Initial commit
This commit is contained in:
80
passwd-to-ldap-create
Executable file
80
passwd-to-ldap-create
Executable file
@@ -0,0 +1,80 @@
|
||||
#!/bin/bash
|
||||
|
||||
# get the script dirname
|
||||
BINPATH="$(readlink "$0" || echo "$0")"
|
||||
DIRPATH="$(dirname "$BINPATH")"
|
||||
|
||||
if ! [ -r "$DIRPATH/config" ]; then echo "Unable to read config file"; exit 128; fi
|
||||
source "$DIRPATH/config"
|
||||
|
||||
# run as root
|
||||
if [ "$EUID" -ne 0 ]; then echo "Must be run as root"; exit 64; fi
|
||||
|
||||
# Get user details
|
||||
USERNAME=$1
|
||||
if [ -z "$USERNAME" ]; then echo "No username supplied"; exit 1; fi
|
||||
|
||||
PASSDB="$(getent passwd $USERNAME)"
|
||||
if [ -z "$PASSDB" ]; then echo "User $USERNAME not found"; exit 2; fi
|
||||
|
||||
UIDNUMBER="$(echo $PASSDB | cut -f 3 -d :)"
|
||||
|
||||
# enforce uid limits
|
||||
UIDNUMBER_MIN=900
|
||||
UIDNUMBER_MAX=10000
|
||||
|
||||
if [ "$UIDNUMBER" -lt "$UIDNUMBER_MIN" ]; then echo "Refusing to add user below $UIDNUMBER_MIN"; exit 4; fi
|
||||
if [ "$UIDNUMBER" -gt "$UIDNUMBER_MAX" ]; then echo "Refusing to add user above $UIDNUMBER_MAX"; exit 4; fi
|
||||
|
||||
GIDNUMBER="$(echo $PASSDB | cut -f 4 -d :)"
|
||||
GECOS="$(echo $PASSDB | cut -f 5 -d : )"
|
||||
HOMEDIR="$(echo $PASSDB | cut -f 6 -d :)"
|
||||
LOGINSHELL="$(echo $PASSDB | cut -f 7 -d :)"
|
||||
|
||||
# parse gecos for given name
|
||||
FULLNAME="$(echo "$GECOS" | cut -f 1 -d ,)"
|
||||
GIVENNAME="$(echo "$FULLNAME" | tr -s ' ' | rev | cut -f 2- -d ' ' | rev)"
|
||||
SURNAME="$(echo "$FULLNAME" | tr -s ' ' | rev | cut -f -1 -d ' ' | rev)"
|
||||
if [ -z "$GIVENNAME" ]; then GIVENNAME="$USERNAME"; fi
|
||||
if [ -z "$SURNAME" ]; then SURNAME=_; fi
|
||||
|
||||
|
||||
# Get encrypted password hash
|
||||
SHADOWDB="$(getent shadow "$USERNAME")"
|
||||
if [ -z "$SHADOWDB" ]; then echo "$USERNAME password not found"; exit 8; fi
|
||||
|
||||
SECRET="$(echo "$SHADOWDB" | cut -f 2 -d :)"
|
||||
|
||||
|
||||
# Get group info
|
||||
GROUPDB="$(getent group "$GIDNUMBER")"
|
||||
if [ -z "$GROUPDB" ]; then echo "$USERNAME gid $GIDNUMBER not found"; exit 16; fi
|
||||
|
||||
GROUPNAME="$(echo "$GROUPDB" | cut -f 1 -d :)"
|
||||
|
||||
# enforce gid limits
|
||||
GIDNUMBER_MIN=900
|
||||
GIDNUMBER_MAX=10000
|
||||
if [ "$GIDNUMBER" -lt "$GIDNUMBER_MIN" ]; then echo "Refusing to add group below $GIDNUMBER_MIN"; exit 32; fi
|
||||
if [ "$GIDNUMBER" -gt "$GIDNUMBER_MAX" ]; then echo "Refusing to add group above $GIDNUMBER_MAX"; exit 32; fi
|
||||
|
||||
ldapadd -D "$BIND" -w "$PASS" -H ldapi:/// <<-LDIF
|
||||
dn: cn=$USERNAME,$USER_BASEDN
|
||||
objectClass: posixAccount
|
||||
objectClass: inetOrgPerson
|
||||
objectClass: shadowAccount
|
||||
cn: $USERNAME
|
||||
uid: $USERNAME
|
||||
givenName: $GIVENNAME
|
||||
sn: $SURNAME
|
||||
uidNumber: $UIDNUMBER
|
||||
gidNumber: $GIDNUMBER
|
||||
homeDirectory: $HOMEDIR
|
||||
loginShell: $LOGINSHELL
|
||||
userPassword: {CRYPT}$SECRET
|
||||
|
||||
dn: cn=$USERNAME,$GROUP_BASEDN
|
||||
objectClass: posixGroup
|
||||
cn: $USERNAME
|
||||
gidNumber: $GIDNUMBER
|
||||
LDIF
|
||||
Reference in New Issue
Block a user