Codebase list ldapscripts / 5992da9
Imported Upstream version 1.7.1 Alexander GQ Gerasiov 14 years ago
51 changed file(s) with 3435 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all
+114
-0
CHANGELOG less more
0 2007/10/13 : ldapscripts 1.7.1
1 - Fixes for CVE-2007-5373
2 see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5373
3 and http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=445582
4
5 1) Up to now, each ldap* command was called with the -w parameter, which allows to
6 specify the bind password on the command line. Unfortunately, this could make the
7 password appear to anybody performing a `ps` during the call. This is now avoided
8 by using the -y parameter and a password file.
9
10 -> A new BINDPWDFILE option has been added : it specifies the path to the bind
11 password file. This file can be created by something like :
12 'echo -n 'password' > $BINDPWDFILE' and you can now safely remove (or comment) the
13 BINDPWD parameter from your configuration file.
14
15 2) Changing a user password could also reveal the new password on the command line,
16 because of the use of ldappasswd's -s option. This has been fixed by using a temporary
17 file containing the new password (and ldappassword's -T option).
18
19 -> [internals] New mktempf() and reltempf() functions have been added
20
21 [For older versions of OpenLDAP, -y and -T parameters may not be available. It is still
22 possible to use the old BINDPWD parameter. Just uncomment it from the configuration file
23 and comment the BINDPWDFILE parameter (which takes precedence over BINDPWD). The
24 ldapscripts will just behave as previously and use inline -w and -s parameters, warning
25 you this is not secure way of running them.]
26
27 3) A similar problem related to sed expressions has been found : it may also lead to
28 reveal a user's password to `ps` users. This is now fixed by using temporary files
29 containing sed expressions (and sed's -f option).
30
31 4) A new test has been added to check if 'echo' and '[' are built-in or not. If not,
32 you'll be warned that the ldapscripts may not be safe to use (because these commands
33 manipulate passwords when creating temporary files).
34
35 -> [internals] New is_builtin() function
36
37 Note that these flaws depend largely on your kernel configuration : hardened kernels
38 should not be impacted (e.g. if you use security.bsd.see_other_[u|g]ids sysctls on
39 FreeBSD). It may also depend on the version of OpenLDAP client commands you run.
40
41 Thanks a lot to Don and Madcoder for their help !
42
43 - Few fixes to avoid using non-standard 'if ! command's...
44
45 2007/09/03 : ldapscripts 1.7
46 - Fixed several typos and bugs
47 - _ldapinit : new options : '-r' and '-s' to create only the root dn ('-r'), or regular OUs ('-s')
48 - [internals] Added the ability to select depth when using _extractldif()
49 - [internals] New is_integer function
50 - _lsldap : new options : '-u', '-g' and '-m', to list only 'u'ser, 'g'roup or 'm'achine entries
51 - New _ldapmodify{user,group,machine} interactive scripts to edit entries
52 - Added a new $TMPDIR configuration variable (necessary for the new scripts)
53 - Added _ldapmodify{user,group,machine}(1) manpages
54 - Now bundled with a brand-new Makefile (old install script no more available)
55
56 2007/04/20 : ldapscripts 1.6
57 - Fixed typos
58 - internal _ldapsearch() improved
59 - New _ldapfinger command to display a user/machine/group POSIX account's details
60 - ldapadduser : new option to set the defaults permissions when creating home directories (thanks to Guillaume Rousse)
61 - It is now possible to use a full URI instead of a name for the SERVER directive (thanks to Guillaume Rousse)
62 - It is now possible to use external LDIF templates when creating a user/machine/group (thanks to Guillaume Rousse)
63 See TEMPLATES options in the ldapscripts.conf file and *.template.sample files in the etc/ directory
64 - Now use 'sort -n' instead of 'sort -g' when extracting the last account from the directory (thanks to Rudi van Drunen)
65 - Added a 'description' attribute for group accounts
66
67 2007/01/03 : ldapscripts 1.5
68 - Fixed typos (thanks to Mikael Lammentausta)
69 - Small fixes to the install script
70 - ldapadduser : use $_UID instead of $_USER while chown'ing homedir (thanks to Mikael Lammentausta)
71 - ldapadduser : new option to ask for the gecos (thanks to Mikael Lammentausta)
72 - ldapadduser : new option to copy skeleton files to home directories (thanks to Mikael Lammentausta)
73 - ldapadduser : now skip user's home dir creation if it already exists
74 - ldapadduser/ldapaddmachine : modified account description attributes : set to 'User account' or 'Machine account'
75 - ldapadduser/ldapaddgroup/ldapaddmachine : use $_USER and $_GROUP instead of $1 when possible
76 - New _ldappasswd script to modify a user's password (suggested by Mikael Lammentausta)
77
78 2006/01/05 : ldapscripts 1.4
79 - More code cleaning !!! Code now clean... (and bug-free ???) - thanks to Madcoder for the help he provided !
80 - Removed dependency to slappasswd !!! Using ldappasswd instead (included in the standard ldap-client commands)
81 - Added new ldaprenameuser command (uses ldapmodrdn included in the standard ldap-client commands)
82 Add this to Samba 3.0.21's configuration file : rename user script = ldaprenameuser '%uold' '%unew'
83 Warning : renaming an entry (user/group/machine) only involves renaming its RDN !
84 This means may have to change manually the account's homedir (user) and modify each group to include the new
85 rdn (user/machine) as a memberuid.
86 - Also added useful _ldaprenamegroup and _ldaprenamemachine scripts (not used by Samba)
87 - A user/machine is now searched using its uid (no more use of its cn)
88 - Full command now shown in logs
89 - Modified README
90 - New TODO file
91 - Man pages (section 1 for each script, section 5 for a global "ldapscripts" manual)
92
93 2005/10/01 : ldapscripts 1.3
94 Compatibility rework / code cleaning - the scripts now work on FreeBSD !
95 - no more calls to "source", use . instead
96 - now using "=" instead of "==" in test
97 - now return 1 instead of -1 when an error occurs
98 - added possibility to specify the getent command, so you can use pw instead (for FreeBSD)
99 - added auto-guess for this command if left blank in conf file
100 - splitted the horrible conf file into a real conf file and a "runtime" file
101
102 2005/07/15 : ldapscript 1.2
103 - applied patch from Vincent Esposito to make sure uid/gid/mid found in LDAP is higher than *START ones
104 - small documentation modifications
105
106 2005/02/18 : ldapscripts 1.1
107 - added _ldapinit command, to inititalize an LDAP directory with a minimal hierarchy
108 - added support for home directories creation (see ldapscripts.conf)
109 - no more need for backslashes in user home directories and user shell in ldapscripts.conf
110 - added support for initializing (randomized) passwords when adding a user.
111 - Passwords can also be recorded into a log file when performing a massive user creation (see ldapscripts.conf)
112
113 2005/02/07 : ldapscripts 1.0
+340
-0
COPYING less more
0 GNU GENERAL PUBLIC LICENSE
1 Version 2, June 1991
2
3 Copyright (C) 1989, 1991 Free Software Foundation, Inc.
4 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
5 Everyone is permitted to copy and distribute verbatim copies
6 of this license document, but changing it is not allowed.
7
8 Preamble
9
10 The licenses for most software are designed to take away your
11 freedom to share and change it. By contrast, the GNU General Public
12 License is intended to guarantee your freedom to share and change free
13 software--to make sure the software is free for all its users. This
14 General Public License applies to most of the Free Software
15 Foundation's software and to any other program whose authors commit to
16 using it. (Some other Free Software Foundation software is covered by
17 the GNU Library General Public License instead.) You can apply it to
18 your programs, too.
19
20 When we speak of free software, we are referring to freedom, not
21 price. Our General Public Licenses are designed to make sure that you
22 have the freedom to distribute copies of free software (and charge for
23 this service if you wish), that you receive source code or can get it
24 if you want it, that you can change the software or use pieces of it
25 in new free programs; and that you know you can do these things.
26
27 To protect your rights, we need to make restrictions that forbid
28 anyone to deny you these rights or to ask you to surrender the rights.
29 These restrictions translate to certain responsibilities for you if you
30 distribute copies of the software, or if you modify it.
31
32 For example, if you distribute copies of such a program, whether
33 gratis or for a fee, you must give the recipients all the rights that
34 you have. You must make sure that they, too, receive or can get the
35 source code. And you must show them these terms so they know their
36 rights.
37
38 We protect your rights with two steps: (1) copyright the software, and
39 (2) offer you this license which gives you legal permission to copy,
40 distribute and/or modify the software.
41
42 Also, for each author's protection and ours, we want to make certain
43 that everyone understands that there is no warranty for this free
44 software. If the software is modified by someone else and passed on, we
45 want its recipients to know that what they have is not the original, so
46 that any problems introduced by others will not reflect on the original
47 authors' reputations.
48
49 Finally, any free program is threatened constantly by software
50 patents. We wish to avoid the danger that redistributors of a free
51 program will individually obtain patent licenses, in effect making the
52 program proprietary. To prevent this, we have made it clear that any
53 patent must be licensed for everyone's free use or not licensed at all.
54
55 The precise terms and conditions for copying, distribution and
56 modification follow.
57
58 GNU GENERAL PUBLIC LICENSE
59 TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
60
61 0. This License applies to any program or other work which contains
62 a notice placed by the copyright holder saying it may be distributed
63 under the terms of this General Public License. The "Program", below,
64 refers to any such program or work, and a "work based on the Program"
65 means either the Program or any derivative work under copyright law:
66 that is to say, a work containing the Program or a portion of it,
67 either verbatim or with modifications and/or translated into another
68 language. (Hereinafter, translation is included without limitation in
69 the term "modification".) Each licensee is addressed as "you".
70
71 Activities other than copying, distribution and modification are not
72 covered by this License; they are outside its scope. The act of
73 running the Program is not restricted, and the output from the Program
74 is covered only if its contents constitute a work based on the
75 Program (independent of having been made by running the Program).
76 Whether that is true depends on what the Program does.
77
78 1. You may copy and distribute verbatim copies of the Program's
79 source code as you receive it, in any medium, provided that you
80 conspicuously and appropriately publish on each copy an appropriate
81 copyright notice and disclaimer of warranty; keep intact all the
82 notices that refer to this License and to the absence of any warranty;
83 and give any other recipients of the Program a copy of this License
84 along with the Program.
85
86 You may charge a fee for the physical act of transferring a copy, and
87 you may at your option offer warranty protection in exchange for a fee.
88
89 2. You may modify your copy or copies of the Program or any portion
90 of it, thus forming a work based on the Program, and copy and
91 distribute such modifications or work under the terms of Section 1
92 above, provided that you also meet all of these conditions:
93
94 a) You must cause the modified files to carry prominent notices
95 stating that you changed the files and the date of any change.
96
97 b) You must cause any work that you distribute or publish, that in
98 whole or in part contains or is derived from the Program or any
99 part thereof, to be licensed as a whole at no charge to all third
100 parties under the terms of this License.
101
102 c) If the modified program normally reads commands interactively
103 when run, you must cause it, when started running for such
104 interactive use in the most ordinary way, to print or display an
105 announcement including an appropriate copyright notice and a
106 notice that there is no warranty (or else, saying that you provide
107 a warranty) and that users may redistribute the program under
108 these conditions, and telling the user how to view a copy of this
109 License. (Exception: if the Program itself is interactive but
110 does not normally print such an announcement, your work based on
111 the Program is not required to print an announcement.)
112
113 These requirements apply to the modified work as a whole. If
114 identifiable sections of that work are not derived from the Program,
115 and can be reasonably considered independent and separate works in
116 themselves, then this License, and its terms, do not apply to those
117 sections when you distribute them as separate works. But when you
118 distribute the same sections as part of a whole which is a work based
119 on the Program, the distribution of the whole must be on the terms of
120 this License, whose permissions for other licensees extend to the
121 entire whole, and thus to each and every part regardless of who wrote it.
122
123 Thus, it is not the intent of this section to claim rights or contest
124 your rights to work written entirely by you; rather, the intent is to
125 exercise the right to control the distribution of derivative or
126 collective works based on the Program.
127
128 In addition, mere aggregation of another work not based on the Program
129 with the Program (or with a work based on the Program) on a volume of
130 a storage or distribution medium does not bring the other work under
131 the scope of this License.
132
133 3. You may copy and distribute the Program (or a work based on it,
134 under Section 2) in object code or executable form under the terms of
135 Sections 1 and 2 above provided that you also do one of the following:
136
137 a) Accompany it with the complete corresponding machine-readable
138 source code, which must be distributed under the terms of Sections
139 1 and 2 above on a medium customarily used for software interchange; or,
140
141 b) Accompany it with a written offer, valid for at least three
142 years, to give any third party, for a charge no more than your
143 cost of physically performing source distribution, a complete
144 machine-readable copy of the corresponding source code, to be
145 distributed under the terms of Sections 1 and 2 above on a medium
146 customarily used for software interchange; or,
147
148 c) Accompany it with the information you received as to the offer
149 to distribute corresponding source code. (This alternative is
150 allowed only for noncommercial distribution and only if you
151 received the program in object code or executable form with such
152 an offer, in accord with Subsection b above.)
153
154 The source code for a work means the preferred form of the work for
155 making modifications to it. For an executable work, complete source
156 code means all the source code for all modules it contains, plus any
157 associated interface definition files, plus the scripts used to
158 control compilation and installation of the executable. However, as a
159 special exception, the source code distributed need not include
160 anything that is normally distributed (in either source or binary
161 form) with the major components (compiler, kernel, and so on) of the
162 operating system on which the executable runs, unless that component
163 itself accompanies the executable.
164
165 If distribution of executable or object code is made by offering
166 access to copy from a designated place, then offering equivalent
167 access to copy the source code from the same place counts as
168 distribution of the source code, even though third parties are not
169 compelled to copy the source along with the object code.
170
171 4. You may not copy, modify, sublicense, or distribute the Program
172 except as expressly provided under this License. Any attempt
173 otherwise to copy, modify, sublicense or distribute the Program is
174 void, and will automatically terminate your rights under this License.
175 However, parties who have received copies, or rights, from you under
176 this License will not have their licenses terminated so long as such
177 parties remain in full compliance.
178
179 5. You are not required to accept this License, since you have not
180 signed it. However, nothing else grants you permission to modify or
181 distribute the Program or its derivative works. These actions are
182 prohibited by law if you do not accept this License. Therefore, by
183 modifying or distributing the Program (or any work based on the
184 Program), you indicate your acceptance of this License to do so, and
185 all its terms and conditions for copying, distributing or modifying
186 the Program or works based on it.
187
188 6. Each time you redistribute the Program (or any work based on the
189 Program), the recipient automatically receives a license from the
190 original licensor to copy, distribute or modify the Program subject to
191 these terms and conditions. You may not impose any further
192 restrictions on the recipients' exercise of the rights granted herein.
193 You are not responsible for enforcing compliance by third parties to
194 this License.
195
196 7. If, as a consequence of a court judgment or allegation of patent
197 infringement or for any other reason (not limited to patent issues),
198 conditions are imposed on you (whether by court order, agreement or
199 otherwise) that contradict the conditions of this License, they do not
200 excuse you from the conditions of this License. If you cannot
201 distribute so as to satisfy simultaneously your obligations under this
202 License and any other pertinent obligations, then as a consequence you
203 may not distribute the Program at all. For example, if a patent
204 license would not permit royalty-free redistribution of the Program by
205 all those who receive copies directly or indirectly through you, then
206 the only way you could satisfy both it and this License would be to
207 refrain entirely from distribution of the Program.
208
209 If any portion of this section is held invalid or unenforceable under
210 any particular circumstance, the balance of the section is intended to
211 apply and the section as a whole is intended to apply in other
212 circumstances.
213
214 It is not the purpose of this section to induce you to infringe any
215 patents or other property right claims or to contest validity of any
216 such claims; this section has the sole purpose of protecting the
217 integrity of the free software distribution system, which is
218 implemented by public license practices. Many people have made
219 generous contributions to the wide range of software distributed
220 through that system in reliance on consistent application of that
221 system; it is up to the author/donor to decide if he or she is willing
222 to distribute software through any other system and a licensee cannot
223 impose that choice.
224
225 This section is intended to make thoroughly clear what is believed to
226 be a consequence of the rest of this License.
227
228 8. If the distribution and/or use of the Program is restricted in
229 certain countries either by patents or by copyrighted interfaces, the
230 original copyright holder who places the Program under this License
231 may add an explicit geographical distribution limitation excluding
232 those countries, so that distribution is permitted only in or among
233 countries not thus excluded. In such case, this License incorporates
234 the limitation as if written in the body of this License.
235
236 9. The Free Software Foundation may publish revised and/or new versions
237 of the General Public License from time to time. Such new versions will
238 be similar in spirit to the present version, but may differ in detail to
239 address new problems or concerns.
240
241 Each version is given a distinguishing version number. If the Program
242 specifies a version number of this License which applies to it and "any
243 later version", you have the option of following the terms and conditions
244 either of that version or of any later version published by the Free
245 Software Foundation. If the Program does not specify a version number of
246 this License, you may choose any version ever published by the Free Software
247 Foundation.
248
249 10. If you wish to incorporate parts of the Program into other free
250 programs whose distribution conditions are different, write to the author
251 to ask for permission. For software which is copyrighted by the Free
252 Software Foundation, write to the Free Software Foundation; we sometimes
253 make exceptions for this. Our decision will be guided by the two goals
254 of preserving the free status of all derivatives of our free software and
255 of promoting the sharing and reuse of software generally.
256
257 NO WARRANTY
258
259 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
260 FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
261 OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
262 PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
263 OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
264 MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
265 TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
266 PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
267 REPAIR OR CORRECTION.
268
269 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
270 WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
271 REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
272 INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
273 OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
274 TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
275 YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
276 PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
277 POSSIBILITY OF SUCH DAMAGES.
278
279 END OF TERMS AND CONDITIONS
280
281 How to Apply These Terms to Your New Programs
282
283 If you develop a new program, and you want it to be of the greatest
284 possible use to the public, the best way to achieve this is to make it
285 free software which everyone can redistribute and change under these terms.
286
287 To do so, attach the following notices to the program. It is safest
288 to attach them to the start of each source file to most effectively
289 convey the exclusion of warranty; and each file should have at least
290 the "copyright" line and a pointer to where the full notice is found.
291
292 <one line to give the program's name and a brief idea of what it does.>
293 Copyright (C) <year> <name of author>
294
295 This program is free software; you can redistribute it and/or modify
296 it under the terms of the GNU General Public License as published by
297 the Free Software Foundation; either version 2 of the License, or
298 (at your option) any later version.
299
300 This program is distributed in the hope that it will be useful,
301 but WITHOUT ANY WARRANTY; without even the implied warranty of
302 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
303 GNU General Public License for more details.
304
305 You should have received a copy of the GNU General Public License
306 along with this program; if not, write to the Free Software
307 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
308
309
310 Also add information on how to contact you by electronic and paper mail.
311
312 If the program is interactive, make it output a short notice like this
313 when it starts in an interactive mode:
314
315 Gnomovision version 69, Copyright (C) year name of author
316 Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
317 This is free software, and you are welcome to redistribute it
318 under certain conditions; type `show c' for details.
319
320 The hypothetical commands `show w' and `show c' should show the appropriate
321 parts of the General Public License. Of course, the commands you use may
322 be called something other than `show w' and `show c'; they could even be
323 mouse-clicks or menu items--whatever suits your program.
324
325 You should also get your employer (if you work as a programmer) or your
326 school, if any, to sign a "copyright disclaimer" for the program, if
327 necessary. Here is a sample; alter the names:
328
329 Yoyodyne, Inc., hereby disclaims all copyright interest in the program
330 `Gnomovision' (which makes passes at compilers) written by James Hacker.
331
332 <signature of Ty Coon>, 1 April 1989
333 Ty Coon, President of Vice
334
335 This General Public License does not permit incorporating your program into
336 proprietary programs. If your program is a subroutine library, you may
337 consider it more useful to permit linking proprietary applications with the
338 library. If this is what you want to do, use the GNU Library General
339 Public License instead of this License.
+179
-0
Makefile less more
0 # Makefile for the lapscripts
1
2 # Copyright (C) 2007 Ganaël LAPLANCHE
3 #
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
17 # USA.
18
19 # Configuration / variables section
20 PREFIX = /usr/local
21
22 # Where to install scripts
23 BINDIR = $(PREFIX)/bin
24 # Where to install man pages
25 MANDIR = $(PREFIX)/man
26 # Where to install configuration files
27 ETCDIR = $(PREFIX)/etc/ldapscripts
28 # Where to install the runtime file
29 RUNDIR = $(ETCDIR)
30
31 ### Do not edit ###
32 SHELL=/bin/sh
33 NAME = ldapscripts
34 #SUFFIX = -devel
35 VERSION = 1.7.1
36
37 RUNFILE = runtime
38 ETCFILE = ldapscripts.conf
39 PWDFILE = ldapscripts.passwd
40 BINFILES = _ldapdeletemachine _ldapmodifygroup _ldappasswd _lsldap ldapadduser \
41 ldapdeleteuser ldapsetprimarygroup _ldapfinger _ldapmodifymachine \
42 _ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \
43 _ldapinit _ldapmodifyuser _ldaprenamemachine ldapaddmachine ldapdeletegroup \
44 ldaprenameuser
45 MAN1FILES = _ldapdeletemachine.1 _ldapmodifymachine.1 _ldaprenamemachine.1 ldapadduser.1 \
46 ldapdeleteuserfromgroup.1 _ldapfinger.1 _ldapmodifyuser.1 _lsldap.1 \
47 ldapaddusertogroup.1 ldaprenameuser.1 _ldapinit.1 _ldappasswd.1 ldapaddgroup.1 \
48 ldapdeletegroup.1 ldapsetprimarygroup.1 _ldapmodifygroup.1 _ldaprenamegroup.1 \
49 ldapaddmachine.1 ldapdeleteuser.1
50 MAN5FILES = ldapscripts.5
51 TMPLFILES = ldapaddgroup.template.sample ldapaddmachine.template.sample ldapadduser.template.sample
52
53 # Default target
54 all: help
55
56 # Help target
57 help:
58 @echo "Usage: make [VARIABLE=<value>] <target>"
59 @echo "Valid variables :"
60 @echo " PREFIX : main target directory for installation (default = /usr/local)"
61 @echo " BINDIR : where to install scripts (default = PREFIX/bin)"
62 @echo " MANDIR : where to install man pages (default = PREFIX/man)"
63 @echo " ETCDIR : where to install the configuration file (default = PREFIX/etc/ldapscripts)"
64 @echo " RUNDIR : where to install the runtime file (default = PREFIX)"
65 @echo "Valid targets :"
66 @echo " configure : prepare sources for installation"
67 @echo " install : install everything"
68 @echo " uninstall : uninstall everything (except the main configuration file)"
69 @echo " clean : clean up sources"
70 @echo " package : create a package in /tmp"
71 @echo " help : this help"
72 @echo "Additional targets :"
73 @echo " installbin : install main scripts"
74 @echo " installman : install man pages"
75 @echo " installetc : install configuration, runtime and template files"
76 @echo " uninstallbin : uninstall main scripts"
77 @echo " uninstallman : uninstall man pages"
78 @echo " uninstalletc : uninstall configuration, runtime and template files"
79 @echo " deinstall : synonym for uninstall"
80 @echo " distclean : synonym for clean"
81 @echo " mrproper : synonym for clean"
82
83 # Configure target
84 configure:
85 @echo -n 'Configuring scripts... '
86 @sed 's|^BINDPWDFILE=.*|BINDPWDFILE=\"$(ETCDIR)/$(PWDFILE)\"|g' 'etc/$(ETCFILE)' > 'etc/$(ETCFILE).patched'
87 @sed 's|^_CONFIGFILE=.*|_CONFIGFILE=\"$(ETCDIR)/$(ETCFILE)\"|g' 'etc/$(RUNFILE)' > 'etc/$(RUNFILE).patched'
88 @for i in $(BINFILES) ; do \
89 sed 's|^_RUNTIMEFILE=.*|_RUNTIMEFILE=\"$(RUNDIR)/$(RUNFILE)\"|g' "bin/$$i" > "bin/$$i.patched" ; \
90 done
91 @echo 'ok. '
92
93 # Install targets
94 install: installbin installman installetc
95 installbin: configure
96 @echo -n 'Installing scripts into $(BINDIR)... '
97 @mkdir -p '$(BINDIR)' 2>/dev/null
98 @for i in $(BINFILES) ; do \
99 install -m 750 "bin/$$i.patched" "$(BINDIR)/$$i" ; \
100 done
101 @echo 'ok. '
102
103 installman:
104 @echo -n 'Installing man files into $(MANDIR)... '
105 @mkdir -p '$(MANDIR)/man1' 2>/dev/null
106 @for i in $(MAN1FILES) ; do \
107 cat "man/man1/$$i" | gzip - > "$(MANDIR)/man1/`basename $$i`.gz" ; \
108 done
109 @mkdir -p '$(MANDIR)/man5' 2>/dev/null
110 @for i in $(MAN5FILES) ; do \
111 cat "man/man5/$$i" | gzip - > "$(MANDIR)/man5/`basename $$i`.gz" ; \
112 done
113 @echo 'ok. '
114
115 installetc:
116 @echo -n 'Installing configuration files into $(ETCDIR)... '
117 @mkdir -p '$(ETCDIR)' 2>/dev/null
118 @install -m 640 -b 'etc/$(ETCFILE).patched' '$(ETCDIR)/$(ETCFILE)'
119 @install -m 440 -b 'etc/$(PWDFILE)' '$(ETCDIR)'
120 @for i in $(TMPLFILES) ; do \
121 install -m 440 "etc/$$i" '$(ETCDIR)' ; \
122 done
123 @mkdir -p '$(RUNDIR)' 2>/dev/null
124 @install -m 440 'etc/$(RUNFILE).patched' '$(RUNDIR)/$(RUNFILE)'
125 @echo 'ok. '
126
127 # Uninstall targets
128 deinstall: uninstall
129 uninstall: uninstallbin uninstallman uninstalletc
130 uninstallbin:
131 @echo -n 'Uninstalling scripts from $(BINDIR)... '
132 @for i in $(BINFILES) ; do \
133 rm -f "$(BINDIR)/$$i" ; \
134 done
135 @rmdir '$(BINDIR)' 2>/dev/null || true
136 @echo 'ok. '
137
138 uninstallman:
139 @echo -n 'Uninstalling man files from $(MANDIR)... '
140 @for i in $(MAN1FILES) ; do \
141 rm -f "$(MANDIR)/man1/`basename $$i`.gz" ; \
142 done
143 @rmdir '$(MANDIR)/man1' 2>/dev/null || true
144 @for i in $(MAN5FILES) ; do \
145 rm -f "$(MANDIR)/man5/`basename $$i`.gz" ; \
146 done
147 @rmdir '$(MANDIR)/man5' 2>/dev/null || true
148 @echo 'ok. '
149
150 uninstalletc:
151 @echo '(Leaving $(ETCDIR)/$(ETCFILE) as it is the main configuration file)'
152 @echo -n 'Uninstalling other configuration files from $(ETCDIR)... '
153 @rm -f '$(ETCDIR)/$(PWDFILE)'
154 @for i in $(TMPLFILES) ; do \
155 rm -f "$(ETCDIR)/$$i" ; \
156 done
157 @rm -f '$(RUNDIR)/$(RUNFILE)'
158 @rmdir '$(RUNDIR)' 2>/dev/null || true
159 @echo 'ok. '
160
161 # Clean targets
162 clean:
163 @echo -n 'Cleaning sources... '
164 @rm -f 'etc/$(ETCFILE).patched'
165 @rm -f 'etc/$(RUNFILE).patched'
166 @for i in $(BINFILES) ; do \
167 rm -f "bin/$$i.patched" ; \
168 done
169 @echo 'ok. '
170 distclean: clean
171 mrproper: clean
172
173 # Package target
174 package: clean
175 @echo -n 'Creating package /tmp/$(NAME)-$(VERSION)$(SUFFIX).tgz... '
176 @(cd .. && tar czf /tmp/$(NAME)-$(VERSION)$(SUFFIX).tgz $(NAME)-$(VERSION))
177 @echo 'ok. '
178
+134
-0
README less more
0 Ldapscripts - README file
1 *************************
2
3 Description :
4 *************
5
6 These scripts are designed to be used within the Samba's smb.conf file
7 (or manually) and allow to create POSIX entries for users, groups and
8 machines in an LDAP directory. They are written in sh and need ldap
9 client commands to work correctly (ldapadd, ldapdelete, ldapmodify,
10 ldapsearch).
11
12 They are designed to be used under GNU/Linux or FreeBSD (any other
13 UNIX-like should also work) and require several binaries that should
14 come with your OS (uuencode, getent/pw, date, grep, sed, cut, expr...)
15
16 Latest version available on http://contribs.martymac.com
17
18 Installing and configuring the ldapscripts :
19 ********************************************
20
21 To install the scripts, just type in :
22 # make install
23 or, to defined another installation directory :
24 # make PREFIX=/target/directory install
25
26 Use 'make help' for more options.
27
28 All the scripts will be copied (by default) to /usr/local/bin and
29 ldapscripts.conf will be copied to /usr/local/etc/ldapscripts.
30
31 Keep in mind that the scripts are installed with quite restrictive rights
32 (because you will have to specify you LDAP password as clear-text in the
33 configuration file). Just use group rights or ACLs (if they are enabled
34 on your system) to make the things work...
35
36 Once installed, edit /usr/local/etc/ldapscripts/ldapscripts.conf to
37 configure the ldapscripts.
38
39 Then, just type in - e.g. :
40 # ldapadduser foo foogroup
41
42 See the man pages for more details.
43
44 Configuring your OpenLDAP server :
45 **********************************
46
47 Be sure to include these schemas in your slapd.conf :
48
49 - core.schema
50 - cosine.schema (for the account objectClass)
51 - nis.schema (for the posixAccount objectClass)
52
53 Using the ldapscripts with Samba :
54 **********************************
55
56 To use the ldapscripts with Samba (e.g. for an NT4 -> Samba migration),
57 just add the following to your smb.conf file :
58
59 # [...]
60 add machine script = /usr/local/bin/ldapaddmachine '%u' sambamachines
61 add user script = /usr/local/bin/ldapadduser '%u' sambausers
62 add group script = /usr/local/bin/ldapaddgroup '%g'
63 add user to group script = /usr/local/bin/ldapaddusertogroup '%u' '%g'
64 delete user script = /usr/local/bin/ldapdeleteuser '%u'
65 delete group script = /usr/local/bin/ldapdeletegroup '%g'
66 delete user from group script = /usr/local/bin/ldapdeleteuserfromgroup '%u' '%g'
67 set primary group script = /usr/local/bin/ldapsetprimarygroup '%u' '%g'
68 rename user script = /usr/local/bin/ldaprenameuser '%uold' '%unew'
69 # [...]
70
71 and make sure sambamachines and sambausers exist before attempting to
72 do a "net rpc vampire"...
73
74 Also be sure to have your machine using the LDAP server as a posix accounts
75 source (e.g. nsswitch + nss_ldap on GNU/Linux) since the scripts use
76 getent (or pw for FreeBSD) to fetch accounts information.
77
78 Files :
79 *******
80
81 * Various files :
82
83 README : this file !
84 COPYING : the GPLv2 (or later) license
85 CHANGELOG : the changelog file, of course
86 VERSION : the current version of the ldapscripts
87 TODO : ideas, remaining work
88 Makefile : installation Makefile
89
90 * Man pages :
91
92 man/* : man pages
93
94 * Configuration files :
95
96 etc/ldapscripts.conf : configuration file
97 etc/runtime : runtime file used by the scripts (contains functions, etc...)
98 etc/ldapadduser.template.sample : user LDIF template file
99 etc/ldapaddgroup.template.sample : group LDIF template file
100 etc/ldapaddmachine.template.sample : machine LDIF template file
101
102 * Scripts that can be used in Samba's configuration file (smb.conf) :
103
104 bin/ldapaddgroup : adds a POSIX group to LDAP
105 bin/ldapadduser : adds a POSIX user to LDAP
106 bin/ldapdeletegroup : deletes a POSIX group from LDAP
107 bin/ldapdeleteuserfromgroup : deletes a memberUid entry from a POSIX group
108 bin/ldapsetprimarygroup : sets gidNumber of a POSIX user or machine account
109 bin/ldapaddmachine : adds a POSIX machine (user$) to LDAP
110 bin/ldapaddusertogroup : add a memberUid entry to a POSIX group
111 bin/ldapdeleteuser : deletes a POSIX user from LDAP
112 bin/ldaprenameuser : renames a POSIX user account in LDAP
113
114 * Additional (useful) scripts not used by Samba (those beginning with a "_") :
115
116 bin/_ldapdeletemachine : deletes a POSIX machine account in LDAP
117 bin/_ldapinit : initializes the LDAP tree with a minimal tree
118 bin/_lsldap : performs a *big* recursive query on the LDAP server from the root dn
119 bin/_ldapmodifyuser : modifies a POSIX user account in LDAP interactively
120 bin/_ldapmodifymachine : modifies a POSIX machine account in LDAP interactively
121 bin/_ldapmodifygroup : modifies a POSIX group account in LDAP interactively
122 bin/_ldaprenamemachine : renames a POSIX machine account in LDAP
123 bin/_ldaprenamegroup : renames a POSIX group in LDAP
124 bin/_ldappasswd : modifies a POSIX user account's password in LDAP
125 bin/_ldapfinger : displays a user/machine/group POSIX account's details
126
127 Author / Licence :
128 ******************
129
130 These scripts have been written by Ganaël LAPLANCHE (ganael.laplanche@martymac.com)
131 and are available within the GPL license (see COPYING for details).
132
133 Thanks for using the ldapscripts... Any feedback welcome :)
+15
-0
TODO less more
0 TODO (ideas) :
1 **************
2
3 - Allow to use %g (goup name) in ldapadduser (for _HOMEDIR and _genpassword)
4 - Merge UIDSTART and MIDSTART or find a way to use them efficiently
5 (currently, to avoid id overlapping, once a user or machine is created, the next id will
6 be its id + 1, for any kind of account. UIDSTART and MIDSTART are only used for the very
7 first account created ; this behaviour should be changed)
8
9 - Add more options to the scripts (a better parsing will be necessary)
10 - an option to ldapdeleteuser to delete users' home directories
11 - a 'dry-run' option to display (only) LDIF data
12 - an option to modify the home dirs (LDAP + directory + rights) of a user when renaming it ?
13 - an option to modify related groups (memberUid's) when renaming/deleting a user/machine ?
14 - an option to block deleting a group if it is a user's primary group ?
+1
-0
VERSION less more
0 1.7.1
+38
-0
bin/_ldapdeletemachine less more
0 #!/bin/sh
1
2 # _ldapdeletemachine : deletes a POSIX machine (user$) account from LDAP
3
4 # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora
5 #
6 # This program is free software; you can redistribute it and/or
7 # modify it under the terms of the GNU General Public License
8 # as published by the Free Software Foundation; either version 2
9 # of the License, or (at your option) any later version.
10 #
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
15 #
16 # You should have received a copy of the GNU General Public License
17 # along with this program; if not, write to the Free Software
18 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
19 # USA.
20
21 if [ -z "$1" ]
22 then
23 echo "Usage : $0 <machinename with ending \$ | uid>"
24 exit 1
25 fi
26
27 # Source runtime file
28 _RUNTIMEFILE="/etc/ldapscripts/runtime"
29 . "$_RUNTIMEFILE"
30
31 # Find machinename : $1 must exist in LDAP !
32 _findentry "$MSUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))"
33 [ -z "$_ENTRY" ] && end_die "Machine $1 not found in LDAP (missing ending \$ ?)"
34
35 # Delete entry
36 _ldapdelete "$_ENTRY" || end_die "Error deleting machine $_ENTRY from LDAP"
37 end_ok "Successfully deleted machine $_ENTRY from LDAP"
+34
-0
bin/_ldapfinger less more
0 #!/bin/sh
1
2 # _ldapfinger : displays a user/machine/group POSIX account's details
3
4 # Copyright (C) 2006 Ganaël LAPLANCHE
5 #
6 # This program is free software; you can redistribute it and/or
7 # modify it under the terms of the GNU General Public License
8 # as published by the Free Software Foundation; either version 2
9 # of the License, or (at your option) any later version.
10 #
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
15 #
16 # You should have received a copy of the GNU General Public License
17 # along with this program; if not, write to the Free Software
18 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
19 # USA.
20
21 if [ -z "$1" ]
22 then
23 echo "Usage : $0 <username | machinename | groupname | uid | gid>"
24 exit 1
25 fi
26
27 # Source runtime file
28 _RUNTIMEFILE="/etc/ldapscripts/runtime"
29 . "$_RUNTIMEFILE"
30
31 # Find and display the entry
32 _ldapsearch "$SUFFIX" "(|(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))(&(objectClass=posixGroup)(|(cn=$1)(gidNumber=$1))))" || end_die "No entry found"
33 end_ok
+78
-0
bin/_ldapinit less more
0 #!/bin/sh
1
2 # _ldapinit : initializes the LDAP directory with a minimal tree
3
4 # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora
5 #
6 # This program is free software; you can redistribute it and/or
7 # modify it under the terms of the GNU General Public License
8 # as published by the Free Software Foundation; either version 2
9 # of the License, or (at your option) any later version.
10 #
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
15 #
16 # You should have received a copy of the GNU General Public License
17 # along with this program; if not, write to the Free Software
18 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
19 # USA.
20
21 if [ "$1" = "-h" ]
22 then
23 echo "Usage : $0 [-r | -s]"
24 exit 1
25 fi
26
27 # Source runtime file
28 _RUNTIMEFILE="/etc/ldapscripts/runtime"
29 . "$_RUNTIMEFILE"
30
31 # Clean up suffix info
32 _SUFFIX=`echo $SUFFIX | cut -d ',' -f 1 | cut -d '=' -f 2`
33 _USUFFIX=`echo $USUFFIX | cut -d ',' -f 1 | cut -d '=' -f 2`
34 _GSUFFIX=`echo $GSUFFIX | cut -d ',' -f 1 | cut -d '=' -f 2`
35 _MSUFFIX=`echo $MSUFFIX | cut -d ',' -f 1 | cut -d '=' -f 2`
36
37 # First add the root DN if necessary
38 if [ "$1" != "-s" ]
39 then
40 _extractldif 2 | _filterldif | _ldapadd
41 [ $? -eq 0 ] || end_die "Error initializing LDAP tree"
42 fi
43
44 # Now add remaining stuff
45 if [ "$1" != "-r" ]
46 then
47 _extractldif 3 | _filterldif | _ldapadd
48 [ $? -eq 0 ] || end_die "Error initializing LDAP tree"
49 fi
50 end_ok "Successfully initialized LDAP tree"
51
52 # Ldif template ##################################
53 ##dn: <suffix>
54 ##objectClass: dcObject
55 ##objectClass: organization
56 ##dc: <_suffix>
57 ##o: <_suffix>
58 ##description: <_suffix>
59 ##
60 ###dn: <usuffix>,<suffix>
61 ###objectClass: top
62 ###objectClass: organizationalUnit
63 ###ou: <_usuffix>
64 ###
65 ###dn: <gsuffix>,<suffix>
66 ###objectClass: top
67 ###objectClass: organizationalUnit
68 ###ou: <_gsuffix>
69 ###
70 ###dn: <msuffix>,<suffix>
71 ###objectClass: top
72 ###objectClass: organizationalUnit
73 ###ou: <_msuffix>
74 ###
75 ###dn: ou=Idmap,<suffix>
76 ###objectClass: organizationalUnit
77 ###ou: Idmap
+57
-0
bin/_ldapmodifygroup less more
0 #!/bin/sh
1
2 # _ldapmodifygroup : modifies a POSIX group account in LDAP interactively
3
4 # Copyright (C) 2007 Ganaël LAPLANCHE
5 #
6 # This program is free software; you can redistribute it and/or
7 # modify it under the terms of the GNU General Public License
8 # as published by the Free Software Foundation; either version 2
9 # of the License, or (at your option) any later version.
10 #
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
15 #
16 # You should have received a copy of the GNU General Public License
17 # along with this program; if not, write to the Free Software
18 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
19 # USA.
20
21 if [ -z "$1" ]
22 then
23 echo "Usage : $0 <groupname | gid>"
24 exit 1
25 fi
26
27 # Source runtime file
28 _RUNTIMEFILE="/etc/ldapscripts/runtime"
29 . "$_RUNTIMEFILE"
30
31 # Find groupname : $1 must exist in LDAP !
32 _findentry "$GSUFFIX,$SUFFIX" "(&(objectClass=posixGroup)(|(cn=$1)(gidNumber=$1)))"
33 [ -z "$_ENTRY" ] && end_die "Group $1 not found in LDAP"
34
35 # Allocate and create temp file
36 mktempf
37 echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
38
39 # Display entry
40 echo "# About to modify the following entry :"
41 _ldapsearch "$_ENTRY"
42
43 # Edit entry
44 echo "# Enter your modifications here, end with CTRL-D."
45 echo "dn: $_ENTRY"
46 cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
47
48 # Send modifications
49 cat "$_TMPFILE" | _ldapmodify
50 if [ $? -ne 0 ]
51 then
52 reltempf
53 end_die "Error modifying group entry $_ENTRY in LDAP"
54 fi
55 reltempf
56 end_ok "Successfully modified group entry $_ENTRY in LDAP"
+57
-0
bin/_ldapmodifymachine less more
0 #!/bin/sh
1
2 # _ldapmodifymachine : modifies a POSIX machine account in LDAP interactively
3
4 # Copyright (C) 2007 Ganaël LAPLANCHE
5 #
6 # This program is free software; you can redistribute it and/or
7 # modify it under the terms of the GNU General Public License
8 # as published by the Free Software Foundation; either version 2
9 # of the License, or (at your option) any later version.
10 #
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
15 #
16 # You should have received a copy of the GNU General Public License
17 # along with this program; if not, write to the Free Software
18 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
19 # USA.
20
21 if [ -z "$1" ]
22 then
23 echo "Usage : $0 <machinename with ending \$ | uid>"
24 exit 1
25 fi
26
27 # Source runtime file
28 _RUNTIMEFILE="/etc/ldapscripts/runtime"
29 . "$_RUNTIMEFILE"
30
31 # Find machinename : $1 must exist in LDAP !
32 _findentry "$MSUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))"
33 [ -z "$_ENTRY" ] && end_die "Machine $1 not found in LDAP (missing ending \$ ?)"
34
35 # Allocate and create temp file
36 mktempf
37 echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
38
39 # Display entry
40 echo "# About to modify the following entry :"
41 _ldapsearch "$_ENTRY"
42
43 # Edit entry
44 echo "# Enter your modifications here, end with CTRL-D."
45 echo "dn: $_ENTRY"
46 cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
47
48 # Send modifications
49 cat "$_TMPFILE" | _ldapmodify
50 if [ $? -ne 0 ]
51 then
52 reltempf
53 end_die "Error modifying machine entry $_ENTRY in LDAP"
54 fi
55 reltempf
56 end_ok "Successfully modified machine entry $_ENTRY in LDAP"
+57
-0
bin/_ldapmodifyuser less more
0 #!/bin/sh
1
2 # _ldapmodifyuser : modifies a POSIX user account in LDAP interactively
3
4 # Copyright (C) 2007 Ganaël LAPLANCHE
5 #
6 # This program is free software; you can redistribute it and/or
7 # modify it under the terms of the GNU General Public License
8 # as published by the Free Software Foundation; either version 2
9 # of the License, or (at your option) any later version.
10 #
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
15 #
16 # You should have received a copy of the GNU General Public License
17 # along with this program; if not, write to the Free Software
18 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
19 # USA.
20
21 if [ -z "$1" ]
22 then
23 echo "Usage : $0 <username | uid>"
24 exit 1
25 fi
26
27 # Source runtime file
28 _RUNTIMEFILE="/etc/ldapscripts/runtime"
29 . "$_RUNTIMEFILE"
30
31 # Find username : $1 must exist in LDAP !
32 _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))"
33 [ -z "$_ENTRY" ] && end_die "User $1 not found in LDAP"
34
35 # Allocate and create temp file
36 mktempf
37 echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
38
39 # Display entry
40 echo "# About to modify the following entry :"
41 _ldapsearch "$_ENTRY"
42
43 # Edit entry
44 echo "# Enter your modifications here, end with CTRL-D."
45 echo "dn: $_ENTRY"
46 cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
47
48 # Send modifications
49 cat "$_TMPFILE" | _ldapmodify
50 if [ $? -ne 0 ]
51 then
52 reltempf
53 end_die "Error modifying user entry $_ENTRY in LDAP"
54 fi
55 reltempf
56 end_ok "Successfully modified user entry $_ENTRY in LDAP"
+62
-0
bin/_ldappasswd less more
0 #!/bin/sh
1
2 # _ldappasswd : modifies a POSIX user account's password in LDAP
3
4 # Copyright (C) 2006 Ganaël LAPLANCHE
5 #
6 # This program is free software; you can redistribute it and/or
7 # modify it under the terms of the GNU General Public License
8 # as published by the Free Software Foundation; either version 2
9 # of the License, or (at your option) any later version.
10 #
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
15 #
16 # You should have received a copy of the GNU General Public License
17 # along with this program; if not, write to the Free Software
18 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
19 # USA.
20
21 if [ -z "$1" ]
22 then
23 echo "Usage : $0 <username | uid> [encoded password]"
24 exit 1
25 fi
26
27 # Source runtime file
28 _RUNTIMEFILE="/etc/ldapscripts/runtime"
29 . "$_RUNTIMEFILE"
30
31 # Find username : $1 must exist in LDAP !
32 _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))"
33 [ -z "$_ENTRY" ] && end_die "User $1 not found in LDAP"
34
35 if [ -z "$2" ] # Have to prompt for a *clear* password
36 then
37 echo "Changing password for user $_ENTRY"
38 echo -n "New Password: "
39 stty -echo ; read _PASSWORD ; stty echo ; echo ''
40 [ -z "$_PASSWORD" ] && end_die "Please enter a password"
41 echo -n "New Password (verify): "
42 stty -echo ; read _PASSWORD2 ; stty echo ; echo ''
43 [ "$_PASSWORD" != "$_PASSWORD2" ] && end_die "Passwords differ, please try again"
44
45 # Change the user's password
46 _changepassword "$_PASSWORD" "$_ENTRY"
47 [ $? -eq 0 ] && echo_log "Successfully set password for user $_ENTRY"
48 end_ok
49 else # Have to use the *encoded* password given on the command line
50 # Use LDIF info to modify the password
51 _PASSWORD="$2"
52 _extractldif 2 | _filterldif | _ldapmodify
53 [ $? -eq 0 ] || end_die "Error setting encoded password for user $_ENTRY"
54 end_ok "Successfully set encoded password for user $_ENTRY"
55 fi
56
57 # Ldif template ##################################
58 ##dn: <entry>
59 ##changetype: modify
60 ##replace: userPassword
61 ##userPassword: <password>
+42
-0
bin/_ldaprenamegroup less more
0 #!/bin/sh
1
2 # ldaprenamegroup : renames a POSIX group in LDAP
3
4 # Copyright (C) 2006 Ganaël LAPLANCHE
5 #
6 # This program is free software; you can redistribute it and/or
7 # modify it under the terms of the GNU General Public License
8 # as published by the Free Software Foundation; either version 2
9 # of the License, or (at your option) any later version.
10 #
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
15 #
16 # You should have received a copy of the GNU General Public License
17 # along with this program; if not, write to the Free Software
18 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
19 # USA.
20
21 if [ -z "$1" ] || [ -z "$2" ]
22 then
23 echo "Usage : $0 <old groupname | gid> <new groupname>"
24 exit 1
25 fi
26
27 # Source runtime file
28 _RUNTIMEFILE="/etc/ldapscripts/runtime"
29 . "$_RUNTIMEFILE"
30
31 # Find dest username : $2 must not exist in LDAP !
32 _findentry "$GSUFFIX,$SUFFIX" "(&(objectClass=posixGroup)(cn=$2))"
33 [ -z "$_ENTRY" ] || end_die "Group $2 already exists in LDAP"
34
35 # Find src username : $1 must exist in LDAP !
36 _findentry "$GSUFFIX,$SUFFIX" "(&(objectClass=posixGroup)(|(cn=$1)(gidNumber=$1)))"
37 [ -z "$_ENTRY" ] && end_die "Group $1 not found in LDAP"
38
39 # Rename entry
40 _ldaprename "$_ENTRY" "cn=$2" || end_die "Error renaming group $_ENTRY to $2 in LDAP"
41 end_ok "Successfully renamed group $_ENTRY to $2 in LDAP"
+42
-0
bin/_ldaprenamemachine less more
0 #!/bin/sh
1
2 # ldaprenamemachine : renames a POSIX machine account in LDAP
3
4 # Copyright (C) 2006 Ganaël LAPLANCHE
5 #
6 # This program is free software; you can redistribute it and/or
7 # modify it under the terms of the GNU General Public License
8 # as published by the Free Software Foundation; either version 2
9 # of the License, or (at your option) any later version.
10 #
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
15 #
16 # You should have received a copy of the GNU General Public License
17 # along with this program; if not, write to the Free Software
18 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
19 # USA.
20
21 if [ -z "$1" ] || [ -z "$2" ]
22 then
23 echo "Usage : $0 <old machinename with ending \$ | uid> <new machinename with ending \$>"
24 exit 1
25 fi
26
27 # Source runtime file
28 _RUNTIMEFILE="/etc/ldapscripts/runtime"
29 . "$_RUNTIMEFILE"
30
31 # Find dest machinename : $2 must not exist in LDAP !
32 _findentry "$MSUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(uid=$2))"
33 [ -z "$_ENTRY" ] || end_die "Machine $2 already exists in LDAP"
34
35 # Find src machinename : $1 must exist in LDAP !
36 _findentry "$MSUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))"
37 [ -z "$_ENTRY" ] && end_die "Machine $1 not found in LDAP (missing ending \$ ?)"
38
39 # Rename entry
40 _ldaprename "$_ENTRY" "uid=$2" || end_die "Error renaming machine $_ENTRY to $2 in LDAP"
41 end_ok "Successfully renamed machine $_ENTRY to $2 in LDAP"
+50
-0
bin/_lsldap less more
0 #!/bin/sh
1
2 # _lsldap : performs a *big* query on the LDAP directory
3
4 # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora
5 #
6 # This program is free software; you can redistribute it and/or
7 # modify it under the terms of the GNU General Public License
8 # as published by the Free Software Foundation; either version 2
9 # of the License, or (at your option) any later version.
10 #
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
15 #
16 # You should have received a copy of the GNU General Public License
17 # along with this program; if not, write to the Free Software
18 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
19 # USA.
20
21 # WARNING : this script searches the whole directory as $BINDDN...
22 # It may be *VERY* long and return a limited number of entries
23 # Always use slapcat to backup your directory !!!
24
25 if [ "$1" = "-h" ]
26 then
27 echo "Usage : $0 [[-h] | [-u | -g | -m]]"
28 exit 1
29 fi
30
31 # Source runtime file
32 _RUNTIMEFILE="/etc/ldapscripts/runtime"
33 . "$_RUNTIMEFILE"
34
35 case "$1" in
36 "-u")
37 _ldapsearch "$USUFFIX,$SUFFIX" "(objectClass=posixAccount)" || end_die "No entry found"
38 ;;
39 "-g")
40 _ldapsearch "$GSUFFIX,$SUFFIX" "(objectClass=posixGroup)" || end_die "No entry found"
41 ;;
42 "-m")
43 _ldapsearch "$MSUFFIX,$SUFFIX" "(objectClass=posixAccount)" || end_die "No entry found"
44 ;;
45 *)
46 _ldapsearch "$SUFFIX" || end_die "No entry found"
47 ;;
48 esac
49 end_ok
+61
-0
bin/ldapaddgroup less more
0 #!/bin/sh
1
2 # ldapaddgroup : adds a POSIX group entry to LDAP
3
4 # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora
5 #
6 # This program is free software; you can redistribute it and/or
7 # modify it under the terms of the GNU General Public License
8 # as published by the Free Software Foundation; either version 2
9 # of the License, or (at your option) any later version.
10 #
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
15 #
16 # You should have received a copy of the GNU General Public License
17 # along with this program; if not, write to the Free Software
18 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
19 # USA.
20
21 if [ -z "$1" ]
22 then
23 echo "Usage : $0 <groupname> [gid]"
24 exit 1
25 fi
26
27 # Source runtime file
28 _RUNTIMEFILE="/etc/ldapscripts/runtime"
29 . "$_RUNTIMEFILE"
30
31 # Group name
32 _GROUP="$1"
33 # Group GID
34 if [ -z "$2" ] # No argument, we must find a correct GID
35 then
36 _findlastgroup
37 else
38 _GID="$2"
39 fi
40
41 # Use template if necessary
42 if [ -n "$GTEMPLATE" ] && [ -r "$GTEMPLATE" ]
43 then
44 _getldif="cat $GTEMPLATE"
45 else
46 _getldif="_extractldif 2"
47 fi
48
49 # Add user to LDAP
50 $_getldif | _filterldif | _ldapadd
51
52 [ $? -eq 0 ] || end_die "Error adding group $_GROUP to LDAP"
53 end_ok "Successfully added group $_GROUP to LDAP"
54
55 # Ldif template ##################################
56 ##dn: cn=<group>,<gsuffix>,<suffix>
57 ##objectClass: posixGroup
58 ##cn: <group>
59 ##gidNumber: <gid>
60 ##description: Group account
+69
-0
bin/ldapaddmachine less more
0 #!/bin/sh
1
2 # ldapaddmachine : adds a POSIX machine (user$) account to LDAP
3
4 # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora
5 #
6 # This program is free software; you can redistribute it and/or
7 # modify it under the terms of the GNU General Public License
8 # as published by the Free Software Foundation; either version 2
9 # of the License, or (at your option) any later version.
10 #
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
15 #
16 # You should have received a copy of the GNU General Public License
17 # along with this program; if not, write to the Free Software
18 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
19 # USA.
20
21 if [ -z "$1" ] || [ -z "$2" ]
22 then
23 echo "Usage : $0 <machinename with ending \$> <groupname | gid> [uid]"
24 exit 1
25 fi
26
27 # Source runtime file
28 _RUNTIMEFILE="/etc/ldapscripts/runtime"
29 . "$_RUNTIMEFILE"
30
31 # Machine name = first argument
32 _USER="$1"
33 # Machine GID = second argument
34 _grouptogid "$2"
35 # Machine UID
36 if [ -z "$3" ] # No argument, we must find a correct UID
37 then
38 _findlastmachine
39 else
40 _UID="$3"
41 fi
42
43 # Use template if necessary
44 if [ -n "$MTEMPLATE" ] && [ -r "$MTEMPLATE" ]
45 then
46 _getldif="cat $MTEMPLATE"
47 else
48 _getldif="_extractldif 2"
49 fi
50
51 # Add user to LDAP
52 $_getldif | _filterldif | _ldapadd
53
54 [ $? -eq 0 ] || end_die "Error adding machine $_USER to LDAP"
55 end_ok "Successfully added machine $_USER to LDAP"
56
57 # Ldif template ##################################
58 ##dn: uid=<user>,<msuffix>,<suffix>
59 ##objectClass: account
60 ##objectClass: posixAccount
61 ##cn: <user>
62 ##uid: <user>
63 ##uidNumber: <uid>
64 ##gidNumber: <gid>
65 ##homeDirectory: /dev/null
66 ##loginShell: /bin/false
67 ##gecos: <user>
68 ##description: Machine account
+111
-0
bin/ldapadduser less more
0 #!/bin/sh
1
2 # ldapadduser : adds a POSIX user account to LDAP
3
4 # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora
5 #
6 # This program is free software; you can redistribute it and/or
7 # modify it under the terms of the GNU General Public License
8 # as published by the Free Software Foundation; either version 2
9 # of the License, or (at your option) any later version.
10 #
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
15 #
16 # You should have received a copy of the GNU General Public License
17 # along with this program; if not, write to the Free Software
18 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
19 # USA.
20
21 if [ -z "$1" ] || [ -z "$2" ]
22 then
23 echo "Usage : $0 <username> <groupname | gid> [uid]"
24 exit 1
25 fi
26
27 # Source runtime file
28 _RUNTIMEFILE="/etc/ldapscripts/runtime"
29 . "$_RUNTIMEFILE"
30
31 # Username = first argument
32 _USER="$1"
33 # User GID = second argument
34 _grouptogid "$2"
35 # User UID
36 if [ -z "$3" ] # No argument, we must find a correct UID
37 then
38 _findlastuser
39 else
40 _UID="$3"
41 fi
42
43 # Compute homedir
44 _HOMEDIR=`echo "$UHOMES" | sed -e "s|%u|$_USER|g"`
45
46 # Ask for a gecos if necessary
47 if is_yes "$ASKGECOS"
48 then
49 echo -n "Please enter user's full name: "
50 read _GECOS
51 else
52 _GECOS="$_USER"
53 fi
54
55 # Use template if necessary
56 if [ -n "$UTEMPLATE" ] && [ -r "$UTEMPLATE" ]
57 then
58 _getldif="cat $UTEMPLATE"
59 else
60 _getldif="_extractldif 2"
61 fi
62
63 # Add user to LDAP
64 $_getldif | _filterldif | _ldapadd
65
66 [ $? -eq 0 ] || end_die "Error adding user $_USER to LDAP"
67 echo_log "Successfully added user $_USER to LDAP"
68
69 # Generate the user's password
70 _genpassword "$_USER"
71
72 # Add the user's password
73 _changepassword "$_PASSWORD" "uid=$_USER,$USUFFIX,$SUFFIX"
74 [ $? -eq 0 ] && echo_log "Successfully set password for user $_USER"
75
76 # Create Home dir
77 if is_yes "$CREATEHOMES"
78 then
79 if [ -e "$_HOMEDIR" ]
80 then
81 echo_log "Skipped home directory creation for user $_USER (already exists)"
82 else
83 # Create home by skel or mkdir
84 if [ -d "$HOMESKEL" ]
85 then
86 cp -PR "$HOMESKEL/" "$_HOMEDIR" 2>>"$LOGFILE" 1>/dev/null
87 else
88 mkdir -p "$_HOMEDIR" 2>>"$LOGFILE" 1>/dev/null
89 fi
90
91 chmod "$HOMEPERMS" "$_HOMEDIR" 2>>"$LOGFILE" 1>/dev/null
92 chown -R "$_UID":"$_GID" "$_HOMEDIR" 2>>"$LOGFILE" 1>/dev/null
93 echo_log "Successfully created home directory for user $_USER"
94 fi
95 fi
96
97 end_ok
98
99 # Ldif template ##################################
100 ##dn: uid=<user>,<usuffix>,<suffix>
101 ##objectClass: account
102 ##objectClass: posixAccount
103 ##cn: <user>
104 ##uid: <user>
105 ##uidNumber: <uid>
106 ##gidNumber: <gid>
107 ##homeDirectory: <home>
108 ##loginShell: <shell>
109 ##gecos: <gecos>
110 ##description: User account
+49
-0
bin/ldapaddusertogroup less more
0 #!/bin/sh
1
2 # ldapaddusertogroup : adds a memberUid attribute to a POSIX group in LDAP
3
4 # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora
5 #
6 # This program is free software; you can redistribute it and/or
7 # modify it under the terms of the GNU General Public License
8 # as published by the Free Software Foundation; either version 2
9 # of the License, or (at your option) any later version.
10 #
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
15 #
16 # You should have received a copy of the GNU General Public License
17 # along with this program; if not, write to the Free Software
18 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
19 # USA.
20
21 if [ -z "$1" ] || [ -z "$2" ]
22 then
23 echo "Usage : $0 <username | uid> <groupname | gid>"
24 exit 1
25 fi
26
27 # Source runtime file
28 _RUNTIMEFILE="/etc/ldapscripts/runtime"
29 . "$_RUNTIMEFILE"
30
31 # Check username : $1
32 _uidtouser "$1"
33
34 # Check groupname : $2 must exist in LDAP !
35 _GID=`_ldapsearch "$GSUFFIX,$SUFFIX" "(&(objectClass=posixGroup)(!(memberUid=$_UID))(|(cn=$2)(gidNumber=$2)))" cn | grep "cn: " | head -n 1 | sed -e "s|cn: ||"`
36 [ -z "$_GID" ] && end_die "Group $2 not found (or $_UID already member of $2)"
37
38 # Modify group entry
39 _extractldif 2 | _filterldif | _ldapmodify
40
41 [ $? -eq 0 ] || end_die "Error adding user $_UID to group $_GID"
42 end_ok "Successfully added user $_UID to group $_GID"
43
44 # Ldif template ##################################
45 ##dn: cn=<gid>,<gsuffix>,<suffix>
46 ##changetype: modify
47 ##add: memberUid
48 ##memberUid: <uid>
+38
-0
bin/ldapdeletegroup less more
0 #!/bin/sh
1
2 # ldapdeletegroup : deletes a POSIX group account from LDAP
3
4 # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora
5 #
6 # This program is free software; you can redistribute it and/or
7 # modify it under the terms of the GNU General Public License
8 # as published by the Free Software Foundation; either version 2
9 # of the License, or (at your option) any later version.
10 #
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
15 #
16 # You should have received a copy of the GNU General Public License
17 # along with this program; if not, write to the Free Software
18 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
19 # USA.
20
21 if [ -z "$1" ]
22 then
23 echo "Usage : $0 <groupname | gid>"
24 exit 1
25 fi
26
27 # Source runtime file
28 _RUNTIMEFILE="/etc/ldapscripts/runtime"
29 . "$_RUNTIMEFILE"
30
31 # Find groupname : $1 must exist in LDAP !
32 _findentry "$GSUFFIX,$SUFFIX" "(&(objectClass=posixGroup)(|(cn=$1)(gidNumber=$1)))"
33 [ -z "$_ENTRY" ] && end_die "Group $1 not found in LDAP"
34
35 # Delete entry
36 _ldapdelete "$_ENTRY" || end_die "Error deleting group $_ENTRY from LDAP"
37 end_ok "Successfully deleted group $_ENTRY from LDAP"
+38
-0
bin/ldapdeleteuser less more
0 #!/bin/sh
1
2 # ldapdeleteuser : deletes a POSIX user account from LDAP
3
4 # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora
5 #
6 # This program is free software; you can redistribute it and/or
7 # modify it under the terms of the GNU General Public License
8 # as published by the Free Software Foundation; either version 2
9 # of the License, or (at your option) any later version.
10 #
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
15 #
16 # You should have received a copy of the GNU General Public License
17 # along with this program; if not, write to the Free Software
18 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
19 # USA.
20
21 if [ -z "$1" ]
22 then
23 echo "Usage : $0 <username | uid>"
24 exit 1
25 fi
26
27 # Source runtime file
28 _RUNTIMEFILE="/etc/ldapscripts/runtime"
29 . "$_RUNTIMEFILE"
30
31 # Find username : $1 must exist in LDAP !
32 _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))"
33 [ -z "$_ENTRY" ] && end_die "User $1 not found in LDAP"
34
35 # Delete entry
36 _ldapdelete "$_ENTRY" || end_die "Error deleting user $_ENTRY from LDAP"
37 end_ok "Successfully deleted user $_ENTRY from LDAP"
+49
-0
bin/ldapdeleteuserfromgroup less more
0 #!/bin/sh
1
2 # ldapdeleteuserfromgroup : deletes a memberUid attribute from a POSIX group in LDAP
3
4 # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora
5 #
6 # This program is free software; you can redistribute it and/or
7 # modify it under the terms of the GNU General Public License
8 # as published by the Free Software Foundation; either version 2
9 # of the License, or (at your option) any later version.
10 #
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
15 #
16 # You should have received a copy of the GNU General Public License
17 # along with this program; if not, write to the Free Software
18 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
19 # USA.
20
21 if [ -z "$1" ] || [ -z "$2" ]
22 then
23 echo "Usage : $0 <username> <groupname | gid>"
24 exit 1
25 fi
26
27 # Source runtime file
28 _RUNTIMEFILE="/etc/ldapscripts/runtime"
29 . "$_RUNTIMEFILE"
30
31 # Set username
32 _UID="$1"
33
34 # Check groupname : $2 must exist in LDAP !
35 _GID=`_ldapsearch "$GSUFFIX,$SUFFIX" "(&(objectClass=posixGroup)(memberUid=$1)(|(cn=$2)(gidNumber=$2)))" cn | grep "cn: " | head -n 1 | sed -e "s|cn: ||"`
36 [ -z "$_GID" ] && end_die "Group $2 not found (or $1 is not a member of group $2)"
37
38 # Modify group entry
39 _extractldif 2 | _filterldif | _ldapmodify
40
41 [ $? -eq 0 ] || end_die "Error deleting user $_UID from group $_GID"
42 end_ok "Successfully deleted user $_UID from group $_GID"
43
44 # Ldif template ##################################
45 ##dn: cn=<gid>,<gsuffix>,<suffix>
46 ##changetype: modify
47 ##delete: memberUid
48 ##memberUid: <uid>
+42
-0
bin/ldaprenameuser less more
0 #!/bin/sh
1
2 # ldaprenameuser : renames a POSIX user account in LDAP
3
4 # Copyright (C) 2006 Ganaël LAPLANCHE
5 #
6 # This program is free software; you can redistribute it and/or
7 # modify it under the terms of the GNU General Public License
8 # as published by the Free Software Foundation; either version 2
9 # of the License, or (at your option) any later version.
10 #
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
15 #
16 # You should have received a copy of the GNU General Public License
17 # along with this program; if not, write to the Free Software
18 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
19 # USA.
20
21 if [ -z "$1" ] || [ -z "$2" ]
22 then
23 echo "Usage : $0 <old username | uid> <new username>"
24 exit 1
25 fi
26
27 # Source runtime file
28 _RUNTIMEFILE="/etc/ldapscripts/runtime"
29 . "$_RUNTIMEFILE"
30
31 # Find dest username : $2 must not exist in LDAP !
32 _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(uid=$2))"
33 [ -z "$_ENTRY" ] || end_die "User $2 already exists in LDAP"
34
35 # Find src username : $1 must exist in LDAP !
36 _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))"
37 [ -z "$_ENTRY" ] && end_die "User $1 not found in LDAP"
38
39 # Rename entry
40 _ldaprename "$_ENTRY" "uid=$2" || end_die "Error renaming user $_ENTRY to $2 in LDAP"
41 end_ok "Successfully renamed user $_ENTRY to $2 in LDAP"
+49
-0
bin/ldapsetprimarygroup less more
0 #!/bin/sh
1
2 # ldapsetprimarygroup : modifies the gidNumber of a POSIX user or machine account in LDAP
3
4 # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora
5 #
6 # This program is free software; you can redistribute it and/or
7 # modify it under the terms of the GNU General Public License
8 # as published by the Free Software Foundation; either version 2
9 # of the License, or (at your option) any later version.
10 #
11 # This program is distributed in the hope that it will be useful,
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 # GNU General Public License for more details.
15 #
16 # You should have received a copy of the GNU General Public License
17 # along with this program; if not, write to the Free Software
18 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
19 # USA.
20
21 if [ -z "$1" ] || [ -z "$2" ]
22 then
23 echo "Usage : $0 <username | uid> <groupname | gid>"
24 exit 1
25 fi
26
27 # Source runtime file
28 _RUNTIMEFILE="/etc/ldapscripts/runtime"
29 . "$_RUNTIMEFILE"
30
31 # Check username : $1 must exist in LDAP ! Lookup base = global $SUFFIX, to work on machine and user accounts
32 _findentry "$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))"
33 [ -z "$_ENTRY" ] && end_die "User $1 not found"
34
35 # Check groupname : $2
36 _grouptogid "$2"
37
38 # Modify user entry
39 _extractldif 2 | _filterldif | _ldapmodify
40
41 [ $? -eq 0 ] || end_die "Error setting primary group for user $1 (to group $2)"
42 end_ok "Successfully set primary group for user $1 (to group $2)"
43
44 # Ldif template ##################################
45 ##dn: <entry>
46 ##changetype: modify
47 ##replace: gidNumber
48 ##gidNumber: <gid>
+5
-0
etc/ldapaddgroup.template.sample less more
0 dn: cn=<group>,<gsuffix>,<suffix>
1 objectClass: posixGroup
2 cn: <group>
3 gidNumber: <gid>
4 description: Group account
+11
-0
etc/ldapaddmachine.template.sample less more
0 dn: uid=<user>,<msuffix>,<suffix>
1 objectClass: account
2 objectClass: posixAccount
3 cn: <user>
4 uid: <user>
5 uidNumber: <uid>
6 gidNumber: <gid>
7 homeDirectory: /dev/null
8 loginShell: /bin/false
9 gecos: <user>
10 description: Machine account
+11
-0
etc/ldapadduser.template.sample less more
0 dn: uid=<user>,<usuffix>,<suffix>
1 objectClass: account
2 objectClass: posixAccount
3 cn: <user>
4 uid: <user>
5 uidNumber: <uid>
6 gidNumber: <gid>
7 homeDirectory: <home>
8 loginShell: <shell>
9 gecos: <gecos>
10 description: User account
+100
-0
etc/ldapscripts.conf less more
0 # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora
1 #
2 # This program is free software; you can redistribute it and/or
3 # modify it under the terms of the GNU General Public License
4 # as published by the Free Software Foundation; either version 2
5 # of the License, or (at your option) any later version.
6 #
7 # This program is distributed in the hope that it will be useful,
8 # but WITHOUT ANY WARRANTY; without even the implied warranty of
9 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 # GNU General Public License for more details.
11 #
12 # You should have received a copy of the GNU General Public License
13 # along with this program; if not, write to the Free Software
14 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
15 # USA.
16
17 # LDAP Configuration
18 SERVER="ldap://localhost"
19 BINDDN="cn=Manager,dc=example,dc=com"
20 # The following file contains the raw password of the binddn
21 # Create it with something like : echo -n 'secret' > $BINDPWDFILE
22 # WARNING !!!! Be careful not to make this file world-readable
23 BINDPWDFILE="/etc/ldapscripts/ldapscripts.passwd"
24 # For older versions of OpenLDAP, it is still possible to use
25 # unsecure command-line passwords by defining the following option
26 # AND commenting the previous one (BINDPWDFILE takes precedence)
27 #BINDPWD="secret"
28
29 SUFFIX="dc=example,dc=com" # Global suffix
30 GSUFFIX="ou=Groups" # Groups ou (just under $SUFFIX)
31 USUFFIX="ou=Users" # Users ou (just under $SUFFIX)
32 MSUFFIX="ou=Machines" # Machines ou (just under $SUFFIX)
33
34 # Start with these IDs *if no entry found in LDAP*
35 GIDSTART="10000" # Group ID
36 UIDSTART="10000" # User ID
37 MIDSTART="20000" # Machine ID
38
39 # User properties
40 USHELL="/bin/sh"
41 UHOMES="/home/%u" # You may use %u for username here
42 ASKGECOS="no" # Ask for user's gecos (full name) ? Prevents scripting, so the default is no.
43 CREATEHOMES="no" # Create home directories and set rights ?
44 HOMESKEL="/etc/skel" # Directory where the skeleton files are located. Ignored if undefined or nonexistant.
45 HOMEPERMS="700" # Default permissions for home directories
46
47 # User passwords generation
48 # Command-line used to generate a (random ?) password for the users (you may use %u for username here)
49 # WARNING !!!! This is evaluated, everything specified here will be run !
50 PASSWORDGEN="head -c8 /dev/random | uuencode -m - | sed -n -e '2s|=*$||;2p' | sed -e 's|+||g' -e 's|/||g'"
51 #PASSWORDGEN="echo changeme"
52 #PASSWORDGEN="echo %u"
53
54 # User passwords recording
55 # you can keep trace of generated passwords setting PASSWORDFILE and RECORDPASSWORDS
56 # (useful when performing a massive creation / net rpc vampire)
57 # WARNING !!!! DO NOT FORGET TO DELETE THE GENERATED FILE WHEN DONE !
58 # WARNING !!!! DO NOT FORGET TO TURN OFF RECORDING WHEN DONE !
59 RECORDPASSWORDS="no"
60 PASSWORDFILE="/var/log/ldapscripts_passwd.log"
61
62 # Where to log
63 LOGFILE="/var/log/ldapscripts.log"
64
65 # Temporary folder
66 TMPDIR="/tmp"
67
68 # Various binaries used within scripts
69 # Warning : the scripts also use : uuencode, date, grep, sed, cut, expr, which...
70 # Please check they are installed before using these scripts
71 # Note that many of them should come with your OS
72 LDAPSEARCHBIN="/usr/bin/ldapsearch"
73 LDAPADDBIN="/usr/bin/ldapadd"
74 LDAPDELETEBIN="/usr/bin/ldapdelete"
75 LDAPMODIFYBIN="/usr/bin/ldapmodify"
76 LDAPMODRDNBIN="/usr/bin/ldapmodrdn"
77 LDAPPASSWDBIN="/usr/bin/ldappasswd"
78
79 # Getent command to use - choose the ones used on your system. Leave blank or comment for auto-guess.
80 # GNU/Linux
81 #GETENTPWCMD="getent passwd"
82 #GETENTGRCMD="getent group"
83 # FreeBSD
84 #GETENTPWCMD="pw usershow"
85 #GETENTGRCMD="pw groupshow"
86 # Auto
87 GETENTPWCMD=""
88 GETENTGRCMD=""
89
90 # You can specify custom LDIF templates here
91 # Leave empty to use default templates
92 # See *.template.sample for default templates
93 #GTEMPLATE="/path/to/ldapaddgroup.template"
94 #UTEMPLATE="/path/to/ldapadduser.template"
95 #MTEMPLATE="/path/to/ldapaddmachine.template"
96 GTEMPLATE=""
97 UTEMPLATE=""
98 MTEMPLATE=""
99
+1
-0
etc/ldapscripts.passwd less more
0 secret
+465
-0
etc/runtime less more
0 # runtime : this file is used by the ldapscripts, it sould not be used independently
1
2 # Copyright (C) 2005 Ganaël LAPLANCHE - Linagora
3 #
4 # This program is free software; you can redistribute it and/or
5 # modify it under the terms of the GNU General Public License
6 # as published by the Free Software Foundation; either version 2
7 # of the License, or (at your option) any later version.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU General Public License
15 # along with this program; if not, write to the Free Software
16 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
17 # USA.
18
19 ### Useful functions ###
20
21 # Tests a string
22 # Input : string to test ($1)
23 # Output : true or false
24 is_yes () {
25 echo "$1" | grep -qi '^yes$'
26 }
27
28 # Tests a string
29 # Input : string to test ($1)
30 # Output : true or false
31 is_no () {
32 echo "$1" | grep -qi '^no$'
33 }
34
35 # Tests a string
36 # Input : string to test ($1)
37 # Output : true or false
38 is_uri () {
39 echo "$1" | grep -q '://'
40 }
41
42 # Tests a string
43 # Input : string to test ($1)
44 # Output : true or false
45 is_integer () {
46 echo "$1" | grep -qE '^[0-9]+$'
47 }
48
49 # Tests a string (a command name) and tells if it is built-in (true) or external (false)
50 # Input : string to test ($1)
51 # Output : true or false
52 is_builtin () {
53 type "$1" 2>/dev/null | grep -qi 'built'
54 }
55
56 # Logs a string to $LOGFILE
57 # Input : string to log ($1)
58 # Output : nothing
59 log_only () {
60 if [ -n "$1" ]
61 then
62 if [ -n "$LOGFILE" ]
63 then
64 if [ ! -w "$LOGFILE" ]
65 then
66 touch "$LOGFILE" 2>/dev/null
67 if [ $? -ne 0 ]
68 then
69 echo "Unable to create $LOGFILE, exiting..." && exit 1
70 fi
71 fi
72 echo "$1" >> "$LOGFILE"
73 fi
74 fi
75 }
76
77 # Echoes and logs a string to $LOGFILE
78 # Input : string to echo and log ($1)
79 # Output : nothing
80 echo_log () {
81 [ -n "$1" ] && echo "$1"
82 [ -n "$1" ] && log_only "$1"
83 }
84
85 # Echoes/logs $1, exits and returns 0
86 # Input : string to echo and log ($1)
87 # Output : 0
88 end_ok () {
89 [ -n "$1" ] && echo_log "$1"
90 exit 0
91 }
92
93 # Echoes/logs $1, exits and returns 1
94 # Input : string to echo and log ($1)
95 # Output : 1
96 end_die () {
97 [ -n "$1" ] && echo_log "$1"
98 exit 1
99 }
100
101 # Allocates and creates a temporary file $_TMPFILE under $TMPDIR
102 # Output : nothing
103 mktempf () {
104 # Avoid creating two temporary files (must have been released before)
105 [ -n "$_TMPFILE" ] && end_die "Error allocating temporary file $_TMPFILE"
106 # Name temp file
107 _TMPFILE="$TMPDIR/`basename $0`.`date '+%Y%m%d-%H%M%S'`.$$"
108 # Catch CTRL-C to remove $_TMPFILE
109 trap 'rm -f "$_TMPFILE" 2>/dev/null ; end_die "Interrupted - Removing temporary file $_TMPFILE"' 2
110 # Create temp file
111 _TMPMASK=`umask`
112 umask 0077
113 touch "$_TMPFILE" 2>/dev/null || end_die "Error creating temporary file $_TMPFILE"
114 umask "$_TMPMASK"
115 }
116
117 # Releases a previously allocated temporary file
118 # Output : nothing
119 reltempf () {
120 # Clean up the temporary file and restore traps
121 rm -f "$_TMPFILE" 2>/dev/null
122 # Reset traps
123 trap -
124 # Clean up name
125 _TMPFILE=''
126 }
127
128 ### LDAP functions ###
129
130 # Performs a search in the LDAP directory
131 # Input : base ($1), filter ($2), attribute to display ($3)
132 # Output : entry/entries found (stdout)
133 _ldapsearch () {
134 if [ -n "$BINDPWDFILE" ]
135 then
136 $LDAPSEARCHBIN -y "$BINDPWDFILE" -D "$BINDDN" -b "${1:-$SUFFIX}" -xH "$SERVER" -s sub -LLL "${2:-(objectclass=*)}" "${3:-*}" 2>>"$LOGFILE"
137 else
138 $LDAPSEARCHBIN -w "$BINDPWD" -D "$BINDDN" -b "${1:-$SUFFIX}" -xH "$SERVER" -s sub -LLL "${2:-(objectclass=*)}" "${3:-*}" 2>>"$LOGFILE"
139 fi
140 }
141
142 # Adds an entry to the LDAP directory
143 # Input : LDIF - entry to add (stdin)
144 # Output : nothing
145 _ldapadd () {
146 if [ -n "$BINDPWDFILE" ]
147 then
148 $LDAPADDBIN -y "$BINDPWDFILE" -D "$BINDDN" -xH "$SERVER" 2>>"$LOGFILE" 1>/dev/null
149 else
150 $LDAPADDBIN -w "$BINDPWD" -D "$BINDDN" -xH "$SERVER" 2>>"$LOGFILE" 1>/dev/null
151 fi
152 }
153
154 # Modifies an entry in the LDAP directory
155 # Input : LDIF - modification information (stdin)
156 # Output : nothing
157 _ldapmodify () {
158 if [ -n "$BINDPWDFILE" ]
159 then
160 $LDAPMODIFYBIN -y "$BINDPWDFILE" -D "$BINDDN" -xH "$SERVER" 2>>"$LOGFILE" 1>/dev/null
161 else
162 $LDAPMODIFYBIN -w "$BINDPWD" -D "$BINDDN" -xH "$SERVER" 2>>"$LOGFILE" 1>/dev/null
163 fi
164 }
165
166 # Renames an entry in the LDAP directory
167 # Input : old dn ($1), new rdn ($2)
168 # Output : nothing
169 _ldaprename () {
170 if [ -z "$1" ] || [ -z "$2" ]
171 then
172 end_die "_ldaprename : missing argument(s)"
173 else
174 if [ -n "$BINDPWDFILE" ]
175 then
176 $LDAPMODRDNBIN -y "$BINDPWDFILE" -D "$BINDDN" -xH "$SERVER" -r "$1" "$2" 2>>"$LOGFILE" 1>/dev/null
177 else
178 $LDAPMODRDNBIN -w "$BINDPWD" -D "$BINDDN" -xH "$SERVER" -r "$1" "$2" 2>>"$LOGFILE" 1>/dev/null
179 fi
180 fi
181 }
182
183 # Deletes an entry in the LDAP directory
184 # Input : dn to delete ($1)
185 # Output : nothing
186 _ldapdelete () {
187 [ -z "$1" ] && end_die "_ldapdelete : missing argument"
188 if [ -n "$BINDPWDFILE" ]
189 then
190 $LDAPDELETEBIN -y "$BINDPWDFILE" -D "$BINDDN" -xH "$SERVER" -r "$1" 2>>"$LOGFILE" 1>/dev/null
191 else
192 $LDAPDELETEBIN -w "$BINDPWD" -D "$BINDDN" -xH "$SERVER" -r "$1" 2>>"$LOGFILE" 1>/dev/null
193 fi
194 }
195
196 # Extracts LDIF information from $0 (the current script itself)
197 # selecting lines beginning with $1 occurrences of '#'
198 # Input : depth ($1)
199 # Output : extracted LDIF data (stdout)
200 _extractldif () {
201 if [ -n "$1" ] && is_integer "$1"
202 then
203 _EXTRACTDEPTH="$1"
204 else
205 echo_log "Warning : invalid depth supplied to _extractldif(), using default (2)..."
206 _EXTRACTDEPTH='2'
207 fi
208 grep -E "^#{$_EXTRACTDEPTH}[^#]*$" "$0" | sed -e 's|^#*||' 2>>"$LOGFILE"
209 }
210
211 # Filters LDIF information
212 # Input : Data to filter (stdin)
213 # Output : Filtered data (stdout)
214 _filterldif () {
215 # Allocate and create temp file
216 mktempf
217
218 # Generate filter file
219 echo "s|<group>|$_GROUP|g" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
220 echo "s|<user>|$_USER|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
221 echo "s|<uid>|$_UID|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
222 echo "s|<gid>|$_GID|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
223 echo "s|<suffix>|$SUFFIX|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
224 echo "s|<_suffix>|$_SUFFIX|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
225 echo "s|<usuffix>|$USUFFIX|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
226 echo "s|<_usuffix>|$_USUFFIX|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
227 echo "s|<msuffix>|$MSUFFIX|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
228 echo "s|<_msuffix>|$_MSUFFIX|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
229 echo "s|<gsuffix>|$GSUFFIX|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
230 echo "s|<_gsuffix>|$_GSUFFIX|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
231 echo "s|<home>|$_HOMEDIR|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
232 echo "s|<shell>|$USHELL|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
233 echo "s|<password>|$_PASSWORD|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
234 echo "s|<gecos>|$_GECOS|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
235 echo "s|<entry>|$_ENTRY|g" >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
236
237 # Use it
238 sed -f "$_TMPFILE" 2>>"$LOGFILE"
239
240 # Release temp file
241 reltempf
242 }
243
244 ### Nsswitch functions
245
246 # Converts to gid any group passed in as name/gid
247 # Input : the name or gid to convert ($1)
248 # Output : the result of the conversion ($_GID)
249 _grouptogid () {
250 [ -z "$1" ] && end_die "_grouptogid : missing argument"
251 _GID=`$GETENTGRCMD "$1" 2>/dev/null | head -n 1 | cut -d ":" -f 3`
252 if [ -z "$_GID" ]
253 then
254 _GID=`echo "$1" | grep '^[0-9]\+$'` # Check if group is a gid
255 [ -z "$_GID" ] && end_die "Cannot resolve group $1 to gid : groupname not found"
256 echo_log "Warning : gid $2 not resolved, using it anyway..."
257 fi
258 }
259
260 # Converts to name any group passed in as name/gid
261 # Input : the name or gid to convert ($1)
262 # Output : the result of the conversion ($_GID)
263 _gidtogroup () {
264 [ -z "$1" ] && end_die "_gidtogroup : missing argument"
265 _GID=`$GETENTGRCMD "$1" 2>/dev/null | head -n 1 | cut -d ":" -f 1`
266 if [ -z "$_GID" ]
267 then
268 _GID="$1"
269 echo_log "Warning : group $1 not resolved, using it anyway..."
270 fi
271 }
272
273 # Converts to uid any user passed in as name/uid
274 # Input : the name or uid to convert ($1)
275 # Output : the result of the conversion ($_UID)
276 _usertouid () {
277 [ -z "$1" ] && end_die "_usertouid : missing argument"
278 _UID=`$GETENTPWCMD "$1" 2>/dev/null | head -n 1 | cut -d ":" -f 3`
279 if [ -z "$_UID" ]
280 then
281 _UID=`echo "$1" | grep '^[0-9]\+$'` # Check if user is a UID
282 [ -z "$_UID" ] && end_die "Cannot resolve user $1 to uid : username not found"
283 echo_log "Warning : uid $1 not resolved, using it anyway..."
284 fi
285 }
286
287 # Converts to name any user passed in as name/uid
288 # Input : the name or uid to convert ($1)
289 # Output : the result of the conversion ($_UID)
290 _uidtouser () {
291 [ -z "$1" ] && end_die "_uidtouser : missing argument"
292 _UID=`$GETENTPWCMD "$1" 2>/dev/null | head -n 1 | cut -d ":" -f 1`
293 if [ -z "$_UID" ]
294 then
295 _UID="$1"
296 echo_log "Warning : user $1 not resolved, using it anyway..."
297 fi
298 }
299
300 ### LDAP advanced functions
301
302 # Finds the last group id used in LDAP
303 # Input : nothing
304 # Output : the last gid used + 1 (so the first useable gid) ($_GID)
305 _findlastgroup () {
306 _GID=`_ldapsearch "$GSUFFIX,$SUFFIX" '(objectClass=posixGroup)' gidNumber | grep "gidNumber: " | sed -e "s|gidNumber: ||" | uniq | sort -n | tail -n 1`
307 if [ -z "$_GID" ] || [ ! "$_GID" -gt "$GIDSTART" ]
308 then
309 _GID="$GIDSTART"
310 fi
311 _GID=`expr "$_GID" + 1`
312 }
313
314 # Finds the last machine id used in LDAP
315 # Input : nothing
316 # Output : the last machine id used + 1 (so the first useable machine id) ($_UID)
317 _findlastmachine () {
318 _UID=`_ldapsearch "$SUFFIX" '(objectClass=posixAccount)' uidNumber | grep "uidNumber: " | sed -e "s|uidNumber: ||" | uniq | sort -n | tail -n 1`
319 if [ -z "$_UID" ] || [ ! "$_UID" -gt "$MIDSTART" ]
320 then
321 _UID="$MIDSTART"
322 fi
323 _UID=`expr "$_UID" + 1`
324 }
325
326 # Finds the last user id used in LDAP
327 # Input : nothing
328 # Output : the last user id used + 1 (so the first useable user id) ($_UID)
329 _findlastuser () {
330 _UID=`_ldapsearch "$SUFFIX" '(objectClass=posixAccount)' uidNumber | grep "uidNumber: " | sed -e "s|uidNumber: ||" | uniq | sort -n | tail -n 1`
331 if [ -z "$_UID" ] || [ ! "$_UID" -gt "$UIDSTART" ]
332 then
333 _UID="$UIDSTART"
334 fi
335 _UID=`expr "$_UID" + 1`
336 }
337
338 # Finds a particular entry in the LDAP directory
339 # Input : base ($1), filter ($2)
340 # Output : the dn of the first matching entry found ($_ENTRY)
341 _findentry () {
342 _ENTRY=`_ldapsearch "$1" "$2" dn | grep "dn: " | head -n 1 | sed -e "s|dn: ||"`
343 }
344
345 ### Other functions ###
346
347 # Generates a password using the $PASSWORDGEN variable
348 # Input : the username related to the generation ($1)
349 # Output : the generated password ($_PASSWORD)
350 _genpassword () {
351 PASSWORDGEN=`echo "$PASSWORDGEN" | sed -e "s|%u|$1|g"`
352 _PASSWORD=`eval $PASSWORDGEN`
353 }
354
355 # Changes a password for a particular DN
356 # Input : new clear-text password ($1), user DN ($2)
357 # Output : nothing
358 _changepassword () {
359 if [ -z "$1" ] || [ -z "$2" ]
360 then
361 end_die "_changepassword : missing argument(s)"
362 else
363 if is_yes "$RECORDPASSWORDS"
364 then
365 echo "$2 : $1" >> "$PASSWORDFILE"
366 fi
367 if [ -n "$BINDPWDFILE" ]
368 then
369 ## Change password in a secure way
370 # Allocate and create temp file
371 mktempf
372 # Generate password file
373 echo "$1" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
374 # Change password
375 $LDAPPASSWDBIN -y "$BINDPWDFILE" -D "$BINDDN" -xH "$SERVER" -T "$_TMPFILE" "$2" 2>>"$LOGFILE" 1>/dev/null
376 # Release temp file
377 reltempf
378 else
379 ## Change password in the unsecure, old-fashioned way
380 $LDAPPASSWDBIN -w "$BINDPWD" -D "$BINDDN" -xH "$SERVER" -s "$1" "$2" 2>>"$LOGFILE" 1>/dev/null
381 fi
382 fi
383 }
384
385 ### Source configuration file
386
387 _CONFIGFILE="/etc/ldapscripts/ldapscripts.conf"
388 . "$_CONFIGFILE" || end_die "Unable to source configuration file ($_CONFIGFILE), exiting..."
389
390 ### Checks and defaults ###
391
392 # Check if ldap client tools are correctly configured
393 if [ ! -x "$LDAPADDBIN" ] || [ ! -x "$LDAPDELETEBIN" ] || [ ! -x "$LDAPSEARCHBIN" ] || [ ! -x "$LDAPMODIFYBIN" ] || [ ! -x "$LDAPPASSWDBIN" ] || [ ! -x "$LDAPMODRDNBIN" ]
394 then
395 end_die "You must have OpenLDAP client commands installed before running these scripts"
396 fi
397
398 # Check for bindpwd file
399 if [ ! -f "$BINDPWDFILE" ] || [ ! -r "$BINDPWDFILE" ]
400 then
401 if [ -n "$BINDPWD" ]
402 then
403 echo_log "Warning : using command-line passwords, ldapscripts may not be safe"
404 else
405 end_die "Unable to read password file $BINDPWDFILE, exiting..."
406 fi
407 fi
408
409 # Does the shell has built-in echo command ?
410 # If not, print a warning message
411 if is_builtin "echo" && is_builtin "["
412 then
413 :
414 else
415 echo_log "Warning : 'echo' or '[' (test) is not built-in, ldapscripts may not be safe"
416 fi
417
418 # Check if a full URI has been given
419 if is_uri "$SERVER"
420 then
421 :
422 else
423 SERVER="ldap://$SERVER"
424 fi
425
426 # Check homes, shell and logfile
427 UHOMES=${UHOMES:-"/dev/null"}
428 USHELL=${USHELL:-"/bin/false"}
429 LOGFILE=${LOGFILE:-"/var/log/ldapscripts.log"}
430 TMPDIR=${TMPDIR:-"/tmp"}
431
432 # Check password file if password recording set
433 if is_yes "$RECORDPASSWORDS"
434 then
435 PASSWORDFILE=${PASSWORDFILE:-"/var/log/ldapscripts_passwd.log"}
436 if [ ! -w "$PASSWORDFILE" ]
437 then
438 touch "$PASSWORDFILE" 2>/dev/null || end_die "Unable to create password log file $PASSWORDFILE, exiting..."
439 fi
440 fi
441
442 # Guess what kind of getent command to use
443 if [ -z "$GETENTPWCMD" ] || [ -z "$GETENTGRCMD" ]
444 then
445 case "`uname`" in
446 Linux*)
447 GETENTPWCMD="getent passwd"
448 GETENTGRCMD="getent group"
449 ;;
450 FreeBSD*)
451 GETENTPWCMD="pw usershow"
452 GETENTGRCMD="pw groupshow"
453 ;;
454 *)
455 GETENTPWCMD="getent passwd"
456 GETENTGRCMD="getent group"
457 ;;
458 esac
459 fi
460
461 # Record command call into logfile
462 _NOW=`date "+%D - %R"`
463 log_only ">> $_NOW : Command : $0 $*"
464
+46
-0
man/man1/_ldapdeletemachine.1 less more
0 .\" Copyright (C) 2006 Ganaël LAPLANCHE
1 .\"
2 .\" This program is free software; you can redistribute it and/or
3 .\" modify it under the terms of the GNU General Public License
4 .\" as published by the Free Software Foundation; either version 2
5 .\" of the License, or (at your option) any later version.
6 .\"
7 .\" This program is distributed in the hope that it will be useful,
8 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
9 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 .\" GNU General Public License for more details.
11 .\"
12 .\" You should have received a copy of the GNU General Public License
13 .\" along with this program; if not, write to the Free Software
14 .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
15 .\" USA.
16 .\"
17 .\" Ganael Laplanche
18 .\" ganael.laplanche@martymac.com
19 .\" http://contribs.martymac.com
20 .\"
21 .TH _ldapdeletemachine 1 "January 1, 2006"
22 .LO 1
23
24 .SH NAME
25 _ldapdeletemachine \- deletes a POSIX machine (user$) account from LDAP.
26
27 .SH SYNOPSIS
28 .B _ldapdeletemachine
29 .RB <machinename\ with\ ending\ $ | uid>
30
31 .SH OPTIONS
32 .TP
33 .B <machinename with ending $ | uid>
34 The name of the machine account (including the ending $) to delete.
35
36 .SH "SEE ALSO"
37 ldapdeleteuser(1), ldepdeletegroup(1), ldapscripts(5).
38
39 .SH AVAILABILITY
40 The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
41 The latest version of the ldapscripts is available on :
42 .B http://contribs.martymac.com
43
44 .SH BUGS
45 No bug known.
+46
-0
man/man1/_ldapfinger.1 less more
0 .\" Copyright (C) 2007 Ganaël LAPLANCHE
1 .\"
2 .\" This program is free software; you can redistribute it and/or
3 .\" modify it under the terms of the GNU General Public License
4 .\" as published by the Free Software Foundation; either version 2
5 .\" of the License, or (at your option) any later version.
6 .\"
7 .\" This program is distributed in the hope that it will be useful,
8 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
9 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 .\" GNU General Public License for more details.
11 .\"
12 .\" You should have received a copy of the GNU General Public License
13 .\" along with this program; if not, write to the Free Software
14 .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
15 .\" USA.
16 .\"
17 .\" Ganael Laplanche
18 .\" ganael.laplanche@martymac.com
19 .\" http://contribs.martymac.com
20 .\"
21 .TH _ldapfinger 1 "February 1, 2007"
22 .LO 1
23
24 .SH NAME
25 _ldapfinger \- displays a user/machine/group POSIX account's details.
26
27 .SH SYNOPSIS
28 .B _ldapfinger
29 .RB <username | machinename | groupname | uid | gid>
30
31 .SH OPTIONS
32 .TP
33 .B <username | machinename | groupname | uid | gid>
34 The name or id of the user, machine (with an ending $) or group you want to display. You may use a wildcard here to look for substrings. e.g. 'marty*' or '*mart*'.
35
36 .SH "SEE ALSO"
37 _lsldap(1), ldapscripts(5).
38
39 .SH AVAILABILITY
40 The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
41 The latest version of the ldapscripts is available on :
42 .B http://contribs.martymac.com
43
44 .SH BUGS
45 No bug known.
+52
-0
man/man1/_ldapinit.1 less more
0 .\" Copyright (C) 2006 Ganaël LAPLANCHE
1 .\"
2 .\" This program is free software; you can redistribute it and/or
3 .\" modify it under the terms of the GNU General Public License
4 .\" as published by the Free Software Foundation; either version 2
5 .\" of the License, or (at your option) any later version.
6 .\"
7 .\" This program is distributed in the hope that it will be useful,
8 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
9 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 .\" GNU General Public License for more details.
11 .\"
12 .\" You should have received a copy of the GNU General Public License
13 .\" along with this program; if not, write to the Free Software
14 .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
15 .\" USA.
16 .\"
17 .\" Ganael Laplanche
18 .\" ganael.laplanche@martymac.com
19 .\" http://contribs.martymac.com
20 .\"
21 .TH _ldapinit 1 "January 1, 2006"
22 .LO 1
23
24 .SH NAME
25 _ldapinit \- initializes the LDAP directory with a minimal tree.
26
27 .SH SYNOPSIS
28 .B _ldapinit
29 .RB [[-h] | [-r | -s]]
30
31 .SH OPTIONS
32 .TP
33 .B [-h]
34 This help.
35 .TP
36 .B [-r]
37 Create only the root DN.
38 .TP
39 .B [-s]
40 Skip root DN creation (create only regular OUs).
41
42 .SH "SEE ALSO"
43 _lsldap(1), _ldapfinger(1), ldapscripts(5).
44
45 .SH AVAILABILITY
46 The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
47 The latest version of the ldapscripts is available on :
48 .B http://contribs.martymac.com
49
50 .SH BUGS
51 No bug known.
+52
-0
man/man1/_ldapmodifygroup.1 less more
0 .\" Copyright (C) 2007 Ganaël LAPLANCHE
1 .\"
2 .\" This program is free software; you can redistribute it and/or
3 .\" modify it under the terms of the GNU General Public License
4 .\" as published by the Free Software Foundation; either version 2
5 .\" of the License, or (at your option) any later version.
6 .\"
7 .\" This program is distributed in the hope that it will be useful,
8 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
9 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 .\" GNU General Public License for more details.
11 .\"
12 .\" You should have received a copy of the GNU General Public License
13 .\" along with this program; if not, write to the Free Software
14 .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
15 .\" USA.
16 .\"
17 .\" Ganael Laplanche
18 .\" ganael.laplanche@martymac.com
19 .\" http://contribs.martymac.com
20 .\"
21 .TH _ldapmodifygroup 1 "August 22, 2007"
22 .LO 1
23
24 .SH NAME
25 _ldapmodifygroup \- modifies a POSIX group account in LDAP interactively
26
27 .SH SYNOPSIS
28 .B _ldapmodifygroup
29 .RB <groupname | gid>
30
31 .SH DESCRIPTION
32 _ldapmodifygroup first looks for the right entry to modify. Once found, the entry is presented and you
33 are prompted to enter LDIF data to modify it as you would do using a standard LDIF file and ldapmodify(1).
34 The DN of the entry being modified is already specified : just begin with a changeType attribute or any
35 other one(s) of your choice (in this case, the defaut changeType is 'modify').
36
37 .SH OPTIONS
38 .TP
39 .B <groupname | gid>
40 The name or gid of the group to modify.
41
42 .SH "SEE ALSO"
43 _ldapmodifyuser(1), _ldapmodifymachine(1), ldapscripts(5).
44
45 .SH AVAILABILITY
46 The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
47 The latest version of the ldapscripts is available on :
48 .B http://contribs.martymac.com
49
50 .SH BUGS
51 No bug known.
+52
-0
man/man1/_ldapmodifymachine.1 less more
0 .\" Copyright (C) 2007 Ganaël LAPLANCHE
1 .\"
2 .\" This program is free software; you can redistribute it and/or
3 .\" modify it under the terms of the GNU General Public License
4 .\" as published by the Free Software Foundation; either version 2
5 .\" of the License, or (at your option) any later version.
6 .\"
7 .\" This program is distributed in the hope that it will be useful,
8 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
9 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 .\" GNU General Public License for more details.
11 .\"
12 .\" You should have received a copy of the GNU General Public License
13 .\" along with this program; if not, write to the Free Software
14 .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
15 .\" USA.
16 .\"
17 .\" Ganael Laplanche
18 .\" ganael.laplanche@martymac.com
19 .\" http://contribs.martymac.com
20 .\"
21 .TH _ldapmodifymachine 1 "August 22, 2007"
22 .LO 1
23
24 .SH NAME
25 _ldapmodifymachine \- modifies a POSIX machine account in LDAP interactively
26
27 .SH SYNOPSIS
28 .B _ldapmodifymachine
29 .RB <machinename with ending $ | uid>
30
31 .SH DESCRIPTION
32 _ldapmodifymachine first looks for the right entry to modify. Once found, the entry is presented and you
33 are prompted to enter LDIF data to modify it as you would do using a standard LDIF file and ldapmodify(1).
34 The DN of the entry being modified is already specified : just begin with a changeType attribute or any
35 other one(s) of your choice (in this case, the defaut changeType is 'modify').
36
37 .SH OPTIONS
38 .TP
39 .B <machinename with ending $ | uid>
40 The name or uid of the machine to modify.
41
42 .SH "SEE ALSO"
43 _ldapmodifyuser(1), _ldapmodifygroup(1), ldapscripts(5).
44
45 .SH AVAILABILITY
46 The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
47 The latest version of the ldapscripts is available on :
48 .B http://contribs.martymac.com
49
50 .SH BUGS
51 No bug known.
+52
-0
man/man1/_ldapmodifyuser.1 less more
0 .\" Copyright (C) 2007 Ganaël LAPLANCHE
1 .\"
2 .\" This program is free software; you can redistribute it and/or
3 .\" modify it under the terms of the GNU General Public License
4 .\" as published by the Free Software Foundation; either version 2
5 .\" of the License, or (at your option) any later version.
6 .\"
7 .\" This program is distributed in the hope that it will be useful,
8 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
9 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 .\" GNU General Public License for more details.
11 .\"
12 .\" You should have received a copy of the GNU General Public License
13 .\" along with this program; if not, write to the Free Software
14 .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
15 .\" USA.
16 .\"
17 .\" Ganael Laplanche
18 .\" ganael.laplanche@martymac.com
19 .\" http://contribs.martymac.com
20 .\"
21 .TH _ldapmodifyuser 1 "August 22, 2007"
22 .LO 1
23
24 .SH NAME
25 _ldapmodifyuser \- modifies a POSIX user account in LDAP interactively
26
27 .SH SYNOPSIS
28 .B _ldapmodifyuser
29 .RB <username | uid>
30
31 .SH DESCRIPTION
32 _ldapmodifyuser first looks for the right entry to modify. Once found, the entry is presented and you
33 are prompted to enter LDIF data to modify it as you would do using a standard LDIF file and ldapmodify(1).
34 The DN of the entry being modified is already specified : just begin with a changeType attribute or any
35 other one(s) of your choice (in this case, the defaut changeType is 'modify').
36
37 .SH OPTIONS
38 .TP
39 .B <username | uid>
40 The name or uid of the user to modify.
41
42 .SH "SEE ALSO"
43 _ldapmodifygroup(1), _ldapmodifymachine(1), ldapscripts(5).
44
45 .SH AVAILABILITY
46 The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
47 The latest version of the ldapscripts is available on :
48 .B http://contribs.martymac.com
49
50 .SH BUGS
51 No bug known.
+57
-0
man/man1/_ldappasswd.1 less more
0 .\" Copyright (C) 2006 Ganaël LAPLANCHE
1 .\"
2 .\" This program is free software; you can redistribute it and/or
3 .\" modify it under the terms of the GNU General Public License
4 .\" as published by the Free Software Foundation; either version 2
5 .\" of the License, or (at your option) any later version.
6 .\"
7 .\" This program is distributed in the hope that it will be useful,
8 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
9 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 .\" GNU General Public License for more details.
11 .\"
12 .\" You should have received a copy of the GNU General Public License
13 .\" along with this program; if not, write to the Free Software
14 .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
15 .\" USA.
16 .\"
17 .\" Ganael Laplanche
18 .\" ganael.laplanche@martymac.com
19 .\" http://contribs.martymac.com
20 .\"
21 .TH _ldappasswd 1 "November 1, 2006"
22 .LO 1
23
24 .SH NAME
25 _ldappasswd \- modifies a POSIX user account's password in LDAP.
26
27 .SH SYNOPSIS
28 .B _ldappasswd
29 .RB <username | uid>
30 .RB [encoded password]
31
32 .SH OPTIONS
33 .TP
34 .B <username | uid>
35 The name or uid of the user whose password has to be modified.
36 .TP
37 .B [encoded password]
38 If specified this way, the password will be copied verbatim into the LDAP directory. If not specified, you will
39 be prompted for a password that will be changed using the ldappasswd(1) command.
40
41 .SH "SEE ALSO"
42 _ldapfinger(1), ldapscripts(5).
43
44 .SH AVAILABILITY
45 The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
46 The latest version of the ldapscripts is available on :
47 .B http://contribs.martymac.com
48
49 .SH LIMITATIONS
50 When used interactively, passwords generated with this command are propagated with the ldappasswd(1) command.
51 Thus, the resulting format depends on the 'password-hash' option of your server's slapd.conf(5) file.
52
53 You can always force an encoded password (using the hash format of your choice) by specifying it on the command line.
54
55 .SH BUGS
56 No bug known.
+50
-0
man/man1/_ldaprenamegroup.1 less more
0 .\" Copyright (C) 2006 Ganaël LAPLANCHE
1 .\"
2 .\" This program is free software; you can redistribute it and/or
3 .\" modify it under the terms of the GNU General Public License
4 .\" as published by the Free Software Foundation; either version 2
5 .\" of the License, or (at your option) any later version.
6 .\"
7 .\" This program is distributed in the hope that it will be useful,
8 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
9 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 .\" GNU General Public License for more details.
11 .\"
12 .\" You should have received a copy of the GNU General Public License
13 .\" along with this program; if not, write to the Free Software
14 .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
15 .\" USA.
16 .\"
17 .\" Ganael Laplanche
18 .\" ganael.laplanche@martymac.com
19 .\" http://contribs.martymac.com
20 .\"
21 .TH _ldaprenamegroup 1 "January 1, 2006"
22 .LO 1
23
24 .SH NAME
25 _ldaprenamegroup \- renames a POSIX group in LDAP.
26
27 .SH SYNOPSIS
28 .B _ldaprenamegroup
29 .RB <old\ groupname | gid>
30 .RB <new\ groupname>
31
32 .SH OPTIONS
33 .TP
34 .B <old groupname | gid>
35 The old name or gid of the group to rename.
36 .TP
37 .B <new groupname>
38 The new name of the group.
39
40 .SH "SEE ALSO"
41 ldaprenameuser(1), _ldaprenamemachine(1), ldapscripts(5).
42
43 .SH AVAILABILITY
44 The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
45 The latest version of the ldapscripts is available on :
46 .B http://contribs.martymac.com
47
48 .SH BUGS
49 No bug known.
+53
-0
man/man1/_ldaprenamemachine.1 less more
0 .\" Copyright (C) 2006 Ganaël LAPLANCHE
1 .\"
2 .\" This program is free software; you can redistribute it and/or
3 .\" modify it under the terms of the GNU General Public License
4 .\" as published by the Free Software Foundation; either version 2
5 .\" of the License, or (at your option) any later version.
6 .\"
7 .\" This program is distributed in the hope that it will be useful,
8 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
9 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 .\" GNU General Public License for more details.
11 .\"
12 .\" You should have received a copy of the GNU General Public License
13 .\" along with this program; if not, write to the Free Software
14 .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
15 .\" USA.
16 .\"
17 .\" Ganael Laplanche
18 .\" ganael.laplanche@martymac.com
19 .\" http://contribs.martymac.com
20 .\"
21 .TH _ldaprenamemachine 1 "January 1, 2006"
22 .LO 1
23
24 .SH NAME
25 _ldaprenamemachine \- renames a POSIX machine account in LDAP.
26
27 .SH SYNOPSIS
28 .B _ldaprenamemachine
29 .RB <old\ machinename\ with\ ending\ $ | uid>
30 .RB <new\ machinename\ with\ ending\ $>
31
32 .SH OPTIONS
33 .TP
34 .B <old machinename with ending $ | uid>
35 The old name or uid of the machine to rename.
36 .TP
37 .B <new machinename with ending $>
38 The new name of the machine.
39
40 .SH "SEE ALSO"
41 ldaprenameuser(1), _ldaprenamegroup(1), ldapscripts(5).
42
43 .SH AVAILABILITY
44 The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
45 The latest version of the ldapscripts is available on :
46 .B http://contribs.martymac.com
47
48 .SH LIMITATIONS
49 Group entries will NOT be updated. This means several groups may contain machines that NO LONGER exist after having renamed a machine.
50
51 .SH BUGS
52 No bug known.
+55
-0
man/man1/_lsldap.1 less more
0 .\" Copyright (C) 2006 Ganaël LAPLANCHE
1 .\"
2 .\" This program is free software; you can redistribute it and/or
3 .\" modify it under the terms of the GNU General Public License
4 .\" as published by the Free Software Foundation; either version 2
5 .\" of the License, or (at your option) any later version.
6 .\"
7 .\" This program is distributed in the hope that it will be useful,
8 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
9 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 .\" GNU General Public License for more details.
11 .\"
12 .\" You should have received a copy of the GNU General Public License
13 .\" along with this program; if not, write to the Free Software
14 .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
15 .\" USA.
16 .\"
17 .\" Ganael Laplanche
18 .\" ganael.laplanche@martymac.com
19 .\" http://contribs.martymac.com
20 .\"
21 .TH _lsldap 1 "January 1, 2006"
22 .LO 1
23
24 .SH NAME
25 _lsldap \- performs a *big* query on the LDAP directory.
26
27 .SH SYNOPSIS
28 .B _lsldap
29 .RB [[-h] | [-u | -g | -m]]
30
31 .SH OPTIONS
32 .TP
33 .B [-h]
34 This help.
35 .TP
36 .B [-u]
37 List users only (by default, try to list the whole directory).
38 .TP
39 .B [-g]
40 List groups only (by default, try to list the whole directory).
41 .TP
42 .B [-m]
43 List machines only (by default, try to list the whole directory).
44
45 .SH "SEE ALSO"
46 _ldapfinger(1), ldapscripts(5).
47
48 .SH AVAILABILITY
49 The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
50 The latest version of the ldapscripts is available on :
51 .B http://contribs.martymac.com
52
53 .SH BUGS
54 No bug known.
+50
-0
man/man1/ldapaddgroup.1 less more
0 .\" Copyright (C) 2006 Ganaël LAPLANCHE
1 .\"
2 .\" This program is free software; you can redistribute it and/or
3 .\" modify it under the terms of the GNU General Public License
4 .\" as published by the Free Software Foundation; either version 2
5 .\" of the License, or (at your option) any later version.
6 .\"
7 .\" This program is distributed in the hope that it will be useful,
8 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
9 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 .\" GNU General Public License for more details.
11 .\"
12 .\" You should have received a copy of the GNU General Public License
13 .\" along with this program; if not, write to the Free Software
14 .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
15 .\" USA.
16 .\"
17 .\" Ganael Laplanche
18 .\" ganael.laplanche@martymac.com
19 .\" http://contribs.martymac.com
20 .\"
21 .TH ldapaddgroup 1 "January 1, 2006"
22 .LO 1
23
24 .SH NAME
25 ldapaddgroup \- adds a POSIX group entry to LDAP.
26
27 .SH SYNOPSIS
28 .B ldapaddgroup
29 .RB <groupname>
30 .RB [gid]
31
32 .SH OPTIONS
33 .TP
34 .B <groupname>
35 The name of the group to add.
36 .TP
37 .B [gid]
38 The gid of the group to add. Automatically computed if not specified.
39
40 .SH "SEE ALSO"
41 ldapadduser(1), ldapaddmachine(1), ldapscripts(5).
42
43 .SH AVAILABILITY
44 The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
45 The latest version of the ldapscripts is available on :
46 .B http://contribs.martymac.com
47
48 .SH BUGS
49 No bug known.
+54
-0
man/man1/ldapaddmachine.1 less more
0 .\" Copyright (C) 2006 Ganaël LAPLANCHE
1 .\"
2 .\" This program is free software; you can redistribute it and/or
3 .\" modify it under the terms of the GNU General Public License
4 .\" as published by the Free Software Foundation; either version 2
5 .\" of the License, or (at your option) any later version.
6 .\"
7 .\" This program is distributed in the hope that it will be useful,
8 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
9 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 .\" GNU General Public License for more details.
11 .\"
12 .\" You should have received a copy of the GNU General Public License
13 .\" along with this program; if not, write to the Free Software
14 .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
15 .\" USA.
16 .\"
17 .\" Ganael Laplanche
18 .\" ganael.laplanche@martymac.com
19 .\" http://contribs.martymac.com
20 .\"
21 .TH ldapaddmachine 1 "January 1, 2006"
22 .LO 1
23
24 .SH NAME
25 ldapaddmachine \- adds a POSIX machine (user$) account to LDAP.
26
27 .SH SYNOPSIS
28 .B ldapaddmachine
29 .RB <machinename\ with\ ending\ $>
30 .RB <groupname | gid>
31 .RB [uid]
32
33 .SH OPTIONS
34 .TP
35 .B <machinename with ending $>
36 The name of the machine to add. It must include the ending dollar (the famous win32 machine name specification).
37 .TP
38 .B <groupname | gid>
39 The group name or the gid of the machine to add.
40 .TP
41 .B [uid]
42 The uid of the machine to add. Automatically computed if not specified.
43
44 .SH "SEE ALSO"
45 ldapadduser(1), ldapaddgroup(1), ldapscripts(5).
46
47 .SH AVAILABILITY
48 The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
49 The latest version of the ldapscripts is available on :
50 .B http://contribs.martymac.com
51
52 .SH BUGS
53 No bug known.
+54
-0
man/man1/ldapadduser.1 less more
0 .\" Copyright (C) 2006 Ganaël LAPLANCHE
1 .\"
2 .\" This program is free software; you can redistribute it and/or
3 .\" modify it under the terms of the GNU General Public License
4 .\" as published by the Free Software Foundation; either version 2
5 .\" of the License, or (at your option) any later version.
6 .\"
7 .\" This program is distributed in the hope that it will be useful,
8 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
9 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 .\" GNU General Public License for more details.
11 .\"
12 .\" You should have received a copy of the GNU General Public License
13 .\" along with this program; if not, write to the Free Software
14 .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
15 .\" USA.
16 .\"
17 .\" Ganael Laplanche
18 .\" ganael.laplanche@martymac.com
19 .\" http://contribs.martymac.com
20 .\"
21 .TH ldapadduser 1 "January 1, 2006"
22 .LO 1
23
24 .SH NAME
25 ldapadduser \- adds a POSIX user account to LDAP.
26
27 .SH SYNOPSIS
28 .B ldapadduser
29 .RB <username>
30 .RB <groupname | gid>
31 .RB [uid]
32
33 .SH OPTIONS
34 .TP
35 .B <username>
36 The name of the user to add.
37 .TP
38 .B <groupname | gid>
39 The group name or the gid of the user to add.
40 .TP
41 .B [uid]
42 The uid of the user to add. Automatically computed if not specified.
43
44 .SH "SEE ALSO"
45 ldapaddgroup(1), ldapaddmachine(1), ldapscripts(5).
46
47 .SH AVAILABILITY
48 The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
49 The latest version of the ldapscripts is available on :
50 .B http://contribs.martymac.com
51
52 .SH BUGS
53 No bug known.
+50
-0
man/man1/ldapaddusertogroup.1 less more
0 .\" Copyright (C) 2006 Ganaël LAPLANCHE
1 .\"
2 .\" This program is free software; you can redistribute it and/or
3 .\" modify it under the terms of the GNU General Public License
4 .\" as published by the Free Software Foundation; either version 2
5 .\" of the License, or (at your option) any later version.
6 .\"
7 .\" This program is distributed in the hope that it will be useful,
8 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
9 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 .\" GNU General Public License for more details.
11 .\"
12 .\" You should have received a copy of the GNU General Public License
13 .\" along with this program; if not, write to the Free Software
14 .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
15 .\" USA.
16 .\"
17 .\" Ganael Laplanche
18 .\" ganael.laplanche@martymac.com
19 .\" http://contribs.martymac.com
20 .\"
21 .TH ldapaddusertogroup 1 "January 1, 2006"
22 .LO 1
23
24 .SH NAME
25 ldapaddusertogroup \- adds a memberUid attribute to a POSIX group in LDAP.
26
27 .SH SYNOPSIS
28 .B ldapaddusertogroup
29 .RB <username | uid>
30 .RB <groupname | gid>
31
32 .SH OPTIONS
33 .TP
34 .B <username | uid>
35 The name or the uid of the user to add. It can be a machine name (with an ending $) or a user name.
36 .TP
37 .B <groupname | gid>
38 The name or the gid of the group that should welcome the new user.
39
40 .SH "SEE ALSO"
41 ldapdeleteuserfromgroup(1), ldapsetprimarygroup(1), ldapscripts(5).
42
43 .SH AVAILABILITY
44 The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
45 The latest version of the ldapscripts is available on :
46 .B http://contribs.martymac.com
47
48 .SH BUGS
49 No bug known
+49
-0
man/man1/ldapdeletegroup.1 less more
0 .\" Copyright (C) 2006 Ganaël LAPLANCHE
1 .\"
2 .\" This program is free software; you can redistribute it and/or
3 .\" modify it under the terms of the GNU General Public License
4 .\" as published by the Free Software Foundation; either version 2
5 .\" of the License, or (at your option) any later version.
6 .\"
7 .\" This program is distributed in the hope that it will be useful,
8 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
9 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 .\" GNU General Public License for more details.
11 .\"
12 .\" You should have received a copy of the GNU General Public License
13 .\" along with this program; if not, write to the Free Software
14 .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
15 .\" USA.
16 .\"
17 .\" Ganael Laplanche
18 .\" ganael.laplanche@martymac.com
19 .\" http://contribs.martymac.com
20 .\"
21 .TH ldapdeletegroup 1 "January 1, 2006"
22 .LO 1
23
24 .SH NAME
25 ldapdeletegroup \- deletes a POSIX group account from LDAP.
26
27 .SH SYNOPSIS
28 .B ldapdeletegroup
29 .RB <groupname | gid>
30
31 .SH OPTIONS
32 .TP
33 .B <groupname | gid>
34 The name or gid of the group to delete.
35
36 .SH "SEE ALSO"
37 ldapdeleteuser(1), _ldapdeletemachine(1), ldapscripts(5).
38
39 .SH AVAILABILITY
40 The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
41 The latest version of the ldapscripts is available on :
42 .B http://contribs.martymac.com
43
44 .SH LIMITATIONS
45 A user's primary group can be deleted ; the user entry will NOT be updated. This means the user will belong to a group that not longer exists.
46
47 .SH BUGS
48 No bug known.
+46
-0
man/man1/ldapdeleteuser.1 less more
0 .\" Copyright (C) 2006 Ganaël LAPLANCHE
1 .\"
2 .\" This program is free software; you can redistribute it and/or
3 .\" modify it under the terms of the GNU General Public License
4 .\" as published by the Free Software Foundation; either version 2
5 .\" of the License, or (at your option) any later version.
6 .\"
7 .\" This program is distributed in the hope that it will be useful,
8 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
9 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 .\" GNU General Public License for more details.
11 .\"
12 .\" You should have received a copy of the GNU General Public License
13 .\" along with this program; if not, write to the Free Software
14 .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
15 .\" USA.
16 .\"
17 .\" Ganael Laplanche
18 .\" ganael.laplanche@martymac.com
19 .\" http://contribs.martymac.com
20 .\"
21 .TH ldapdeleteuser 1 "January 1, 2006"
22 .LO 1
23
24 .SH NAME
25 ldapdeleteuser \- deletes a POSIX user account from LDAP.
26
27 .SH SYNOPSIS
28 .B ldapdeleteuser
29 .RB <username | uid>
30
31 .SH OPTIONS
32 .TP
33 .B <username | uid>
34 The name or uid of the user to delete.
35
36 .SH "SEE ALSO"
37 ldapdeletegroup(1), _ldapdeletemachine(1), ldapscripts(5).
38
39 .SH AVAILABILITY
40 The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
41 The latest version of the ldapscripts is available on :
42 .B http://contribs.martymac.com
43
44 .SH BUGS
45 No bug known.
+50
-0
man/man1/ldapdeleteuserfromgroup.1 less more
0 .\" Copyright (C) 2006 Ganaël LAPLANCHE
1 .\"
2 .\" This program is free software; you can redistribute it and/or
3 .\" modify it under the terms of the GNU General Public License
4 .\" as published by the Free Software Foundation; either version 2
5 .\" of the License, or (at your option) any later version.
6 .\"
7 .\" This program is distributed in the hope that it will be useful,
8 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
9 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 .\" GNU General Public License for more details.
11 .\"
12 .\" You should have received a copy of the GNU General Public License
13 .\" along with this program; if not, write to the Free Software
14 .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
15 .\" USA.
16 .\"
17 .\" Ganael Laplanche
18 .\" ganael.laplanche@martymac.com
19 .\" http://contribs.martymac.com
20 .\"
21 .TH ldapdeleteuserfromgroup 1 "January 1, 2006"
22 .LO 1
23
24 .SH NAME
25 ldapdeleteuserfromgroup \- deletes a memberUid attribute from a POSIX group in LDAP.
26
27 .SH SYNOPSIS
28 .B ldapdeleteuserfromgroup
29 .RB <username>
30 .RB <groupname | gid>
31
32 .SH OPTIONS
33 .TP
34 .B <username>
35 The name of the user to delete. It can be a machine name (with an ending $) or a user name.
36 .TP
37 .B <groupname | gid>
38 The name or the gid of the group that should say goodbye to the user.
39
40 .SH "SEE ALSO"
41 ldapaddusertogroup(1), ldapsetprimarygroup(1), ldapscripts(5).
42
43 .SH AVAILABILITY
44 The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
45 The latest version of the ldapscripts is available on :
46 .B http://contribs.martymac.com
47
48 .SH BUGS
49 No bug known.
+53
-0
man/man1/ldaprenameuser.1 less more
0 .\" Copyright (C) 2006 Ganaël LAPLANCHE
1 .\"
2 .\" This program is free software; you can redistribute it and/or
3 .\" modify it under the terms of the GNU General Public License
4 .\" as published by the Free Software Foundation; either version 2
5 .\" of the License, or (at your option) any later version.
6 .\"
7 .\" This program is distributed in the hope that it will be useful,
8 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
9 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 .\" GNU General Public License for more details.
11 .\"
12 .\" You should have received a copy of the GNU General Public License
13 .\" along with this program; if not, write to the Free Software
14 .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
15 .\" USA.
16 .\"
17 .\" Ganael Laplanche
18 .\" ganael.laplanche@martymac.com
19 .\" http://contribs.martymac.com
20 .\"
21 .TH _ldaprenameuser 1 "January 1, 2006"
22 .LO 1
23
24 .SH NAME
25 _ldaprenameuser \- renames a POSIX user account in LDAP.
26
27 .SH SYNOPSIS
28 .B _ldaprenameuser
29 .RB <old\ username | uid>
30 .RB <new\ username>
31
32 .SH OPTIONS
33 .TP
34 .B <old username | uid>
35 The old name or uid of the user to rename.
36 .TP
37 .B <new username>
38 The new name of the user.
39
40 .SH "SEE ALSO"
41 _ldaprenamegroup(1), _ldaprenamemachine(1), ldapscripts(5).
42
43 .SH AVAILABILITY
44 The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
45 The latest version of the ldapscripts is available on :
46 .B http://contribs.martymac.com
47
48 .SH LIMITATIONS
49 Group entries will NOT be updated. This means several groups may contain users that NO LONGER exist after having renamed a user. Home directories are NOT renamed (neither in he LDAP directory, nor on the filesystem).
50
51 .SH BUGS
52 No bug known.
+50
-0
man/man1/ldapsetprimarygroup.1 less more
0 .\" Copyright (C) 2006 Ganaël LAPLANCHE
1 .\"
2 .\" This program is free software; you can redistribute it and/or
3 .\" modify it under the terms of the GNU General Public License
4 .\" as published by the Free Software Foundation; either version 2
5 .\" of the License, or (at your option) any later version.
6 .\"
7 .\" This program is distributed in the hope that it will be useful,
8 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
9 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 .\" GNU General Public License for more details.
11 .\"
12 .\" You should have received a copy of the GNU General Public License
13 .\" along with this program; if not, write to the Free Software
14 .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
15 .\" USA.
16 .\"
17 .\" Ganael Laplanche
18 .\" ganael.laplanche@martymac.com
19 .\" http://contribs.martymac.com
20 .\"
21 .TH ldapsetprimarygroup 1 "January 1, 2006"
22 .LO 1
23
24 .SH NAME
25 ldapsetprimarygroup \- modifies the gidNumber of a POSIX user or machine account in LDAP (sets a user's primary group in LDAP).
26
27 .SH SYNOPSIS
28 .B ldapsetprimarygroup
29 .RB <username | uid>
30 .RB <groupname | gid>
31
32 .SH OPTIONS
33 .TP
34 .B <username | uid>
35 The name or uid of the user to modify.
36 .TP
37 .B <groupname | gid>
38 The new primary group name or gid of the specified user.
39
40 .SH "SEE ALSO"
41 ldapaddusertogroup(1), ldapdeleteuserfromgroup(1), ldapscripts(5).
42
43 .SH AVAILABILITY
44 The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
45 The latest version of the ldapscripts is available on :
46 .B http://contribs.martymac.com
47
48 .SH BUGS
49 No bug known.
+65
-0
man/man5/ldapscripts.5 less more
0 .\" Copyright (C) 2006 Ganaël LAPLANCHE
1 .\"
2 .\" This program is free software; you can redistribute it and/or
3 .\" modify it under the terms of the GNU General Public License
4 .\" as published by the Free Software Foundation; either version 2
5 .\" of the License, or (at your option) any later version.
6 .\"
7 .\" This program is distributed in the hope that it will be useful,
8 .\" but WITHOUT ANY WARRANTY; without even the implied warranty of
9 .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 .\" GNU General Public License for more details.
11 .\"
12 .\" You should have received a copy of the GNU General Public License
13 .\" along with this program; if not, write to the Free Software
14 .\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
15 .\" USA.
16 .\"
17 .\" Ganael Laplanche
18 .\" ganael.laplanche@martymac.com
19 .\" http://contribs.martymac.com
20 .\"
21 .TH ldapscripts 5 "January 1, 2006"
22 .LO 1
23
24 .SH NAME
25 ldapscripts \- Scripts to manage POSIX accounts in your LDAP directory.
26
27 .SH DESCRIPTION
28 The ldapscripts are a set of shell (sh) scripts to manage POSIX accounts in an OpenLDAP directory. They can be used as standalone tools or within Samba's smb.conf file. Each scripts matches a specific smb.conf option, except those beginning with an underscore ("_"), which are just "useful".
29
30 .SH REQUIREMENTS
31 The main requirements are the OpenLDAP client tools (ldapadd, ldapsearch, ldapdelete, ...). Other commands are called in the scripts but shoud come with your distro (sed, grep, cut, ...).
32
33 .SH CONFIGURATION
34 The main configuration of the ldapscripts is usually the /etc/ldapscripts/ldapscripts.conf file (or /usr/local/etc/ldapscripts/ldapscripts.conf, depending on your system). Modify it to fit your needs before using the scripts. Each script also uses a "runtime" file, usually /etc/ldapscripts/runtime (or /usr/local/etc/ldapscripts/runtime). You don't need to modify this file.
35
36 .SH "USING AS STANDALONE TOOLS"
37 The scripts can be used as standard command-line tools. Just call the script using correct arguments. Check the man page of the script or call it without any argument to get help.
38
39 .SH "USING WITH SAMBA"
40 As I've already explained, each script is designed to fit one configuration option of Samba. Modify you smb.conf file to call the scripts :
41
42 .nf
43 # [...]
44 add machine script = /usr/local/bin/ldapaddmachine '%u' sambamachines
45 add user script = /usr/local/bin/ldapadduser '%u' sambausers
46 add group script = /usr/local/bin/ldapaddgroup '%g'
47 add user to group script = /usr/local/bin/ldapaddusertogroup '%u' '%g'
48 delete user script = /usr/local/bin/ldapdeleteuser '%u'
49 delete group script = /usr/local/bin/ldapdeletegroup '%g'
50 delete user from group script = /usr/local/bin/ldapdeleteuserfromgroup '%u' '%g'
51 set primary group script = /usr/local/bin/ldapsetprimarygroup '%u' '%g'
52 rename user script = /usr/local/bin/ldaprenameuser '%uold' '%unew'
53 # [...]
54
55 .SH "SEE ALSO"
56 _ldapdeletemachine(1), _ldapmodifymachine(1), _ldaprenamemachine(1), ldapadduser(1), ldapdeleteuserfromgroup(1),
57 _ldapfinger(1), _ldapmodifyuser(1), _lsldap(1), ldapaddusertogroup(1), ldaprenameuser(1), _ldapinit(1),
58 _ldappasswd(1), ldapaddgroup(1), ldapdeletegroup(1), ldapsetprimarygroup(1), _ldapmodifygroup(1), _ldaprenamegroup(1),
59 ldapaddmachine(1), ldapdeleteuser(1).
60
61 .SH AVAILABILITY
62 The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
63 The latest version of the ldapscripts is available on :
64 .B http://contribs.martymac.com