprenameuser \- renames a POSIX user account in LDAP. 26 | 27 | .SH SYNOPSIS 28 | .B _ldaprenameuser 29 | .RB 30 | .RB 31 | 32 | .SH OPTIONS 33 | .TP 34 | .B 35 | The old name or uid of the user to rename. 36 | .TP 37 | .B 38 | The new name of the user. 39 | 40 | .SH "SEE ALSO" 41 | ldaprenamegroup(1), ldaprenamemachine(1), ldapscripts(5). 42 | 43 | .SH AVAILABILITY 44 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). 45 | The latest version of the ldapscripts is available on : 46 | .B http://contribs.martymac.org 47 | 48 | .SH LIMITATIONS 49 | Group entries will NOT be updated. This means several groups may contain users that NO LONGER exist after having renamed a user. Home directories are NOT renamed (neither in he LDAP directory, nor on the filesystem). 50 | 51 | .SH BUGS 52 | No bug known. 53 | -------------------------------------------------------------------------------- /man/man1/ldapsetpasswd.1: -------------------------------------------------------------------------------- 1 | .\" Copyright (C) 2006-2019 Ganaël LAPLANCHE 2 | .\" 3 | .\" This program is free software; you can redistribute it and/or 4 | .\" modify it under the terms of the GNU General Public License 5 | .\" as published by the Free Software Foundation; either version 2 6 | .\" of the License, or (at your option) any later version. 7 | .\" 8 | .\" This program is distributed in the hope that it will be useful, 9 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | .\" GNU General Public License for more details. 12 | .\" 13 | .\" You should have received a copy of the GNU General Public License 14 | .\" along with this program; if not, write to the Free Software 15 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 16 | .\" USA. 17 | .\" 18 | .\" Ganael Laplanche 19 | .\" ganael.laplanche@martymac.org 20 | .\" http://contribs.martymac.org 21 | .\" 22 | .TH ldapsetpasswd 1 "November 1, 2006" 23 | 24 | .SH NAME 25 | ldapsetpasswd \- modifies a POSIX user or machine account's password in LDAP. 26 | 27 | .SH SYNOPSIS 28 | .B ldapsetpasswd 29 | .RB [-u | -m] 30 | .RB 31 | .RB [encoded password] 32 | 33 | .SH OPTIONS 34 | .TP 35 | .B [-u] 36 | Act on user accounts only (by default, search the whole directory for the first matching account). 37 | .TP 38 | .B [-m] 39 | Act on machine accounts only (by default, search the whole directory for the first matching account). 40 | .TP 41 | .B 42 | The name or uid of the user or machine whose password has to be modified. 43 | .TP 44 | .B [encoded password] 45 | If specified this way, the password will be copied verbatim into the LDAP directory. If not specified, you will 46 | be prompted for a password that will be changed using the ldappasswd(1) command. 47 | 48 | .SH "SEE ALSO" 49 | ldapfinger(1), ldapid(1), ldapgid(1), ldapscripts(5). 50 | 51 | .SH AVAILABILITY 52 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). 53 | The latest version of the ldapscripts is available on : 54 | .B http://contribs.martymac.org 55 | 56 | .SH LIMITATIONS 57 | When used interactively, passwords generated with this command are propagated with the ldappasswd(1) command. 58 | Thus, the resulting format depends on the 'password-hash' option of your server's slapd.conf(5) file. 59 | 60 | You can always force an encoded password (using the hash format of your choice) by specifying it on the command line. 61 | 62 | .SH BUGS 63 | No bug known. 64 | -------------------------------------------------------------------------------- /man/man1/ldapsetprimarygroup.1: -------------------------------------------------------------------------------- 1 | .\" Copyright (C) 2006-2019 Ganaël LAPLANCHE 2 | .\" 3 | .\" This program is free software; you can redistribute it and/or 4 | .\" modify it under the terms of the GNU General Public License 5 | .\" as published by the Free Software Foundation; either version 2 6 | .\" of the License, or (at your option) any later version. 7 | .\" 8 | .\" This program is distributed in the hope that it will be useful, 9 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | .\" GNU General Public License for more details. 12 | .\" 13 | .\" You should have received a copy of the GNU General Public License 14 | .\" along with this program; if not, write to the Free Software 15 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 16 | .\" USA. 17 | .\" 18 | .\" Ganael Laplanche 19 | .\" ganael.laplanche@martymac.org 20 | .\" http://contribs.martymac.org 21 | .\" 22 | .TH ldapsetprimarygroup 1 "January 1, 2006" 23 | 24 | .SH NAME 25 | ldapsetprimarygroup \- modifies the gidNumber of a POSIX user or machine account in LDAP (sets a user's primary group in LDAP). 26 | 27 | .SH SYNOPSIS 28 | .B ldapsetprimarygroup 29 | .RB 30 | .RB 31 | 32 | .SH OPTIONS 33 | .TP 34 | .B 35 | The name or uid of the user to modify. 36 | .TP 37 | .B 38 | The new primary group name or gid of the specified user. 39 | 40 | .SH "SEE ALSO" 41 | ldapaddusertogroup(1), ldapdeleteuserfromgroup(1), ldapscripts(5). 42 | 43 | .SH AVAILABILITY 44 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). 45 | The latest version of the ldapscripts is available on : 46 | .B http://contribs.martymac.org 47 | 48 | .SH BUGS 49 | No bug known. 50 | -------------------------------------------------------------------------------- /man/man1/lsldap.1: -------------------------------------------------------------------------------- 1 | .\" Copyright (C) 2006-2019 Ganaël LAPLANCHE 2 | .\" 3 | .\" This program is free software; you can redistribute it and/or 4 | .\" modify it under the terms of the GNU General Public License 5 | .\" as published by the Free Software Foundation; either version 2 6 | .\" of the License, or (at your option) any later version. 7 | .\" 8 | .\" This program is distributed in the hope that it will be useful, 9 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | .\" GNU General Public License for more details. 12 | .\" 13 | .\" You should have received a copy of the GNU General Public License 14 | .\" along with this program; if not, write to the Free Software 15 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 16 | .\" USA. 17 | .\" 18 | .\" Ganael Laplanche 19 | .\" ganael.laplanche@martymac.org 20 | .\" http://contribs.martymac.org 21 | .\" 22 | .TH lsldap 1 "January 1, 2006" 23 | 24 | .SH NAME 25 | lsldap \- performs a *big* query on the LDAP directory. 26 | 27 | .SH SYNOPSIS 28 | .B lsldap 29 | .RB [[-h] | [-u | -g | -m]] 30 | 31 | .SH OPTIONS 32 | .TP 33 | .B [-h] 34 | This help. 35 | .TP 36 | .B [-u] 37 | List users only (by default, try to list the whole directory). 38 | .TP 39 | .B [-g] 40 | List groups only (by default, try to list the whole directory). 41 | .TP 42 | .B [-m] 43 | List machines only (by default, try to list the whole directory). 44 | 45 | .SH "SEE ALSO" 46 | ldapfinger(1), ldapid(1), ldapgid(1), ldapscripts(5). 47 | 48 | .SH AVAILABILITY 49 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). 50 | The latest version of the ldapscripts is available on : 51 | .B http://contribs.martymac.org 52 | 53 | .SH BUGS 54 | No bug known. 55 | -------------------------------------------------------------------------------- /man/man5/ldapscripts.5: -------------------------------------------------------------------------------- 1 | .\" Copyright (C) 2006-2019 Ganaël LAPLANCHE 2 | .\" 3 | .\" This program is free software; you can redistribute it and/or 4 | .\" modify it under the terms of the GNU General Public License 5 | .\" as published by the Free Software Foundation; either version 2 6 | .\" of the License, or (at your option) any later version. 7 | .\" 8 | .\" This program is distributed in the hope that it will be useful, 9 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of 10 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 | .\" GNU General Public License for more details. 12 | .\" 13 | .\" You should have received a copy of the GNU General Public License 14 | .\" along with this program; if not, write to the Free Software 15 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 16 | .\" USA. 17 | .\" 18 | .\" Ganael Laplanche 19 | .\" ganael.laplanche@martymac.org 20 | .\" http://contribs.martymac.org 21 | .\" 22 | .TH ldapscripts 5 "January 1, 2006" 23 | 24 | .SH NAME 25 | ldapscripts \- Scripts to manage POSIX accounts in your LDAP directory. 26 | 27 | .SH DESCRIPTION 28 | The ldapscripts are a set of shell (sh) scripts designed to manage POSIX accounts in an OpenLDAP directory. They can be used as standalone tools or within Samba 3.x's smb.conf file. 29 | 30 | .SH REQUIREMENTS 31 | The main requirements are the OpenLDAP client tools (ldapadd, ldapsearch, ldapdelete, ...). Other commands are called in the scripts but should come with your OS (sed, grep, cut, ...). 32 | 33 | .SH CONFIGURATION 34 | The main configuration of the ldapscripts is usually the file /etc/ldapscripts/ldapscripts.conf (or /usr/local/etc/ldapscripts/ldapscripts.conf, depending on your system). Modify it to fit your needs before using the scripts. You can override that default path by defining the LDAPSCRIPTS_CONF environment variable. 35 | 36 | Each script also uses a "runtime" file, usually /usr/lib/ldapscripts/runtime (or /usr/local/lib/ldapscripts/runtime). You don't need to modify this file. 37 | 38 | .SH TEMPLATES 39 | Each script that adds information to the directory uses a template. Templates are directly embedded at the end of the scripts but it is also possible to use external template files (see GTEMPLATE, UTEMPLATE and MTEMPLATE variables in the configuration file). Each template consists of a preformatted LDIF file using special keywords that will be replaced on-the-fly. Sample files are provided for your convenience : ldapaddgroup.template.sample, ldapadduser.template.sample and ldapaddmachine.template.sample. It is strongly advised to use those files instead of modifying the embedded (default) templates in the scripts. 40 | 41 | Sample templates include every keyword you can use. One special additional keyword is the keyword that will trigger user input to get the attribute value interactively. 42 | 43 | .SH "USING AS STANDALONE TOOLS" 44 | Each script can be used as a standard command-line tool. Check their man pages to get help. 45 | 46 | .SH "USING WITH SAMBA 3.x" 47 | Each Samba 3.x smb.conf "xxx script" option has a matching script. Modify you smb.conf file this way to call them : 48 | 49 | .nf 50 | # [...] 51 | add machine script = /usr/local/sbin/ldapaddmachine '%u' sambamachines 52 | add user script = /usr/local/sbin/ldapadduser '%u' sambausers 53 | add group script = /usr/local/sbin/ldapaddgroup '%g' 54 | add user to group script = /usr/local/sbin/ldapaddusertogroup '%u' '%g' 55 | delete user script = /usr/local/sbin/ldapdeleteuser '%u' 56 | delete group script = /usr/local/sbin/ldapdeletegroup '%g' 57 | delete user from group script = /usr/local/sbin/ldapdeleteuserfromgroup '%u' '%g' 58 | set primary group script = /usr/local/sbin/ldapsetprimarygroup '%u' '%g' 59 | rename user script = /usr/local/sbin/ldaprenameuser '%uold' '%unew' 60 | # [...] 61 | 62 | .SH "SEE ALSO" 63 | ldapdeletemachine(1), ldapmodifymachine(1), ldaprenamemachine(1), ldapadduser(1), ldapdeleteuserfromgroup(1), 64 | ldapfinger(1), ldapid(1), ldapmodifyuser(1), lsldap(1), ldapaddusertogroup(1), ldaprenameuser(1), ldapinit(1), 65 | ldapsetpasswd(1), ldapaddgroup(1), ldapdeletegroup(1), ldapsetprimarygroup(1), ldapmodifygroup(1), ldaprenamegroup(1), 66 | ldapaddmachine(1), ldapdeleteuser(1). 67 | 68 | .SH AVAILABILITY 69 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). 70 | The latest version of the ldapscripts is available on : 71 | .B http://contribs.martymac.org 72 | 73 | .SH BUGS 74 | Sometimes, that kind of message may appear in the log file : 75 | .B "Additional information: value does not conform to assertion syntax". 76 | Setting slapd's debug level to 32 shows additional details : 77 | .B "get_ava: illegal value for attributeType uidNumber". 78 | This is *not* a bug : the ldapscripts tend to use the power of LDAP filters to easily find users (or groups) using either a uidNumber (numerical value) or a uid (string value). The following filter (used by ldapfinger(1)) will generate the above message if $_USER is a login : "(|(&(objectClass=posixAccount)(|(uid=$_USER)(uidNumber=$_USER)))(&(objectClass=posixGroup)(|(cn=$_USER)(gidNumber=$_USER))))" because filter part "(uidNumber=$_USER)" requires an integer but gets a string. You can mostly ignore those warnings. 79 | -------------------------------------------------------------------------------- /sbin/ldapaddgroup: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # ldapaddgroup : adds a POSIX group entry to LDAP 4 | 5 | # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora 6 | # Copyright (C) 2006-2019 Ganaël LAPLANCHE 7 | # 8 | # This program is free software; you can redistribute it and/or 9 | # modify it under the terms of the GNU General Public License 10 | # as published by the Free Software Foundation; either version 2 11 | # of the License, or (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 21 | # USA. 22 | 23 | if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] 24 | then 25 | echo "Usage : $0 [gid]" 26 | exit 1 27 | fi 28 | 29 | # Source runtime file 30 | _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" 31 | . "$_RUNTIMEFILE" 32 | 33 | # Group name 34 | _GROUP="$1" 35 | 36 | # Group GID 37 | if [ -z "$2" ] # No argument, we must find a correct GID 38 | then 39 | _GID=$(_findnextgid) 40 | [ -z "_GID" ] && end_die "Cannot guess next free group id" 41 | else 42 | _GID="$2" 43 | fi 44 | 45 | # Use template if necessary 46 | if [ -n "$GTEMPLATE" ] && [ -r "$GTEMPLATE" ] 47 | then 48 | _getldif="cat $GTEMPLATE" 49 | else 50 | case $GCLASS in 51 | posixGroup) 52 | _getldif="_extractldif 2" 53 | ;; 54 | *) 55 | _getldif="_extractldif 3" 56 | ;; 57 | esac 58 | fi 59 | 60 | # Add user to LDAP 61 | $_getldif | _filterldif | _askattrs | _utf8encode | _ldapadd 62 | 63 | [ $? -eq 0 ] || end_die "Error adding group $_GROUP to LDAP" 64 | end_ok "Successfully added group $_GROUP to LDAP" 65 | 66 | # Ldif templates ################################# 67 | # 68 | # PosixGroup (level "2") : 69 | ##dn: cn=,, 70 | ##objectClass: 71 | ##cn: 72 | ##gidNumber: 73 | ##description: Group account 74 | # 75 | # Others (level "3") - RFC 2307bis : 76 | ###dn: cn=,, 77 | ###objectClass: posixGroup 78 | ###objectClass: 79 | ###cn: 80 | ###gidNumber: 81 | ###description: Group account 82 | ###: 83 | -------------------------------------------------------------------------------- /sbin/ldapaddmachine: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # ldapaddmachine : adds a POSIX machine (user$) account to LDAP 4 | 5 | # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora 6 | # Copyright (C) 2006-2019 Ganaël LAPLANCHE 7 | # 8 | # This program is free software; you can redistribute it and/or 9 | # modify it under the terms of the GNU General Public License 10 | # as published by the Free Software Foundation; either version 2 11 | # of the License, or (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 21 | # USA. 22 | 23 | if [ -z "$1" ] || [ -z "$2" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] 24 | then 25 | echo "Usage : $0 [uid]" 26 | exit 1 27 | fi 28 | 29 | # Source runtime file 30 | _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" 31 | . "$_RUNTIMEFILE" 32 | 33 | # Machine name = first argument 34 | _USER="$1" 35 | 36 | # Machine GID = second argument 37 | _GID=$(_grouptogid "$2") 38 | [ -z "$_GID" ] && end_die "Cannot resolve group $2 to gid : not found" 39 | 40 | # Machine UID 41 | if [ -z "$3" ] # No argument, we must find a correct UID 42 | then 43 | _UID=$(_findnextmid) 44 | [ -z "_UID" ] && end_die "Cannot guess next free machine id" 45 | else 46 | _UID="$3" 47 | fi 48 | 49 | # Use template if necessary 50 | if [ -n "$MTEMPLATE" ] && [ -r "$MTEMPLATE" ] 51 | then 52 | _getldif="cat $MTEMPLATE" 53 | else 54 | _getldif="_extractldif 2" 55 | fi 56 | 57 | # Add user to LDAP 58 | $_getldif | _filterldif | _askattrs | _utf8encode | _ldapadd 59 | 60 | [ $? -eq 0 ] || end_die "Error adding machine $_USER to LDAP" 61 | end_ok "Successfully added machine $_USER to LDAP" 62 | 63 | # Ldif template ################################## 64 | ##dn: uid=,, 65 | ##objectClass: account 66 | ##objectClass: posixAccount 67 | ##cn: 68 | ##uid: 69 | ##uidNumber: 70 | ##gidNumber: 71 | ##homeDirectory: /dev/null 72 | ##loginShell: /bin/false 73 | ##gecos: 74 | ##description: Machine account 75 | -------------------------------------------------------------------------------- /sbin/ldapadduser: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # ldapadduser : adds a POSIX user account to LDAP 4 | 5 | # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora 6 | # Copyright (C) 2006-2019 Ganaël LAPLANCHE 7 | # 8 | # This program is free software; you can redistribute it and/or 9 | # modify it under the terms of the GNU General Public License 10 | # as published by the Free Software Foundation; either version 2 11 | # of the License, or (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 21 | # USA. 22 | 23 | if [ -z "$1" ] || [ -z "$2" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] 24 | then 25 | echo "Usage : $0 [uid]" 26 | exit 1 27 | fi 28 | 29 | # Source runtime file 30 | _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" 31 | . "$_RUNTIMEFILE" 32 | 33 | # Username = first argument 34 | _USER="$1" 35 | 36 | # User GID = second argument 37 | _GID=$(_grouptogid "$2") 38 | [ -z "$_GID" ] && end_die "Cannot resolve group $2 to gid : not found" 39 | 40 | # User UID 41 | if [ -z "$3" ] # No argument, we must find a correct UID 42 | then 43 | _UID=$(_findnextuid) 44 | [ -z "_UID" ] && end_die "Cannot guess next free user id" 45 | else 46 | _UID="$3" 47 | fi 48 | 49 | # Compute homedir 50 | _HOMEDIR=$(echo "$UHOMES" | sed "s|%u|$_USER|g") 51 | 52 | # Use template if necessary 53 | if [ -n "$UTEMPLATE" ] && [ -r "$UTEMPLATE" ] 54 | then 55 | _getldif="cat $UTEMPLATE" 56 | else 57 | _getldif="_extractldif 2" 58 | fi 59 | 60 | # Add user to LDAP 61 | $_getldif | _filterldif | _askattrs | _utf8encode | _ldapadd 62 | 63 | [ $? -eq 0 ] || end_die "Error adding user $_USER to LDAP" 64 | echo_log "Successfully added user $_USER to LDAP" 65 | 66 | # Generate or ask for user password 67 | if is_like "$PASSWORDGEN" "" 68 | then 69 | warn_log "Setting password for user $_USER" 70 | _askpassword 71 | else 72 | _genpassword "$_USER" 73 | fi 74 | 75 | # Add user password 76 | if [ -n "$_PASSWORD" ] 77 | then 78 | _changepassword "$_PASSWORD" "uid=$_USER,$USUFFIX,$SUFFIX" 79 | [ $? -eq 0 ] && echo_log "Successfully set password for user $_USER" 80 | else 81 | [ -n "$PASSWORDGEN" ] && warn_log "Warning : got invalid password for user $_USER (password not set)" 82 | fi 83 | 84 | # Create Home dir 85 | if is_yes "$CREATEHOMES" 86 | then 87 | if [ -e "$_HOMEDIR" ] 88 | then 89 | warn_log "Skipped home directory creation for user $_USER (already exists)" 90 | else 91 | # Create home by skel or mkdir 92 | if [ -d "$HOMESKEL" ] 93 | then 94 | cp -pR "$HOMESKEL/" "$_HOMEDIR" 2>>"$LOGFILE" 1>/dev/null 95 | else 96 | mkdir -p "$_HOMEDIR" 2>>"$LOGFILE" 1>/dev/null 97 | fi 98 | 99 | chmod "$HOMEPERMS" "$_HOMEDIR" 2>>"$LOGFILE" 1>/dev/null 100 | chown -R "$_UID":"$_GID" "$_HOMEDIR" 2>>"$LOGFILE" 1>/dev/null 101 | echo_log "Successfully created home directory for user $_USER" 102 | fi 103 | fi 104 | 105 | end_ok 106 | 107 | # Ldif template ################################## 108 | ##dn: uid=,, 109 | ##objectClass: account 110 | ##objectClass: posixAccount 111 | ##cn: 112 | ##uid: 113 | ##uidNumber: 114 | ##gidNumber: 115 | ##homeDirectory: 116 | ##loginShell: 117 | ##gecos: 118 | ##description: User account 119 | -------------------------------------------------------------------------------- /sbin/ldapaddusertogroup: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # ldapaddusertogroup : adds a member to a group in LDAP 4 | 5 | # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora 6 | # Copyright (C) 2006-2019 Ganaël LAPLANCHE 7 | # 8 | # This program is free software; you can redistribute it and/or 9 | # modify it under the terms of the GNU General Public License 10 | # as published by the Free Software Foundation; either version 2 11 | # of the License, or (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 21 | # USA. 22 | 23 | if [ -z "$1" ] || [ -z "$2" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] 24 | then 25 | echo "Usage : $0 " 26 | exit 1 27 | fi 28 | 29 | # Source runtime file 30 | _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" 31 | . "$_RUNTIMEFILE" 32 | 33 | case $GCLASS in 34 | posixGroup) 35 | # Check username : $1 36 | _UID=$(_uidtouser "$1") 37 | [ -z "$_UID" ] && end_die "Cannot resolve uid $1 to user : not found" 38 | # Check groupname : $2 must exist in LDAP ! 39 | _findentry "$GSUFFIX,$SUFFIX" "(&(objectClass=posixGroup)(!(memberUid=$_UID))(|(cn=$2)(gidNumber=$2)))" 40 | [ -z "$_ENTRY" ] && end_die "Group $2 not found (or $_UID already member of $2)" 41 | 42 | # Modify group entry 43 | _extractldif 2 | _filterldif | _utf8encode | _ldapmodify 44 | ;; 45 | *) 46 | if is_valid_dn "$1" 47 | then 48 | # DN supplied as first argument, check it : $1 must exist in LDAP ! 49 | _getattribute "$1" "uid" 50 | [ -z "$_ATTRIBUTE" ] && end_die "User DN $1 not found in LDAP" 51 | # DN is OK, keep it 52 | _UDN="$1" 53 | else 54 | # UID or username supplied, check it : $1 must exist in LDAP ! 55 | _UDN=$(_uidtodn "$1") 56 | [ -z "$_UDN" ] && end_die "Cannot resolve uid $1 to DN : not found" 57 | fi 58 | # Check groupname : $2 must exist in LDAP ! 59 | _findentry "$GSUFFIX,$SUFFIX" "(&(objectClass=$GCLASS)(!($_GMEMBERATTR=$_UDN))(|(cn=$2)(gidNumber=$2)))" 60 | [ -z "$_ENTRY" ] && end_die "Group $2 not found (or $_UDN already member of $2)" 61 | 62 | # Modify group entry 63 | _extractldif 3 | _filterldif | _utf8encode | _ldapmodify 64 | ;; 65 | esac 66 | 67 | [ $? -eq 0 ] || end_die "Error adding user ${_UID}${_UDN} to group $_ENTRY" 68 | end_ok "Successfully added user ${_UID}${_UDN} to group $_ENTRY" 69 | 70 | # Ldif templates ################################# 71 | # 72 | # PosixGroup (level "2") : 73 | ##dn: 74 | ##changetype: modify 75 | ##add: 76 | ##: 77 | # 78 | # Others (level "3") : 79 | ###dn: 80 | ###changetype: modify 81 | ###add: 82 | ###: 83 | -------------------------------------------------------------------------------- /sbin/ldapdeletegroup: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # ldapdeletegroup : deletes a POSIX group account from LDAP 4 | 5 | # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora 6 | # Copyright (C) 2006-2019 Ganaël LAPLANCHE 7 | # 8 | # This program is free software; you can redistribute it and/or 9 | # modify it under the terms of the GNU General Public License 10 | # as published by the Free Software Foundation; either version 2 11 | # of the License, or (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 21 | # USA. 22 | 23 | if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] 24 | then 25 | echo "Usage : $0 " 26 | exit 1 27 | fi 28 | 29 | # Source runtime file 30 | _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" 31 | . "$_RUNTIMEFILE" 32 | 33 | # Find groupname : $1 must exist in LDAP ! 34 | _findentry "$GSUFFIX,$SUFFIX" "(&(objectClass=$GCLASS)(|(cn=$1)(gidNumber=$1)))" 35 | [ -z "$_ENTRY" ] && end_die "Group $1 not found in LDAP" 36 | 37 | # Delete entry 38 | _ldapdelete "$_ENTRY" || end_die "Error deleting group $_ENTRY from LDAP" 39 | end_ok "Successfully deleted group $_ENTRY from LDAP" 40 | -------------------------------------------------------------------------------- /sbin/ldapdeletemachine: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # ldapdeletemachine : deletes a POSIX machine (user$) account from LDAP 4 | 5 | # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora 6 | # Copyright (C) 2006-2019 Ganaël LAPLANCHE 7 | # 8 | # This program is free software; you can redistribute it and/or 9 | # modify it under the terms of the GNU General Public License 10 | # as published by the Free Software Foundation; either version 2 11 | # of the License, or (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 21 | # USA. 22 | 23 | if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] 24 | then 25 | echo "Usage : $0 " 26 | exit 1 27 | fi 28 | 29 | # Source runtime file 30 | _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" 31 | . "$_RUNTIMEFILE" 32 | 33 | # Find machinename : $1 must exist in LDAP ! 34 | _findentry "$MSUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" 35 | [ -z "$_ENTRY" ] && end_die "Machine $1 not found in LDAP (missing ending \$ ?)" 36 | 37 | # Delete entry 38 | _ldapdelete "$_ENTRY" || end_die "Error deleting machine $_ENTRY from LDAP" 39 | end_ok "Successfully deleted machine $_ENTRY from LDAP" 40 | -------------------------------------------------------------------------------- /sbin/ldapdeleteuser: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # ldapdeleteuser : deletes a POSIX user account from LDAP 4 | 5 | # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora 6 | # Copyright (C) 2006-2019 Ganaël LAPLANCHE 7 | # 8 | # This program is free software; you can redistribute it and/or 9 | # modify it under the terms of the GNU General Public License 10 | # as published by the Free Software Foundation; either version 2 11 | # of the License, or (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 21 | # USA. 22 | 23 | if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] 24 | then 25 | echo "Usage : $0 " 26 | exit 1 27 | fi 28 | 29 | # Source runtime file 30 | _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" 31 | . "$_RUNTIMEFILE" 32 | 33 | # Find username : $1 must exist in LDAP ! 34 | _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" 35 | [ -z "$_ENTRY" ] && end_die "User $1 not found in LDAP" 36 | 37 | # Store _UID and _UDN for filters 38 | if [ "$GCLASS" = "posixGroup" ] 39 | then 40 | _getattribute "$_ENTRY" "uid" 41 | [ -z "$_ATTRIBUTE" ] && end_die "Error getting user attribute from LDAP (uid)" 42 | _UID="$_ATTRIBUTE" 43 | fi 44 | _UDN="$_ENTRY" 45 | 46 | # Delete entry 47 | _ldapdelete "$_UDN" || end_die "Error deleting user $_UDN from LDAP" 48 | 49 | # Finally, delete this user from all his secondary groups 50 | case $GCLASS in 51 | posixGroup) 52 | _findentries "$GSUFFIX,$SUFFIX" "(&(objectClass=posixGroup)(memberUid=$_UID))" 53 | [ -n "$_ENTRIES" ] && echo "$_ENTRIES" | \ 54 | while read _ENTRY 55 | do 56 | echo_log "Deleting user from secondary group: $_ENTRY" 57 | # Modify group entry 58 | _extractldif 2 | _filterldif | _utf8encode | _ldapmodify 59 | done 60 | ;; 61 | *) 62 | _findentries "$GSUFFIX,$SUFFIX" "(&(objectClass=$GCLASS)($_GMEMBERATTR=$_UDN))" 63 | [ -n "$_ENTRIES" ] && echo "$_ENTRIES" | \ 64 | while read _ENTRY 65 | do 66 | echo_log "Deleting user from secondary group: $_ENTRY" 67 | # Modify group entry 68 | _extractldif 3 | _filterldif | _utf8encode | _ldapmodify 69 | done 70 | ;; 71 | esac 72 | 73 | end_ok "Successfully deleted user $_UDN from LDAP" 74 | 75 | # Ldif templates ################################# 76 | # 77 | # PosixGroup (level "2") : 78 | ##dn: 79 | ##changetype: modify 80 | ##delete: 81 | ##: 82 | # 83 | # Others (level "3") : 84 | ###dn: 85 | ###changetype: modify 86 | ###delete: 87 | ###: 88 | -------------------------------------------------------------------------------- /sbin/ldapdeleteuserfromgroup: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # ldapdeleteuserfromgroup : deletes a member from a group in LDAP 4 | 5 | # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora 6 | # Copyright (C) 2006-2019 Ganaël LAPLANCHE 7 | # 8 | # This program is free software; you can redistribute it and/or 9 | # modify it under the terms of the GNU General Public License 10 | # as published by the Free Software Foundation; either version 2 11 | # of the License, or (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 21 | # USA. 22 | 23 | if [ -z "$1" ] || [ -z "$2" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] 24 | then 25 | echo "Usage : $0 " 26 | exit 1 27 | fi 28 | 29 | # Source runtime file 30 | _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" 31 | . "$_RUNTIMEFILE" 32 | 33 | case $GCLASS in 34 | posixGroup) 35 | # Set username 36 | _UID="$1" 37 | # Check groupname : $2 must exist in LDAP ! 38 | _findentry "$GSUFFIX,$SUFFIX" "(&(objectClass=posixGroup)(memberUid=$1)(|(cn=$2)(gidNumber=$2)))" 39 | [ -z "$_ENTRY" ] && end_die "Group $2 not found (or $_UID is not a member of group $2)" 40 | 41 | # Modify group entry 42 | _extractldif 2 | _filterldif | _utf8encode | _ldapmodify 43 | ;; 44 | *) 45 | if is_valid_dn "$1" 46 | then 47 | # DN supplied as first argument, use it as-is 48 | _UDN="$1" 49 | else 50 | # UID or username supplied, check it : $1 must exist in LDAP ! 51 | _UDN=$(_uidtodn "$1") 52 | [ -z "$_UDN" ] && end_die "Cannot resolve uid $1 to DN : not found" 53 | fi 54 | # Check groupname : $2 must exist in LDAP ! 55 | _findentry "$GSUFFIX,$SUFFIX" "(&(objectClass=$GCLASS)($_GMEMBERATTR=$_UDN)(|(cn=$2)(gidNumber=$2)))" 56 | [ -z "$_ENTRY" ] && end_die "Group $2 not found (or $_UDN is not a member of group $2)" 57 | 58 | # Modify group entry 59 | _extractldif 3 | _filterldif | _utf8encode | _ldapmodify 60 | ;; 61 | esac 62 | 63 | [ $? -eq 0 ] || end_die "Error deleting user ${_UID}${_UDN} from group $_ENTRY" 64 | end_ok "Successfully deleted user ${_UID}${_UDN} from group $_ENTRY" 65 | 66 | # Ldif templates ################################# 67 | # 68 | # PosixGroup (level "2") : 69 | ##dn: 70 | ##changetype: modify 71 | ##delete: 72 | ##: 73 | # 74 | # Others (level "3") : 75 | ###dn: 76 | ###changetype: modify 77 | ###delete: 78 | ###: 79 | -------------------------------------------------------------------------------- /sbin/ldapfinger: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # ldapfinger : displays a user/machine/group POSIX account's details 4 | 5 | # Copyright (C) 2006-2019 Ganaël LAPLANCHE 6 | # 7 | # This program is free software; you can redistribute it and/or 8 | # modify it under the terms of the GNU General Public License 9 | # as published by the Free Software Foundation; either version 2 10 | # of the License, or (at your option) any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License 18 | # along with this program; if not, write to the Free Software 19 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 20 | # USA. 21 | 22 | if [ "$1" = "-h" ] || [ "$1" = "--help" ] 23 | then 24 | echo "Usage : $0 [-u | -g | -m] [username | machinename | groupname | uid | gid]" 25 | exit 1 26 | fi 27 | 28 | # Source runtime file 29 | _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" 30 | . "$_RUNTIMEFILE" 31 | 32 | # Parse options 33 | case "$1" in 34 | "-u" | "-m") 35 | if [ -z "$2" ] 36 | then 37 | # Current user 38 | _USER="$USER" 39 | else 40 | _USER="$2" 41 | fi 42 | ;; 43 | "-g") 44 | # Current user not useable (group required) 45 | [ -z "$2" ] && end_die 'Please specify a gid or groupname' 46 | _USER="$2" 47 | ;; 48 | "") 49 | # Current user 50 | _USER="$USER" 51 | ;; 52 | *) 53 | _USER="$1" 54 | ;; 55 | esac 56 | 57 | case "$1" in 58 | "-u") 59 | _ldapsearch "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$_USER)(uidNumber=$_USER)))" || end_die "No user found" 60 | ;; 61 | "-g") 62 | _ldapsearch "$GSUFFIX,$SUFFIX" "(&(objectClass=$GCLASS)(|(cn=$_USER)(gidNumber=$_USER)))" || end_die "No group found" 63 | ;; 64 | "-m") 65 | _ldapsearch "$MSUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$_USER)(uidNumber=$_USER)))" || end_die "No machine found" 66 | ;; 67 | *) 68 | _ldapsearch "$SUFFIX" "(|(&(objectClass=posixAccount)(|(uid=$_USER)(uidNumber=$_USER)))(&(objectClass=$GCLASS)(|(cn=$_USER)(gidNumber=$_USER))))" || end_die "No entry found" 69 | ;; 70 | esac 71 | 72 | end_ok 73 | -------------------------------------------------------------------------------- /sbin/ldapgid: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # ldapgid : displays a group's list of IDs 4 | 5 | # Copyright (C) 2009-2019 Ganaël LAPLANCHE 6 | # 7 | # This program is free software; you can redistribute it and/or 8 | # modify it under the terms of the GNU General Public License 9 | # as published by the Free Software Foundation; either version 2 10 | # of the License, or (at your option) any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License 18 | # along with this program; if not, write to the Free Software 19 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 20 | # USA. 21 | 22 | if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] 23 | then 24 | echo "Usage : $0 [-P] " 25 | exit 1 26 | fi 27 | 28 | # Source runtime file 29 | _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" 30 | . "$_RUNTIMEFILE" 31 | 32 | # Parse options 33 | case "$1" in 34 | "-P") 35 | # Passwd-like display requested 36 | [ -z "$2" ] && end_die 'Please specify a GID or a group name' 37 | _GROUP="$2" 38 | ;; 39 | *) 40 | # Standard display requested 41 | _GROUP="$1" 42 | ;; 43 | esac 44 | 45 | # Check groupname 46 | _findentry "$GSUFFIX,$SUFFIX" "(&(objectClass=$GCLASS)(|(cn=$_GROUP)(gidNumber=$_GROUP)))" 47 | [ -z "$_ENTRY" ] && end_die "Group $_GROUP not found in LDAP" 48 | 49 | # Get each (common) attribute 50 | # gidNumber 51 | _getattribute "$_ENTRY" "gidNumber" 52 | [ -z "$_ATTRIBUTE" ] && end_die "Error getting group attribute from LDAP (gidNumber)" 53 | _GIDNUMBER="$_ATTRIBUTE" 54 | # cn 55 | _getattribute "$_ENTRY" "cn" 56 | [ -z "$_ATTRIBUTE" ] && end_die "Error getting group attribute from LDAP (cn)" 57 | _CN="$_ATTRIBUTE" 58 | 59 | case "$1" in 60 | "-P") 61 | # Passwd-like display requested 62 | _OUTPUT="$_CN:*:$_GIDNUMBER:" 63 | # User list (memberUids, posixGroup) 64 | _SECONDARYUIDS=$(_ldapsearch "$_ENTRY" "" memberUid | grep "memberUid: " | sed "s|memberUid: ||") 65 | _FIRSTPASS="" 66 | for _SECONDARYUID in $_SECONDARYUIDS 67 | do 68 | if [ -z "$_FIRSTPASS" ] 69 | then 70 | _OUTPUT="$_OUTPUT$_SECONDARYUID" 71 | _FIRSTPASS="done" 72 | else 73 | _OUTPUT="$_OUTPUT,$_SECONDARYUID" 74 | fi 75 | done 76 | # User list (member DNs, groupOfNames/groupOfUniqueNames) 77 | if [ "$GCLASS" != "posixGroup" ] 78 | then 79 | _SECONDARYDNS=$(_ldapsearch "$_ENTRY" "" $_GMEMBERATTR | grep "$_GMEMBERATTR: " | sed "s|$_GMEMBERATTR: ||") 80 | _FIRSTPASS="" 81 | for _SECONDARYDN in $_SECONDARYDNS 82 | do 83 | # Skip dummy member 84 | [ "$_SECONDARYDN" = "$GDUMMYMEMBER" ] && continue 85 | # Try to find entry 86 | _getattribute "$_SECONDARYDN" "uid" 87 | [ -z "$_ATTRIBUTE" ] && end_die "Could not find member $_SECONDARYDN in LDAP" 88 | # Keep RDN (uid) only 89 | _SECONDARYDN="$_ATTRIBUTE" 90 | if [ -z "$_FIRSTPASS" ] 91 | then 92 | _OUTPUT="$_OUTPUT$_SECONDARYDN" 93 | _FIRSTPASS="done" 94 | else 95 | _OUTPUT="$_OUTPUT,$_SECONDARYDN" 96 | fi 97 | done 98 | fi 99 | ;; 100 | *) 101 | # Standard display requested 102 | _OUTPUT="gid=$_GIDNUMBER($_CN)" 103 | # User list (primary group) 104 | _PRIMARYUIDS=$(_ldapsearch "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(gidNumber=$_GIDNUMBER))" uidNumber | grep "uidNumber: " | sed "s|uidNumber: ||") 105 | _FIRSTPASS="" 106 | for _PRIMARYUID in $_PRIMARYUIDS 107 | do 108 | _UID=$(_uidtouser "$_PRIMARYUID") 109 | [ -z "$_UID" ] && end_die "Cannot resolve uid $_PRIMARYUID to user : not found" 110 | if [ -z "$_FIRSTPASS" ] 111 | then 112 | _OUTPUT="$_OUTPUT users(primary)=$_PRIMARYUID($_UID)" 113 | _FIRSTPASS="done" 114 | else 115 | _OUTPUT="$_OUTPUT,$_PRIMARYUID($_UID)" 116 | fi 117 | done 118 | # User list (memberUids, posixGroup) 119 | _SECONDARYUIDS=$(_ldapsearch "$_ENTRY" "" memberUid | grep "memberUid: " | sed "s|memberUid: ||") 120 | _FIRSTPASS="" 121 | for _SECONDARYUID in $_SECONDARYUIDS 122 | do 123 | _UID=$(_usertouid "$_SECONDARYUID") 124 | [ -z "$_UID" ] && end_die "Cannot resolve user $_SECONDARYUID to uid : not found" 125 | if [ -z "$_FIRSTPASS" ] 126 | then 127 | _OUTPUT="$_OUTPUT users(secondary)=$_UID($_SECONDARYUID)" 128 | _FIRSTPASS="done" 129 | else 130 | _OUTPUT="$_OUTPUT,$_UID($_SECONDARYUID)" 131 | fi 132 | done 133 | # User list (member DNs, groupOfNames/groupOfUniqueNames) 134 | if [ "$GCLASS" != "posixGroup" ] 135 | then 136 | _SECONDARYDNS=$(_ldapsearch "$_ENTRY" "" $_GMEMBERATTR | grep "$_GMEMBERATTR: " | sed "s|$_GMEMBERATTR: ||") 137 | _FIRSTPASS="" 138 | for _SECONDARYDN in $_SECONDARYDNS 139 | do 140 | # Skip dummy member 141 | [ "$_SECONDARYDN" = "$GDUMMYMEMBER" ] && continue 142 | # Try to find entry and get uidNumber 143 | _getattribute "$_SECONDARYDN" "uidNumber" 144 | [ -z "$_ATTRIBUTE" ] && end_die "Could not find member $_SECONDARYDN in LDAP" 145 | _UID="$_ATTRIBUTE" 146 | # Get uid 147 | _getattribute "$_SECONDARYDN" "uid" 148 | [ -z "$_ATTRIBUTE" ] && end_die "Could not find member $_SECONDARYDN in LDAP" 149 | # Keep RDN (uid) only 150 | _SECONDARYDN="$_ATTRIBUTE" 151 | if [ -z "$_FIRSTPASS" ] 152 | then 153 | _OUTPUT="$_OUTPUT users(members)=$_UID($_SECONDARYDN)" 154 | _FIRSTPASS="done" 155 | else 156 | _OUTPUT="$_OUTPUT,$_UID($_SECONDARYDN)" 157 | fi 158 | done 159 | fi 160 | ;; 161 | esac 162 | 163 | # Display result 164 | echo $_OUTPUT && end_ok 165 | -------------------------------------------------------------------------------- /sbin/ldapid: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # ldapid : displays a user's list of IDs 4 | 5 | # Copyright (C) 2008-2019 Ganaël LAPLANCHE 6 | # 7 | # This program is free software; you can redistribute it and/or 8 | # modify it under the terms of the GNU General Public License 9 | # as published by the Free Software Foundation; either version 2 10 | # of the License, or (at your option) any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License 18 | # along with this program; if not, write to the Free Software 19 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 20 | # USA. 21 | 22 | if [ "$1" = "-h" ] || [ "$1" = "--help" ] 23 | then 24 | echo "Usage : $0 [-P] [username | uid]" 25 | exit 1 26 | fi 27 | 28 | # Source runtime file 29 | _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" 30 | . "$_RUNTIMEFILE" 31 | 32 | # Parse options 33 | case "$1" in 34 | "-P") 35 | # Passwd-like display requested 36 | if [ -z "$2" ] 37 | then 38 | # Current user 39 | _USER="$USER" 40 | else 41 | _USER="$2" 42 | fi 43 | ;; 44 | "") 45 | # Standard display requested (current user) 46 | _USER="$USER" 47 | ;; 48 | *) 49 | # Standard display requested (with arg) 50 | _USER="$1" 51 | ;; 52 | esac 53 | 54 | # Check username 55 | _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$_USER)(uidNumber=$_USER)))" 56 | [ -z "$_ENTRY" ] && end_die "User $_USER not found in LDAP" 57 | 58 | # Get each (common) attribute 59 | # uidNumber 60 | _getattribute "$_ENTRY" "uidNumber" 61 | [ -z "$_ATTRIBUTE" ] && end_die "Error getting user attribute from LDAP (uidNumber)" 62 | _UIDNUMBER="$_ATTRIBUTE" 63 | # uid (login) 64 | _getattribute "$_ENTRY" "uid" 65 | [ -z "$_ATTRIBUTE" ] && end_die "Error getting user attribute from LDAP (uid)" 66 | _UID="$_ATTRIBUTE" 67 | # gidNumber 68 | _getattribute "$_ENTRY" "gidNumber" 69 | [ -z "$_ATTRIBUTE" ] && end_die "Error getting user attribute from LDAP (gidNumber)" 70 | _PRIMARYGID="$_ATTRIBUTE" 71 | 72 | case "$1" in 73 | "-P") 74 | # Passwd-like display requested 75 | # Fetch additional attributes 76 | _getattribute "$_ENTRY" "gecos" 77 | _GECOS=${_ATTRIBUTE:-""} 78 | _getattribute "$_ENTRY" "homeDirectory" 79 | _HOMEDIR=${_ATTRIBUTE:-""} 80 | _getattribute "$_ENTRY" "loginShell" 81 | _SHELL=${_ATTRIBUTE:-""} 82 | _getattribute "$_ENTRY" "userPassword" 83 | _PASSWD=${_ATTRIBUTE:-""} 84 | is_yes "$_B64" && _PASSWD=$(echo -n $_PASSWD | _b64decode | _utf8decode) 85 | # Remove leading encoding scheme 86 | _PASSWD=$(echo $_PASSWD | sed "s|{.*}||") 87 | # Prepare output 88 | _OUTPUT="$_UID:$_PASSWD:$_UIDNUMBER:$_PRIMARYGID::0:0" 89 | _OUTPUT="$_OUTPUT:$_GECOS:$_HOMEDIR:$_SHELL" 90 | ;; 91 | *) 92 | # Standard display requested (current user) 93 | # Compute additional attribute : primary group name 94 | _PRIMARYGROUP=$(_gidtogroup "$_PRIMARYGID") 95 | [ -z "$_PRIMARYGROUP" ] && end_die "Cannot resolve gid $_PRIMARYGID to group : not found" 96 | # Prepare output 97 | _OUTPUT="uid=$_UIDNUMBER($_UID) gid=$_PRIMARYGID($_PRIMARYGROUP)" 98 | _OUTPUT="$_OUTPUT groups=$_PRIMARYGID($_PRIMARYGROUP)" 99 | # Get secondary groups (posixGroup) 100 | _SECONDARYGIDS=$(_ldapsearch "$GSUFFIX,$SUFFIX" "(&(objectClass=posixGroup)(memberUid=$_UID))" gidNumber | grep "gidNumber: " | sed "s|gidNumber: ||") 101 | for _SECONDARYGID in $_SECONDARYGIDS 102 | do 103 | _GID=$(_gidtogroup "$_SECONDARYGID") 104 | [ -z "$_GID" ] && end_die "Cannot resolve gid $_SECONDARYGID to group : not found" 105 | _OUTPUT="$_OUTPUT,$_SECONDARYGID($_GID)" 106 | done 107 | # Get member groups (groupOfNames, groupOfUniqueNames) 108 | if [ "$GCLASS" != "posixGroup" ] 109 | then 110 | _MEMBERGIDS=$(_ldapsearch "$GSUFFIX,$SUFFIX" "(&(objectClass=$GCLASS)($_GMEMBERATTR=$_ENTRY))" gidNumber | grep "gidNumber: " | sed "s|gidNumber: ||") 111 | _FIRSTPASS="" 112 | for _MEMBERGID in $_MEMBERGIDS 113 | do 114 | _GID=$(_gidtogroup "$_MEMBERGID") 115 | [ -z "$_GID" ] && end_die "Cannot resolve gid $_MEMBERGID to group : not found" 116 | if [ -z "$_FIRSTPASS" ] 117 | then 118 | _OUTPUT="$_OUTPUT groups(member)=$_MEMBERGID($_GID)" 119 | _FIRSTPASS="done" 120 | else 121 | _OUTPUT="$_OUTPUT,$_MEMBERGID($_GID)" 122 | fi 123 | done 124 | fi 125 | ;; 126 | esac 127 | 128 | # Display result 129 | echo $_OUTPUT && end_ok 130 | -------------------------------------------------------------------------------- /sbin/ldapinit: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # ldapinit : initializes the LDAP directory with a minimal tree 4 | 5 | # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora 6 | # Copyright (C) 2006-2019 Ganaël LAPLANCHE 7 | # 8 | # This program is free software; you can redistribute it and/or 9 | # modify it under the terms of the GNU General Public License 10 | # as published by the Free Software Foundation; either version 2 11 | # of the License, or (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 21 | # USA. 22 | 23 | if [ "$1" = "-h" ] || [ "$1" = "--help" ] 24 | then 25 | echo "Usage : $0 [-r | -s]" 26 | exit 1 27 | fi 28 | 29 | # Source runtime file 30 | _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" 31 | . "$_RUNTIMEFILE" 32 | 33 | # Clean up suffix info 34 | _SUFFIX=$(echo $SUFFIX | cut -d ',' -f 1 | cut -d '=' -f 2) 35 | _USUFFIX=$(echo $USUFFIX | cut -d ',' -f 1 | cut -d '=' -f 2) 36 | _GSUFFIX=$(echo $GSUFFIX | cut -d ',' -f 1 | cut -d '=' -f 2) 37 | _MSUFFIX=$(echo $MSUFFIX | cut -d ',' -f 1 | cut -d '=' -f 2) 38 | 39 | # Whole operation result 40 | _RESULT=0 41 | 42 | # First add the root DN if necessary 43 | if [ "$1" != "-s" ] 44 | then 45 | _extractldif 2 | _filterldif | _askattrs | _utf8encode | _ldapadd -c 46 | if [ $? -ne 0 ] 47 | then 48 | _RESULT=1 49 | warn_log "Error(s) encountered while creating root DN" 50 | fi 51 | fi 52 | 53 | # Now add remaining stuff 54 | if [ "$1" != "-r" ] 55 | then 56 | _extractldif 3 | _filterldif | _askattrs | _utf8encode | _ldapadd -c 57 | if [ $? -ne 0 ] 58 | then 59 | _RESULT=1 60 | warn_log "Error(s) encountered while creating regular OUs" 61 | fi 62 | fi 63 | 64 | [ $_RESULT -ne 0 ] && end_die "Error(s) encountered during LDAP initialization" 65 | end_ok "Successfully initialized LDAP tree" 66 | 67 | # Ldif template ################################## 68 | ##dn: 69 | ##objectClass: dcObject 70 | ##objectClass: organization 71 | ##dc: <_suffix> 72 | ##o: <_suffix> 73 | ##description: <_suffix> 74 | ## 75 | ###dn: , 76 | ###objectClass: top 77 | ###objectClass: organizationalUnit 78 | ###ou: <_usuffix> 79 | ### 80 | ###dn: , 81 | ###objectClass: top 82 | ###objectClass: organizationalUnit 83 | ###ou: <_gsuffix> 84 | ### 85 | ###dn: , 86 | ###objectClass: top 87 | ###objectClass: organizationalUnit 88 | ###ou: <_msuffix> 89 | ### 90 | ###dn: ou=Idmap, 91 | ###objectClass: organizationalUnit 92 | ###ou: Idmap 93 | -------------------------------------------------------------------------------- /sbin/ldapmodifygroup: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # ldapmodifygroup : modifies a POSIX group account in LDAP interactively 4 | 5 | # Copyright (C) 2007-2019 Ganaël LAPLANCHE 6 | # 7 | # This program is free software; you can redistribute it and/or 8 | # modify it under the terms of the GNU General Public License 9 | # as published by the Free Software Foundation; either version 2 10 | # of the License, or (at your option) any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License 18 | # along with this program; if not, write to the Free Software 19 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 20 | # USA. 21 | 22 | if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] 23 | then 24 | echo "Usage : $0 " 25 | exit 1 26 | fi 27 | 28 | # Source runtime file 29 | _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" 30 | . "$_RUNTIMEFILE" 31 | 32 | # Find groupname : $1 must exist in LDAP ! 33 | _findentry "$GSUFFIX,$SUFFIX" "(&(objectClass=$GCLASS)(|(cn=$1)(gidNumber=$1)))" 34 | [ -z "$_ENTRY" ] && end_die "Group $1 not found in LDAP" 35 | 36 | # Allocate and create temp file 37 | mktempf 38 | echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" 39 | 40 | # Display entry 41 | echo "# About to modify the following entry :" 42 | _ldapsearch "$_ENTRY" 43 | 44 | # Edit entry 45 | echo "# Enter your modifications here, end with CTRL-D." 46 | echo "dn: $_ENTRY" 47 | cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" 48 | 49 | # Send modifications 50 | cat "$_TMPFILE" | _utf8encode | _ldapmodify 51 | if [ $? -ne 0 ] 52 | then 53 | reltempf 54 | end_die "Error modifying group entry $_ENTRY in LDAP" 55 | fi 56 | reltempf 57 | end_ok "Successfully modified group entry $_ENTRY in LDAP" 58 | -------------------------------------------------------------------------------- /sbin/ldapmodifymachine: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # ldapmodifymachine : modifies a POSIX machine account in LDAP interactively 4 | 5 | # Copyright (C) 2007-2019 Ganaël LAPLANCHE 6 | # 7 | # This program is free software; you can redistribute it and/or 8 | # modify it under the terms of the GNU General Public License 9 | # as published by the Free Software Foundation; either version 2 10 | # of the License, or (at your option) any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License 18 | # along with this program; if not, write to the Free Software 19 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 20 | # USA. 21 | 22 | if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] 23 | then 24 | echo "Usage : $0 " 25 | exit 1 26 | fi 27 | 28 | # Source runtime file 29 | _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" 30 | . "$_RUNTIMEFILE" 31 | 32 | # Find machinename : $1 must exist in LDAP ! 33 | _findentry "$MSUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" 34 | [ -z "$_ENTRY" ] && end_die "Machine $1 not found in LDAP (missing ending \$ ?)" 35 | 36 | # Allocate and create temp file 37 | mktempf 38 | echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" 39 | 40 | # Display entry 41 | echo "# About to modify the following entry :" 42 | _ldapsearch "$_ENTRY" 43 | 44 | # Edit entry 45 | echo "# Enter your modifications here, end with CTRL-D." 46 | echo "dn: $_ENTRY" 47 | cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" 48 | 49 | # Send modifications 50 | cat "$_TMPFILE" | _utf8encode | _ldapmodify 51 | if [ $? -ne 0 ] 52 | then 53 | reltempf 54 | end_die "Error modifying machine entry $_ENTRY in LDAP" 55 | fi 56 | reltempf 57 | end_ok "Successfully modified machine entry $_ENTRY in LDAP" 58 | -------------------------------------------------------------------------------- /sbin/ldapmodifyuser: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # ldapmodifyuser : modifies a POSIX user account in LDAP interactively 4 | 5 | # Copyright (C) 2007-2019 Ganaël LAPLANCHE 6 | # 7 | # This program is free software; you can redistribute it and/or 8 | # modify it under the terms of the GNU General Public License 9 | # as published by the Free Software Foundation; either version 2 10 | # of the License, or (at your option) any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License 18 | # along with this program; if not, write to the Free Software 19 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 20 | # USA. 21 | 22 | if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] 23 | then 24 | echo "Usage : $0 " 25 | exit 1 26 | fi 27 | 28 | # Source runtime file 29 | _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" 30 | . "$_RUNTIMEFILE" 31 | 32 | # Find username : $1 must exist in LDAP ! 33 | _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" 34 | [ -z "$_ENTRY" ] && end_die "User $1 not found in LDAP" 35 | 36 | # Allocate and create temp file 37 | mktempf 38 | echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" 39 | 40 | # Display entry 41 | echo "# About to modify the following entry :" 42 | _ldapsearch "$_ENTRY" 43 | 44 | # Edit entry 45 | echo "# Enter your modifications here, end with CTRL-D." 46 | echo "dn: $_ENTRY" 47 | cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" 48 | 49 | # Send modifications 50 | cat "$_TMPFILE" | _utf8encode | _ldapmodify 51 | if [ $? -ne 0 ] 52 | then 53 | reltempf 54 | end_die "Error modifying user entry $_ENTRY in LDAP" 55 | fi 56 | reltempf 57 | end_ok "Successfully modified user entry $_ENTRY in LDAP" 58 | -------------------------------------------------------------------------------- /sbin/ldaprenamegroup: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # ldaprenamegroup : renames a POSIX group in LDAP 4 | 5 | # Copyright (C) 2006-2019 Ganaël LAPLANCHE 6 | # 7 | # This program is free software; you can redistribute it and/or 8 | # modify it under the terms of the GNU General Public License 9 | # as published by the Free Software Foundation; either version 2 10 | # of the License, or (at your option) any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License 18 | # along with this program; if not, write to the Free Software 19 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 20 | # USA. 21 | 22 | if [ -z "$1" ] || [ -z "$2" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] 23 | then 24 | echo "Usage : $0 " 25 | exit 1 26 | fi 27 | 28 | # Source runtime file 29 | _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" 30 | . "$_RUNTIMEFILE" 31 | 32 | # Find dest groupname : $2 must not exist in LDAP ! 33 | # Note : as posixGroup is a common objectClass to all supported GCLASSes 34 | # (we use RFC 2307bis AUXILIARY posixGroups), look for it instead of $GCLASS, 35 | # which would be too specific here and could miss posixGroup-only entries. 36 | _findentry "$GSUFFIX,$SUFFIX" "(&(objectClass=posixGroup)(cn=$2))" 37 | [ -z "$_ENTRY" ] || end_die "Group $2 already exists in LDAP" 38 | 39 | # Find src groupname : $1 must exist in LDAP ! 40 | _findentry "$GSUFFIX,$SUFFIX" "(&(objectClass=$GCLASS)(|(cn=$1)(gidNumber=$1)))" 41 | [ -z "$_ENTRY" ] && end_die "Group $1 not found in LDAP" 42 | 43 | # Rename entry 44 | _ldaprename "$_ENTRY" "cn=$2" || end_die "Error renaming group $_ENTRY to $2 in LDAP" 45 | end_ok "Successfully renamed group $_ENTRY to $2 in LDAP" 46 | -------------------------------------------------------------------------------- /sbin/ldaprenamemachine: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # ldaprenamemachine : renames a POSIX machine account in LDAP 4 | 5 | # Copyright (C) 2006-2019 Ganaël LAPLANCHE 6 | # 7 | # This program is free software; you can redistribute it and/or 8 | # modify it under the terms of the GNU General Public License 9 | # as published by the Free Software Foundation; either version 2 10 | # of the License, or (at your option) any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License 18 | # along with this program; if not, write to the Free Software 19 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 20 | # USA. 21 | 22 | if [ -z "$1" ] || [ -z "$2" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] 23 | then 24 | echo "Usage : $0 " 25 | exit 1 26 | fi 27 | 28 | # Source runtime file 29 | _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" 30 | . "$_RUNTIMEFILE" 31 | 32 | # Find dest machinename : $2 must not exist in LDAP ! 33 | _findentry "$MSUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(uid=$2))" 34 | [ -z "$_ENTRY" ] || end_die "Machine $2 already exists in LDAP" 35 | 36 | # Find src machinename : $1 must exist in LDAP ! 37 | _findentry "$MSUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" 38 | [ -z "$_ENTRY" ] && end_die "Machine $1 not found in LDAP (missing ending \$ ?)" 39 | 40 | # Rename entry 41 | _ldaprename "$_ENTRY" "uid=$2" || end_die "Error renaming machine $_ENTRY to $2 in LDAP" 42 | end_ok "Successfully renamed machine $_ENTRY to $2 in LDAP" 43 | -------------------------------------------------------------------------------- /sbin/ldaprenameuser: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # ldaprenameuser : renames a POSIX user account in LDAP 4 | 5 | # Copyright (C) 2006-2019 Ganaël LAPLANCHE 6 | # 7 | # This program is free software; you can redistribute it and/or 8 | # modify it under the terms of the GNU General Public License 9 | # as published by the Free Software Foundation; either version 2 10 | # of the License, or (at your option) any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License 18 | # along with this program; if not, write to the Free Software 19 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 20 | # USA. 21 | 22 | if [ -z "$1" ] || [ -z "$2" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] 23 | then 24 | echo "Usage : $0 " 25 | exit 1 26 | fi 27 | 28 | # Source runtime file 29 | _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" 30 | . "$_RUNTIMEFILE" 31 | 32 | # Find dest username : $2 must not exist in LDAP ! 33 | _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(uid=$2))" 34 | [ -z "$_ENTRY" ] || end_die "User $2 already exists in LDAP" 35 | 36 | # Find src username : $1 must exist in LDAP ! 37 | _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" 38 | [ -z "$_ENTRY" ] && end_die "User $1 not found in LDAP" 39 | 40 | # Store _UID and _UDN for filters 41 | if [ "$GCLASS" = "posixGroup" ] 42 | then 43 | _getattribute "$_ENTRY" "uid" 44 | [ -z "$_ATTRIBUTE" ] && end_die "Error getting user attribute from LDAP (uid)" 45 | _UID="$_ATTRIBUTE" 46 | fi 47 | _UDN="$_ENTRY" 48 | 49 | # Rename entry 50 | _ldaprename "$_ENTRY" "uid=$2" || end_die "Error renaming user $_ENTRY to $2 in LDAP" 51 | 52 | # Store _NEWUID and _NEWUDN for filters 53 | _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(uid=$2))" 54 | [ -z "$_ENTRY" ] && end_die "Renamed user $2 not found in LDAP" 55 | _NEWUID="$2" 56 | _NEWUDN="$_ENTRY" 57 | 58 | # Finally, rename this user in all his secondary groups 59 | case $GCLASS in 60 | posixGroup) 61 | _findentries "$GSUFFIX,$SUFFIX" "(&(objectClass=posixGroup)(memberUid=$_UID))" 62 | [ -n "$_ENTRIES" ] && echo "$_ENTRIES" | \ 63 | while read _ENTRY 64 | do 65 | echo_log "Renaming user in secondary group: $_ENTRY" 66 | # Modify group entry 67 | _extractldif 2 | _filterldif | _utf8encode | _ldapmodify 68 | done 69 | ;; 70 | *) 71 | _findentries "$GSUFFIX,$SUFFIX" "(&(objectClass=$GCLASS)($_GMEMBERATTR=$_UDN))" 72 | [ -n "$_ENTRIES" ] && echo "$_ENTRIES" | \ 73 | while read _ENTRY 74 | do 75 | echo_log "Renaming user in secondary group: $_ENTRY" 76 | # Modify group entry 77 | _extractldif 3 | _filterldif | _utf8encode | _ldapmodify 78 | done 79 | ;; 80 | esac 81 | 82 | end_ok "Successfully renamed user $_UDN to $_NEWUID in LDAP" 83 | 84 | # Ldif templates ################################# 85 | # 86 | # PosixGroup (level "2") : 87 | ##dn: 88 | ##changetype: modify 89 | ##delete: 90 | ##: 91 | ##- 92 | ##add: 93 | ##: 94 | # 95 | # Others (level "3") : 96 | ###dn: 97 | ###changetype: modify 98 | ###delete: 99 | ###: 100 | ###- 101 | ###add: 102 | ###: 103 | -------------------------------------------------------------------------------- /sbin/ldapsetpasswd: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # ldapsetpasswd : modifies a POSIX user or machine account's password in LDAP 4 | 5 | # Copyright (C) 2006-2019 Ganaël LAPLANCHE 6 | # 7 | # This program is free software; you can redistribute it and/or 8 | # modify it under the terms of the GNU General Public License 9 | # as published by the Free Software Foundation; either version 2 10 | # of the License, or (at your option) any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, 13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 | # GNU General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU General Public License 18 | # along with this program; if not, write to the Free Software 19 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 20 | # USA. 21 | 22 | if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] 23 | then 24 | echo "Usage : $0 [-u | -m] [encoded password]" 25 | exit 1 26 | fi 27 | 28 | # Source runtime file 29 | _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" 30 | . "$_RUNTIMEFILE" 31 | 32 | # Parse options 33 | case "$1" in 34 | "-u" | "-m") 35 | [ -z "$2" ] && end_die 'Please specify a gid or groupname' 36 | _USER="$2" 37 | _PASSWD="$3" 38 | ;; 39 | *) 40 | _USER="$1" 41 | _PASSWD="$2" 42 | ;; 43 | esac 44 | 45 | # Find account : $_USER must exist in LDAP ! 46 | case "$1" in 47 | "-u") 48 | _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$_USER)(uidNumber=$_USER)))" 49 | ;; 50 | "-m") 51 | _findentry "$MSUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$_USER)(uidNumber=$_USER)))" 52 | ;; 53 | *) 54 | _findentry "$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$_USER)(uidNumber=$_USER)))" 55 | ;; 56 | esac 57 | [ -z "$_ENTRY" ] && end_die "Account $_USER not found in LDAP" 58 | 59 | if [ -z "$_PASSWD" ] # Have to prompt for a *clear* password 60 | then 61 | warn_log "Changing password for account $_ENTRY" 62 | # Ask for password 63 | _askpassword 64 | [ -z "$_PASSWORD" ] && end_die "Invalid password, please try again" 65 | # Change account password 66 | _changepassword "$_PASSWORD" "$_ENTRY" 67 | [ $? -eq 0 ] || end_die "Error setting password for account $_ENTRY" 68 | end_ok "Successfully set password for account $_ENTRY" 69 | else # Have to use the *encoded* password given on the command line 70 | # Use LDIF info to modify the password 71 | _PASSWORD="$_PASSWD" 72 | _extractldif 2 | _filterldif | _utf8encode | _ldapmodify 73 | [ $? -eq 0 ] || end_die "Error setting encoded password for account $_ENTRY" 74 | end_ok "Successfully set encoded password for account $_ENTRY" 75 | fi 76 | 77 | # Ldif template ################################## 78 | ##dn: 79 | ##changetype: modify 80 | ##replace: userPassword 81 | ##userPassword: 82 | -------------------------------------------------------------------------------- /sbin/ldapsetprimarygroup: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # ldapsetprimarygroup : modifies the gidNumber of a POSIX user or machine account in LDAP 4 | 5 | # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora 6 | # Copyright (C) 2006-2019 Ganaël LAPLANCHE 7 | # 8 | # This program is free software; you can redistribute it and/or 9 | # modify it under the terms of the GNU General Public License 10 | # as published by the Free Software Foundation; either version 2 11 | # of the License, or (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 21 | # USA. 22 | 23 | if [ -z "$1" ] || [ -z "$2" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] 24 | then 25 | echo "Usage : $0 " 26 | exit 1 27 | fi 28 | 29 | # Source runtime file 30 | _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" 31 | . "$_RUNTIMEFILE" 32 | 33 | # Check username : $1 must exist in LDAP ! Lookup base = global $SUFFIX, to work on machine and user accounts 34 | _findentry "$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" 35 | [ -z "$_ENTRY" ] && end_die "User $1 not found" 36 | 37 | # Check groupname : $2 38 | _GID=$(_grouptogid "$2") 39 | [ -z "$_GID" ] && end_die "Cannot resolve group $2 to gid : not found" 40 | 41 | # Modify user entry 42 | _extractldif 2 | _filterldif | _utf8encode | _ldapmodify 43 | 44 | [ $? -eq 0 ] || end_die "Error setting primary group for user $1 (to group $2)" 45 | end_ok "Successfully set primary group for user $1 (to group $2)" 46 | 47 | # Ldif template ################################## 48 | ##dn: 49 | ##changetype: modify 50 | ##replace: gidNumber 51 | ##gidNumber: 52 | -------------------------------------------------------------------------------- /sbin/lsldap: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # lsldap : performs a *big* query on the LDAP directory 4 | 5 | # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora 6 | # Copyright (C) 2006-2019 Ganaël LAPLANCHE 7 | # 8 | # This program is free software; you can redistribute it and/or 9 | # modify it under the terms of the GNU General Public License 10 | # as published by the Free Software Foundation; either version 2 11 | # of the License, or (at your option) any later version. 12 | # 13 | # This program is distributed in the hope that it will be useful, 14 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 15 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 | # GNU General Public License for more details. 17 | # 18 | # You should have received a copy of the GNU General Public License 19 | # along with this program; if not, write to the Free Software 20 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 21 | # USA. 22 | 23 | # WARNING : this script searches the whole directory as $BINDDN... 24 | # It may be *VERY* long and return a limited number of entries 25 | # Always use slapcat to backup your directory !!! 26 | 27 | if [ "$1" = "-h" ] || [ "$1" = "--help" ] 28 | then 29 | echo "Usage : $0 [[-h] | [-u | -g | -m]]" 30 | exit 1 31 | fi 32 | 33 | # Source runtime file 34 | _RUNTIMEFILE="/usr/lib/ldapscripts/runtime" 35 | . "$_RUNTIMEFILE" 36 | 37 | case "$1" in 38 | "-u") 39 | _ldapsearch "$USUFFIX,$SUFFIX" "(objectClass=posixAccount)" || end_die "No entry found" 40 | ;; 41 | "-g") 42 | _ldapsearch "$GSUFFIX,$SUFFIX" "(objectClass=$GCLASS)" || end_die "No entry found" 43 | ;; 44 | "-m") 45 | _ldapsearch "$MSUFFIX,$SUFFIX" "(objectClass=posixAccount)" || end_die "No entry found" 46 | ;; 47 | *) 48 | _ldapsearch "$SUFFIX" || end_die "No entry found" 49 | ;; 50 | esac 51 | end_ok 52 | --------------------------------------------------------------------------------