Imported Upstream version 1.7.1
Alexander GQ Gerasiov
14 years ago
0 | 2007/10/13 : ldapscripts 1.7.1 | |
1 | - Fixes for CVE-2007-5373 | |
2 | see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5373 | |
3 | and http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=445582 | |
4 | ||
5 | 1) Up to now, each ldap* command was called with the -w parameter, which allows to | |
6 | specify the bind password on the command line. Unfortunately, this could make the | |
7 | password appear to anybody performing a `ps` during the call. This is now avoided | |
8 | by using the -y parameter and a password file. | |
9 | ||
10 | -> A new BINDPWDFILE option has been added : it specifies the path to the bind | |
11 | password file. This file can be created by something like : | |
12 | 'echo -n 'password' > $BINDPWDFILE' and you can now safely remove (or comment) the | |
13 | BINDPWD parameter from your configuration file. | |
14 | ||
15 | 2) Changing a user password could also reveal the new password on the command line, | |
16 | because of the use of ldappasswd's -s option. This has been fixed by using a temporary | |
17 | file containing the new password (and ldappassword's -T option). | |
18 | ||
19 | -> [internals] New mktempf() and reltempf() functions have been added | |
20 | ||
21 | [For older versions of OpenLDAP, -y and -T parameters may not be available. It is still | |
22 | possible to use the old BINDPWD parameter. Just uncomment it from the configuration file | |
23 | and comment the BINDPWDFILE parameter (which takes precedence over BINDPWD). The | |
24 | ldapscripts will just behave as previously and use inline -w and -s parameters, warning | |
25 | you this is not secure way of running them.] | |
26 | ||
27 | 3) A similar problem related to sed expressions has been found : it may also lead to | |
28 | reveal a user's password to `ps` users. This is now fixed by using temporary files | |
29 | containing sed expressions (and sed's -f option). | |
30 | ||
31 | 4) A new test has been added to check if 'echo' and '[' are built-in or not. If not, | |
32 | you'll be warned that the ldapscripts may not be safe to use (because these commands | |
33 | manipulate passwords when creating temporary files). | |
34 | ||
35 | -> [internals] New is_builtin() function | |
36 | ||
37 | Note that these flaws depend largely on your kernel configuration : hardened kernels | |
38 | should not be impacted (e.g. if you use security.bsd.see_other_[u|g]ids sysctls on | |
39 | FreeBSD). It may also depend on the version of OpenLDAP client commands you run. | |
40 | ||
41 | Thanks a lot to Don and Madcoder for their help ! | |
42 | ||
43 | - Few fixes to avoid using non-standard 'if ! command's... | |
44 | ||
45 | 2007/09/03 : ldapscripts 1.7 | |
46 | - Fixed several typos and bugs | |
47 | - _ldapinit : new options : '-r' and '-s' to create only the root dn ('-r'), or regular OUs ('-s') | |
48 | - [internals] Added the ability to select depth when using _extractldif() | |
49 | - [internals] New is_integer function | |
50 | - _lsldap : new options : '-u', '-g' and '-m', to list only 'u'ser, 'g'roup or 'm'achine entries | |
51 | - New _ldapmodify{user,group,machine} interactive scripts to edit entries | |
52 | - Added a new $TMPDIR configuration variable (necessary for the new scripts) | |
53 | - Added _ldapmodify{user,group,machine}(1) manpages | |
54 | - Now bundled with a brand-new Makefile (old install script no more available) | |
55 | ||
56 | 2007/04/20 : ldapscripts 1.6 | |
57 | - Fixed typos | |
58 | - internal _ldapsearch() improved | |
59 | - New _ldapfinger command to display a user/machine/group POSIX account's details | |
60 | - ldapadduser : new option to set the defaults permissions when creating home directories (thanks to Guillaume Rousse) | |
61 | - It is now possible to use a full URI instead of a name for the SERVER directive (thanks to Guillaume Rousse) | |
62 | - It is now possible to use external LDIF templates when creating a user/machine/group (thanks to Guillaume Rousse) | |
63 | See TEMPLATES options in the ldapscripts.conf file and *.template.sample files in the etc/ directory | |
64 | - Now use 'sort -n' instead of 'sort -g' when extracting the last account from the directory (thanks to Rudi van Drunen) | |
65 | - Added a 'description' attribute for group accounts | |
66 | ||
67 | 2007/01/03 : ldapscripts 1.5 | |
68 | - Fixed typos (thanks to Mikael Lammentausta) | |
69 | - Small fixes to the install script | |
70 | - ldapadduser : use $_UID instead of $_USER while chown'ing homedir (thanks to Mikael Lammentausta) | |
71 | - ldapadduser : new option to ask for the gecos (thanks to Mikael Lammentausta) | |
72 | - ldapadduser : new option to copy skeleton files to home directories (thanks to Mikael Lammentausta) | |
73 | - ldapadduser : now skip user's home dir creation if it already exists | |
74 | - ldapadduser/ldapaddmachine : modified account description attributes : set to 'User account' or 'Machine account' | |
75 | - ldapadduser/ldapaddgroup/ldapaddmachine : use $_USER and $_GROUP instead of $1 when possible | |
76 | - New _ldappasswd script to modify a user's password (suggested by Mikael Lammentausta) | |
77 | ||
78 | 2006/01/05 : ldapscripts 1.4 | |
79 | - More code cleaning !!! Code now clean... (and bug-free ???) - thanks to Madcoder for the help he provided ! | |
80 | - Removed dependency to slappasswd !!! Using ldappasswd instead (included in the standard ldap-client commands) | |
81 | - Added new ldaprenameuser command (uses ldapmodrdn included in the standard ldap-client commands) | |
82 | Add this to Samba 3.0.21's configuration file : rename user script = ldaprenameuser '%uold' '%unew' | |
83 | Warning : renaming an entry (user/group/machine) only involves renaming its RDN ! | |
84 | This means may have to change manually the account's homedir (user) and modify each group to include the new | |
85 | rdn (user/machine) as a memberuid. | |
86 | - Also added useful _ldaprenamegroup and _ldaprenamemachine scripts (not used by Samba) | |
87 | - A user/machine is now searched using its uid (no more use of its cn) | |
88 | - Full command now shown in logs | |
89 | - Modified README | |
90 | - New TODO file | |
91 | - Man pages (section 1 for each script, section 5 for a global "ldapscripts" manual) | |
92 | ||
93 | 2005/10/01 : ldapscripts 1.3 | |
94 | Compatibility rework / code cleaning - the scripts now work on FreeBSD ! | |
95 | - no more calls to "source", use . instead | |
96 | - now using "=" instead of "==" in test | |
97 | - now return 1 instead of -1 when an error occurs | |
98 | - added possibility to specify the getent command, so you can use pw instead (for FreeBSD) | |
99 | - added auto-guess for this command if left blank in conf file | |
100 | - splitted the horrible conf file into a real conf file and a "runtime" file | |
101 | ||
102 | 2005/07/15 : ldapscript 1.2 | |
103 | - applied patch from Vincent Esposito to make sure uid/gid/mid found in LDAP is higher than *START ones | |
104 | - small documentation modifications | |
105 | ||
106 | 2005/02/18 : ldapscripts 1.1 | |
107 | - added _ldapinit command, to inititalize an LDAP directory with a minimal hierarchy | |
108 | - added support for home directories creation (see ldapscripts.conf) | |
109 | - no more need for backslashes in user home directories and user shell in ldapscripts.conf | |
110 | - added support for initializing (randomized) passwords when adding a user. | |
111 | - Passwords can also be recorded into a log file when performing a massive user creation (see ldapscripts.conf) | |
112 | ||
113 | 2005/02/07 : ldapscripts 1.0 |
0 | GNU GENERAL PUBLIC LICENSE | |
1 | Version 2, June 1991 | |
2 | ||
3 | Copyright (C) 1989, 1991 Free Software Foundation, Inc. | |
4 | 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
5 | Everyone is permitted to copy and distribute verbatim copies | |
6 | of this license document, but changing it is not allowed. | |
7 | ||
8 | Preamble | |
9 | ||
10 | The licenses for most software are designed to take away your | |
11 | freedom to share and change it. By contrast, the GNU General Public | |
12 | License is intended to guarantee your freedom to share and change free | |
13 | software--to make sure the software is free for all its users. This | |
14 | General Public License applies to most of the Free Software | |
15 | Foundation's software and to any other program whose authors commit to | |
16 | using it. (Some other Free Software Foundation software is covered by | |
17 | the GNU Library General Public License instead.) You can apply it to | |
18 | your programs, too. | |
19 | ||
20 | When we speak of free software, we are referring to freedom, not | |
21 | price. Our General Public Licenses are designed to make sure that you | |
22 | have the freedom to distribute copies of free software (and charge for | |
23 | this service if you wish), that you receive source code or can get it | |
24 | if you want it, that you can change the software or use pieces of it | |
25 | in new free programs; and that you know you can do these things. | |
26 | ||
27 | To protect your rights, we need to make restrictions that forbid | |
28 | anyone to deny you these rights or to ask you to surrender the rights. | |
29 | These restrictions translate to certain responsibilities for you if you | |
30 | distribute copies of the software, or if you modify it. | |
31 | ||
32 | For example, if you distribute copies of such a program, whether | |
33 | gratis or for a fee, you must give the recipients all the rights that | |
34 | you have. You must make sure that they, too, receive or can get the | |
35 | source code. And you must show them these terms so they know their | |
36 | rights. | |
37 | ||
38 | We protect your rights with two steps: (1) copyright the software, and | |
39 | (2) offer you this license which gives you legal permission to copy, | |
40 | distribute and/or modify the software. | |
41 | ||
42 | Also, for each author's protection and ours, we want to make certain | |
43 | that everyone understands that there is no warranty for this free | |
44 | software. If the software is modified by someone else and passed on, we | |
45 | want its recipients to know that what they have is not the original, so | |
46 | that any problems introduced by others will not reflect on the original | |
47 | authors' reputations. | |
48 | ||
49 | Finally, any free program is threatened constantly by software | |
50 | patents. We wish to avoid the danger that redistributors of a free | |
51 | program will individually obtain patent licenses, in effect making the | |
52 | program proprietary. To prevent this, we have made it clear that any | |
53 | patent must be licensed for everyone's free use or not licensed at all. | |
54 | ||
55 | The precise terms and conditions for copying, distribution and | |
56 | modification follow. | |
57 | ||
58 | GNU GENERAL PUBLIC LICENSE | |
59 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION | |
60 | ||
61 | 0. This License applies to any program or other work which contains | |
62 | a notice placed by the copyright holder saying it may be distributed | |
63 | under the terms of this General Public License. The "Program", below, | |
64 | refers to any such program or work, and a "work based on the Program" | |
65 | means either the Program or any derivative work under copyright law: | |
66 | that is to say, a work containing the Program or a portion of it, | |
67 | either verbatim or with modifications and/or translated into another | |
68 | language. (Hereinafter, translation is included without limitation in | |
69 | the term "modification".) Each licensee is addressed as "you". | |
70 | ||
71 | Activities other than copying, distribution and modification are not | |
72 | covered by this License; they are outside its scope. The act of | |
73 | running the Program is not restricted, and the output from the Program | |
74 | is covered only if its contents constitute a work based on the | |
75 | Program (independent of having been made by running the Program). | |
76 | Whether that is true depends on what the Program does. | |
77 | ||
78 | 1. You may copy and distribute verbatim copies of the Program's | |
79 | source code as you receive it, in any medium, provided that you | |
80 | conspicuously and appropriately publish on each copy an appropriate | |
81 | copyright notice and disclaimer of warranty; keep intact all the | |
82 | notices that refer to this License and to the absence of any warranty; | |
83 | and give any other recipients of the Program a copy of this License | |
84 | along with the Program. | |
85 | ||
86 | You may charge a fee for the physical act of transferring a copy, and | |
87 | you may at your option offer warranty protection in exchange for a fee. | |
88 | ||
89 | 2. You may modify your copy or copies of the Program or any portion | |
90 | of it, thus forming a work based on the Program, and copy and | |
91 | distribute such modifications or work under the terms of Section 1 | |
92 | above, provided that you also meet all of these conditions: | |
93 | ||
94 | a) You must cause the modified files to carry prominent notices | |
95 | stating that you changed the files and the date of any change. | |
96 | ||
97 | b) You must cause any work that you distribute or publish, that in | |
98 | whole or in part contains or is derived from the Program or any | |
99 | part thereof, to be licensed as a whole at no charge to all third | |
100 | parties under the terms of this License. | |
101 | ||
102 | c) If the modified program normally reads commands interactively | |
103 | when run, you must cause it, when started running for such | |
104 | interactive use in the most ordinary way, to print or display an | |
105 | announcement including an appropriate copyright notice and a | |
106 | notice that there is no warranty (or else, saying that you provide | |
107 | a warranty) and that users may redistribute the program under | |
108 | these conditions, and telling the user how to view a copy of this | |
109 | License. (Exception: if the Program itself is interactive but | |
110 | does not normally print such an announcement, your work based on | |
111 | the Program is not required to print an announcement.) | |
112 | ||
113 | These requirements apply to the modified work as a whole. If | |
114 | identifiable sections of that work are not derived from the Program, | |
115 | and can be reasonably considered independent and separate works in | |
116 | themselves, then this License, and its terms, do not apply to those | |
117 | sections when you distribute them as separate works. But when you | |
118 | distribute the same sections as part of a whole which is a work based | |
119 | on the Program, the distribution of the whole must be on the terms of | |
120 | this License, whose permissions for other licensees extend to the | |
121 | entire whole, and thus to each and every part regardless of who wrote it. | |
122 | ||
123 | Thus, it is not the intent of this section to claim rights or contest | |
124 | your rights to work written entirely by you; rather, the intent is to | |
125 | exercise the right to control the distribution of derivative or | |
126 | collective works based on the Program. | |
127 | ||
128 | In addition, mere aggregation of another work not based on the Program | |
129 | with the Program (or with a work based on the Program) on a volume of | |
130 | a storage or distribution medium does not bring the other work under | |
131 | the scope of this License. | |
132 | ||
133 | 3. You may copy and distribute the Program (or a work based on it, | |
134 | under Section 2) in object code or executable form under the terms of | |
135 | Sections 1 and 2 above provided that you also do one of the following: | |
136 | ||
137 | a) Accompany it with the complete corresponding machine-readable | |
138 | source code, which must be distributed under the terms of Sections | |
139 | 1 and 2 above on a medium customarily used for software interchange; or, | |
140 | ||
141 | b) Accompany it with a written offer, valid for at least three | |
142 | years, to give any third party, for a charge no more than your | |
143 | cost of physically performing source distribution, a complete | |
144 | machine-readable copy of the corresponding source code, to be | |
145 | distributed under the terms of Sections 1 and 2 above on a medium | |
146 | customarily used for software interchange; or, | |
147 | ||
148 | c) Accompany it with the information you received as to the offer | |
149 | to distribute corresponding source code. (This alternative is | |
150 | allowed only for noncommercial distribution and only if you | |
151 | received the program in object code or executable form with such | |
152 | an offer, in accord with Subsection b above.) | |
153 | ||
154 | The source code for a work means the preferred form of the work for | |
155 | making modifications to it. For an executable work, complete source | |
156 | code means all the source code for all modules it contains, plus any | |
157 | associated interface definition files, plus the scripts used to | |
158 | control compilation and installation of the executable. However, as a | |
159 | special exception, the source code distributed need not include | |
160 | anything that is normally distributed (in either source or binary | |
161 | form) with the major components (compiler, kernel, and so on) of the | |
162 | operating system on which the executable runs, unless that component | |
163 | itself accompanies the executable. | |
164 | ||
165 | If distribution of executable or object code is made by offering | |
166 | access to copy from a designated place, then offering equivalent | |
167 | access to copy the source code from the same place counts as | |
168 | distribution of the source code, even though third parties are not | |
169 | compelled to copy the source along with the object code. | |
170 | ||
171 | 4. You may not copy, modify, sublicense, or distribute the Program | |
172 | except as expressly provided under this License. Any attempt | |
173 | otherwise to copy, modify, sublicense or distribute the Program is | |
174 | void, and will automatically terminate your rights under this License. | |
175 | However, parties who have received copies, or rights, from you under | |
176 | this License will not have their licenses terminated so long as such | |
177 | parties remain in full compliance. | |
178 | ||
179 | 5. You are not required to accept this License, since you have not | |
180 | signed it. However, nothing else grants you permission to modify or | |
181 | distribute the Program or its derivative works. These actions are | |
182 | prohibited by law if you do not accept this License. Therefore, by | |
183 | modifying or distributing the Program (or any work based on the | |
184 | Program), you indicate your acceptance of this License to do so, and | |
185 | all its terms and conditions for copying, distributing or modifying | |
186 | the Program or works based on it. | |
187 | ||
188 | 6. Each time you redistribute the Program (or any work based on the | |
189 | Program), the recipient automatically receives a license from the | |
190 | original licensor to copy, distribute or modify the Program subject to | |
191 | these terms and conditions. You may not impose any further | |
192 | restrictions on the recipients' exercise of the rights granted herein. | |
193 | You are not responsible for enforcing compliance by third parties to | |
194 | this License. | |
195 | ||
196 | 7. If, as a consequence of a court judgment or allegation of patent | |
197 | infringement or for any other reason (not limited to patent issues), | |
198 | conditions are imposed on you (whether by court order, agreement or | |
199 | otherwise) that contradict the conditions of this License, they do not | |
200 | excuse you from the conditions of this License. If you cannot | |
201 | distribute so as to satisfy simultaneously your obligations under this | |
202 | License and any other pertinent obligations, then as a consequence you | |
203 | may not distribute the Program at all. For example, if a patent | |
204 | license would not permit royalty-free redistribution of the Program by | |
205 | all those who receive copies directly or indirectly through you, then | |
206 | the only way you could satisfy both it and this License would be to | |
207 | refrain entirely from distribution of the Program. | |
208 | ||
209 | If any portion of this section is held invalid or unenforceable under | |
210 | any particular circumstance, the balance of the section is intended to | |
211 | apply and the section as a whole is intended to apply in other | |
212 | circumstances. | |
213 | ||
214 | It is not the purpose of this section to induce you to infringe any | |
215 | patents or other property right claims or to contest validity of any | |
216 | such claims; this section has the sole purpose of protecting the | |
217 | integrity of the free software distribution system, which is | |
218 | implemented by public license practices. Many people have made | |
219 | generous contributions to the wide range of software distributed | |
220 | through that system in reliance on consistent application of that | |
221 | system; it is up to the author/donor to decide if he or she is willing | |
222 | to distribute software through any other system and a licensee cannot | |
223 | impose that choice. | |
224 | ||
225 | This section is intended to make thoroughly clear what is believed to | |
226 | be a consequence of the rest of this License. | |
227 | ||
228 | 8. If the distribution and/or use of the Program is restricted in | |
229 | certain countries either by patents or by copyrighted interfaces, the | |
230 | original copyright holder who places the Program under this License | |
231 | may add an explicit geographical distribution limitation excluding | |
232 | those countries, so that distribution is permitted only in or among | |
233 | countries not thus excluded. In such case, this License incorporates | |
234 | the limitation as if written in the body of this License. | |
235 | ||
236 | 9. The Free Software Foundation may publish revised and/or new versions | |
237 | of the General Public License from time to time. Such new versions will | |
238 | be similar in spirit to the present version, but may differ in detail to | |
239 | address new problems or concerns. | |
240 | ||
241 | Each version is given a distinguishing version number. If the Program | |
242 | specifies a version number of this License which applies to it and "any | |
243 | later version", you have the option of following the terms and conditions | |
244 | either of that version or of any later version published by the Free | |
245 | Software Foundation. If the Program does not specify a version number of | |
246 | this License, you may choose any version ever published by the Free Software | |
247 | Foundation. | |
248 | ||
249 | 10. If you wish to incorporate parts of the Program into other free | |
250 | programs whose distribution conditions are different, write to the author | |
251 | to ask for permission. For software which is copyrighted by the Free | |
252 | Software Foundation, write to the Free Software Foundation; we sometimes | |
253 | make exceptions for this. Our decision will be guided by the two goals | |
254 | of preserving the free status of all derivatives of our free software and | |
255 | of promoting the sharing and reuse of software generally. | |
256 | ||
257 | NO WARRANTY | |
258 | ||
259 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY | |
260 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN | |
261 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES | |
262 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED | |
263 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF | |
264 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS | |
265 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE | |
266 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, | |
267 | REPAIR OR CORRECTION. | |
268 | ||
269 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING | |
270 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR | |
271 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, | |
272 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING | |
273 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED | |
274 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY | |
275 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER | |
276 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE | |
277 | POSSIBILITY OF SUCH DAMAGES. | |
278 | ||
279 | END OF TERMS AND CONDITIONS | |
280 | ||
281 | How to Apply These Terms to Your New Programs | |
282 | ||
283 | If you develop a new program, and you want it to be of the greatest | |
284 | possible use to the public, the best way to achieve this is to make it | |
285 | free software which everyone can redistribute and change under these terms. | |
286 | ||
287 | To do so, attach the following notices to the program. It is safest | |
288 | to attach them to the start of each source file to most effectively | |
289 | convey the exclusion of warranty; and each file should have at least | |
290 | the "copyright" line and a pointer to where the full notice is found. | |
291 | ||
292 | <one line to give the program's name and a brief idea of what it does.> | |
293 | Copyright (C) <year> <name of author> | |
294 | ||
295 | This program is free software; you can redistribute it and/or modify | |
296 | it under the terms of the GNU General Public License as published by | |
297 | the Free Software Foundation; either version 2 of the License, or | |
298 | (at your option) any later version. | |
299 | ||
300 | This program is distributed in the hope that it will be useful, | |
301 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
302 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
303 | GNU General Public License for more details. | |
304 | ||
305 | You should have received a copy of the GNU General Public License | |
306 | along with this program; if not, write to the Free Software | |
307 | Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
308 | ||
309 | ||
310 | Also add information on how to contact you by electronic and paper mail. | |
311 | ||
312 | If the program is interactive, make it output a short notice like this | |
313 | when it starts in an interactive mode: | |
314 | ||
315 | Gnomovision version 69, Copyright (C) year name of author | |
316 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. | |
317 | This is free software, and you are welcome to redistribute it | |
318 | under certain conditions; type `show c' for details. | |
319 | ||
320 | The hypothetical commands `show w' and `show c' should show the appropriate | |
321 | parts of the General Public License. Of course, the commands you use may | |
322 | be called something other than `show w' and `show c'; they could even be | |
323 | mouse-clicks or menu items--whatever suits your program. | |
324 | ||
325 | You should also get your employer (if you work as a programmer) or your | |
326 | school, if any, to sign a "copyright disclaimer" for the program, if | |
327 | necessary. Here is a sample; alter the names: | |
328 | ||
329 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program | |
330 | `Gnomovision' (which makes passes at compilers) written by James Hacker. | |
331 | ||
332 | <signature of Ty Coon>, 1 April 1989 | |
333 | Ty Coon, President of Vice | |
334 | ||
335 | This General Public License does not permit incorporating your program into | |
336 | proprietary programs. If your program is a subroutine library, you may | |
337 | consider it more useful to permit linking proprietary applications with the | |
338 | library. If this is what you want to do, use the GNU Library General | |
339 | Public License instead of this License. |
0 | # Makefile for the lapscripts | |
1 | ||
2 | # Copyright (C) 2007 Ganaël LAPLANCHE | |
3 | # | |
4 | # This program is free software; you can redistribute it and/or | |
5 | # modify it under the terms of the GNU General Public License | |
6 | # as published by the Free Software Foundation; either version 2 | |
7 | # of the License, or (at your option) any later version. | |
8 | # | |
9 | # This program is distributed in the hope that it will be useful, | |
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
12 | # GNU General Public License for more details. | |
13 | # | |
14 | # You should have received a copy of the GNU General Public License | |
15 | # along with this program; if not, write to the Free Software | |
16 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
17 | # USA. | |
18 | ||
19 | # Configuration / variables section | |
20 | PREFIX = /usr/local | |
21 | ||
22 | # Where to install scripts | |
23 | BINDIR = $(PREFIX)/bin | |
24 | # Where to install man pages | |
25 | MANDIR = $(PREFIX)/man | |
26 | # Where to install configuration files | |
27 | ETCDIR = $(PREFIX)/etc/ldapscripts | |
28 | # Where to install the runtime file | |
29 | RUNDIR = $(ETCDIR) | |
30 | ||
31 | ### Do not edit ### | |
32 | SHELL=/bin/sh | |
33 | NAME = ldapscripts | |
34 | #SUFFIX = -devel | |
35 | VERSION = 1.7.1 | |
36 | ||
37 | RUNFILE = runtime | |
38 | ETCFILE = ldapscripts.conf | |
39 | PWDFILE = ldapscripts.passwd | |
40 | BINFILES = _ldapdeletemachine _ldapmodifygroup _ldappasswd _lsldap ldapadduser \ | |
41 | ldapdeleteuser ldapsetprimarygroup _ldapfinger _ldapmodifymachine \ | |
42 | _ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \ | |
43 | _ldapinit _ldapmodifyuser _ldaprenamemachine ldapaddmachine ldapdeletegroup \ | |
44 | ldaprenameuser | |
45 | MAN1FILES = _ldapdeletemachine.1 _ldapmodifymachine.1 _ldaprenamemachine.1 ldapadduser.1 \ | |
46 | ldapdeleteuserfromgroup.1 _ldapfinger.1 _ldapmodifyuser.1 _lsldap.1 \ | |
47 | ldapaddusertogroup.1 ldaprenameuser.1 _ldapinit.1 _ldappasswd.1 ldapaddgroup.1 \ | |
48 | ldapdeletegroup.1 ldapsetprimarygroup.1 _ldapmodifygroup.1 _ldaprenamegroup.1 \ | |
49 | ldapaddmachine.1 ldapdeleteuser.1 | |
50 | MAN5FILES = ldapscripts.5 | |
51 | TMPLFILES = ldapaddgroup.template.sample ldapaddmachine.template.sample ldapadduser.template.sample | |
52 | ||
53 | # Default target | |
54 | all: help | |
55 | ||
56 | # Help target | |
57 | help: | |
58 | @echo "Usage: make [VARIABLE=<value>] <target>" | |
59 | @echo "Valid variables :" | |
60 | @echo " PREFIX : main target directory for installation (default = /usr/local)" | |
61 | @echo " BINDIR : where to install scripts (default = PREFIX/bin)" | |
62 | @echo " MANDIR : where to install man pages (default = PREFIX/man)" | |
63 | @echo " ETCDIR : where to install the configuration file (default = PREFIX/etc/ldapscripts)" | |
64 | @echo " RUNDIR : where to install the runtime file (default = PREFIX)" | |
65 | @echo "Valid targets :" | |
66 | @echo " configure : prepare sources for installation" | |
67 | @echo " install : install everything" | |
68 | @echo " uninstall : uninstall everything (except the main configuration file)" | |
69 | @echo " clean : clean up sources" | |
70 | @echo " package : create a package in /tmp" | |
71 | @echo " help : this help" | |
72 | @echo "Additional targets :" | |
73 | @echo " installbin : install main scripts" | |
74 | @echo " installman : install man pages" | |
75 | @echo " installetc : install configuration, runtime and template files" | |
76 | @echo " uninstallbin : uninstall main scripts" | |
77 | @echo " uninstallman : uninstall man pages" | |
78 | @echo " uninstalletc : uninstall configuration, runtime and template files" | |
79 | @echo " deinstall : synonym for uninstall" | |
80 | @echo " distclean : synonym for clean" | |
81 | @echo " mrproper : synonym for clean" | |
82 | ||
83 | # Configure target | |
84 | configure: | |
85 | @echo -n 'Configuring scripts... ' | |
86 | @sed 's|^BINDPWDFILE=.*|BINDPWDFILE=\"$(ETCDIR)/$(PWDFILE)\"|g' 'etc/$(ETCFILE)' > 'etc/$(ETCFILE).patched' | |
87 | @sed 's|^_CONFIGFILE=.*|_CONFIGFILE=\"$(ETCDIR)/$(ETCFILE)\"|g' 'etc/$(RUNFILE)' > 'etc/$(RUNFILE).patched' | |
88 | @for i in $(BINFILES) ; do \ | |
89 | sed 's|^_RUNTIMEFILE=.*|_RUNTIMEFILE=\"$(RUNDIR)/$(RUNFILE)\"|g' "bin/$$i" > "bin/$$i.patched" ; \ | |
90 | done | |
91 | @echo 'ok. ' | |
92 | ||
93 | # Install targets | |
94 | install: installbin installman installetc | |
95 | installbin: configure | |
96 | @echo -n 'Installing scripts into $(BINDIR)... ' | |
97 | @mkdir -p '$(BINDIR)' 2>/dev/null | |
98 | @for i in $(BINFILES) ; do \ | |
99 | install -m 750 "bin/$$i.patched" "$(BINDIR)/$$i" ; \ | |
100 | done | |
101 | @echo 'ok. ' | |
102 | ||
103 | installman: | |
104 | @echo -n 'Installing man files into $(MANDIR)... ' | |
105 | @mkdir -p '$(MANDIR)/man1' 2>/dev/null | |
106 | @for i in $(MAN1FILES) ; do \ | |
107 | cat "man/man1/$$i" | gzip - > "$(MANDIR)/man1/`basename $$i`.gz" ; \ | |
108 | done | |
109 | @mkdir -p '$(MANDIR)/man5' 2>/dev/null | |
110 | @for i in $(MAN5FILES) ; do \ | |
111 | cat "man/man5/$$i" | gzip - > "$(MANDIR)/man5/`basename $$i`.gz" ; \ | |
112 | done | |
113 | @echo 'ok. ' | |
114 | ||
115 | installetc: | |
116 | @echo -n 'Installing configuration files into $(ETCDIR)... ' | |
117 | @mkdir -p '$(ETCDIR)' 2>/dev/null | |
118 | @install -m 640 -b 'etc/$(ETCFILE).patched' '$(ETCDIR)/$(ETCFILE)' | |
119 | @install -m 440 -b 'etc/$(PWDFILE)' '$(ETCDIR)' | |
120 | @for i in $(TMPLFILES) ; do \ | |
121 | install -m 440 "etc/$$i" '$(ETCDIR)' ; \ | |
122 | done | |
123 | @mkdir -p '$(RUNDIR)' 2>/dev/null | |
124 | @install -m 440 'etc/$(RUNFILE).patched' '$(RUNDIR)/$(RUNFILE)' | |
125 | @echo 'ok. ' | |
126 | ||
127 | # Uninstall targets | |
128 | deinstall: uninstall | |
129 | uninstall: uninstallbin uninstallman uninstalletc | |
130 | uninstallbin: | |
131 | @echo -n 'Uninstalling scripts from $(BINDIR)... ' | |
132 | @for i in $(BINFILES) ; do \ | |
133 | rm -f "$(BINDIR)/$$i" ; \ | |
134 | done | |
135 | @rmdir '$(BINDIR)' 2>/dev/null || true | |
136 | @echo 'ok. ' | |
137 | ||
138 | uninstallman: | |
139 | @echo -n 'Uninstalling man files from $(MANDIR)... ' | |
140 | @for i in $(MAN1FILES) ; do \ | |
141 | rm -f "$(MANDIR)/man1/`basename $$i`.gz" ; \ | |
142 | done | |
143 | @rmdir '$(MANDIR)/man1' 2>/dev/null || true | |
144 | @for i in $(MAN5FILES) ; do \ | |
145 | rm -f "$(MANDIR)/man5/`basename $$i`.gz" ; \ | |
146 | done | |
147 | @rmdir '$(MANDIR)/man5' 2>/dev/null || true | |
148 | @echo 'ok. ' | |
149 | ||
150 | uninstalletc: | |
151 | @echo '(Leaving $(ETCDIR)/$(ETCFILE) as it is the main configuration file)' | |
152 | @echo -n 'Uninstalling other configuration files from $(ETCDIR)... ' | |
153 | @rm -f '$(ETCDIR)/$(PWDFILE)' | |
154 | @for i in $(TMPLFILES) ; do \ | |
155 | rm -f "$(ETCDIR)/$$i" ; \ | |
156 | done | |
157 | @rm -f '$(RUNDIR)/$(RUNFILE)' | |
158 | @rmdir '$(RUNDIR)' 2>/dev/null || true | |
159 | @echo 'ok. ' | |
160 | ||
161 | # Clean targets | |
162 | clean: | |
163 | @echo -n 'Cleaning sources... ' | |
164 | @rm -f 'etc/$(ETCFILE).patched' | |
165 | @rm -f 'etc/$(RUNFILE).patched' | |
166 | @for i in $(BINFILES) ; do \ | |
167 | rm -f "bin/$$i.patched" ; \ | |
168 | done | |
169 | @echo 'ok. ' | |
170 | distclean: clean | |
171 | mrproper: clean | |
172 | ||
173 | # Package target | |
174 | package: clean | |
175 | @echo -n 'Creating package /tmp/$(NAME)-$(VERSION)$(SUFFIX).tgz... ' | |
176 | @(cd .. && tar czf /tmp/$(NAME)-$(VERSION)$(SUFFIX).tgz $(NAME)-$(VERSION)) | |
177 | @echo 'ok. ' | |
178 |
0 | Ldapscripts - README file | |
1 | ************************* | |
2 | ||
3 | Description : | |
4 | ************* | |
5 | ||
6 | These scripts are designed to be used within the Samba's smb.conf file | |
7 | (or manually) and allow to create POSIX entries for users, groups and | |
8 | machines in an LDAP directory. They are written in sh and need ldap | |
9 | client commands to work correctly (ldapadd, ldapdelete, ldapmodify, | |
10 | ldapsearch). | |
11 | ||
12 | They are designed to be used under GNU/Linux or FreeBSD (any other | |
13 | UNIX-like should also work) and require several binaries that should | |
14 | come with your OS (uuencode, getent/pw, date, grep, sed, cut, expr...) | |
15 | ||
16 | Latest version available on http://contribs.martymac.com | |
17 | ||
18 | Installing and configuring the ldapscripts : | |
19 | ******************************************** | |
20 | ||
21 | To install the scripts, just type in : | |
22 | # make install | |
23 | or, to defined another installation directory : | |
24 | # make PREFIX=/target/directory install | |
25 | ||
26 | Use 'make help' for more options. | |
27 | ||
28 | All the scripts will be copied (by default) to /usr/local/bin and | |
29 | ldapscripts.conf will be copied to /usr/local/etc/ldapscripts. | |
30 | ||
31 | Keep in mind that the scripts are installed with quite restrictive rights | |
32 | (because you will have to specify you LDAP password as clear-text in the | |
33 | configuration file). Just use group rights or ACLs (if they are enabled | |
34 | on your system) to make the things work... | |
35 | ||
36 | Once installed, edit /usr/local/etc/ldapscripts/ldapscripts.conf to | |
37 | configure the ldapscripts. | |
38 | ||
39 | Then, just type in - e.g. : | |
40 | # ldapadduser foo foogroup | |
41 | ||
42 | See the man pages for more details. | |
43 | ||
44 | Configuring your OpenLDAP server : | |
45 | ********************************** | |
46 | ||
47 | Be sure to include these schemas in your slapd.conf : | |
48 | ||
49 | - core.schema | |
50 | - cosine.schema (for the account objectClass) | |
51 | - nis.schema (for the posixAccount objectClass) | |
52 | ||
53 | Using the ldapscripts with Samba : | |
54 | ********************************** | |
55 | ||
56 | To use the ldapscripts with Samba (e.g. for an NT4 -> Samba migration), | |
57 | just add the following to your smb.conf file : | |
58 | ||
59 | # [...] | |
60 | add machine script = /usr/local/bin/ldapaddmachine '%u' sambamachines | |
61 | add user script = /usr/local/bin/ldapadduser '%u' sambausers | |
62 | add group script = /usr/local/bin/ldapaddgroup '%g' | |
63 | add user to group script = /usr/local/bin/ldapaddusertogroup '%u' '%g' | |
64 | delete user script = /usr/local/bin/ldapdeleteuser '%u' | |
65 | delete group script = /usr/local/bin/ldapdeletegroup '%g' | |
66 | delete user from group script = /usr/local/bin/ldapdeleteuserfromgroup '%u' '%g' | |
67 | set primary group script = /usr/local/bin/ldapsetprimarygroup '%u' '%g' | |
68 | rename user script = /usr/local/bin/ldaprenameuser '%uold' '%unew' | |
69 | # [...] | |
70 | ||
71 | and make sure sambamachines and sambausers exist before attempting to | |
72 | do a "net rpc vampire"... | |
73 | ||
74 | Also be sure to have your machine using the LDAP server as a posix accounts | |
75 | source (e.g. nsswitch + nss_ldap on GNU/Linux) since the scripts use | |
76 | getent (or pw for FreeBSD) to fetch accounts information. | |
77 | ||
78 | Files : | |
79 | ******* | |
80 | ||
81 | * Various files : | |
82 | ||
83 | README : this file ! | |
84 | COPYING : the GPLv2 (or later) license | |
85 | CHANGELOG : the changelog file, of course | |
86 | VERSION : the current version of the ldapscripts | |
87 | TODO : ideas, remaining work | |
88 | Makefile : installation Makefile | |
89 | ||
90 | * Man pages : | |
91 | ||
92 | man/* : man pages | |
93 | ||
94 | * Configuration files : | |
95 | ||
96 | etc/ldapscripts.conf : configuration file | |
97 | etc/runtime : runtime file used by the scripts (contains functions, etc...) | |
98 | etc/ldapadduser.template.sample : user LDIF template file | |
99 | etc/ldapaddgroup.template.sample : group LDIF template file | |
100 | etc/ldapaddmachine.template.sample : machine LDIF template file | |
101 | ||
102 | * Scripts that can be used in Samba's configuration file (smb.conf) : | |
103 | ||
104 | bin/ldapaddgroup : adds a POSIX group to LDAP | |
105 | bin/ldapadduser : adds a POSIX user to LDAP | |
106 | bin/ldapdeletegroup : deletes a POSIX group from LDAP | |
107 | bin/ldapdeleteuserfromgroup : deletes a memberUid entry from a POSIX group | |
108 | bin/ldapsetprimarygroup : sets gidNumber of a POSIX user or machine account | |
109 | bin/ldapaddmachine : adds a POSIX machine (user$) to LDAP | |
110 | bin/ldapaddusertogroup : add a memberUid entry to a POSIX group | |
111 | bin/ldapdeleteuser : deletes a POSIX user from LDAP | |
112 | bin/ldaprenameuser : renames a POSIX user account in LDAP | |
113 | ||
114 | * Additional (useful) scripts not used by Samba (those beginning with a "_") : | |
115 | ||
116 | bin/_ldapdeletemachine : deletes a POSIX machine account in LDAP | |
117 | bin/_ldapinit : initializes the LDAP tree with a minimal tree | |
118 | bin/_lsldap : performs a *big* recursive query on the LDAP server from the root dn | |
119 | bin/_ldapmodifyuser : modifies a POSIX user account in LDAP interactively | |
120 | bin/_ldapmodifymachine : modifies a POSIX machine account in LDAP interactively | |
121 | bin/_ldapmodifygroup : modifies a POSIX group account in LDAP interactively | |
122 | bin/_ldaprenamemachine : renames a POSIX machine account in LDAP | |
123 | bin/_ldaprenamegroup : renames a POSIX group in LDAP | |
124 | bin/_ldappasswd : modifies a POSIX user account's password in LDAP | |
125 | bin/_ldapfinger : displays a user/machine/group POSIX account's details | |
126 | ||
127 | Author / Licence : | |
128 | ****************** | |
129 | ||
130 | These scripts have been written by Ganaël LAPLANCHE (ganael.laplanche@martymac.com) | |
131 | and are available within the GPL license (see COPYING for details). | |
132 | ||
133 | Thanks for using the ldapscripts... Any feedback welcome :) |
0 | TODO (ideas) : | |
1 | ************** | |
2 | ||
3 | - Allow to use %g (goup name) in ldapadduser (for _HOMEDIR and _genpassword) | |
4 | - Merge UIDSTART and MIDSTART or find a way to use them efficiently | |
5 | (currently, to avoid id overlapping, once a user or machine is created, the next id will | |
6 | be its id + 1, for any kind of account. UIDSTART and MIDSTART are only used for the very | |
7 | first account created ; this behaviour should be changed) | |
8 | ||
9 | - Add more options to the scripts (a better parsing will be necessary) | |
10 | - an option to ldapdeleteuser to delete users' home directories | |
11 | - a 'dry-run' option to display (only) LDIF data | |
12 | - an option to modify the home dirs (LDAP + directory + rights) of a user when renaming it ? | |
13 | - an option to modify related groups (memberUid's) when renaming/deleting a user/machine ? | |
14 | - an option to block deleting a group if it is a user's primary group ? |
0 | #!/bin/sh | |
1 | ||
2 | # _ldapdeletemachine : deletes a POSIX machine (user$) account from LDAP | |
3 | ||
4 | # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora | |
5 | # | |
6 | # This program is free software; you can redistribute it and/or | |
7 | # modify it under the terms of the GNU General Public License | |
8 | # as published by the Free Software Foundation; either version 2 | |
9 | # of the License, or (at your option) any later version. | |
10 | # | |
11 | # This program is distributed in the hope that it will be useful, | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | # GNU General Public License for more details. | |
15 | # | |
16 | # You should have received a copy of the GNU General Public License | |
17 | # along with this program; if not, write to the Free Software | |
18 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
19 | # USA. | |
20 | ||
21 | if [ -z "$1" ] | |
22 | then | |
23 | echo "Usage : $0 <machinename with ending \$ | uid>" | |
24 | exit 1 | |
25 | fi | |
26 | ||
27 | # Source runtime file | |
28 | _RUNTIMEFILE="/etc/ldapscripts/runtime" | |
29 | . "$_RUNTIMEFILE" | |
30 | ||
31 | # Find machinename : $1 must exist in LDAP ! | |
32 | _findentry "$MSUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" | |
33 | [ -z "$_ENTRY" ] && end_die "Machine $1 not found in LDAP (missing ending \$ ?)" | |
34 | ||
35 | # Delete entry | |
36 | _ldapdelete "$_ENTRY" || end_die "Error deleting machine $_ENTRY from LDAP" | |
37 | end_ok "Successfully deleted machine $_ENTRY from LDAP" |
0 | #!/bin/sh | |
1 | ||
2 | # _ldapfinger : displays a user/machine/group POSIX account's details | |
3 | ||
4 | # Copyright (C) 2006 Ganaël LAPLANCHE | |
5 | # | |
6 | # This program is free software; you can redistribute it and/or | |
7 | # modify it under the terms of the GNU General Public License | |
8 | # as published by the Free Software Foundation; either version 2 | |
9 | # of the License, or (at your option) any later version. | |
10 | # | |
11 | # This program is distributed in the hope that it will be useful, | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | # GNU General Public License for more details. | |
15 | # | |
16 | # You should have received a copy of the GNU General Public License | |
17 | # along with this program; if not, write to the Free Software | |
18 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
19 | # USA. | |
20 | ||
21 | if [ -z "$1" ] | |
22 | then | |
23 | echo "Usage : $0 <username | machinename | groupname | uid | gid>" | |
24 | exit 1 | |
25 | fi | |
26 | ||
27 | # Source runtime file | |
28 | _RUNTIMEFILE="/etc/ldapscripts/runtime" | |
29 | . "$_RUNTIMEFILE" | |
30 | ||
31 | # Find and display the entry | |
32 | _ldapsearch "$SUFFIX" "(|(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))(&(objectClass=posixGroup)(|(cn=$1)(gidNumber=$1))))" || end_die "No entry found" | |
33 | end_ok |
0 | #!/bin/sh | |
1 | ||
2 | # _ldapinit : initializes the LDAP directory with a minimal tree | |
3 | ||
4 | # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora | |
5 | # | |
6 | # This program is free software; you can redistribute it and/or | |
7 | # modify it under the terms of the GNU General Public License | |
8 | # as published by the Free Software Foundation; either version 2 | |
9 | # of the License, or (at your option) any later version. | |
10 | # | |
11 | # This program is distributed in the hope that it will be useful, | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | # GNU General Public License for more details. | |
15 | # | |
16 | # You should have received a copy of the GNU General Public License | |
17 | # along with this program; if not, write to the Free Software | |
18 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
19 | # USA. | |
20 | ||
21 | if [ "$1" = "-h" ] | |
22 | then | |
23 | echo "Usage : $0 [-r | -s]" | |
24 | exit 1 | |
25 | fi | |
26 | ||
27 | # Source runtime file | |
28 | _RUNTIMEFILE="/etc/ldapscripts/runtime" | |
29 | . "$_RUNTIMEFILE" | |
30 | ||
31 | # Clean up suffix info | |
32 | _SUFFIX=`echo $SUFFIX | cut -d ',' -f 1 | cut -d '=' -f 2` | |
33 | _USUFFIX=`echo $USUFFIX | cut -d ',' -f 1 | cut -d '=' -f 2` | |
34 | _GSUFFIX=`echo $GSUFFIX | cut -d ',' -f 1 | cut -d '=' -f 2` | |
35 | _MSUFFIX=`echo $MSUFFIX | cut -d ',' -f 1 | cut -d '=' -f 2` | |
36 | ||
37 | # First add the root DN if necessary | |
38 | if [ "$1" != "-s" ] | |
39 | then | |
40 | _extractldif 2 | _filterldif | _ldapadd | |
41 | [ $? -eq 0 ] || end_die "Error initializing LDAP tree" | |
42 | fi | |
43 | ||
44 | # Now add remaining stuff | |
45 | if [ "$1" != "-r" ] | |
46 | then | |
47 | _extractldif 3 | _filterldif | _ldapadd | |
48 | [ $? -eq 0 ] || end_die "Error initializing LDAP tree" | |
49 | fi | |
50 | end_ok "Successfully initialized LDAP tree" | |
51 | ||
52 | # Ldif template ################################## | |
53 | ##dn: <suffix> | |
54 | ##objectClass: dcObject | |
55 | ##objectClass: organization | |
56 | ##dc: <_suffix> | |
57 | ##o: <_suffix> | |
58 | ##description: <_suffix> | |
59 | ## | |
60 | ###dn: <usuffix>,<suffix> | |
61 | ###objectClass: top | |
62 | ###objectClass: organizationalUnit | |
63 | ###ou: <_usuffix> | |
64 | ### | |
65 | ###dn: <gsuffix>,<suffix> | |
66 | ###objectClass: top | |
67 | ###objectClass: organizationalUnit | |
68 | ###ou: <_gsuffix> | |
69 | ### | |
70 | ###dn: <msuffix>,<suffix> | |
71 | ###objectClass: top | |
72 | ###objectClass: organizationalUnit | |
73 | ###ou: <_msuffix> | |
74 | ### | |
75 | ###dn: ou=Idmap,<suffix> | |
76 | ###objectClass: organizationalUnit | |
77 | ###ou: Idmap |
0 | #!/bin/sh | |
1 | ||
2 | # _ldapmodifygroup : modifies a POSIX group account in LDAP interactively | |
3 | ||
4 | # Copyright (C) 2007 Ganaël LAPLANCHE | |
5 | # | |
6 | # This program is free software; you can redistribute it and/or | |
7 | # modify it under the terms of the GNU General Public License | |
8 | # as published by the Free Software Foundation; either version 2 | |
9 | # of the License, or (at your option) any later version. | |
10 | # | |
11 | # This program is distributed in the hope that it will be useful, | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | # GNU General Public License for more details. | |
15 | # | |
16 | # You should have received a copy of the GNU General Public License | |
17 | # along with this program; if not, write to the Free Software | |
18 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
19 | # USA. | |
20 | ||
21 | if [ -z "$1" ] | |
22 | then | |
23 | echo "Usage : $0 <groupname | gid>" | |
24 | exit 1 | |
25 | fi | |
26 | ||
27 | # Source runtime file | |
28 | _RUNTIMEFILE="/etc/ldapscripts/runtime" | |
29 | . "$_RUNTIMEFILE" | |
30 | ||
31 | # Find groupname : $1 must exist in LDAP ! | |
32 | _findentry "$GSUFFIX,$SUFFIX" "(&(objectClass=posixGroup)(|(cn=$1)(gidNumber=$1)))" | |
33 | [ -z "$_ENTRY" ] && end_die "Group $1 not found in LDAP" | |
34 | ||
35 | # Allocate and create temp file | |
36 | mktempf | |
37 | echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" | |
38 | ||
39 | # Display entry | |
40 | echo "# About to modify the following entry :" | |
41 | _ldapsearch "$_ENTRY" | |
42 | ||
43 | # Edit entry | |
44 | echo "# Enter your modifications here, end with CTRL-D." | |
45 | echo "dn: $_ENTRY" | |
46 | cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" | |
47 | ||
48 | # Send modifications | |
49 | cat "$_TMPFILE" | _ldapmodify | |
50 | if [ $? -ne 0 ] | |
51 | then | |
52 | reltempf | |
53 | end_die "Error modifying group entry $_ENTRY in LDAP" | |
54 | fi | |
55 | reltempf | |
56 | end_ok "Successfully modified group entry $_ENTRY in LDAP" |
0 | #!/bin/sh | |
1 | ||
2 | # _ldapmodifymachine : modifies a POSIX machine account in LDAP interactively | |
3 | ||
4 | # Copyright (C) 2007 Ganaël LAPLANCHE | |
5 | # | |
6 | # This program is free software; you can redistribute it and/or | |
7 | # modify it under the terms of the GNU General Public License | |
8 | # as published by the Free Software Foundation; either version 2 | |
9 | # of the License, or (at your option) any later version. | |
10 | # | |
11 | # This program is distributed in the hope that it will be useful, | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | # GNU General Public License for more details. | |
15 | # | |
16 | # You should have received a copy of the GNU General Public License | |
17 | # along with this program; if not, write to the Free Software | |
18 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
19 | # USA. | |
20 | ||
21 | if [ -z "$1" ] | |
22 | then | |
23 | echo "Usage : $0 <machinename with ending \$ | uid>" | |
24 | exit 1 | |
25 | fi | |
26 | ||
27 | # Source runtime file | |
28 | _RUNTIMEFILE="/etc/ldapscripts/runtime" | |
29 | . "$_RUNTIMEFILE" | |
30 | ||
31 | # Find machinename : $1 must exist in LDAP ! | |
32 | _findentry "$MSUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" | |
33 | [ -z "$_ENTRY" ] && end_die "Machine $1 not found in LDAP (missing ending \$ ?)" | |
34 | ||
35 | # Allocate and create temp file | |
36 | mktempf | |
37 | echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" | |
38 | ||
39 | # Display entry | |
40 | echo "# About to modify the following entry :" | |
41 | _ldapsearch "$_ENTRY" | |
42 | ||
43 | # Edit entry | |
44 | echo "# Enter your modifications here, end with CTRL-D." | |
45 | echo "dn: $_ENTRY" | |
46 | cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" | |
47 | ||
48 | # Send modifications | |
49 | cat "$_TMPFILE" | _ldapmodify | |
50 | if [ $? -ne 0 ] | |
51 | then | |
52 | reltempf | |
53 | end_die "Error modifying machine entry $_ENTRY in LDAP" | |
54 | fi | |
55 | reltempf | |
56 | end_ok "Successfully modified machine entry $_ENTRY in LDAP" |
0 | #!/bin/sh | |
1 | ||
2 | # _ldapmodifyuser : modifies a POSIX user account in LDAP interactively | |
3 | ||
4 | # Copyright (C) 2007 Ganaël LAPLANCHE | |
5 | # | |
6 | # This program is free software; you can redistribute it and/or | |
7 | # modify it under the terms of the GNU General Public License | |
8 | # as published by the Free Software Foundation; either version 2 | |
9 | # of the License, or (at your option) any later version. | |
10 | # | |
11 | # This program is distributed in the hope that it will be useful, | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | # GNU General Public License for more details. | |
15 | # | |
16 | # You should have received a copy of the GNU General Public License | |
17 | # along with this program; if not, write to the Free Software | |
18 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
19 | # USA. | |
20 | ||
21 | if [ -z "$1" ] | |
22 | then | |
23 | echo "Usage : $0 <username | uid>" | |
24 | exit 1 | |
25 | fi | |
26 | ||
27 | # Source runtime file | |
28 | _RUNTIMEFILE="/etc/ldapscripts/runtime" | |
29 | . "$_RUNTIMEFILE" | |
30 | ||
31 | # Find username : $1 must exist in LDAP ! | |
32 | _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" | |
33 | [ -z "$_ENTRY" ] && end_die "User $1 not found in LDAP" | |
34 | ||
35 | # Allocate and create temp file | |
36 | mktempf | |
37 | echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" | |
38 | ||
39 | # Display entry | |
40 | echo "# About to modify the following entry :" | |
41 | _ldapsearch "$_ENTRY" | |
42 | ||
43 | # Edit entry | |
44 | echo "# Enter your modifications here, end with CTRL-D." | |
45 | echo "dn: $_ENTRY" | |
46 | cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" | |
47 | ||
48 | # Send modifications | |
49 | cat "$_TMPFILE" | _ldapmodify | |
50 | if [ $? -ne 0 ] | |
51 | then | |
52 | reltempf | |
53 | end_die "Error modifying user entry $_ENTRY in LDAP" | |
54 | fi | |
55 | reltempf | |
56 | end_ok "Successfully modified user entry $_ENTRY in LDAP" |
0 | #!/bin/sh | |
1 | ||
2 | # _ldappasswd : modifies a POSIX user account's password in LDAP | |
3 | ||
4 | # Copyright (C) 2006 Ganaël LAPLANCHE | |
5 | # | |
6 | # This program is free software; you can redistribute it and/or | |
7 | # modify it under the terms of the GNU General Public License | |
8 | # as published by the Free Software Foundation; either version 2 | |
9 | # of the License, or (at your option) any later version. | |
10 | # | |
11 | # This program is distributed in the hope that it will be useful, | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | # GNU General Public License for more details. | |
15 | # | |
16 | # You should have received a copy of the GNU General Public License | |
17 | # along with this program; if not, write to the Free Software | |
18 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
19 | # USA. | |
20 | ||
21 | if [ -z "$1" ] | |
22 | then | |
23 | echo "Usage : $0 <username | uid> [encoded password]" | |
24 | exit 1 | |
25 | fi | |
26 | ||
27 | # Source runtime file | |
28 | _RUNTIMEFILE="/etc/ldapscripts/runtime" | |
29 | . "$_RUNTIMEFILE" | |
30 | ||
31 | # Find username : $1 must exist in LDAP ! | |
32 | _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" | |
33 | [ -z "$_ENTRY" ] && end_die "User $1 not found in LDAP" | |
34 | ||
35 | if [ -z "$2" ] # Have to prompt for a *clear* password | |
36 | then | |
37 | echo "Changing password for user $_ENTRY" | |
38 | echo -n "New Password: " | |
39 | stty -echo ; read _PASSWORD ; stty echo ; echo '' | |
40 | [ -z "$_PASSWORD" ] && end_die "Please enter a password" | |
41 | echo -n "New Password (verify): " | |
42 | stty -echo ; read _PASSWORD2 ; stty echo ; echo '' | |
43 | [ "$_PASSWORD" != "$_PASSWORD2" ] && end_die "Passwords differ, please try again" | |
44 | ||
45 | # Change the user's password | |
46 | _changepassword "$_PASSWORD" "$_ENTRY" | |
47 | [ $? -eq 0 ] && echo_log "Successfully set password for user $_ENTRY" | |
48 | end_ok | |
49 | else # Have to use the *encoded* password given on the command line | |
50 | # Use LDIF info to modify the password | |
51 | _PASSWORD="$2" | |
52 | _extractldif 2 | _filterldif | _ldapmodify | |
53 | [ $? -eq 0 ] || end_die "Error setting encoded password for user $_ENTRY" | |
54 | end_ok "Successfully set encoded password for user $_ENTRY" | |
55 | fi | |
56 | ||
57 | # Ldif template ################################## | |
58 | ##dn: <entry> | |
59 | ##changetype: modify | |
60 | ##replace: userPassword | |
61 | ##userPassword: <password> |
0 | #!/bin/sh | |
1 | ||
2 | # ldaprenamegroup : renames a POSIX group in LDAP | |
3 | ||
4 | # Copyright (C) 2006 Ganaël LAPLANCHE | |
5 | # | |
6 | # This program is free software; you can redistribute it and/or | |
7 | # modify it under the terms of the GNU General Public License | |
8 | # as published by the Free Software Foundation; either version 2 | |
9 | # of the License, or (at your option) any later version. | |
10 | # | |
11 | # This program is distributed in the hope that it will be useful, | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | # GNU General Public License for more details. | |
15 | # | |
16 | # You should have received a copy of the GNU General Public License | |
17 | # along with this program; if not, write to the Free Software | |
18 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
19 | # USA. | |
20 | ||
21 | if [ -z "$1" ] || [ -z "$2" ] | |
22 | then | |
23 | echo "Usage : $0 <old groupname | gid> <new groupname>" | |
24 | exit 1 | |
25 | fi | |
26 | ||
27 | # Source runtime file | |
28 | _RUNTIMEFILE="/etc/ldapscripts/runtime" | |
29 | . "$_RUNTIMEFILE" | |
30 | ||
31 | # Find dest username : $2 must not exist in LDAP ! | |
32 | _findentry "$GSUFFIX,$SUFFIX" "(&(objectClass=posixGroup)(cn=$2))" | |
33 | [ -z "$_ENTRY" ] || end_die "Group $2 already exists in LDAP" | |
34 | ||
35 | # Find src username : $1 must exist in LDAP ! | |
36 | _findentry "$GSUFFIX,$SUFFIX" "(&(objectClass=posixGroup)(|(cn=$1)(gidNumber=$1)))" | |
37 | [ -z "$_ENTRY" ] && end_die "Group $1 not found in LDAP" | |
38 | ||
39 | # Rename entry | |
40 | _ldaprename "$_ENTRY" "cn=$2" || end_die "Error renaming group $_ENTRY to $2 in LDAP" | |
41 | end_ok "Successfully renamed group $_ENTRY to $2 in LDAP" |
0 | #!/bin/sh | |
1 | ||
2 | # ldaprenamemachine : renames a POSIX machine account in LDAP | |
3 | ||
4 | # Copyright (C) 2006 Ganaël LAPLANCHE | |
5 | # | |
6 | # This program is free software; you can redistribute it and/or | |
7 | # modify it under the terms of the GNU General Public License | |
8 | # as published by the Free Software Foundation; either version 2 | |
9 | # of the License, or (at your option) any later version. | |
10 | # | |
11 | # This program is distributed in the hope that it will be useful, | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | # GNU General Public License for more details. | |
15 | # | |
16 | # You should have received a copy of the GNU General Public License | |
17 | # along with this program; if not, write to the Free Software | |
18 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
19 | # USA. | |
20 | ||
21 | if [ -z "$1" ] || [ -z "$2" ] | |
22 | then | |
23 | echo "Usage : $0 <old machinename with ending \$ | uid> <new machinename with ending \$>" | |
24 | exit 1 | |
25 | fi | |
26 | ||
27 | # Source runtime file | |
28 | _RUNTIMEFILE="/etc/ldapscripts/runtime" | |
29 | . "$_RUNTIMEFILE" | |
30 | ||
31 | # Find dest machinename : $2 must not exist in LDAP ! | |
32 | _findentry "$MSUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(uid=$2))" | |
33 | [ -z "$_ENTRY" ] || end_die "Machine $2 already exists in LDAP" | |
34 | ||
35 | # Find src machinename : $1 must exist in LDAP ! | |
36 | _findentry "$MSUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" | |
37 | [ -z "$_ENTRY" ] && end_die "Machine $1 not found in LDAP (missing ending \$ ?)" | |
38 | ||
39 | # Rename entry | |
40 | _ldaprename "$_ENTRY" "uid=$2" || end_die "Error renaming machine $_ENTRY to $2 in LDAP" | |
41 | end_ok "Successfully renamed machine $_ENTRY to $2 in LDAP" |
0 | #!/bin/sh | |
1 | ||
2 | # _lsldap : performs a *big* query on the LDAP directory | |
3 | ||
4 | # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora | |
5 | # | |
6 | # This program is free software; you can redistribute it and/or | |
7 | # modify it under the terms of the GNU General Public License | |
8 | # as published by the Free Software Foundation; either version 2 | |
9 | # of the License, or (at your option) any later version. | |
10 | # | |
11 | # This program is distributed in the hope that it will be useful, | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | # GNU General Public License for more details. | |
15 | # | |
16 | # You should have received a copy of the GNU General Public License | |
17 | # along with this program; if not, write to the Free Software | |
18 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
19 | # USA. | |
20 | ||
21 | # WARNING : this script searches the whole directory as $BINDDN... | |
22 | # It may be *VERY* long and return a limited number of entries | |
23 | # Always use slapcat to backup your directory !!! | |
24 | ||
25 | if [ "$1" = "-h" ] | |
26 | then | |
27 | echo "Usage : $0 [[-h] | [-u | -g | -m]]" | |
28 | exit 1 | |
29 | fi | |
30 | ||
31 | # Source runtime file | |
32 | _RUNTIMEFILE="/etc/ldapscripts/runtime" | |
33 | . "$_RUNTIMEFILE" | |
34 | ||
35 | case "$1" in | |
36 | "-u") | |
37 | _ldapsearch "$USUFFIX,$SUFFIX" "(objectClass=posixAccount)" || end_die "No entry found" | |
38 | ;; | |
39 | "-g") | |
40 | _ldapsearch "$GSUFFIX,$SUFFIX" "(objectClass=posixGroup)" || end_die "No entry found" | |
41 | ;; | |
42 | "-m") | |
43 | _ldapsearch "$MSUFFIX,$SUFFIX" "(objectClass=posixAccount)" || end_die "No entry found" | |
44 | ;; | |
45 | *) | |
46 | _ldapsearch "$SUFFIX" || end_die "No entry found" | |
47 | ;; | |
48 | esac | |
49 | end_ok |
0 | #!/bin/sh | |
1 | ||
2 | # ldapaddgroup : adds a POSIX group entry to LDAP | |
3 | ||
4 | # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora | |
5 | # | |
6 | # This program is free software; you can redistribute it and/or | |
7 | # modify it under the terms of the GNU General Public License | |
8 | # as published by the Free Software Foundation; either version 2 | |
9 | # of the License, or (at your option) any later version. | |
10 | # | |
11 | # This program is distributed in the hope that it will be useful, | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | # GNU General Public License for more details. | |
15 | # | |
16 | # You should have received a copy of the GNU General Public License | |
17 | # along with this program; if not, write to the Free Software | |
18 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
19 | # USA. | |
20 | ||
21 | if [ -z "$1" ] | |
22 | then | |
23 | echo "Usage : $0 <groupname> [gid]" | |
24 | exit 1 | |
25 | fi | |
26 | ||
27 | # Source runtime file | |
28 | _RUNTIMEFILE="/etc/ldapscripts/runtime" | |
29 | . "$_RUNTIMEFILE" | |
30 | ||
31 | # Group name | |
32 | _GROUP="$1" | |
33 | # Group GID | |
34 | if [ -z "$2" ] # No argument, we must find a correct GID | |
35 | then | |
36 | _findlastgroup | |
37 | else | |
38 | _GID="$2" | |
39 | fi | |
40 | ||
41 | # Use template if necessary | |
42 | if [ -n "$GTEMPLATE" ] && [ -r "$GTEMPLATE" ] | |
43 | then | |
44 | _getldif="cat $GTEMPLATE" | |
45 | else | |
46 | _getldif="_extractldif 2" | |
47 | fi | |
48 | ||
49 | # Add user to LDAP | |
50 | $_getldif | _filterldif | _ldapadd | |
51 | ||
52 | [ $? -eq 0 ] || end_die "Error adding group $_GROUP to LDAP" | |
53 | end_ok "Successfully added group $_GROUP to LDAP" | |
54 | ||
55 | # Ldif template ################################## | |
56 | ##dn: cn=<group>,<gsuffix>,<suffix> | |
57 | ##objectClass: posixGroup | |
58 | ##cn: <group> | |
59 | ##gidNumber: <gid> | |
60 | ##description: Group account |
0 | #!/bin/sh | |
1 | ||
2 | # ldapaddmachine : adds a POSIX machine (user$) account to LDAP | |
3 | ||
4 | # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora | |
5 | # | |
6 | # This program is free software; you can redistribute it and/or | |
7 | # modify it under the terms of the GNU General Public License | |
8 | # as published by the Free Software Foundation; either version 2 | |
9 | # of the License, or (at your option) any later version. | |
10 | # | |
11 | # This program is distributed in the hope that it will be useful, | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | # GNU General Public License for more details. | |
15 | # | |
16 | # You should have received a copy of the GNU General Public License | |
17 | # along with this program; if not, write to the Free Software | |
18 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
19 | # USA. | |
20 | ||
21 | if [ -z "$1" ] || [ -z "$2" ] | |
22 | then | |
23 | echo "Usage : $0 <machinename with ending \$> <groupname | gid> [uid]" | |
24 | exit 1 | |
25 | fi | |
26 | ||
27 | # Source runtime file | |
28 | _RUNTIMEFILE="/etc/ldapscripts/runtime" | |
29 | . "$_RUNTIMEFILE" | |
30 | ||
31 | # Machine name = first argument | |
32 | _USER="$1" | |
33 | # Machine GID = second argument | |
34 | _grouptogid "$2" | |
35 | # Machine UID | |
36 | if [ -z "$3" ] # No argument, we must find a correct UID | |
37 | then | |
38 | _findlastmachine | |
39 | else | |
40 | _UID="$3" | |
41 | fi | |
42 | ||
43 | # Use template if necessary | |
44 | if [ -n "$MTEMPLATE" ] && [ -r "$MTEMPLATE" ] | |
45 | then | |
46 | _getldif="cat $MTEMPLATE" | |
47 | else | |
48 | _getldif="_extractldif 2" | |
49 | fi | |
50 | ||
51 | # Add user to LDAP | |
52 | $_getldif | _filterldif | _ldapadd | |
53 | ||
54 | [ $? -eq 0 ] || end_die "Error adding machine $_USER to LDAP" | |
55 | end_ok "Successfully added machine $_USER to LDAP" | |
56 | ||
57 | # Ldif template ################################## | |
58 | ##dn: uid=<user>,<msuffix>,<suffix> | |
59 | ##objectClass: account | |
60 | ##objectClass: posixAccount | |
61 | ##cn: <user> | |
62 | ##uid: <user> | |
63 | ##uidNumber: <uid> | |
64 | ##gidNumber: <gid> | |
65 | ##homeDirectory: /dev/null | |
66 | ##loginShell: /bin/false | |
67 | ##gecos: <user> | |
68 | ##description: Machine account |
0 | #!/bin/sh | |
1 | ||
2 | # ldapadduser : adds a POSIX user account to LDAP | |
3 | ||
4 | # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora | |
5 | # | |
6 | # This program is free software; you can redistribute it and/or | |
7 | # modify it under the terms of the GNU General Public License | |
8 | # as published by the Free Software Foundation; either version 2 | |
9 | # of the License, or (at your option) any later version. | |
10 | # | |
11 | # This program is distributed in the hope that it will be useful, | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | # GNU General Public License for more details. | |
15 | # | |
16 | # You should have received a copy of the GNU General Public License | |
17 | # along with this program; if not, write to the Free Software | |
18 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
19 | # USA. | |
20 | ||
21 | if [ -z "$1" ] || [ -z "$2" ] | |
22 | then | |
23 | echo "Usage : $0 <username> <groupname | gid> [uid]" | |
24 | exit 1 | |
25 | fi | |
26 | ||
27 | # Source runtime file | |
28 | _RUNTIMEFILE="/etc/ldapscripts/runtime" | |
29 | . "$_RUNTIMEFILE" | |
30 | ||
31 | # Username = first argument | |
32 | _USER="$1" | |
33 | # User GID = second argument | |
34 | _grouptogid "$2" | |
35 | # User UID | |
36 | if [ -z "$3" ] # No argument, we must find a correct UID | |
37 | then | |
38 | _findlastuser | |
39 | else | |
40 | _UID="$3" | |
41 | fi | |
42 | ||
43 | # Compute homedir | |
44 | _HOMEDIR=`echo "$UHOMES" | sed -e "s|%u|$_USER|g"` | |
45 | ||
46 | # Ask for a gecos if necessary | |
47 | if is_yes "$ASKGECOS" | |
48 | then | |
49 | echo -n "Please enter user's full name: " | |
50 | read _GECOS | |
51 | else | |
52 | _GECOS="$_USER" | |
53 | fi | |
54 | ||
55 | # Use template if necessary | |
56 | if [ -n "$UTEMPLATE" ] && [ -r "$UTEMPLATE" ] | |
57 | then | |
58 | _getldif="cat $UTEMPLATE" | |
59 | else | |
60 | _getldif="_extractldif 2" | |
61 | fi | |
62 | ||
63 | # Add user to LDAP | |
64 | $_getldif | _filterldif | _ldapadd | |
65 | ||
66 | [ $? -eq 0 ] || end_die "Error adding user $_USER to LDAP" | |
67 | echo_log "Successfully added user $_USER to LDAP" | |
68 | ||
69 | # Generate the user's password | |
70 | _genpassword "$_USER" | |
71 | ||
72 | # Add the user's password | |
73 | _changepassword "$_PASSWORD" "uid=$_USER,$USUFFIX,$SUFFIX" | |
74 | [ $? -eq 0 ] && echo_log "Successfully set password for user $_USER" | |
75 | ||
76 | # Create Home dir | |
77 | if is_yes "$CREATEHOMES" | |
78 | then | |
79 | if [ -e "$_HOMEDIR" ] | |
80 | then | |
81 | echo_log "Skipped home directory creation for user $_USER (already exists)" | |
82 | else | |
83 | # Create home by skel or mkdir | |
84 | if [ -d "$HOMESKEL" ] | |
85 | then | |
86 | cp -PR "$HOMESKEL/" "$_HOMEDIR" 2>>"$LOGFILE" 1>/dev/null | |
87 | else | |
88 | mkdir -p "$_HOMEDIR" 2>>"$LOGFILE" 1>/dev/null | |
89 | fi | |
90 | ||
91 | chmod "$HOMEPERMS" "$_HOMEDIR" 2>>"$LOGFILE" 1>/dev/null | |
92 | chown -R "$_UID":"$_GID" "$_HOMEDIR" 2>>"$LOGFILE" 1>/dev/null | |
93 | echo_log "Successfully created home directory for user $_USER" | |
94 | fi | |
95 | fi | |
96 | ||
97 | end_ok | |
98 | ||
99 | # Ldif template ################################## | |
100 | ##dn: uid=<user>,<usuffix>,<suffix> | |
101 | ##objectClass: account | |
102 | ##objectClass: posixAccount | |
103 | ##cn: <user> | |
104 | ##uid: <user> | |
105 | ##uidNumber: <uid> | |
106 | ##gidNumber: <gid> | |
107 | ##homeDirectory: <home> | |
108 | ##loginShell: <shell> | |
109 | ##gecos: <gecos> | |
110 | ##description: User account |
0 | #!/bin/sh | |
1 | ||
2 | # ldapaddusertogroup : adds a memberUid attribute to a POSIX group in LDAP | |
3 | ||
4 | # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora | |
5 | # | |
6 | # This program is free software; you can redistribute it and/or | |
7 | # modify it under the terms of the GNU General Public License | |
8 | # as published by the Free Software Foundation; either version 2 | |
9 | # of the License, or (at your option) any later version. | |
10 | # | |
11 | # This program is distributed in the hope that it will be useful, | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | # GNU General Public License for more details. | |
15 | # | |
16 | # You should have received a copy of the GNU General Public License | |
17 | # along with this program; if not, write to the Free Software | |
18 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
19 | # USA. | |
20 | ||
21 | if [ -z "$1" ] || [ -z "$2" ] | |
22 | then | |
23 | echo "Usage : $0 <username | uid> <groupname | gid>" | |
24 | exit 1 | |
25 | fi | |
26 | ||
27 | # Source runtime file | |
28 | _RUNTIMEFILE="/etc/ldapscripts/runtime" | |
29 | . "$_RUNTIMEFILE" | |
30 | ||
31 | # Check username : $1 | |
32 | _uidtouser "$1" | |
33 | ||
34 | # Check groupname : $2 must exist in LDAP ! | |
35 | _GID=`_ldapsearch "$GSUFFIX,$SUFFIX" "(&(objectClass=posixGroup)(!(memberUid=$_UID))(|(cn=$2)(gidNumber=$2)))" cn | grep "cn: " | head -n 1 | sed -e "s|cn: ||"` | |
36 | [ -z "$_GID" ] && end_die "Group $2 not found (or $_UID already member of $2)" | |
37 | ||
38 | # Modify group entry | |
39 | _extractldif 2 | _filterldif | _ldapmodify | |
40 | ||
41 | [ $? -eq 0 ] || end_die "Error adding user $_UID to group $_GID" | |
42 | end_ok "Successfully added user $_UID to group $_GID" | |
43 | ||
44 | # Ldif template ################################## | |
45 | ##dn: cn=<gid>,<gsuffix>,<suffix> | |
46 | ##changetype: modify | |
47 | ##add: memberUid | |
48 | ##memberUid: <uid> |
0 | #!/bin/sh | |
1 | ||
2 | # ldapdeletegroup : deletes a POSIX group account from LDAP | |
3 | ||
4 | # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora | |
5 | # | |
6 | # This program is free software; you can redistribute it and/or | |
7 | # modify it under the terms of the GNU General Public License | |
8 | # as published by the Free Software Foundation; either version 2 | |
9 | # of the License, or (at your option) any later version. | |
10 | # | |
11 | # This program is distributed in the hope that it will be useful, | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | # GNU General Public License for more details. | |
15 | # | |
16 | # You should have received a copy of the GNU General Public License | |
17 | # along with this program; if not, write to the Free Software | |
18 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
19 | # USA. | |
20 | ||
21 | if [ -z "$1" ] | |
22 | then | |
23 | echo "Usage : $0 <groupname | gid>" | |
24 | exit 1 | |
25 | fi | |
26 | ||
27 | # Source runtime file | |
28 | _RUNTIMEFILE="/etc/ldapscripts/runtime" | |
29 | . "$_RUNTIMEFILE" | |
30 | ||
31 | # Find groupname : $1 must exist in LDAP ! | |
32 | _findentry "$GSUFFIX,$SUFFIX" "(&(objectClass=posixGroup)(|(cn=$1)(gidNumber=$1)))" | |
33 | [ -z "$_ENTRY" ] && end_die "Group $1 not found in LDAP" | |
34 | ||
35 | # Delete entry | |
36 | _ldapdelete "$_ENTRY" || end_die "Error deleting group $_ENTRY from LDAP" | |
37 | end_ok "Successfully deleted group $_ENTRY from LDAP" |
0 | #!/bin/sh | |
1 | ||
2 | # ldapdeleteuser : deletes a POSIX user account from LDAP | |
3 | ||
4 | # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora | |
5 | # | |
6 | # This program is free software; you can redistribute it and/or | |
7 | # modify it under the terms of the GNU General Public License | |
8 | # as published by the Free Software Foundation; either version 2 | |
9 | # of the License, or (at your option) any later version. | |
10 | # | |
11 | # This program is distributed in the hope that it will be useful, | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | # GNU General Public License for more details. | |
15 | # | |
16 | # You should have received a copy of the GNU General Public License | |
17 | # along with this program; if not, write to the Free Software | |
18 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
19 | # USA. | |
20 | ||
21 | if [ -z "$1" ] | |
22 | then | |
23 | echo "Usage : $0 <username | uid>" | |
24 | exit 1 | |
25 | fi | |
26 | ||
27 | # Source runtime file | |
28 | _RUNTIMEFILE="/etc/ldapscripts/runtime" | |
29 | . "$_RUNTIMEFILE" | |
30 | ||
31 | # Find username : $1 must exist in LDAP ! | |
32 | _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" | |
33 | [ -z "$_ENTRY" ] && end_die "User $1 not found in LDAP" | |
34 | ||
35 | # Delete entry | |
36 | _ldapdelete "$_ENTRY" || end_die "Error deleting user $_ENTRY from LDAP" | |
37 | end_ok "Successfully deleted user $_ENTRY from LDAP" |
0 | #!/bin/sh | |
1 | ||
2 | # ldapdeleteuserfromgroup : deletes a memberUid attribute from a POSIX group in LDAP | |
3 | ||
4 | # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora | |
5 | # | |
6 | # This program is free software; you can redistribute it and/or | |
7 | # modify it under the terms of the GNU General Public License | |
8 | # as published by the Free Software Foundation; either version 2 | |
9 | # of the License, or (at your option) any later version. | |
10 | # | |
11 | # This program is distributed in the hope that it will be useful, | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | # GNU General Public License for more details. | |
15 | # | |
16 | # You should have received a copy of the GNU General Public License | |
17 | # along with this program; if not, write to the Free Software | |
18 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
19 | # USA. | |
20 | ||
21 | if [ -z "$1" ] || [ -z "$2" ] | |
22 | then | |
23 | echo "Usage : $0 <username> <groupname | gid>" | |
24 | exit 1 | |
25 | fi | |
26 | ||
27 | # Source runtime file | |
28 | _RUNTIMEFILE="/etc/ldapscripts/runtime" | |
29 | . "$_RUNTIMEFILE" | |
30 | ||
31 | # Set username | |
32 | _UID="$1" | |
33 | ||
34 | # Check groupname : $2 must exist in LDAP ! | |
35 | _GID=`_ldapsearch "$GSUFFIX,$SUFFIX" "(&(objectClass=posixGroup)(memberUid=$1)(|(cn=$2)(gidNumber=$2)))" cn | grep "cn: " | head -n 1 | sed -e "s|cn: ||"` | |
36 | [ -z "$_GID" ] && end_die "Group $2 not found (or $1 is not a member of group $2)" | |
37 | ||
38 | # Modify group entry | |
39 | _extractldif 2 | _filterldif | _ldapmodify | |
40 | ||
41 | [ $? -eq 0 ] || end_die "Error deleting user $_UID from group $_GID" | |
42 | end_ok "Successfully deleted user $_UID from group $_GID" | |
43 | ||
44 | # Ldif template ################################## | |
45 | ##dn: cn=<gid>,<gsuffix>,<suffix> | |
46 | ##changetype: modify | |
47 | ##delete: memberUid | |
48 | ##memberUid: <uid> |
0 | #!/bin/sh | |
1 | ||
2 | # ldaprenameuser : renames a POSIX user account in LDAP | |
3 | ||
4 | # Copyright (C) 2006 Ganaël LAPLANCHE | |
5 | # | |
6 | # This program is free software; you can redistribute it and/or | |
7 | # modify it under the terms of the GNU General Public License | |
8 | # as published by the Free Software Foundation; either version 2 | |
9 | # of the License, or (at your option) any later version. | |
10 | # | |
11 | # This program is distributed in the hope that it will be useful, | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | # GNU General Public License for more details. | |
15 | # | |
16 | # You should have received a copy of the GNU General Public License | |
17 | # along with this program; if not, write to the Free Software | |
18 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
19 | # USA. | |
20 | ||
21 | if [ -z "$1" ] || [ -z "$2" ] | |
22 | then | |
23 | echo "Usage : $0 <old username | uid> <new username>" | |
24 | exit 1 | |
25 | fi | |
26 | ||
27 | # Source runtime file | |
28 | _RUNTIMEFILE="/etc/ldapscripts/runtime" | |
29 | . "$_RUNTIMEFILE" | |
30 | ||
31 | # Find dest username : $2 must not exist in LDAP ! | |
32 | _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(uid=$2))" | |
33 | [ -z "$_ENTRY" ] || end_die "User $2 already exists in LDAP" | |
34 | ||
35 | # Find src username : $1 must exist in LDAP ! | |
36 | _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" | |
37 | [ -z "$_ENTRY" ] && end_die "User $1 not found in LDAP" | |
38 | ||
39 | # Rename entry | |
40 | _ldaprename "$_ENTRY" "uid=$2" || end_die "Error renaming user $_ENTRY to $2 in LDAP" | |
41 | end_ok "Successfully renamed user $_ENTRY to $2 in LDAP" |
0 | #!/bin/sh | |
1 | ||
2 | # ldapsetprimarygroup : modifies the gidNumber of a POSIX user or machine account in LDAP | |
3 | ||
4 | # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora | |
5 | # | |
6 | # This program is free software; you can redistribute it and/or | |
7 | # modify it under the terms of the GNU General Public License | |
8 | # as published by the Free Software Foundation; either version 2 | |
9 | # of the License, or (at your option) any later version. | |
10 | # | |
11 | # This program is distributed in the hope that it will be useful, | |
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
14 | # GNU General Public License for more details. | |
15 | # | |
16 | # You should have received a copy of the GNU General Public License | |
17 | # along with this program; if not, write to the Free Software | |
18 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
19 | # USA. | |
20 | ||
21 | if [ -z "$1" ] || [ -z "$2" ] | |
22 | then | |
23 | echo "Usage : $0 <username | uid> <groupname | gid>" | |
24 | exit 1 | |
25 | fi | |
26 | ||
27 | # Source runtime file | |
28 | _RUNTIMEFILE="/etc/ldapscripts/runtime" | |
29 | . "$_RUNTIMEFILE" | |
30 | ||
31 | # Check username : $1 must exist in LDAP ! Lookup base = global $SUFFIX, to work on machine and user accounts | |
32 | _findentry "$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))" | |
33 | [ -z "$_ENTRY" ] && end_die "User $1 not found" | |
34 | ||
35 | # Check groupname : $2 | |
36 | _grouptogid "$2" | |
37 | ||
38 | # Modify user entry | |
39 | _extractldif 2 | _filterldif | _ldapmodify | |
40 | ||
41 | [ $? -eq 0 ] || end_die "Error setting primary group for user $1 (to group $2)" | |
42 | end_ok "Successfully set primary group for user $1 (to group $2)" | |
43 | ||
44 | # Ldif template ################################## | |
45 | ##dn: <entry> | |
46 | ##changetype: modify | |
47 | ##replace: gidNumber | |
48 | ##gidNumber: <gid> |
0 | dn: cn=<group>,<gsuffix>,<suffix> | |
1 | objectClass: posixGroup | |
2 | cn: <group> | |
3 | gidNumber: <gid> | |
4 | description: Group account |
0 | dn: uid=<user>,<msuffix>,<suffix> | |
1 | objectClass: account | |
2 | objectClass: posixAccount | |
3 | cn: <user> | |
4 | uid: <user> | |
5 | uidNumber: <uid> | |
6 | gidNumber: <gid> | |
7 | homeDirectory: /dev/null | |
8 | loginShell: /bin/false | |
9 | gecos: <user> | |
10 | description: Machine account |
0 | dn: uid=<user>,<usuffix>,<suffix> | |
1 | objectClass: account | |
2 | objectClass: posixAccount | |
3 | cn: <user> | |
4 | uid: <user> | |
5 | uidNumber: <uid> | |
6 | gidNumber: <gid> | |
7 | homeDirectory: <home> | |
8 | loginShell: <shell> | |
9 | gecos: <gecos> | |
10 | description: User account |
0 | # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora | |
1 | # | |
2 | # This program is free software; you can redistribute it and/or | |
3 | # modify it under the terms of the GNU General Public License | |
4 | # as published by the Free Software Foundation; either version 2 | |
5 | # of the License, or (at your option) any later version. | |
6 | # | |
7 | # This program is distributed in the hope that it will be useful, | |
8 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | # GNU General Public License for more details. | |
11 | # | |
12 | # You should have received a copy of the GNU General Public License | |
13 | # along with this program; if not, write to the Free Software | |
14 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
15 | # USA. | |
16 | ||
17 | # LDAP Configuration | |
18 | SERVER="ldap://localhost" | |
19 | BINDDN="cn=Manager,dc=example,dc=com" | |
20 | # The following file contains the raw password of the binddn | |
21 | # Create it with something like : echo -n 'secret' > $BINDPWDFILE | |
22 | # WARNING !!!! Be careful not to make this file world-readable | |
23 | BINDPWDFILE="/etc/ldapscripts/ldapscripts.passwd" | |
24 | # For older versions of OpenLDAP, it is still possible to use | |
25 | # unsecure command-line passwords by defining the following option | |
26 | # AND commenting the previous one (BINDPWDFILE takes precedence) | |
27 | #BINDPWD="secret" | |
28 | ||
29 | SUFFIX="dc=example,dc=com" # Global suffix | |
30 | GSUFFIX="ou=Groups" # Groups ou (just under $SUFFIX) | |
31 | USUFFIX="ou=Users" # Users ou (just under $SUFFIX) | |
32 | MSUFFIX="ou=Machines" # Machines ou (just under $SUFFIX) | |
33 | ||
34 | # Start with these IDs *if no entry found in LDAP* | |
35 | GIDSTART="10000" # Group ID | |
36 | UIDSTART="10000" # User ID | |
37 | MIDSTART="20000" # Machine ID | |
38 | ||
39 | # User properties | |
40 | USHELL="/bin/sh" | |
41 | UHOMES="/home/%u" # You may use %u for username here | |
42 | ASKGECOS="no" # Ask for user's gecos (full name) ? Prevents scripting, so the default is no. | |
43 | CREATEHOMES="no" # Create home directories and set rights ? | |
44 | HOMESKEL="/etc/skel" # Directory where the skeleton files are located. Ignored if undefined or nonexistant. | |
45 | HOMEPERMS="700" # Default permissions for home directories | |
46 | ||
47 | # User passwords generation | |
48 | # Command-line used to generate a (random ?) password for the users (you may use %u for username here) | |
49 | # WARNING !!!! This is evaluated, everything specified here will be run ! | |
50 | PASSWORDGEN="head -c8 /dev/random | uuencode -m - | sed -n -e '2s|=*$||;2p' | sed -e 's|+||g' -e 's|/||g'" | |
51 | #PASSWORDGEN="echo changeme" | |
52 | #PASSWORDGEN="echo %u" | |
53 | ||
54 | # User passwords recording | |
55 | # you can keep trace of generated passwords setting PASSWORDFILE and RECORDPASSWORDS | |
56 | # (useful when performing a massive creation / net rpc vampire) | |
57 | # WARNING !!!! DO NOT FORGET TO DELETE THE GENERATED FILE WHEN DONE ! | |
58 | # WARNING !!!! DO NOT FORGET TO TURN OFF RECORDING WHEN DONE ! | |
59 | RECORDPASSWORDS="no" | |
60 | PASSWORDFILE="/var/log/ldapscripts_passwd.log" | |
61 | ||
62 | # Where to log | |
63 | LOGFILE="/var/log/ldapscripts.log" | |
64 | ||
65 | # Temporary folder | |
66 | TMPDIR="/tmp" | |
67 | ||
68 | # Various binaries used within scripts | |
69 | # Warning : the scripts also use : uuencode, date, grep, sed, cut, expr, which... | |
70 | # Please check they are installed before using these scripts | |
71 | # Note that many of them should come with your OS | |
72 | LDAPSEARCHBIN="/usr/bin/ldapsearch" | |
73 | LDAPADDBIN="/usr/bin/ldapadd" | |
74 | LDAPDELETEBIN="/usr/bin/ldapdelete" | |
75 | LDAPMODIFYBIN="/usr/bin/ldapmodify" | |
76 | LDAPMODRDNBIN="/usr/bin/ldapmodrdn" | |
77 | LDAPPASSWDBIN="/usr/bin/ldappasswd" | |
78 | ||
79 | # Getent command to use - choose the ones used on your system. Leave blank or comment for auto-guess. | |
80 | # GNU/Linux | |
81 | #GETENTPWCMD="getent passwd" | |
82 | #GETENTGRCMD="getent group" | |
83 | # FreeBSD | |
84 | #GETENTPWCMD="pw usershow" | |
85 | #GETENTGRCMD="pw groupshow" | |
86 | # Auto | |
87 | GETENTPWCMD="" | |
88 | GETENTGRCMD="" | |
89 | ||
90 | # You can specify custom LDIF templates here | |
91 | # Leave empty to use default templates | |
92 | # See *.template.sample for default templates | |
93 | #GTEMPLATE="/path/to/ldapaddgroup.template" | |
94 | #UTEMPLATE="/path/to/ldapadduser.template" | |
95 | #MTEMPLATE="/path/to/ldapaddmachine.template" | |
96 | GTEMPLATE="" | |
97 | UTEMPLATE="" | |
98 | MTEMPLATE="" | |
99 |
0 | secret⏎ |
0 | # runtime : this file is used by the ldapscripts, it sould not be used independently | |
1 | ||
2 | # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora | |
3 | # | |
4 | # This program is free software; you can redistribute it and/or | |
5 | # modify it under the terms of the GNU General Public License | |
6 | # as published by the Free Software Foundation; either version 2 | |
7 | # of the License, or (at your option) any later version. | |
8 | # | |
9 | # This program is distributed in the hope that it will be useful, | |
10 | # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
12 | # GNU General Public License for more details. | |
13 | # | |
14 | # You should have received a copy of the GNU General Public License | |
15 | # along with this program; if not, write to the Free Software | |
16 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
17 | # USA. | |
18 | ||
19 | ### Useful functions ### | |
20 | ||
21 | # Tests a string | |
22 | # Input : string to test ($1) | |
23 | # Output : true or false | |
24 | is_yes () { | |
25 | echo "$1" | grep -qi '^yes$' | |
26 | } | |
27 | ||
28 | # Tests a string | |
29 | # Input : string to test ($1) | |
30 | # Output : true or false | |
31 | is_no () { | |
32 | echo "$1" | grep -qi '^no$' | |
33 | } | |
34 | ||
35 | # Tests a string | |
36 | # Input : string to test ($1) | |
37 | # Output : true or false | |
38 | is_uri () { | |
39 | echo "$1" | grep -q '://' | |
40 | } | |
41 | ||
42 | # Tests a string | |
43 | # Input : string to test ($1) | |
44 | # Output : true or false | |
45 | is_integer () { | |
46 | echo "$1" | grep -qE '^[0-9]+$' | |
47 | } | |
48 | ||
49 | # Tests a string (a command name) and tells if it is built-in (true) or external (false) | |
50 | # Input : string to test ($1) | |
51 | # Output : true or false | |
52 | is_builtin () { | |
53 | type "$1" 2>/dev/null | grep -qi 'built' | |
54 | } | |
55 | ||
56 | # Logs a string to $LOGFILE | |
57 | # Input : string to log ($1) | |
58 | # Output : nothing | |
59 | log_only () { | |
60 | if [ -n "$1" ] | |
61 | then | |
62 | if [ -n "$LOGFILE" ] | |
63 | then | |
64 | if [ ! -w "$LOGFILE" ] | |
65 | then | |
66 | touch "$LOGFILE" 2>/dev/null | |
67 | if [ $? -ne 0 ] | |
68 | then | |
69 | echo "Unable to create $LOGFILE, exiting..." && exit 1 | |
70 | fi | |
71 | fi | |
72 | echo "$1" >> "$LOGFILE" | |
73 | fi | |
74 | fi | |
75 | } | |
76 | ||
77 | # Echoes and logs a string to $LOGFILE | |
78 | # Input : string to echo and log ($1) | |
79 | # Output : nothing | |
80 | echo_log () { | |
81 | [ -n "$1" ] && echo "$1" | |
82 | [ -n "$1" ] && log_only "$1" | |
83 | } | |
84 | ||
85 | # Echoes/logs $1, exits and returns 0 | |
86 | # Input : string to echo and log ($1) | |
87 | # Output : 0 | |
88 | end_ok () { | |
89 | [ -n "$1" ] && echo_log "$1" | |
90 | exit 0 | |
91 | } | |
92 | ||
93 | # Echoes/logs $1, exits and returns 1 | |
94 | # Input : string to echo and log ($1) | |
95 | # Output : 1 | |
96 | end_die () { | |
97 | [ -n "$1" ] && echo_log "$1" | |
98 | exit 1 | |
99 | } | |
100 | ||
101 | # Allocates and creates a temporary file $_TMPFILE under $TMPDIR | |
102 | # Output : nothing | |
103 | mktempf () { | |
104 | # Avoid creating two temporary files (must have been released before) | |
105 | [ -n "$_TMPFILE" ] && end_die "Error allocating temporary file $_TMPFILE" | |
106 | # Name temp file | |
107 | _TMPFILE="$TMPDIR/`basename $0`.`date '+%Y%m%d-%H%M%S'`.$$" | |
108 | # Catch CTRL-C to remove $_TMPFILE | |
109 | trap 'rm -f "$_TMPFILE" 2>/dev/null ; end_die "Interrupted - Removing temporary file $_TMPFILE"' 2 | |
110 | # Create temp file | |
111 | _TMPMASK=`umask` | |
112 | umask 0077 | |
113 | touch "$_TMPFILE" 2>/dev/null || end_die "Error creating temporary file $_TMPFILE" | |
114 | umask "$_TMPMASK" | |
115 | } | |
116 | ||
117 | # Releases a previously allocated temporary file | |
118 | # Output : nothing | |
119 | reltempf () { | |
120 | # Clean up the temporary file and restore traps | |
121 | rm -f "$_TMPFILE" 2>/dev/null | |
122 | # Reset traps | |
123 | trap - | |
124 | # Clean up name | |
125 | _TMPFILE='' | |
126 | } | |
127 | ||
128 | ### LDAP functions ### | |
129 | ||
130 | # Performs a search in the LDAP directory | |
131 | # Input : base ($1), filter ($2), attribute to display ($3) | |
132 | # Output : entry/entries found (stdout) | |
133 | _ldapsearch () { | |
134 | if [ -n "$BINDPWDFILE" ] | |
135 | then | |
136 | $LDAPSEARCHBIN -y "$BINDPWDFILE" -D "$BINDDN" -b "${1:-$SUFFIX}" -xH "$SERVER" -s sub -LLL "${2:-(objectclass=*)}" "${3:-*}" 2>>"$LOGFILE" | |
137 | else | |
138 | $LDAPSEARCHBIN -w "$BINDPWD" -D "$BINDDN" -b "${1:-$SUFFIX}" -xH "$SERVER" -s sub -LLL "${2:-(objectclass=*)}" "${3:-*}" 2>>"$LOGFILE" | |
139 | fi | |
140 | } | |
141 | ||
142 | # Adds an entry to the LDAP directory | |
143 | # Input : LDIF - entry to add (stdin) | |
144 | # Output : nothing | |
145 | _ldapadd () { | |
146 | if [ -n "$BINDPWDFILE" ] | |
147 | then | |
148 | $LDAPADDBIN -y "$BINDPWDFILE" -D "$BINDDN" -xH "$SERVER" 2>>"$LOGFILE" 1>/dev/null | |
149 | else | |
150 | $LDAPADDBIN -w "$BINDPWD" -D "$BINDDN" -xH "$SERVER" 2>>"$LOGFILE" 1>/dev/null | |
151 | fi | |
152 | } | |
153 | ||
154 | # Modifies an entry in the LDAP directory | |
155 | # Input : LDIF - modification information (stdin) | |
156 | # Output : nothing | |
157 | _ldapmodify () { | |
158 | if [ -n "$BINDPWDFILE" ] | |
159 | then | |
160 | $LDAPMODIFYBIN -y "$BINDPWDFILE" -D "$BINDDN" -xH "$SERVER" 2>>"$LOGFILE" 1>/dev/null | |
161 | else | |
162 | $LDAPMODIFYBIN -w "$BINDPWD" -D "$BINDDN" -xH "$SERVER" 2>>"$LOGFILE" 1>/dev/null | |
163 | fi | |
164 | } | |
165 | ||
166 | # Renames an entry in the LDAP directory | |
167 | # Input : old dn ($1), new rdn ($2) | |
168 | # Output : nothing | |
169 | _ldaprename () { | |
170 | if [ -z "$1" ] || [ -z "$2" ] | |
171 | then | |
172 | end_die "_ldaprename : missing argument(s)" | |
173 | else | |
174 | if [ -n "$BINDPWDFILE" ] | |
175 | then | |
176 | $LDAPMODRDNBIN -y "$BINDPWDFILE" -D "$BINDDN" -xH "$SERVER" -r "$1" "$2" 2>>"$LOGFILE" 1>/dev/null | |
177 | else | |
178 | $LDAPMODRDNBIN -w "$BINDPWD" -D "$BINDDN" -xH "$SERVER" -r "$1" "$2" 2>>"$LOGFILE" 1>/dev/null | |
179 | fi | |
180 | fi | |
181 | } | |
182 | ||
183 | # Deletes an entry in the LDAP directory | |
184 | # Input : dn to delete ($1) | |
185 | # Output : nothing | |
186 | _ldapdelete () { | |
187 | [ -z "$1" ] && end_die "_ldapdelete : missing argument" | |
188 | if [ -n "$BINDPWDFILE" ] | |
189 | then | |
190 | $LDAPDELETEBIN -y "$BINDPWDFILE" -D "$BINDDN" -xH "$SERVER" -r "$1" 2>>"$LOGFILE" 1>/dev/null | |
191 | else | |
192 | $LDAPDELETEBIN -w "$BINDPWD" -D "$BINDDN" -xH "$SERVER" -r "$1" 2>>"$LOGFILE" 1>/dev/null | |
193 | fi | |
194 | } | |
195 | ||
196 | # Extracts LDIF information from $0 (the current script itself) | |
197 | # selecting lines beginning with $1 occurrences of '#' | |
198 | # Input : depth ($1) | |
199 | # Output : extracted LDIF data (stdout) | |
200 | _extractldif () { | |
201 | if [ -n "$1" ] && is_integer "$1" | |
202 | then | |
203 | _EXTRACTDEPTH="$1" | |
204 | else | |
205 | echo_log "Warning : invalid depth supplied to _extractldif(), using default (2)..." | |
206 | _EXTRACTDEPTH='2' | |
207 | fi | |
208 | grep -E "^#{$_EXTRACTDEPTH}[^#]*$" "$0" | sed -e 's|^#*||' 2>>"$LOGFILE" | |
209 | } | |
210 | ||
211 | # Filters LDIF information | |
212 | # Input : Data to filter (stdin) | |
213 | # Output : Filtered data (stdout) | |
214 | _filterldif () { | |
215 | # Allocate and create temp file | |
216 | mktempf | |
217 | ||
218 | # Generate filter file | |
219 | echo "s|<group>|$_GROUP|g" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" | |
220 | echo "s|<user>|$_USER|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" | |
221 | echo "s|<uid>|$_UID|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" | |
222 | echo "s|<gid>|$_GID|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" | |
223 | echo "s|<suffix>|$SUFFIX|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" | |
224 | echo "s|<_suffix>|$_SUFFIX|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" | |
225 | echo "s|<usuffix>|$USUFFIX|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" | |
226 | echo "s|<_usuffix>|$_USUFFIX|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" | |
227 | echo "s|<msuffix>|$MSUFFIX|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" | |
228 | echo "s|<_msuffix>|$_MSUFFIX|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" | |
229 | echo "s|<gsuffix>|$GSUFFIX|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" | |
230 | echo "s|<_gsuffix>|$_GSUFFIX|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" | |
231 | echo "s|<home>|$_HOMEDIR|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" | |
232 | echo "s|<shell>|$USHELL|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" | |
233 | echo "s|<password>|$_PASSWORD|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" | |
234 | echo "s|<gecos>|$_GECOS|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" | |
235 | echo "s|<entry>|$_ENTRY|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" | |
236 | ||
237 | # Use it | |
238 | sed -f "$_TMPFILE" 2>>"$LOGFILE" | |
239 | ||
240 | # Release temp file | |
241 | reltempf | |
242 | } | |
243 | ||
244 | ### Nsswitch functions | |
245 | ||
246 | # Converts to gid any group passed in as name/gid | |
247 | # Input : the name or gid to convert ($1) | |
248 | # Output : the result of the conversion ($_GID) | |
249 | _grouptogid () { | |
250 | [ -z "$1" ] && end_die "_grouptogid : missing argument" | |
251 | _GID=`$GETENTGRCMD "$1" 2>/dev/null | head -n 1 | cut -d ":" -f 3` | |
252 | if [ -z "$_GID" ] | |
253 | then | |
254 | _GID=`echo "$1" | grep '^[0-9]\+$'` # Check if group is a gid | |
255 | [ -z "$_GID" ] && end_die "Cannot resolve group $1 to gid : groupname not found" | |
256 | echo_log "Warning : gid $2 not resolved, using it anyway..." | |
257 | fi | |
258 | } | |
259 | ||
260 | # Converts to name any group passed in as name/gid | |
261 | # Input : the name or gid to convert ($1) | |
262 | # Output : the result of the conversion ($_GID) | |
263 | _gidtogroup () { | |
264 | [ -z "$1" ] && end_die "_gidtogroup : missing argument" | |
265 | _GID=`$GETENTGRCMD "$1" 2>/dev/null | head -n 1 | cut -d ":" -f 1` | |
266 | if [ -z "$_GID" ] | |
267 | then | |
268 | _GID="$1" | |
269 | echo_log "Warning : group $1 not resolved, using it anyway..." | |
270 | fi | |
271 | } | |
272 | ||
273 | # Converts to uid any user passed in as name/uid | |
274 | # Input : the name or uid to convert ($1) | |
275 | # Output : the result of the conversion ($_UID) | |
276 | _usertouid () { | |
277 | [ -z "$1" ] && end_die "_usertouid : missing argument" | |
278 | _UID=`$GETENTPWCMD "$1" 2>/dev/null | head -n 1 | cut -d ":" -f 3` | |
279 | if [ -z "$_UID" ] | |
280 | then | |
281 | _UID=`echo "$1" | grep '^[0-9]\+$'` # Check if user is a UID | |
282 | [ -z "$_UID" ] && end_die "Cannot resolve user $1 to uid : username not found" | |
283 | echo_log "Warning : uid $1 not resolved, using it anyway..." | |
284 | fi | |
285 | } | |
286 | ||
287 | # Converts to name any user passed in as name/uid | |
288 | # Input : the name or uid to convert ($1) | |
289 | # Output : the result of the conversion ($_UID) | |
290 | _uidtouser () { | |
291 | [ -z "$1" ] && end_die "_uidtouser : missing argument" | |
292 | _UID=`$GETENTPWCMD "$1" 2>/dev/null | head -n 1 | cut -d ":" -f 1` | |
293 | if [ -z "$_UID" ] | |
294 | then | |
295 | _UID="$1" | |
296 | echo_log "Warning : user $1 not resolved, using it anyway..." | |
297 | fi | |
298 | } | |
299 | ||
300 | ### LDAP advanced functions | |
301 | ||
302 | # Finds the last group id used in LDAP | |
303 | # Input : nothing | |
304 | # Output : the last gid used + 1 (so the first useable gid) ($_GID) | |
305 | _findlastgroup () { | |
306 | _GID=`_ldapsearch "$GSUFFIX,$SUFFIX" '(objectClass=posixGroup)' gidNumber | grep "gidNumber: " | sed -e "s|gidNumber: ||" | uniq | sort -n | tail -n 1` | |
307 | if [ -z "$_GID" ] || [ ! "$_GID" -gt "$GIDSTART" ] | |
308 | then | |
309 | _GID="$GIDSTART" | |
310 | fi | |
311 | _GID=`expr "$_GID" + 1` | |
312 | } | |
313 | ||
314 | # Finds the last machine id used in LDAP | |
315 | # Input : nothing | |
316 | # Output : the last machine id used + 1 (so the first useable machine id) ($_UID) | |
317 | _findlastmachine () { | |
318 | _UID=`_ldapsearch "$SUFFIX" '(objectClass=posixAccount)' uidNumber | grep "uidNumber: " | sed -e "s|uidNumber: ||" | uniq | sort -n | tail -n 1` | |
319 | if [ -z "$_UID" ] || [ ! "$_UID" -gt "$MIDSTART" ] | |
320 | then | |
321 | _UID="$MIDSTART" | |
322 | fi | |
323 | _UID=`expr "$_UID" + 1` | |
324 | } | |
325 | ||
326 | # Finds the last user id used in LDAP | |
327 | # Input : nothing | |
328 | # Output : the last user id used + 1 (so the first useable user id) ($_UID) | |
329 | _findlastuser () { | |
330 | _UID=`_ldapsearch "$SUFFIX" '(objectClass=posixAccount)' uidNumber | grep "uidNumber: " | sed -e "s|uidNumber: ||" | uniq | sort -n | tail -n 1` | |
331 | if [ -z "$_UID" ] || [ ! "$_UID" -gt "$UIDSTART" ] | |
332 | then | |
333 | _UID="$UIDSTART" | |
334 | fi | |
335 | _UID=`expr "$_UID" + 1` | |
336 | } | |
337 | ||
338 | # Finds a particular entry in the LDAP directory | |
339 | # Input : base ($1), filter ($2) | |
340 | # Output : the dn of the first matching entry found ($_ENTRY) | |
341 | _findentry () { | |
342 | _ENTRY=`_ldapsearch "$1" "$2" dn | grep "dn: " | head -n 1 | sed -e "s|dn: ||"` | |
343 | } | |
344 | ||
345 | ### Other functions ### | |
346 | ||
347 | # Generates a password using the $PASSWORDGEN variable | |
348 | # Input : the username related to the generation ($1) | |
349 | # Output : the generated password ($_PASSWORD) | |
350 | _genpassword () { | |
351 | PASSWORDGEN=`echo "$PASSWORDGEN" | sed -e "s|%u|$1|g"` | |
352 | _PASSWORD=`eval $PASSWORDGEN` | |
353 | } | |
354 | ||
355 | # Changes a password for a particular DN | |
356 | # Input : new clear-text password ($1), user DN ($2) | |
357 | # Output : nothing | |
358 | _changepassword () { | |
359 | if [ -z "$1" ] || [ -z "$2" ] | |
360 | then | |
361 | end_die "_changepassword : missing argument(s)" | |
362 | else | |
363 | if is_yes "$RECORDPASSWORDS" | |
364 | then | |
365 | echo "$2 : $1" >> "$PASSWORDFILE" | |
366 | fi | |
367 | if [ -n "$BINDPWDFILE" ] | |
368 | then | |
369 | ## Change password in a secure way | |
370 | # Allocate and create temp file | |
371 | mktempf | |
372 | # Generate password file | |
373 | echo "$1" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE" | |
374 | # Change password | |
375 | $LDAPPASSWDBIN -y "$BINDPWDFILE" -D "$BINDDN" -xH "$SERVER" -T "$_TMPFILE" "$2" 2>>"$LOGFILE" 1>/dev/null | |
376 | # Release temp file | |
377 | reltempf | |
378 | else | |
379 | ## Change password in the unsecure, old-fashioned way | |
380 | $LDAPPASSWDBIN -w "$BINDPWD" -D "$BINDDN" -xH "$SERVER" -s "$1" "$2" 2>>"$LOGFILE" 1>/dev/null | |
381 | fi | |
382 | fi | |
383 | } | |
384 | ||
385 | ### Source configuration file | |
386 | ||
387 | _CONFIGFILE="/etc/ldapscripts/ldapscripts.conf" | |
388 | . "$_CONFIGFILE" || end_die "Unable to source configuration file ($_CONFIGFILE), exiting..." | |
389 | ||
390 | ### Checks and defaults ### | |
391 | ||
392 | # Check if ldap client tools are correctly configured | |
393 | if [ ! -x "$LDAPADDBIN" ] || [ ! -x "$LDAPDELETEBIN" ] || [ ! -x "$LDAPSEARCHBIN" ] || [ ! -x "$LDAPMODIFYBIN" ] || [ ! -x "$LDAPPASSWDBIN" ] || [ ! -x "$LDAPMODRDNBIN" ] | |
394 | then | |
395 | end_die "You must have OpenLDAP client commands installed before running these scripts" | |
396 | fi | |
397 | ||
398 | # Check for bindpwd file | |
399 | if [ ! -f "$BINDPWDFILE" ] || [ ! -r "$BINDPWDFILE" ] | |
400 | then | |
401 | if [ -n "$BINDPWD" ] | |
402 | then | |
403 | echo_log "Warning : using command-line passwords, ldapscripts may not be safe" | |
404 | else | |
405 | end_die "Unable to read password file $BINDPWDFILE, exiting..." | |
406 | fi | |
407 | fi | |
408 | ||
409 | # Does the shell has built-in echo command ? | |
410 | # If not, print a warning message | |
411 | if is_builtin "echo" && is_builtin "[" | |
412 | then | |
413 | : | |
414 | else | |
415 | echo_log "Warning : 'echo' or '[' (test) is not built-in, ldapscripts may not be safe" | |
416 | fi | |
417 | ||
418 | # Check if a full URI has been given | |
419 | if is_uri "$SERVER" | |
420 | then | |
421 | : | |
422 | else | |
423 | SERVER="ldap://$SERVER" | |
424 | fi | |
425 | ||
426 | # Check homes, shell and logfile | |
427 | UHOMES=${UHOMES:-"/dev/null"} | |
428 | USHELL=${USHELL:-"/bin/false"} | |
429 | LOGFILE=${LOGFILE:-"/var/log/ldapscripts.log"} | |
430 | TMPDIR=${TMPDIR:-"/tmp"} | |
431 | ||
432 | # Check password file if password recording set | |
433 | if is_yes "$RECORDPASSWORDS" | |
434 | then | |
435 | PASSWORDFILE=${PASSWORDFILE:-"/var/log/ldapscripts_passwd.log"} | |
436 | if [ ! -w "$PASSWORDFILE" ] | |
437 | then | |
438 | touch "$PASSWORDFILE" 2>/dev/null || end_die "Unable to create password log file $PASSWORDFILE, exiting..." | |
439 | fi | |
440 | fi | |
441 | ||
442 | # Guess what kind of getent command to use | |
443 | if [ -z "$GETENTPWCMD" ] || [ -z "$GETENTGRCMD" ] | |
444 | then | |
445 | case "`uname`" in | |
446 | Linux*) | |
447 | GETENTPWCMD="getent passwd" | |
448 | GETENTGRCMD="getent group" | |
449 | ;; | |
450 | FreeBSD*) | |
451 | GETENTPWCMD="pw usershow" | |
452 | GETENTGRCMD="pw groupshow" | |
453 | ;; | |
454 | *) | |
455 | GETENTPWCMD="getent passwd" | |
456 | GETENTGRCMD="getent group" | |
457 | ;; | |
458 | esac | |
459 | fi | |
460 | ||
461 | # Record command call into logfile | |
462 | _NOW=`date "+%D - %R"` | |
463 | log_only ">> $_NOW : Command : $0 $*" | |
464 |
0 | .\" Copyright (C) 2006 Ganaël LAPLANCHE | |
1 | .\" | |
2 | .\" This program is free software; you can redistribute it and/or | |
3 | .\" modify it under the terms of the GNU General Public License | |
4 | .\" as published by the Free Software Foundation; either version 2 | |
5 | .\" of the License, or (at your option) any later version. | |
6 | .\" | |
7 | .\" This program is distributed in the hope that it will be useful, | |
8 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | .\" GNU General Public License for more details. | |
11 | .\" | |
12 | .\" You should have received a copy of the GNU General Public License | |
13 | .\" along with this program; if not, write to the Free Software | |
14 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
15 | .\" USA. | |
16 | .\" | |
17 | .\" Ganael Laplanche | |
18 | .\" ganael.laplanche@martymac.com | |
19 | .\" http://contribs.martymac.com | |
20 | .\" | |
21 | .TH _ldapdeletemachine 1 "January 1, 2006" | |
22 | .LO 1 | |
23 | ||
24 | .SH NAME | |
25 | _ldapdeletemachine \- deletes a POSIX machine (user$) account from LDAP. | |
26 | ||
27 | .SH SYNOPSIS | |
28 | .B _ldapdeletemachine | |
29 | .RB <machinename\ with\ ending\ $ | uid> | |
30 | ||
31 | .SH OPTIONS | |
32 | .TP | |
33 | .B <machinename with ending $ | uid> | |
34 | The name of the machine account (including the ending $) to delete. | |
35 | ||
36 | .SH "SEE ALSO" | |
37 | ldapdeleteuser(1), ldepdeletegroup(1), ldapscripts(5). | |
38 | ||
39 | .SH AVAILABILITY | |
40 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). | |
41 | The latest version of the ldapscripts is available on : | |
42 | .B http://contribs.martymac.com | |
43 | ||
44 | .SH BUGS | |
45 | No bug known. |
0 | .\" Copyright (C) 2007 Ganaël LAPLANCHE | |
1 | .\" | |
2 | .\" This program is free software; you can redistribute it and/or | |
3 | .\" modify it under the terms of the GNU General Public License | |
4 | .\" as published by the Free Software Foundation; either version 2 | |
5 | .\" of the License, or (at your option) any later version. | |
6 | .\" | |
7 | .\" This program is distributed in the hope that it will be useful, | |
8 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | .\" GNU General Public License for more details. | |
11 | .\" | |
12 | .\" You should have received a copy of the GNU General Public License | |
13 | .\" along with this program; if not, write to the Free Software | |
14 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
15 | .\" USA. | |
16 | .\" | |
17 | .\" Ganael Laplanche | |
18 | .\" ganael.laplanche@martymac.com | |
19 | .\" http://contribs.martymac.com | |
20 | .\" | |
21 | .TH _ldapfinger 1 "February 1, 2007" | |
22 | .LO 1 | |
23 | ||
24 | .SH NAME | |
25 | _ldapfinger \- displays a user/machine/group POSIX account's details. | |
26 | ||
27 | .SH SYNOPSIS | |
28 | .B _ldapfinger | |
29 | .RB <username | machinename | groupname | uid | gid> | |
30 | ||
31 | .SH OPTIONS | |
32 | .TP | |
33 | .B <username | machinename | groupname | uid | gid> | |
34 | The name or id of the user, machine (with an ending $) or group you want to display. You may use a wildcard here to look for substrings. e.g. 'marty*' or '*mart*'. | |
35 | ||
36 | .SH "SEE ALSO" | |
37 | _lsldap(1), ldapscripts(5). | |
38 | ||
39 | .SH AVAILABILITY | |
40 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). | |
41 | The latest version of the ldapscripts is available on : | |
42 | .B http://contribs.martymac.com | |
43 | ||
44 | .SH BUGS | |
45 | No bug known. |
0 | .\" Copyright (C) 2006 Ganaël LAPLANCHE | |
1 | .\" | |
2 | .\" This program is free software; you can redistribute it and/or | |
3 | .\" modify it under the terms of the GNU General Public License | |
4 | .\" as published by the Free Software Foundation; either version 2 | |
5 | .\" of the License, or (at your option) any later version. | |
6 | .\" | |
7 | .\" This program is distributed in the hope that it will be useful, | |
8 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | .\" GNU General Public License for more details. | |
11 | .\" | |
12 | .\" You should have received a copy of the GNU General Public License | |
13 | .\" along with this program; if not, write to the Free Software | |
14 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
15 | .\" USA. | |
16 | .\" | |
17 | .\" Ganael Laplanche | |
18 | .\" ganael.laplanche@martymac.com | |
19 | .\" http://contribs.martymac.com | |
20 | .\" | |
21 | .TH _ldapinit 1 "January 1, 2006" | |
22 | .LO 1 | |
23 | ||
24 | .SH NAME | |
25 | _ldapinit \- initializes the LDAP directory with a minimal tree. | |
26 | ||
27 | .SH SYNOPSIS | |
28 | .B _ldapinit | |
29 | .RB [[-h] | [-r | -s]] | |
30 | ||
31 | .SH OPTIONS | |
32 | .TP | |
33 | .B [-h] | |
34 | This help. | |
35 | .TP | |
36 | .B [-r] | |
37 | Create only the root DN. | |
38 | .TP | |
39 | .B [-s] | |
40 | Skip root DN creation (create only regular OUs). | |
41 | ||
42 | .SH "SEE ALSO" | |
43 | _lsldap(1), _ldapfinger(1), ldapscripts(5). | |
44 | ||
45 | .SH AVAILABILITY | |
46 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). | |
47 | The latest version of the ldapscripts is available on : | |
48 | .B http://contribs.martymac.com | |
49 | ||
50 | .SH BUGS | |
51 | No bug known. |
0 | .\" Copyright (C) 2007 Ganaël LAPLANCHE | |
1 | .\" | |
2 | .\" This program is free software; you can redistribute it and/or | |
3 | .\" modify it under the terms of the GNU General Public License | |
4 | .\" as published by the Free Software Foundation; either version 2 | |
5 | .\" of the License, or (at your option) any later version. | |
6 | .\" | |
7 | .\" This program is distributed in the hope that it will be useful, | |
8 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | .\" GNU General Public License for more details. | |
11 | .\" | |
12 | .\" You should have received a copy of the GNU General Public License | |
13 | .\" along with this program; if not, write to the Free Software | |
14 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
15 | .\" USA. | |
16 | .\" | |
17 | .\" Ganael Laplanche | |
18 | .\" ganael.laplanche@martymac.com | |
19 | .\" http://contribs.martymac.com | |
20 | .\" | |
21 | .TH _ldapmodifygroup 1 "August 22, 2007" | |
22 | .LO 1 | |
23 | ||
24 | .SH NAME | |
25 | _ldapmodifygroup \- modifies a POSIX group account in LDAP interactively | |
26 | ||
27 | .SH SYNOPSIS | |
28 | .B _ldapmodifygroup | |
29 | .RB <groupname | gid> | |
30 | ||
31 | .SH DESCRIPTION | |
32 | _ldapmodifygroup first looks for the right entry to modify. Once found, the entry is presented and you | |
33 | are prompted to enter LDIF data to modify it as you would do using a standard LDIF file and ldapmodify(1). | |
34 | The DN of the entry being modified is already specified : just begin with a changeType attribute or any | |
35 | other one(s) of your choice (in this case, the defaut changeType is 'modify'). | |
36 | ||
37 | .SH OPTIONS | |
38 | .TP | |
39 | .B <groupname | gid> | |
40 | The name or gid of the group to modify. | |
41 | ||
42 | .SH "SEE ALSO" | |
43 | _ldapmodifyuser(1), _ldapmodifymachine(1), ldapscripts(5). | |
44 | ||
45 | .SH AVAILABILITY | |
46 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). | |
47 | The latest version of the ldapscripts is available on : | |
48 | .B http://contribs.martymac.com | |
49 | ||
50 | .SH BUGS | |
51 | No bug known. |
0 | .\" Copyright (C) 2007 Ganaël LAPLANCHE | |
1 | .\" | |
2 | .\" This program is free software; you can redistribute it and/or | |
3 | .\" modify it under the terms of the GNU General Public License | |
4 | .\" as published by the Free Software Foundation; either version 2 | |
5 | .\" of the License, or (at your option) any later version. | |
6 | .\" | |
7 | .\" This program is distributed in the hope that it will be useful, | |
8 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | .\" GNU General Public License for more details. | |
11 | .\" | |
12 | .\" You should have received a copy of the GNU General Public License | |
13 | .\" along with this program; if not, write to the Free Software | |
14 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
15 | .\" USA. | |
16 | .\" | |
17 | .\" Ganael Laplanche | |
18 | .\" ganael.laplanche@martymac.com | |
19 | .\" http://contribs.martymac.com | |
20 | .\" | |
21 | .TH _ldapmodifymachine 1 "August 22, 2007" | |
22 | .LO 1 | |
23 | ||
24 | .SH NAME | |
25 | _ldapmodifymachine \- modifies a POSIX machine account in LDAP interactively | |
26 | ||
27 | .SH SYNOPSIS | |
28 | .B _ldapmodifymachine | |
29 | .RB <machinename with ending $ | uid> | |
30 | ||
31 | .SH DESCRIPTION | |
32 | _ldapmodifymachine first looks for the right entry to modify. Once found, the entry is presented and you | |
33 | are prompted to enter LDIF data to modify it as you would do using a standard LDIF file and ldapmodify(1). | |
34 | The DN of the entry being modified is already specified : just begin with a changeType attribute or any | |
35 | other one(s) of your choice (in this case, the defaut changeType is 'modify'). | |
36 | ||
37 | .SH OPTIONS | |
38 | .TP | |
39 | .B <machinename with ending $ | uid> | |
40 | The name or uid of the machine to modify. | |
41 | ||
42 | .SH "SEE ALSO" | |
43 | _ldapmodifyuser(1), _ldapmodifygroup(1), ldapscripts(5). | |
44 | ||
45 | .SH AVAILABILITY | |
46 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). | |
47 | The latest version of the ldapscripts is available on : | |
48 | .B http://contribs.martymac.com | |
49 | ||
50 | .SH BUGS | |
51 | No bug known. |
0 | .\" Copyright (C) 2007 Ganaël LAPLANCHE | |
1 | .\" | |
2 | .\" This program is free software; you can redistribute it and/or | |
3 | .\" modify it under the terms of the GNU General Public License | |
4 | .\" as published by the Free Software Foundation; either version 2 | |
5 | .\" of the License, or (at your option) any later version. | |
6 | .\" | |
7 | .\" This program is distributed in the hope that it will be useful, | |
8 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | .\" GNU General Public License for more details. | |
11 | .\" | |
12 | .\" You should have received a copy of the GNU General Public License | |
13 | .\" along with this program; if not, write to the Free Software | |
14 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
15 | .\" USA. | |
16 | .\" | |
17 | .\" Ganael Laplanche | |
18 | .\" ganael.laplanche@martymac.com | |
19 | .\" http://contribs.martymac.com | |
20 | .\" | |
21 | .TH _ldapmodifyuser 1 "August 22, 2007" | |
22 | .LO 1 | |
23 | ||
24 | .SH NAME | |
25 | _ldapmodifyuser \- modifies a POSIX user account in LDAP interactively | |
26 | ||
27 | .SH SYNOPSIS | |
28 | .B _ldapmodifyuser | |
29 | .RB <username | uid> | |
30 | ||
31 | .SH DESCRIPTION | |
32 | _ldapmodifyuser first looks for the right entry to modify. Once found, the entry is presented and you | |
33 | are prompted to enter LDIF data to modify it as you would do using a standard LDIF file and ldapmodify(1). | |
34 | The DN of the entry being modified is already specified : just begin with a changeType attribute or any | |
35 | other one(s) of your choice (in this case, the defaut changeType is 'modify'). | |
36 | ||
37 | .SH OPTIONS | |
38 | .TP | |
39 | .B <username | uid> | |
40 | The name or uid of the user to modify. | |
41 | ||
42 | .SH "SEE ALSO" | |
43 | _ldapmodifygroup(1), _ldapmodifymachine(1), ldapscripts(5). | |
44 | ||
45 | .SH AVAILABILITY | |
46 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). | |
47 | The latest version of the ldapscripts is available on : | |
48 | .B http://contribs.martymac.com | |
49 | ||
50 | .SH BUGS | |
51 | No bug known. |
0 | .\" Copyright (C) 2006 Ganaël LAPLANCHE | |
1 | .\" | |
2 | .\" This program is free software; you can redistribute it and/or | |
3 | .\" modify it under the terms of the GNU General Public License | |
4 | .\" as published by the Free Software Foundation; either version 2 | |
5 | .\" of the License, or (at your option) any later version. | |
6 | .\" | |
7 | .\" This program is distributed in the hope that it will be useful, | |
8 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | .\" GNU General Public License for more details. | |
11 | .\" | |
12 | .\" You should have received a copy of the GNU General Public License | |
13 | .\" along with this program; if not, write to the Free Software | |
14 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
15 | .\" USA. | |
16 | .\" | |
17 | .\" Ganael Laplanche | |
18 | .\" ganael.laplanche@martymac.com | |
19 | .\" http://contribs.martymac.com | |
20 | .\" | |
21 | .TH _ldappasswd 1 "November 1, 2006" | |
22 | .LO 1 | |
23 | ||
24 | .SH NAME | |
25 | _ldappasswd \- modifies a POSIX user account's password in LDAP. | |
26 | ||
27 | .SH SYNOPSIS | |
28 | .B _ldappasswd | |
29 | .RB <username | uid> | |
30 | .RB [encoded password] | |
31 | ||
32 | .SH OPTIONS | |
33 | .TP | |
34 | .B <username | uid> | |
35 | The name or uid of the user whose password has to be modified. | |
36 | .TP | |
37 | .B [encoded password] | |
38 | If specified this way, the password will be copied verbatim into the LDAP directory. If not specified, you will | |
39 | be prompted for a password that will be changed using the ldappasswd(1) command. | |
40 | ||
41 | .SH "SEE ALSO" | |
42 | _ldapfinger(1), ldapscripts(5). | |
43 | ||
44 | .SH AVAILABILITY | |
45 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). | |
46 | The latest version of the ldapscripts is available on : | |
47 | .B http://contribs.martymac.com | |
48 | ||
49 | .SH LIMITATIONS | |
50 | When used interactively, passwords generated with this command are propagated with the ldappasswd(1) command. | |
51 | Thus, the resulting format depends on the 'password-hash' option of your server's slapd.conf(5) file. | |
52 | ||
53 | You can always force an encoded password (using the hash format of your choice) by specifying it on the command line. | |
54 | ||
55 | .SH BUGS | |
56 | No bug known. |
0 | .\" Copyright (C) 2006 Ganaël LAPLANCHE | |
1 | .\" | |
2 | .\" This program is free software; you can redistribute it and/or | |
3 | .\" modify it under the terms of the GNU General Public License | |
4 | .\" as published by the Free Software Foundation; either version 2 | |
5 | .\" of the License, or (at your option) any later version. | |
6 | .\" | |
7 | .\" This program is distributed in the hope that it will be useful, | |
8 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | .\" GNU General Public License for more details. | |
11 | .\" | |
12 | .\" You should have received a copy of the GNU General Public License | |
13 | .\" along with this program; if not, write to the Free Software | |
14 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
15 | .\" USA. | |
16 | .\" | |
17 | .\" Ganael Laplanche | |
18 | .\" ganael.laplanche@martymac.com | |
19 | .\" http://contribs.martymac.com | |
20 | .\" | |
21 | .TH _ldaprenamegroup 1 "January 1, 2006" | |
22 | .LO 1 | |
23 | ||
24 | .SH NAME | |
25 | _ldaprenamegroup \- renames a POSIX group in LDAP. | |
26 | ||
27 | .SH SYNOPSIS | |
28 | .B _ldaprenamegroup | |
29 | .RB <old\ groupname | gid> | |
30 | .RB <new\ groupname> | |
31 | ||
32 | .SH OPTIONS | |
33 | .TP | |
34 | .B <old groupname | gid> | |
35 | The old name or gid of the group to rename. | |
36 | .TP | |
37 | .B <new groupname> | |
38 | The new name of the group. | |
39 | ||
40 | .SH "SEE ALSO" | |
41 | ldaprenameuser(1), _ldaprenamemachine(1), ldapscripts(5). | |
42 | ||
43 | .SH AVAILABILITY | |
44 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). | |
45 | The latest version of the ldapscripts is available on : | |
46 | .B http://contribs.martymac.com | |
47 | ||
48 | .SH BUGS | |
49 | No bug known. |
0 | .\" Copyright (C) 2006 Ganaël LAPLANCHE | |
1 | .\" | |
2 | .\" This program is free software; you can redistribute it and/or | |
3 | .\" modify it under the terms of the GNU General Public License | |
4 | .\" as published by the Free Software Foundation; either version 2 | |
5 | .\" of the License, or (at your option) any later version. | |
6 | .\" | |
7 | .\" This program is distributed in the hope that it will be useful, | |
8 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | .\" GNU General Public License for more details. | |
11 | .\" | |
12 | .\" You should have received a copy of the GNU General Public License | |
13 | .\" along with this program; if not, write to the Free Software | |
14 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
15 | .\" USA. | |
16 | .\" | |
17 | .\" Ganael Laplanche | |
18 | .\" ganael.laplanche@martymac.com | |
19 | .\" http://contribs.martymac.com | |
20 | .\" | |
21 | .TH _ldaprenamemachine 1 "January 1, 2006" | |
22 | .LO 1 | |
23 | ||
24 | .SH NAME | |
25 | _ldaprenamemachine \- renames a POSIX machine account in LDAP. | |
26 | ||
27 | .SH SYNOPSIS | |
28 | .B _ldaprenamemachine | |
29 | .RB <old\ machinename\ with\ ending\ $ | uid> | |
30 | .RB <new\ machinename\ with\ ending\ $> | |
31 | ||
32 | .SH OPTIONS | |
33 | .TP | |
34 | .B <old machinename with ending $ | uid> | |
35 | The old name or uid of the machine to rename. | |
36 | .TP | |
37 | .B <new machinename with ending $> | |
38 | The new name of the machine. | |
39 | ||
40 | .SH "SEE ALSO" | |
41 | ldaprenameuser(1), _ldaprenamegroup(1), ldapscripts(5). | |
42 | ||
43 | .SH AVAILABILITY | |
44 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). | |
45 | The latest version of the ldapscripts is available on : | |
46 | .B http://contribs.martymac.com | |
47 | ||
48 | .SH LIMITATIONS | |
49 | Group entries will NOT be updated. This means several groups may contain machines that NO LONGER exist after having renamed a machine. | |
50 | ||
51 | .SH BUGS | |
52 | No bug known. |
0 | .\" Copyright (C) 2006 Ganaël LAPLANCHE | |
1 | .\" | |
2 | .\" This program is free software; you can redistribute it and/or | |
3 | .\" modify it under the terms of the GNU General Public License | |
4 | .\" as published by the Free Software Foundation; either version 2 | |
5 | .\" of the License, or (at your option) any later version. | |
6 | .\" | |
7 | .\" This program is distributed in the hope that it will be useful, | |
8 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | .\" GNU General Public License for more details. | |
11 | .\" | |
12 | .\" You should have received a copy of the GNU General Public License | |
13 | .\" along with this program; if not, write to the Free Software | |
14 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
15 | .\" USA. | |
16 | .\" | |
17 | .\" Ganael Laplanche | |
18 | .\" ganael.laplanche@martymac.com | |
19 | .\" http://contribs.martymac.com | |
20 | .\" | |
21 | .TH _lsldap 1 "January 1, 2006" | |
22 | .LO 1 | |
23 | ||
24 | .SH NAME | |
25 | _lsldap \- performs a *big* query on the LDAP directory. | |
26 | ||
27 | .SH SYNOPSIS | |
28 | .B _lsldap | |
29 | .RB [[-h] | [-u | -g | -m]] | |
30 | ||
31 | .SH OPTIONS | |
32 | .TP | |
33 | .B [-h] | |
34 | This help. | |
35 | .TP | |
36 | .B [-u] | |
37 | List users only (by default, try to list the whole directory). | |
38 | .TP | |
39 | .B [-g] | |
40 | List groups only (by default, try to list the whole directory). | |
41 | .TP | |
42 | .B [-m] | |
43 | List machines only (by default, try to list the whole directory). | |
44 | ||
45 | .SH "SEE ALSO" | |
46 | _ldapfinger(1), ldapscripts(5). | |
47 | ||
48 | .SH AVAILABILITY | |
49 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). | |
50 | The latest version of the ldapscripts is available on : | |
51 | .B http://contribs.martymac.com | |
52 | ||
53 | .SH BUGS | |
54 | No bug known. |
0 | .\" Copyright (C) 2006 Ganaël LAPLANCHE | |
1 | .\" | |
2 | .\" This program is free software; you can redistribute it and/or | |
3 | .\" modify it under the terms of the GNU General Public License | |
4 | .\" as published by the Free Software Foundation; either version 2 | |
5 | .\" of the License, or (at your option) any later version. | |
6 | .\" | |
7 | .\" This program is distributed in the hope that it will be useful, | |
8 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | .\" GNU General Public License for more details. | |
11 | .\" | |
12 | .\" You should have received a copy of the GNU General Public License | |
13 | .\" along with this program; if not, write to the Free Software | |
14 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
15 | .\" USA. | |
16 | .\" | |
17 | .\" Ganael Laplanche | |
18 | .\" ganael.laplanche@martymac.com | |
19 | .\" http://contribs.martymac.com | |
20 | .\" | |
21 | .TH ldapaddgroup 1 "January 1, 2006" | |
22 | .LO 1 | |
23 | ||
24 | .SH NAME | |
25 | ldapaddgroup \- adds a POSIX group entry to LDAP. | |
26 | ||
27 | .SH SYNOPSIS | |
28 | .B ldapaddgroup | |
29 | .RB <groupname> | |
30 | .RB [gid] | |
31 | ||
32 | .SH OPTIONS | |
33 | .TP | |
34 | .B <groupname> | |
35 | The name of the group to add. | |
36 | .TP | |
37 | .B [gid] | |
38 | The gid of the group to add. Automatically computed if not specified. | |
39 | ||
40 | .SH "SEE ALSO" | |
41 | ldapadduser(1), ldapaddmachine(1), ldapscripts(5). | |
42 | ||
43 | .SH AVAILABILITY | |
44 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). | |
45 | The latest version of the ldapscripts is available on : | |
46 | .B http://contribs.martymac.com | |
47 | ||
48 | .SH BUGS | |
49 | No bug known. |
0 | .\" Copyright (C) 2006 Ganaël LAPLANCHE | |
1 | .\" | |
2 | .\" This program is free software; you can redistribute it and/or | |
3 | .\" modify it under the terms of the GNU General Public License | |
4 | .\" as published by the Free Software Foundation; either version 2 | |
5 | .\" of the License, or (at your option) any later version. | |
6 | .\" | |
7 | .\" This program is distributed in the hope that it will be useful, | |
8 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | .\" GNU General Public License for more details. | |
11 | .\" | |
12 | .\" You should have received a copy of the GNU General Public License | |
13 | .\" along with this program; if not, write to the Free Software | |
14 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
15 | .\" USA. | |
16 | .\" | |
17 | .\" Ganael Laplanche | |
18 | .\" ganael.laplanche@martymac.com | |
19 | .\" http://contribs.martymac.com | |
20 | .\" | |
21 | .TH ldapaddmachine 1 "January 1, 2006" | |
22 | .LO 1 | |
23 | ||
24 | .SH NAME | |
25 | ldapaddmachine \- adds a POSIX machine (user$) account to LDAP. | |
26 | ||
27 | .SH SYNOPSIS | |
28 | .B ldapaddmachine | |
29 | .RB <machinename\ with\ ending\ $> | |
30 | .RB <groupname | gid> | |
31 | .RB [uid] | |
32 | ||
33 | .SH OPTIONS | |
34 | .TP | |
35 | .B <machinename with ending $> | |
36 | The name of the machine to add. It must include the ending dollar (the famous win32 machine name specification). | |
37 | .TP | |
38 | .B <groupname | gid> | |
39 | The group name or the gid of the machine to add. | |
40 | .TP | |
41 | .B [uid] | |
42 | The uid of the machine to add. Automatically computed if not specified. | |
43 | ||
44 | .SH "SEE ALSO" | |
45 | ldapadduser(1), ldapaddgroup(1), ldapscripts(5). | |
46 | ||
47 | .SH AVAILABILITY | |
48 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). | |
49 | The latest version of the ldapscripts is available on : | |
50 | .B http://contribs.martymac.com | |
51 | ||
52 | .SH BUGS | |
53 | No bug known. |
0 | .\" Copyright (C) 2006 Ganaël LAPLANCHE | |
1 | .\" | |
2 | .\" This program is free software; you can redistribute it and/or | |
3 | .\" modify it under the terms of the GNU General Public License | |
4 | .\" as published by the Free Software Foundation; either version 2 | |
5 | .\" of the License, or (at your option) any later version. | |
6 | .\" | |
7 | .\" This program is distributed in the hope that it will be useful, | |
8 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | .\" GNU General Public License for more details. | |
11 | .\" | |
12 | .\" You should have received a copy of the GNU General Public License | |
13 | .\" along with this program; if not, write to the Free Software | |
14 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
15 | .\" USA. | |
16 | .\" | |
17 | .\" Ganael Laplanche | |
18 | .\" ganael.laplanche@martymac.com | |
19 | .\" http://contribs.martymac.com | |
20 | .\" | |
21 | .TH ldapadduser 1 "January 1, 2006" | |
22 | .LO 1 | |
23 | ||
24 | .SH NAME | |
25 | ldapadduser \- adds a POSIX user account to LDAP. | |
26 | ||
27 | .SH SYNOPSIS | |
28 | .B ldapadduser | |
29 | .RB <username> | |
30 | .RB <groupname | gid> | |
31 | .RB [uid] | |
32 | ||
33 | .SH OPTIONS | |
34 | .TP | |
35 | .B <username> | |
36 | The name of the user to add. | |
37 | .TP | |
38 | .B <groupname | gid> | |
39 | The group name or the gid of the user to add. | |
40 | .TP | |
41 | .B [uid] | |
42 | The uid of the user to add. Automatically computed if not specified. | |
43 | ||
44 | .SH "SEE ALSO" | |
45 | ldapaddgroup(1), ldapaddmachine(1), ldapscripts(5). | |
46 | ||
47 | .SH AVAILABILITY | |
48 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). | |
49 | The latest version of the ldapscripts is available on : | |
50 | .B http://contribs.martymac.com | |
51 | ||
52 | .SH BUGS | |
53 | No bug known. |
0 | .\" Copyright (C) 2006 Ganaël LAPLANCHE | |
1 | .\" | |
2 | .\" This program is free software; you can redistribute it and/or | |
3 | .\" modify it under the terms of the GNU General Public License | |
4 | .\" as published by the Free Software Foundation; either version 2 | |
5 | .\" of the License, or (at your option) any later version. | |
6 | .\" | |
7 | .\" This program is distributed in the hope that it will be useful, | |
8 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | .\" GNU General Public License for more details. | |
11 | .\" | |
12 | .\" You should have received a copy of the GNU General Public License | |
13 | .\" along with this program; if not, write to the Free Software | |
14 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
15 | .\" USA. | |
16 | .\" | |
17 | .\" Ganael Laplanche | |
18 | .\" ganael.laplanche@martymac.com | |
19 | .\" http://contribs.martymac.com | |
20 | .\" | |
21 | .TH ldapaddusertogroup 1 "January 1, 2006" | |
22 | .LO 1 | |
23 | ||
24 | .SH NAME | |
25 | ldapaddusertogroup \- adds a memberUid attribute to a POSIX group in LDAP. | |
26 | ||
27 | .SH SYNOPSIS | |
28 | .B ldapaddusertogroup | |
29 | .RB <username | uid> | |
30 | .RB <groupname | gid> | |
31 | ||
32 | .SH OPTIONS | |
33 | .TP | |
34 | .B <username | uid> | |
35 | The name or the uid of the user to add. It can be a machine name (with an ending $) or a user name. | |
36 | .TP | |
37 | .B <groupname | gid> | |
38 | The name or the gid of the group that should welcome the new user. | |
39 | ||
40 | .SH "SEE ALSO" | |
41 | ldapdeleteuserfromgroup(1), ldapsetprimarygroup(1), ldapscripts(5). | |
42 | ||
43 | .SH AVAILABILITY | |
44 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). | |
45 | The latest version of the ldapscripts is available on : | |
46 | .B http://contribs.martymac.com | |
47 | ||
48 | .SH BUGS | |
49 | No bug known |
0 | .\" Copyright (C) 2006 Ganaël LAPLANCHE | |
1 | .\" | |
2 | .\" This program is free software; you can redistribute it and/or | |
3 | .\" modify it under the terms of the GNU General Public License | |
4 | .\" as published by the Free Software Foundation; either version 2 | |
5 | .\" of the License, or (at your option) any later version. | |
6 | .\" | |
7 | .\" This program is distributed in the hope that it will be useful, | |
8 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | .\" GNU General Public License for more details. | |
11 | .\" | |
12 | .\" You should have received a copy of the GNU General Public License | |
13 | .\" along with this program; if not, write to the Free Software | |
14 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
15 | .\" USA. | |
16 | .\" | |
17 | .\" Ganael Laplanche | |
18 | .\" ganael.laplanche@martymac.com | |
19 | .\" http://contribs.martymac.com | |
20 | .\" | |
21 | .TH ldapdeletegroup 1 "January 1, 2006" | |
22 | .LO 1 | |
23 | ||
24 | .SH NAME | |
25 | ldapdeletegroup \- deletes a POSIX group account from LDAP. | |
26 | ||
27 | .SH SYNOPSIS | |
28 | .B ldapdeletegroup | |
29 | .RB <groupname | gid> | |
30 | ||
31 | .SH OPTIONS | |
32 | .TP | |
33 | .B <groupname | gid> | |
34 | The name or gid of the group to delete. | |
35 | ||
36 | .SH "SEE ALSO" | |
37 | ldapdeleteuser(1), _ldapdeletemachine(1), ldapscripts(5). | |
38 | ||
39 | .SH AVAILABILITY | |
40 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). | |
41 | The latest version of the ldapscripts is available on : | |
42 | .B http://contribs.martymac.com | |
43 | ||
44 | .SH LIMITATIONS | |
45 | A user's primary group can be deleted ; the user entry will NOT be updated. This means the user will belong to a group that not longer exists. | |
46 | ||
47 | .SH BUGS | |
48 | No bug known. |
0 | .\" Copyright (C) 2006 Ganaël LAPLANCHE | |
1 | .\" | |
2 | .\" This program is free software; you can redistribute it and/or | |
3 | .\" modify it under the terms of the GNU General Public License | |
4 | .\" as published by the Free Software Foundation; either version 2 | |
5 | .\" of the License, or (at your option) any later version. | |
6 | .\" | |
7 | .\" This program is distributed in the hope that it will be useful, | |
8 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | .\" GNU General Public License for more details. | |
11 | .\" | |
12 | .\" You should have received a copy of the GNU General Public License | |
13 | .\" along with this program; if not, write to the Free Software | |
14 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
15 | .\" USA. | |
16 | .\" | |
17 | .\" Ganael Laplanche | |
18 | .\" ganael.laplanche@martymac.com | |
19 | .\" http://contribs.martymac.com | |
20 | .\" | |
21 | .TH ldapdeleteuser 1 "January 1, 2006" | |
22 | .LO 1 | |
23 | ||
24 | .SH NAME | |
25 | ldapdeleteuser \- deletes a POSIX user account from LDAP. | |
26 | ||
27 | .SH SYNOPSIS | |
28 | .B ldapdeleteuser | |
29 | .RB <username | uid> | |
30 | ||
31 | .SH OPTIONS | |
32 | .TP | |
33 | .B <username | uid> | |
34 | The name or uid of the user to delete. | |
35 | ||
36 | .SH "SEE ALSO" | |
37 | ldapdeletegroup(1), _ldapdeletemachine(1), ldapscripts(5). | |
38 | ||
39 | .SH AVAILABILITY | |
40 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). | |
41 | The latest version of the ldapscripts is available on : | |
42 | .B http://contribs.martymac.com | |
43 | ||
44 | .SH BUGS | |
45 | No bug known. |
0 | .\" Copyright (C) 2006 Ganaël LAPLANCHE | |
1 | .\" | |
2 | .\" This program is free software; you can redistribute it and/or | |
3 | .\" modify it under the terms of the GNU General Public License | |
4 | .\" as published by the Free Software Foundation; either version 2 | |
5 | .\" of the License, or (at your option) any later version. | |
6 | .\" | |
7 | .\" This program is distributed in the hope that it will be useful, | |
8 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | .\" GNU General Public License for more details. | |
11 | .\" | |
12 | .\" You should have received a copy of the GNU General Public License | |
13 | .\" along with this program; if not, write to the Free Software | |
14 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
15 | .\" USA. | |
16 | .\" | |
17 | .\" Ganael Laplanche | |
18 | .\" ganael.laplanche@martymac.com | |
19 | .\" http://contribs.martymac.com | |
20 | .\" | |
21 | .TH ldapdeleteuserfromgroup 1 "January 1, 2006" | |
22 | .LO 1 | |
23 | ||
24 | .SH NAME | |
25 | ldapdeleteuserfromgroup \- deletes a memberUid attribute from a POSIX group in LDAP. | |
26 | ||
27 | .SH SYNOPSIS | |
28 | .B ldapdeleteuserfromgroup | |
29 | .RB <username> | |
30 | .RB <groupname | gid> | |
31 | ||
32 | .SH OPTIONS | |
33 | .TP | |
34 | .B <username> | |
35 | The name of the user to delete. It can be a machine name (with an ending $) or a user name. | |
36 | .TP | |
37 | .B <groupname | gid> | |
38 | The name or the gid of the group that should say goodbye to the user. | |
39 | ||
40 | .SH "SEE ALSO" | |
41 | ldapaddusertogroup(1), ldapsetprimarygroup(1), ldapscripts(5). | |
42 | ||
43 | .SH AVAILABILITY | |
44 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). | |
45 | The latest version of the ldapscripts is available on : | |
46 | .B http://contribs.martymac.com | |
47 | ||
48 | .SH BUGS | |
49 | No bug known. |
0 | .\" Copyright (C) 2006 Ganaël LAPLANCHE | |
1 | .\" | |
2 | .\" This program is free software; you can redistribute it and/or | |
3 | .\" modify it under the terms of the GNU General Public License | |
4 | .\" as published by the Free Software Foundation; either version 2 | |
5 | .\" of the License, or (at your option) any later version. | |
6 | .\" | |
7 | .\" This program is distributed in the hope that it will be useful, | |
8 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | .\" GNU General Public License for more details. | |
11 | .\" | |
12 | .\" You should have received a copy of the GNU General Public License | |
13 | .\" along with this program; if not, write to the Free Software | |
14 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
15 | .\" USA. | |
16 | .\" | |
17 | .\" Ganael Laplanche | |
18 | .\" ganael.laplanche@martymac.com | |
19 | .\" http://contribs.martymac.com | |
20 | .\" | |
21 | .TH _ldaprenameuser 1 "January 1, 2006" | |
22 | .LO 1 | |
23 | ||
24 | .SH NAME | |
25 | _ldaprenameuser \- renames a POSIX user account in LDAP. | |
26 | ||
27 | .SH SYNOPSIS | |
28 | .B _ldaprenameuser | |
29 | .RB <old\ username | uid> | |
30 | .RB <new\ username> | |
31 | ||
32 | .SH OPTIONS | |
33 | .TP | |
34 | .B <old username | uid> | |
35 | The old name or uid of the user to rename. | |
36 | .TP | |
37 | .B <new username> | |
38 | The new name of the user. | |
39 | ||
40 | .SH "SEE ALSO" | |
41 | _ldaprenamegroup(1), _ldaprenamemachine(1), ldapscripts(5). | |
42 | ||
43 | .SH AVAILABILITY | |
44 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). | |
45 | The latest version of the ldapscripts is available on : | |
46 | .B http://contribs.martymac.com | |
47 | ||
48 | .SH LIMITATIONS | |
49 | Group entries will NOT be updated. This means several groups may contain users that NO LONGER exist after having renamed a user. Home directories are NOT renamed (neither in he LDAP directory, nor on the filesystem). | |
50 | ||
51 | .SH BUGS | |
52 | No bug known. |
0 | .\" Copyright (C) 2006 Ganaël LAPLANCHE | |
1 | .\" | |
2 | .\" This program is free software; you can redistribute it and/or | |
3 | .\" modify it under the terms of the GNU General Public License | |
4 | .\" as published by the Free Software Foundation; either version 2 | |
5 | .\" of the License, or (at your option) any later version. | |
6 | .\" | |
7 | .\" This program is distributed in the hope that it will be useful, | |
8 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | .\" GNU General Public License for more details. | |
11 | .\" | |
12 | .\" You should have received a copy of the GNU General Public License | |
13 | .\" along with this program; if not, write to the Free Software | |
14 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
15 | .\" USA. | |
16 | .\" | |
17 | .\" Ganael Laplanche | |
18 | .\" ganael.laplanche@martymac.com | |
19 | .\" http://contribs.martymac.com | |
20 | .\" | |
21 | .TH ldapsetprimarygroup 1 "January 1, 2006" | |
22 | .LO 1 | |
23 | ||
24 | .SH NAME | |
25 | ldapsetprimarygroup \- modifies the gidNumber of a POSIX user or machine account in LDAP (sets a user's primary group in LDAP). | |
26 | ||
27 | .SH SYNOPSIS | |
28 | .B ldapsetprimarygroup | |
29 | .RB <username | uid> | |
30 | .RB <groupname | gid> | |
31 | ||
32 | .SH OPTIONS | |
33 | .TP | |
34 | .B <username | uid> | |
35 | The name or uid of the user to modify. | |
36 | .TP | |
37 | .B <groupname | gid> | |
38 | The new primary group name or gid of the specified user. | |
39 | ||
40 | .SH "SEE ALSO" | |
41 | ldapaddusertogroup(1), ldapdeleteuserfromgroup(1), ldapscripts(5). | |
42 | ||
43 | .SH AVAILABILITY | |
44 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). | |
45 | The latest version of the ldapscripts is available on : | |
46 | .B http://contribs.martymac.com | |
47 | ||
48 | .SH BUGS | |
49 | No bug known. |
0 | .\" Copyright (C) 2006 Ganaël LAPLANCHE | |
1 | .\" | |
2 | .\" This program is free software; you can redistribute it and/or | |
3 | .\" modify it under the terms of the GNU General Public License | |
4 | .\" as published by the Free Software Foundation; either version 2 | |
5 | .\" of the License, or (at your option) any later version. | |
6 | .\" | |
7 | .\" This program is distributed in the hope that it will be useful, | |
8 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of | |
9 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
10 | .\" GNU General Public License for more details. | |
11 | .\" | |
12 | .\" You should have received a copy of the GNU General Public License | |
13 | .\" along with this program; if not, write to the Free Software | |
14 | .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, | |
15 | .\" USA. | |
16 | .\" | |
17 | .\" Ganael Laplanche | |
18 | .\" ganael.laplanche@martymac.com | |
19 | .\" http://contribs.martymac.com | |
20 | .\" | |
21 | .TH ldapscripts 5 "January 1, 2006" | |
22 | .LO 1 | |
23 | ||
24 | .SH NAME | |
25 | ldapscripts \- Scripts to manage POSIX accounts in your LDAP directory. | |
26 | ||
27 | .SH DESCRIPTION | |
28 | The ldapscripts are a set of shell (sh) scripts to manage POSIX accounts in an OpenLDAP directory. They can be used as standalone tools or within Samba's smb.conf file. Each scripts matches a specific smb.conf option, except those beginning with an underscore ("_"), which are just "useful". | |
29 | ||
30 | .SH REQUIREMENTS | |
31 | The main requirements are the OpenLDAP client tools (ldapadd, ldapsearch, ldapdelete, ...). Other commands are called in the scripts but shoud come with your distro (sed, grep, cut, ...). | |
32 | ||
33 | .SH CONFIGURATION | |
34 | The main configuration of the ldapscripts is usually the /etc/ldapscripts/ldapscripts.conf file (or /usr/local/etc/ldapscripts/ldapscripts.conf, depending on your system). Modify it to fit your needs before using the scripts. Each script also uses a "runtime" file, usually /etc/ldapscripts/runtime (or /usr/local/etc/ldapscripts/runtime). You don't need to modify this file. | |
35 | ||
36 | .SH "USING AS STANDALONE TOOLS" | |
37 | The scripts can be used as standard command-line tools. Just call the script using correct arguments. Check the man page of the script or call it without any argument to get help. | |
38 | ||
39 | .SH "USING WITH SAMBA" | |
40 | As I've already explained, each script is designed to fit one configuration option of Samba. Modify you smb.conf file to call the scripts : | |
41 | ||
42 | .nf | |
43 | # [...] | |
44 | add machine script = /usr/local/bin/ldapaddmachine '%u' sambamachines | |
45 | add user script = /usr/local/bin/ldapadduser '%u' sambausers | |
46 | add group script = /usr/local/bin/ldapaddgroup '%g' | |
47 | add user to group script = /usr/local/bin/ldapaddusertogroup '%u' '%g' | |
48 | delete user script = /usr/local/bin/ldapdeleteuser '%u' | |
49 | delete group script = /usr/local/bin/ldapdeletegroup '%g' | |
50 | delete user from group script = /usr/local/bin/ldapdeleteuserfromgroup '%u' '%g' | |
51 | set primary group script = /usr/local/bin/ldapsetprimarygroup '%u' '%g' | |
52 | rename user script = /usr/local/bin/ldaprenameuser '%uold' '%unew' | |
53 | # [...] | |
54 | ||
55 | .SH "SEE ALSO" | |
56 | _ldapdeletemachine(1), _ldapmodifymachine(1), _ldaprenamemachine(1), ldapadduser(1), ldapdeleteuserfromgroup(1), | |
57 | _ldapfinger(1), _ldapmodifyuser(1), _lsldap(1), ldapaddusertogroup(1), ldaprenameuser(1), _ldapinit(1), | |
58 | _ldappasswd(1), ldapaddgroup(1), ldapdeletegroup(1), ldapsetprimarygroup(1), _ldapmodifygroup(1), _ldaprenamegroup(1), | |
59 | ldapaddmachine(1), ldapdeleteuser(1). | |
60 | ||
61 | .SH AVAILABILITY | |
62 | The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details). | |
63 | The latest version of the ldapscripts is available on : | |
64 | .B http://contribs.martymac.com |