2020-11-05 11:22:31 +01:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
LDAP_SERVER='ldaps://ldap1.recycled.cloud'
|
|
|
|
LDAP_BASE_DN='ou=users,dc=recycled,dc=cloud'
|
|
|
|
LDAP_BIND_DN='cn=admin,dc=recycled,dc=cloud'
|
|
|
|
DEFAULT_GROUP_UID_NUMBER=10000
|
|
|
|
|
|
|
|
for executable in ldapsearch slappasswd ldapadd sed; do
|
|
|
|
if ! command -v $executable >> /dev/null; then
|
|
|
|
echo "The $executable command is not available. Exiting." >&2
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
|
|
|
|
# Prompt for user details.
|
|
|
|
for input in uid mail given_name sn password; do
|
|
|
|
printf "Please enter %s for new user: " $input
|
|
|
|
read -r ${input?}
|
|
|
|
done
|
|
|
|
|
|
|
|
# Prompt for admin credentials.
|
|
|
|
printf "\nPlease enter password for %s: " $LDAP_BIND_DN
|
|
|
|
read -r ldap_bind_password
|
|
|
|
|
|
|
|
# Determine the user's uidNumber
|
|
|
|
last_uid_number=$(ldapsearch -x -H $LDAP_SERVER -b $LDAP_BASE_DN \
|
|
|
|
-D $LDAP_BIND_DN -w "$ldap_bind_password" '(objectClass=posixAccount)' \
|
|
|
|
uidNumber | grep uidNumber | sed "s|uidNumber: ||" | sort -n | tail -n 1)
|
|
|
|
next_uid_number=$(( "$last_uid_number" + 1))
|
|
|
|
|
|
|
|
# Compute CN and hash password.
|
2021-03-24 12:07:01 +01:00
|
|
|
cn="${given_name:?} ${sn:?}"
|
|
|
|
hashed_password=$(slappasswd -s "${password:?}")
|
2020-11-05 11:22:31 +01:00
|
|
|
|
|
|
|
# Generate new user, and ask for user-validation.
|
|
|
|
ldif=$(cat << EOF
|
2021-03-24 12:07:01 +01:00
|
|
|
dn: uid=${uid:?},ou=users,dc=recycled,dc=cloud
|
2020-11-05 11:22:31 +01:00
|
|
|
objectClass: inetOrgPerson
|
|
|
|
objectClass: posixAccount
|
2021-03-24 12:07:01 +01:00
|
|
|
cn: ${cn:?}
|
|
|
|
displayName: ${cn:?}
|
|
|
|
gidNumber: ${DEFAULT_GROUP_UID_NUMBER:?}
|
|
|
|
givenName: ${given_name:?}
|
|
|
|
homeDirectory: /home/${uid:?}
|
|
|
|
mail: ${mail:?}
|
|
|
|
sn: ${sn:?}
|
|
|
|
uid: ${uid:?}
|
|
|
|
uidNumber: ${next_uid_number:?}
|
|
|
|
userPassword: ${hashed_password:?}
|
2020-11-05 11:22:31 +01:00
|
|
|
EOF
|
|
|
|
)
|
|
|
|
|
|
|
|
echo """
|
|
|
|
::: Generated LDIF :::
|
|
|
|
|
|
|
|
$ldif
|
|
|
|
|
|
|
|
::: ENTER to insert into database, Ctrl+C to abort :::
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
|
|
|
read -r # Only used to pause execution until user input is received.
|
|
|
|
|
|
|
|
printf 'Executing ldapdd... '
|
|
|
|
echo "$ldif" | ldapadd -x -H $LDAP_SERVER -D $LDAP_BIND_DN -w "$ldap_bind_password"
|
|
|
|
echo "DONE."
|