From 027737103a13232fb8cc10f4f3ab9541f7ffa2c4 Mon Sep 17 00:00:00 2001
From: Martin Winkler <efelon@winklerfamilie.eu>
Date: Thu, 23 Apr 2020 22:30:20 +0000
Subject: [PATCH] WIP Adding installation steps, and most of the managment
 functions

TODO SSL configuration
---
 seqs/ldap.sh | 259 ++++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 247 insertions(+), 12 deletions(-)

diff --git a/seqs/ldap.sh b/seqs/ldap.sh
index b59833e..6198560 100755
--- a/seqs/ldap.sh
+++ b/seqs/ldap.sh
@@ -1,6 +1,7 @@
 #!/bin/bash
 
 toolName=ldap
+toolDeps="slapd ldap-utils"
 
 # Get script working directory
 # (when called from a different directory)
@@ -16,11 +17,100 @@ step_config() {
   fi
 }
 
-step_100_info() { echo "Add group <GROUP NAME> <MEMBER DN>"; }
+step_1_info() { echo "$toolName installation"; }
+step_1_alias() { ALIAS="install"; }
+step_1() {
+  exe apt update
+  exe apt install $toolDeps
+}
+
+step_2_info() { echo "Configuration of $toolName"; }
+step_2() {
+  exe dpkg-reconfigure slapd
+}
+
+step_3_info() { echo "Load memberof module"; }
+step_3() {
+  local tempLdif=`eval "echo \"$loadMemberof\""`
+  exep "echo \"$tempLdif\" | ldapmodify -Q -Y EXTERNAL -H ldapi:///"
+}
+loadMemberof="dn: cn=module{0},cn=config
+changetype: modify
+add: olcModuleLoad
+olcModuleLoad: memberof.la
+"
+
+step_4_info() { echo "Configure memberof module"; }
+step_4() {
+  local tempLdif=`eval "echo \"$configMemberof\""`
+  exep "echo \"$tempLdif\" | ldapadd -Q -Y EXTERNAL -H ldapi:///"
+}
+configMemberof="dn: olcOverlay=memberof,olcDatabase={1}mdb,cn=config
+objectClass: olcOverlayConfig
+objectClass: olcMemberOf
+olcOverlay: memberof
+olcMemberOfRefint: TRUE
+"
+
+step_5_info() { echo "Load refint module"; }
+step_5() {
+  local tempLdif=`eval "echo \"$loadRefint\""`
+  exep "echo \"$tempLdif\" | ldapmodify -Q -Y EXTERNAL -H ldapi:///"
+}
+loadRefint="dn: cn=module{0},cn=config
+changetype: modify
+add: olcModuleLoad
+olcModuleLoad: refint.la
+"
+
+step_6_info() { echo "Configure refint module"; }
+step_6() {
+  local tempLdif=`eval "echo \"$configRefint\""`
+  exep "echo \"$tempLdif\" | ldapadd -Q -Y EXTERNAL -H ldapi:///"
+}
+configRefint="dn: olcOverlay={1}refint,olcDatabase={1}mdb,cn=config
+objectClass: olcConfig
+objectClass: olcOverlayConfig
+objectClass: olcRefintConfig
+objectClass: top
+olcOverlay: {1}refint
+olcRefintAttribute: memberof member manager owner
+"
+
+step_7_info() { echo -e "Create base DNs for users ($LDAP_OU_USERS) and groups ($LDAP_OU_GROUPS)\n"; }
+step_7() {
+  variable2Ldif add "$ldapBase"
+}
+ldapBase="dn: \$LDAP_OU_USERS,\$LDAP_DC
+objectClass: organizationalUnit
+\${LDAP_OU_USERS/ou=/ou: }
+
+dn: \$LDAP_OU_GROUPS,\$LDAP_DC
+objectClass: organizationalUnit
+\${LDAP_OU_GROUPS/ou=/ou: }
+"
+
+step_20_info() { echo "Test plain ldap connection with anonymous access"; }
+step_20() {
+  exe ldapwhoami -H ldapi:/// -x
+}
+
+step_80_info() { echo -e "Some ldap command notes\n"; }
+step_80_alias() { ALIAS="notes"; }
+step_80() {
+  echo "You can also check LDAP Base DN using the ldapsearch command as shown below"
+  echo "ldapsearch -H ldapi:/// -x -LLL -s base -b \"\" namingContexts"
+  echo
+  echo "To view the RootDN, run the command below"
+  echo "ldapsearch -H ldapi:/// -Y EXTERNAL -b \"cn=config\" \"(olcRootDN=*)\""
+}
+
+step_100_info() { echo "Add group <GROUP NAME> <USER ID>"; }
 step_100_alias() { ALIAS="addgroup"; }
 step_100() {
-  local groupName=g2
-  local memberDn="uid=ldaptest,${LDAP_OU_USERS},${LDAP_DC}"
+  shift
+  local groupName=$1
+  local memberDn="uid=$2,${LDAP_OU_USERS},${LDAP_DC}"
 
   variable2Ldif add "$addGroup"
 }
@@ -31,30 +121,171 @@ description: Created by $0
 member: \${memberDn}
 "
 
+step_102_info() { echo "Add user <USER ID> <USER NAME> <USER LASTNAME> <UIDNUMBER> <USER EMAIL>"; }
+step_102_alias() { ALIAS="adduser"; }
+step_102() {
+  shift
+  userId="$1"
+  local userCn="$2 $3"
+  local givenName="$2"
+  local userSn="$3"
+  local uidNumber="$4"
+  local userMail="$5"
+
+  variable2Ldif add "$addUser"
+  endReturn -o $? "Adding user failed"
+}
+userId=
+addUser="dn: uid=\$userId,\$LDAP_OU_USERS,\$LDAP_DC 
+cn: \$userCn
+givenName: \$givenName
+sn: \$userSn
+uid: \$userId
+uidNumber: \$uidNumber
+gidNumber: 10000
+homeDirectory: /home/\$userId
+mail: \$userMail
+objectClass: top
+objectClass: posixAccount
+objectClass: shadowAccount
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+loginShell: /bin/bash
+"
+
+step_103_info() { echo "(Re)set passwort for <USER>"; }
+step_103_alias() { ALIAS="passwd"; }
+step_103() {
+  shift
+  if [ ! -z $1 ] ; then
+    echo " [I] Password operation for $1" 
+    userId="$1"
+  elif [ ! -z $userId ] ; then
+    echo " [I] Password operation for $userId" 
+  else
+    echoerr " [E] No user id provided"
+    return 1
+  fi
+  exe ldappasswd -H ldapi:/// -x -D "cn=admin,$LDAP_DC" -W -S "uid=$userId,$LDAP_OU_USERS,$LDAP_DC"
+}
+
+step_105_info() { echo "Adding <USER ID> to existing group <GROUP NAME>"; }
+step_105_alias() { ALIAS="user2group"; }
+step_105() {
+  shift
+  if [ ! -z $1 ] ; then
+    userId="$1"
+    echo " [I] User operation for $userId" 
+  elif [ ! -z $userId ] ; then
+    echo " [I] User operation for $userId" 
+  else
+    echoerr " [E] No user id provided"
+    return 1
+  fi
+  if [ -z $2 ] ; then
+    echoerr " [E] No group name provided"
+    return 2
+  fi
+  local groupName="$2"
+
+  variable2Ldif modify "$removeFromgroup"
+  variable2Ldif modify "$add2group"
+  endReturn -o $? "Adding user to group failed"
+}
+#remove empty member
+add2group="dn: cn=\$groupName,\$LDAP_OU_GROUPS,\$LDAP_DC
+changetype: modify
+add: member
+member: uid=\$userId,\$LDAP_OU_USERS,\$LDAP_DC
+
+dn: cn=\$groupName,\$LDAP_OU_GROUPS,\$LDAP_DC
+changetype: modify
+delete: member
+member:
+"
+
+step_107_info() { echo "Removing <USER ID> from existing group <GROUP NAME>"; }
+step_107_alias() { ALIAS="rmusergroup"; }
+step_107() {
+  shift
+  if [ ! -z $1 ] ; then
+    userId="$1"
+    echo " [I] User operation for $userId" 
+  elif [ ! -z $userId ] ; then
+    echo " [I] User operation for $userId" 
+  else
+    echoerr " [E] No user id provided"
+    return 1
+  fi
+  if [ -z $2 ] ; then
+    echoerr " [E] No group name provided"
+    return 2
+  fi
+  local groupName="$2"
+
+  variable2Ldif modify "$removeFromgroup"
+}
+# try to delete user entry first to ensure correct memberof status
+# make sure an empty member entry exists
+removeFromgroup="dn: cn=\$groupName,\$LDAP_OU_GROUPS,\$LDAP_DC
+changetype: modify
+add: member
+member:
+
+dn: cn=\$groupName,\$LDAP_OU_GROUPS,\$LDAP_DC
+changetype: modify
+delete: member
+member: uid=\$userId,\$LDAP_OU_USERS,\$LDAP_DC
+"
+
 step_110_info() { echo "Remove group <GROUP NAME>"; }
 step_110_alias() { ALIAS="rmgroup"; }
 step_110() {
-  local groupName=g2
+  shift
+  if [ -z $1 ] ; then
+    echoerr " [E] No group name provided"
+    return 1
+  fi
+  local groupName=$1
   variable2Ldif modify "$rmGroup"
 }
 rmGroup="dn: cn=\${groupName},\${LDAP_OU_GROUPS},\${LDAP_DC}
 changetype: delete
 "
 
-step_104_info() { echo "List available groups"; }
-step_104_alias() { ALIAS="listgroups"; }
-step_104() {
+step_112_info() { echo "Remove user <USER ID>"; }
+step_112_alias() { ALIAS="rmuser"; }
+step_112() {
+  shift
+  if [ -z $1 ] ; then
+    echoerr " [E] No user id provided"
+    return 1
+  fi
+  local userName=$1
+  variable2Ldif modify "$rmUser"
+}
+rmUser="dn: uid=\${userName},\${LDAP_OU_USERS},\${LDAP_DC}
+changetype: delete
+"
+
+step_200_info() { echo "List available groups <ADDITONAL ATTRIBUTES...>"; }
+step_200_alias() { ALIAS="listgroups"; }
+step_200() {
+  shift
   echo " [I] Available groups:"
-  ldapsearch -x -LLL -H ldap:/// -b ${LDAP_OU_GROUPS},${LDAP_DC} dn gidNumber $2
+  exe ldapsearch -x -LLL -H ldap:/// -b ${LDAP_OU_GROUPS},${LDAP_DC} dn gidNumber $*
 }
 
-step_106_info() { echo "List available users"; }
-step_106_alias() { ALIAS="listusers"; }
-step_106() {
+step_202_info() { echo "List available users <ADDITONAL ATTRIBUTES...>"; }
+step_202_alias() { ALIAS="listusers"; }
+step_202() {
+  shift
   echo " [I] Available user:"
-  ldapsearch -x -LLL -H ldap:/// -b ${LDAP_OU_USERS},${LDAP_DC} dn uidNumber gidNumber $2
+  exe ldapsearch -x -LLL -H ldap:/// -b ${LDAP_OU_USERS},${LDAP_DC} dn uidNumber gidNumber $*
 }
 
+
 variable2Ldif() {
   local cmd="ldapmodify"
   local tempLdif=`eval "echo \"$2\""`
@@ -65,6 +296,10 @@ variable2Ldif() {
   esac
   exep "echo \"$tempLdif\" | $cmd -x -D cn=admin,${LDAP_DC} -W"
 }
+variable2LdifEcho() {
+  local tempLdif=`eval "echo \"$2\""`
+  echo "$tempLdif"
+}
 
 VERSION_SEQREV=10
 . /usr/local/bin/sequencer.sh