Initial commit

2025-03-03 08:53:58 +08:00
commit 4a7b700045
5 changed files with 161 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -0,0 +1 @@
+Set of scripts to import passwd entries to LDAP.
--- a/config.sample
+++ b/config.sample
@@ -0,0 +1,6 @@
+# move to config
+BIND=cn=passwd-importer,ou=apps,dc=bignay,dc=net
+PASS=YOUR_BIND_PASSWORD
+BASEDN=dc=bignay,dc=net
+USER_BASEDN=ou=users,$BASEDN
+GROUP_BASEDN=ou=groups,$BASEDN
--- a/34
+++ b/34
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+# get the script dirname
+BINPATH="$(readlink "$0" || echo "$0")"
+DIRPATH="$(dirname "$BINPATH")"
+
+if ! [ -r "$DIRPATH/config" ]; then echo "Unable to read config file"; exit 128; fi
+source "$DIRPATH/config"
+
+# run as root
+if [ "$EUID" -ne 0 ]; then echo "Must be run as root"; exit 64; fi
+# Get user details
+GROUPNAME=$1
+if [ -z "$GROUPNAME" ]; then echo "No groupname supplied"; exit 1; fi
+
+# Get group info
+GROUPDB="$(getent group "$GROUPNAME")"
+if [ -z "$GROUPDB" ]; then echo "$USERNAME gid $GIDNUMBER not found"; exit 16; fi
+
+GIDNUMBER="$(echo "$GROUPDB" | cut -f 3 -d :)"
+GROUPMEMBERS="$(echo "$GROUPDB" | cut -f 4 -d :)"
+
+# enforce gid limits
+#GIDNUMBER_MIN=1000
+#GIDNUMBER_MAX=10000
+#if [ "$GIDNUMBER" -lt "$GIDNUMBER_MIN" ]; then echo "Refusing to add group below $GIDNUMBER_MIN"; exit 32; fi
+#if [ "$GIDNUMBER" -gt "$GIDNUMBER_MAX" ]; then echo "Refusing to add group above $GIDNUMBER_MAX"; exit 32; fi
+
+ldapadd -D "$BIND" -w "$PASS" -H ldapi:/// <<-LDIF
+	dn: cn=$GROUPNAME,$GROUP_BASEDN
+	objectClass: posixGroup
+	cn: $GROUPNAME
+	gidNumber: $GIDNUMBER
+LDIF
--- a/40
+++ b/40
@@ -0,0 +1,40 @@
+#!/bin/bash
+
+# get the script dirname
+BINPATH="$(readlink "$0" || echo "$0")"
+DIRPATH="$(dirname "$BINPATH")"
+
+if ! [ -r "$DIRPATH/config" ]; then echo "Unable to read config file"; exit 128; fi
+source "$DIRPATH/config"
+
+# run as root
+if [ "$EUID" -ne 0 ]; then echo "Must be run as root"; exit 64; fi
+
+# Get user details
+USERNAME=$1
+if [ -z "$USERNAME" ]; then echo "No username supplied"; exit 1; fi
+
+PASSDB="$(getent passwd $USERNAME)"
+if [ -z "$PASSDB" ]; then echo "User $USERNAME not found"; exit 2; fi
+
+UIDNUMBER="$(echo $PASSDB | cut -f 3 -d :)"
+
+# enforce uid limits
+UIDNUMBER_MIN=1000
+UIDNUMBER_MAX=10000
+
+if [ "$UIDNUMBER" -lt "$UIDNUMBER_MIN" ]; then echo "Refusing to update user below $UIDNUMBER_MIN"; exit 4; fi
+if [ "$UIDNUMBER" -gt "$UIDNUMBER_MAX" ]; then echo "Refusing to update user above $UIDNUMBER_MAX"; exit 4; fi
+
+# Get encrypted password hash
+SHADOWDB="$(getent shadow "$USERNAME")"
+if [ -z "$SHADOWDB" ]; then echo "$USERNAME password not found"; exit 8; fi
+
+SECRET="$(echo "$SHADOWDB" | cut -f 2 -d :)"
+
+ldapmodify -D "$BIND" -w "$PASS" -H ldapi:/// <<-LDIF
+	dn: cn=$USERNAME,$USER_BASEDN
+	changeType: modify
+	replace: userPassword
+	userPassword: {CRYPT}$SECRET
+LDIF
--- a/80
+++ b/80
@@ -0,0 +1,80 @@
+#!/bin/bash
+
+# get the script dirname
+BINPATH="$(readlink "$0" || echo "$0")"
+DIRPATH="$(dirname "$BINPATH")"
+
+if ! [ -r "$DIRPATH/config" ]; then echo "Unable to read config file"; exit 128; fi
+source "$DIRPATH/config"
+
+# run as root
+if [ "$EUID" -ne 0 ]; then echo "Must be run as root"; exit 64; fi
+
+# Get user details
+USERNAME=$1
+if [ -z "$USERNAME" ]; then echo "No username supplied"; exit 1; fi
+
+PASSDB="$(getent passwd $USERNAME)"
+if [ -z "$PASSDB" ]; then echo "User $USERNAME not found"; exit 2; fi
+
+UIDNUMBER="$(echo $PASSDB | cut -f 3 -d :)"
+
+# enforce uid limits
+UIDNUMBER_MIN=900
+UIDNUMBER_MAX=10000
+
+if [ "$UIDNUMBER" -lt "$UIDNUMBER_MIN" ]; then echo "Refusing to add user below $UIDNUMBER_MIN"; exit 4; fi
+if [ "$UIDNUMBER" -gt "$UIDNUMBER_MAX" ]; then echo "Refusing to add user above $UIDNUMBER_MAX"; exit 4; fi
+
+GIDNUMBER="$(echo $PASSDB | cut -f 4 -d :)"
+GECOS="$(echo $PASSDB | cut -f 5 -d : )"
+HOMEDIR="$(echo $PASSDB | cut -f 6 -d :)"
+LOGINSHELL="$(echo $PASSDB | cut -f 7 -d :)"
+
+# parse gecos for given name
+FULLNAME="$(echo "$GECOS" | cut -f 1 -d ,)"
+GIVENNAME="$(echo "$FULLNAME" | tr -s ' ' | rev | cut -f 2- -d ' ' | rev)"
+SURNAME="$(echo "$FULLNAME" | tr -s ' ' | rev | cut -f -1 -d ' ' | rev)"
+if [ -z "$GIVENNAME" ]; then GIVENNAME="$USERNAME"; fi
+if [ -z "$SURNAME" ]; then SURNAME=_; fi
+
+
+# Get encrypted password hash
+SHADOWDB="$(getent shadow "$USERNAME")"
+if [ -z "$SHADOWDB" ]; then echo "$USERNAME password not found"; exit 8; fi
+
+SECRET="$(echo "$SHADOWDB" | cut -f 2 -d :)"
+
+
+# Get group info
+GROUPDB="$(getent group "$GIDNUMBER")"
+if [ -z "$GROUPDB" ]; then echo "$USERNAME gid $GIDNUMBER not found"; exit 16; fi
+
+GROUPNAME="$(echo "$GROUPDB" | cut -f 1 -d :)"
+
+# enforce gid limits
+GIDNUMBER_MIN=900
+GIDNUMBER_MAX=10000
+if [ "$GIDNUMBER" -lt "$GIDNUMBER_MIN" ]; then echo "Refusing to add group below $GIDNUMBER_MIN"; exit 32; fi
+if [ "$GIDNUMBER" -gt "$GIDNUMBER_MAX" ]; then echo "Refusing to add group above $GIDNUMBER_MAX"; exit 32; fi
+
+ldapadd -D "$BIND" -w "$PASS" -H ldapi:/// <<-LDIF
+	dn: cn=$USERNAME,$USER_BASEDN
+	objectClass: posixAccount
+	objectClass: inetOrgPerson
+	objectClass: shadowAccount
+	cn: $USERNAME
+	uid: $USERNAME
+	givenName: $GIVENNAME
+	sn: $SURNAME
+	uidNumber: $UIDNUMBER
+	gidNumber: $GIDNUMBER
+	homeDirectory: $HOMEDIR
+	loginShell: $LOGINSHELL
+	userPassword: {CRYPT}$SECRET
+
+	dn: cn=$USERNAME,$GROUP_BASEDN
+	objectClass: posixGroup
+	cn: $USERNAME
+	gidNumber: $GIDNUMBER
+LDIF
				`@@ -0,0 +1 @@`
				`Set of scripts to import passwd entries to LDAP.`