scripts/ldap-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v1.0.0

Browse Source
This commit is contained in:
Gilles Mouchet 2024-12-28 08:25:21 +01:00
parent 83aab7d071
commit 32a7746c19
6 changed files with 236 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -12,12 +12,14 @@ Edit the `ldap.conf` and set the parameters according to your configuration (the
|script|description|usage|
|:-----|:----------|-----|
|list_user.sh|List directory users|`./list_user.sh --help`|
|manage_user.sh|List directory users|`./manage_user.sh --help`|
## Changelog
#### [1.0.0] - 2024-12-27
##### Added
- Config file ldap.conf.dist
- Functions scripts
- Manage_user script (v1.0.0)
- List_user script (v1.0.0)
- README.md
- Initial version by [GMo](mailto:gilles.mouchet@gmail.com)

42
functions.sh
View File

@ -1,20 +1,52 @@
#!/bin/bash
#------------------------------------------------------------------------------
# readConfig
function readConfig {
confDir=.
cfgFile=${confDir}/config.conf
cfgFile=${confDir}/ldap.conf
if [ ! -f $cfgFile ]; then
echo "The conf file '$cfgFile' does not exist !"
exit 1
fi
# Read config file
# read config file
. $cfgFile
}
#------------------------------------------------------------------------------
# getNextuidNumber
function getNextUidNumber {
# read all uidNumber
ldapsearch -x -LLL -H $LDAP_SRV -b "$LDAP_BASE" -D "$LDAP_MANAGER_USER" -w $LDAP_MANAGER_PASS \
uidNumber | grep -v dn | grep -v '^$' > /tmp/ldap_uid.tmp #grep -v '^$' empty line
# delete uidNumber form the file
sed -i -e 's/^uidNumber: //' /tmp/ldap_uid.tmp
# create an array
while IFS= read -r line; do
ldap_array=("${ldap_array[@]}" $line)
done < /tmp/ldap_uid.tmp
# delete temporary file
rm -rf /tmp/ldap_uid.tmp
# sort the array to find the highest uidNumber
max=0
for uidNum in ${ldap_array[@]}; do
if (( $uidNum > $max )); then
max=$uidNum
fi
done
# increases the max by 1
next_uidNumber=`expr $max + 1`
}
# check if ldapsearch exist
ldapsearch_path=$(command -v ldapsearch)
if [ "$?" == "1" ]; then
echo "ldapsearch doesn't exist. Please install openldap-client package"
echo "ldapsearch doesn't exist. Please install openldap-clients package"
exit 1
fi
slappasswd_path=$(command -v slappasswd )
if [ "$?" == "1" ]; then
echo "ldapsearch doesn't exist. Please install openldap-servers package"
exit 1
fi

3
ldap.conf.dist
View File

@ -10,3 +10,6 @@ LDAP_SRV=ldap://kleenex.gmolab.net
LDAP_MANAGER_USER="cn=Admin LDAP,ou=people,$LDAP_BASE"
LDAP_MANAGER_PASS=secret
# mail domain for user
LDAP_USER_MAIL_DOMAIN=gmolab.net

10
list_user.sh
View File

@ -19,7 +19,7 @@
#set -x
# Function to print help
function print_usage {
function printUsage {
/bin/cat << EOF
@ -71,7 +71,7 @@ do
if [[ $1 =~ cn= ]]; then
_TAG="$(echo $1 | cut -f2 -d=)"
if [ -z "${_TAG}" ]; then
print_usage
printUsage
exit 1
fi
ldap_arg="cn=$_TAG"
@ -80,7 +80,7 @@ do
else
# check if argument from -n exist
if [ -z "$2" ]; then
print_usage
printUsage
exit 1
fi
_TAG="$2"
@ -90,7 +90,7 @@ do
fi
;;
-h|--help|help)
print_usage
printUsage
exit 0
;;
-v|--version)
@ -106,7 +106,7 @@ do
done
echo $ldap_arg
if [ -z "${ldap_arg}" ]; then
print_usage
printUsage
else
#echo "ldapsearch -x -LLL -H $LDAP_SRV -b \"$LDAP_BASE\" -D \"$LDAP_MANAGER_USER\" -w $LDAP_MANAGER_PASS $ldap_arg"
# check that the search result is not null

176
manage_user.sh Executable file
View File

@ -0,0 +1,176 @@
#!/bin/bash
############################################################
# Decription: manage user in directory
#
# Author: Gilles Mouchet (gilles.mouchet@gmail.com)
# Creation Date: 27-Dec-2024
# Version: 1.0
# Install:
# see README.md
# Usage: ./manage_user.sh --help
# Changelog:
# V1.0 - 28-Dec-2024 - GMo
# Added
# - Creation of script from scratch
#
############################################################
# debug
#set -x
#------------------------------------------------------------------------------
# printUsge
function printUsage {
/bin/cat << EOF
Usage: $progName [options]
Options:
-a <user_cn>,--add <user_cn> Add user in the directory
IMPORTANT: The first and last name are separated by a space.
Spaces in the first and last name must be replaced by hyphens.
Examples: Von Doe becomes Van-Doe
-d <user_cn>,--del=<user_cn> Deleted user from directory
-h,--help Show this help
-v,--version Show version
Examples:
Add user
$progName -a "Yvan Descloux"
$progName --add="John Von-Doe"
Delete user John Von-Doe
$progName -d "John Von-Doe"
Delete user Yvan Descloux
$progName --del="Yvan Descloux"
EOF
}
#------------------------------------------------------------------------------
# addUser
function addUser {
# check if the format is coorect
if [ $(echo $user_to_add | grep -o " " | wc -l) != "1" ]; then
echo "'$user_to_add' format is not correct"
echo "The first name and last name must be separated by at least one space"
exit 1
fi
# parse cn
first_name=$(echo $user_to_add | cut -d' ' -f1)
last_name=$(echo $user_to_add | cut -d' ' -f2)
# get next uidNumber
getNextUidNumber
# set password (lastname)
user_pass=$(slappasswd -s $last_name)
# set home dir
home_dir=${first_name:0:3}${last_name}
lhome_dir=$(echo "${home_dir,,}") #,, set lowercase
# set mail address
email="${first_name,,}"."${last_name,,}"@$LDAP_USER_MAIL_DOMAIN
# add user in directory
ldapadd -x -H $LDAP_SRV -D "$LDAP_MANAGER_USER" -w $LDAP_MANAGER_PASS <<EOF
dn: cn=$first_name $last_name,ou=people,$LDAP_BASE
cn: $first_name $last_name
displayName: $first_name $last_name
givenName: $first_name
sn: $last_name
objectClass: posixAccount
objectClass: inetOrgPerson
uid: $first_name.$last_name
uidNumber: $next_uidNumber
gidNumber: $next_uidNumber
userPassword: $user_pass
mail: $email
homeDirectory: /home/$lhome_dir
EOF
}
#------------------------------------------------------------------------------
# delUser
function delUser {
#echo $user_to_del
ldapdelete -x -H $LDAP_SRV -D "$LDAP_MANAGER_USER" -w $LDAP_MANAGER_PASS \
"cn=$user_to_del,ou=people,$LDAP_BASE"
if [ "$?" == "0" ]; then
echo "$user_to_del successfully deleted from directory"
fi
}
#------------------------------------------------------------------------------
# main
# version
version="v1.0.0"
# script name
progName="./$(/bin/basename $0)"
# read all functios
source functions.sh
# read config
readConfig
# check that a parameter exists
if [ -z "$1" ]; then
printUsage
exit 1
fi
while test $# -gt 0
do
case "$1" in
-a|--add*)
# --add parameter
if [[ $1 =~ add= ]]; then
user_to_add="$(echo $1 | cut -f2 -d=)"
if [ -z "${user_to_add}" ]; then
printUsage
exit 1
fi
addUser
shift
# -a parameter
else
# check if argument from -a exist
if [ -z "$2" ]; then
printUsage
exit 1
fi
user_to_add="$2"
addUser
shift 2
fi
;;
-d|--del*)
# --del parameter
if [[ $1 =~ del= ]]; then
user_to_del="$(echo $1 | cut -f2 -d=)"
if [ -z "${user_to_del}" ]; then
printUsage
exit 1
fi
delUser
shift
# -d parameter
else
# check if argument from -d exist
if [ -z "$2" ]; then
printUsage
exit 1
fi
user_to_del="$2"
delUser
shift 2
fi
;;
-h|--help|help)
printUsage
exit 0
;;
-v|--version)
echo "2022-$(date +Y) $progName $version"
exit
;;
*)
echo "${progName}: invalid option -- '$1'!"
echo -e "Try '$progName --help' for more information.\n"
exit 1
;;
esac
done

13
toto.ldif Normal file
View File

@ -0,0 +1,13 @@
dn: cn=Jean Mouchet,ou=people,dc=gmolab,dc=net
cn: Jean Mouchet
displayName: Jean Mouchet
givenName: Jean
sn: Mouchet
objectClass: posixAccount
objectClass: inetOrgPerson
uid: Jean.Mouchet
uidNumber: 10006
gidNumber: 10006
userPassword: {SSHA}dtIqQYCEZrMbX3T7+1Z9y1urJXlSHMb8
mail: Jean.Mouchet@gmolab.net
homeDirectory: /home/Jean.Mouchet