tools/rc-new-ldap-user

#!/bin/sh

set -e

LDAP_SERVER='ldaps://ldap1.recycled.cloud'
LDAP_BASE_DN='ou=users,dc=recycled,dc=cloud'
LDAP_BIND_DN='cn=admin,dc=recycled,dc=cloud'
DEFAULT_GROUP_UID_NUMBER=10000

for executable in ldapsearch slappasswd ldapadd sed; do
	if ! command -v $executable >> /dev/null; then
		echo "The $executable command is not available. Exiting." >&2
		exit 1
	fi
done

# Default user details to quiet shellcheck (FIXME?).
uid=""
mail=""
given_name=""
sn=""
password=""

# Prompt for user details.
for input in uid mail given_name sn password; do
	printf "Please enter %s for new user: " $input
	read -r ${input?}
done

# Prompt for admin credentials.
printf "\nPlease enter password for %s: " $LDAP_BIND_DN
read -r ldap_bind_password

# Determine the user's uidNumber
last_uid_number=$(ldapsearch -x -H $LDAP_SERVER -b $LDAP_BASE_DN \
	-D $LDAP_BIND_DN -w "$ldap_bind_password" '(objectClass=posixAccount)' \
	uidNumber | grep uidNumber | sed "s|uidNumber: ||" | sort -n | tail -n 1)
next_uid_number=$(( "$last_uid_number" + 1))

# Compute CN and hash password.
cn="$given_name $sn"
hashed_password=$(slappasswd -s "$password")

# Generate new user, and ask for user-validation.
ldif=$(cat << EOF
dn: uid=$uid,ou=users,dc=recycled,dc=cloud
objectClass: inetOrgPerson
objectClass: posixAccount
cn: $cn
displayName: $cn
gidNumber: $DEFAULT_GROUP_UID_NUMBER
givenName: $given_name
homeDirectory: /home/$uid
mail: $mail
sn: $sn
uid: $uid
uidNumber: $next_uid_number
userPassword: $hashed_password
EOF
)

echo """
::: Generated LDIF :::

$ldif

::: ENTER to insert into database, Ctrl+C to abort :::

"""

read -r # Only used to pause execution until user input is received.

printf 'Executing ldapdd... '
echo "$ldif" | ldapadd -x -H $LDAP_SERVER -D $LDAP_BIND_DN -w "$ldap_bind_password"
echo "DONE."
Add new rc-new-ldap-user script 2020-11-05 11:22:31 +01:00			`#!/bin/sh`

			`set -e`

			`LDAP_SERVER='ldaps://ldap1.recycled.cloud'`
			`LDAP_BASE_DN='ou=users,dc=recycled,dc=cloud'`
			`LDAP_BIND_DN='cn=admin,dc=recycled,dc=cloud'`
			`DEFAULT_GROUP_UID_NUMBER=10000`

			`for executable in ldapsearch slappasswd ldapadd sed; do`
			`if ! command -v $executable >> /dev/null; then`
			`echo "The $executable command is not available. Exiting." >&2`
			`exit 1`
			`fi`
			`done`

			`# Default user details to quiet shellcheck (FIXME?).`
			`uid=""`
			`mail=""`
			`given_name=""`
			`sn=""`
			`password=""`

			`# Prompt for user details.`
			`for input in uid mail given_name sn password; do`
			`printf "Please enter %s for new user: " $input`
			`read -r ${input?}`
			`done`

			`# Prompt for admin credentials.`
			`printf "\nPlease enter password for %s: " $LDAP_BIND_DN`
			`read -r ldap_bind_password`

			`# Determine the user's uidNumber`
			`last_uid_number=$(ldapsearch -x -H $LDAP_SERVER -b $LDAP_BASE_DN \`
			`-D $LDAP_BIND_DN -w "$ldap_bind_password" '(objectClass=posixAccount)' \`
			`uidNumber \| grep uidNumber \| sed "s\|uidNumber: \|\|" \| sort -n \| tail -n 1)`
			`next_uid_number=$(( "$last_uid_number" + 1))`

			`# Compute CN and hash password.`
			`cn="$given_name $sn"`
			`hashed_password=$(slappasswd -s "$password")`

			`# Generate new user, and ask for user-validation.`
			`ldif=$(cat << EOF`
			`dn: uid=$uid,ou=users,dc=recycled,dc=cloud`
			`objectClass: inetOrgPerson`
			`objectClass: posixAccount`
			`cn: $cn`
			`displayName: $cn`
			`gidNumber: $DEFAULT_GROUP_UID_NUMBER`
			`givenName: $given_name`
			`homeDirectory: /home/$uid`
			`mail: $mail`
			`sn: $sn`
			`uid: $uid`
			`uidNumber: $next_uid_number`
			`userPassword: $hashed_password`
			`EOF`
			`)`

			`echo """`
			`::: Generated LDIF :::`

			`$ldif`

			`::: ENTER to insert into database, Ctrl+C to abort :::`

			`"""`

			`read -r # Only used to pause execution until user input is received.`

			`printf 'Executing ldapdd... '`
			`echo "$ldif" \| ldapadd -x -H $LDAP_SERVER -D $LDAP_BIND_DN -w "$ldap_bind_password"`
			`echo "DONE."`