efelon/shell_sequencer
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

WIP Adding installation steps, and most of the managment functions

Browse Source 
TODO SSL configuration
This commit is contained in:
Martin Winkler
2020-04-23 22:30:20 +00:00
parent d708ba8ab3
commit 027737103a
1 changed files with 247 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

259
seqs/ldap.sh
View File

@@ -1,6 +1,7 @@
#!/bin/bash #!/bin/bash
toolName=ldap toolName=ldap
toolDeps="slapd ldap-utils"
# Get script working directory # Get script working directory
# (when called from a different directory) # (when called from a different directory)
@@ -16,11 +17,100 @@ step_config() {
fi fi
} }
step_100_info() { echo "Add group <GROUP NAME> <MEMBER DN>"; } step_1_info() { echo "$toolName installation"; }
step_1_alias() { ALIAS="install"; }
step_1() {
exe apt update
exe apt install $toolDeps
}
step_2_info() { echo "Configuration of $toolName"; }
step_2() {
exe dpkg-reconfigure slapd
}
step_3_info() { echo "Load memberof module"; }
step_3() {
local tempLdif=`eval "echo \"$loadMemberof\""`
exep "echo \"$tempLdif\" | ldapmodify -Q -Y EXTERNAL -H ldapi:///"
}
loadMemberof="dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: memberof.la
"
step_4_info() { echo "Configure memberof module"; }
step_4() {
local tempLdif=`eval "echo \"$configMemberof\""`
exep "echo \"$tempLdif\" | ldapadd -Q -Y EXTERNAL -H ldapi:///"
}
configMemberof="dn: olcOverlay=memberof,olcDatabase={1}mdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcMemberOf
olcOverlay: memberof
olcMemberOfRefint: TRUE
"
step_5_info() { echo "Load refint module"; }
step_5() {
local tempLdif=`eval "echo \"$loadRefint\""`
exep "echo \"$tempLdif\" | ldapmodify -Q -Y EXTERNAL -H ldapi:///"
}
loadRefint="dn: cn=module{0},cn=config
changetype: modify
add: olcModuleLoad
olcModuleLoad: refint.la
"
step_6_info() { echo "Configure refint module"; }
step_6() {
local tempLdif=`eval "echo \"$configRefint\""`
exep "echo \"$tempLdif\" | ldapadd -Q -Y EXTERNAL -H ldapi:///"
}
configRefint="dn: olcOverlay={1}refint,olcDatabase={1}mdb,cn=config
objectClass: olcConfig
objectClass: olcOverlayConfig
objectClass: olcRefintConfig
objectClass: top
olcOverlay: {1}refint
olcRefintAttribute: memberof member manager owner
"
step_7_info() { echo -e "Create base DNs for users ($LDAP_OU_USERS) and groups ($LDAP_OU_GROUPS)\n"; }
step_7() {
variable2Ldif add "$ldapBase"
}
ldapBase="dn: \$LDAP_OU_USERS,\$LDAP_DC
objectClass: organizationalUnit
\${LDAP_OU_USERS/ou=/ou: }
dn: \$LDAP_OU_GROUPS,\$LDAP_DC
objectClass: organizationalUnit
\${LDAP_OU_GROUPS/ou=/ou: }
"
step_20_info() { echo "Test plain ldap connection with anonymous access"; }
step_20() {
exe ldapwhoami -H ldapi:/// -x
}
step_80_info() { echo -e "Some ldap command notes\n"; }
step_80_alias() { ALIAS="notes"; }
step_80() {
echo "You can also check LDAP Base DN using the ldapsearch command as shown below"
echo "ldapsearch -H ldapi:/// -x -LLL -s base -b \"\" namingContexts"
echo
echo "To view the RootDN, run the command below"
echo "ldapsearch -H ldapi:/// -Y EXTERNAL -b \"cn=config\" \"(olcRootDN=*)\""
}
step_100_info() { echo "Add group <GROUP NAME> <USER ID>"; }
step_100_alias() { ALIAS="addgroup"; } step_100_alias() { ALIAS="addgroup"; }
step_100() { step_100() {
local groupName=g2 shift
local memberDn="uid=ldaptest,${LDAP_OU_USERS},${LDAP_DC}" local groupName=$1
local memberDn="uid=$2,${LDAP_OU_USERS},${LDAP_DC}"
variable2Ldif add "$addGroup" variable2Ldif add "$addGroup"
} }
@@ -31,30 +121,171 @@ description: Created by $0
member: \${memberDn} member: \${memberDn}
" "
step_102_info() { echo "Add user <USER ID> <USER NAME> <USER LASTNAME> <UIDNUMBER> <USER EMAIL>"; }
step_102_alias() { ALIAS="adduser"; }
step_102() {
shift
userId="$1"
local userCn="$2 $3"
local givenName="$2"
local userSn="$3"
local uidNumber="$4"
local userMail="$5"
variable2Ldif add "$addUser"
endReturn -o $? "Adding user failed"
}
userId=
addUser="dn: uid=\$userId,\$LDAP_OU_USERS,\$LDAP_DC
cn: \$userCn
givenName: \$givenName
sn: \$userSn
uid: \$userId
uidNumber: \$uidNumber
gidNumber: 10000
homeDirectory: /home/\$userId
mail: \$userMail
objectClass: top
objectClass: posixAccount
objectClass: shadowAccount
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
loginShell: /bin/bash
"
step_103_info() { echo "(Re)set passwort for <USER>"; }
step_103_alias() { ALIAS="passwd"; }
step_103() {
shift
if [ ! -z $1 ] ; then
echo " [I] Password operation for $1"
userId="$1"
elif [ ! -z $userId ] ; then
echo " [I] Password operation for $userId"
else
echoerr " [E] No user id provided"
return 1
fi
exe ldappasswd -H ldapi:/// -x -D "cn=admin,$LDAP_DC" -W -S "uid=$userId,$LDAP_OU_USERS,$LDAP_DC"
}
step_105_info() { echo "Adding <USER ID> to existing group <GROUP NAME>"; }
step_105_alias() { ALIAS="user2group"; }
step_105() {
shift
if [ ! -z $1 ] ; then
userId="$1"
echo " [I] User operation for $userId"
elif [ ! -z $userId ] ; then
echo " [I] User operation for $userId"
else
echoerr " [E] No user id provided"
return 1
fi
if [ -z $2 ] ; then
echoerr " [E] No group name provided"
return 2
fi
local groupName="$2"
variable2Ldif modify "$removeFromgroup"
variable2Ldif modify "$add2group"
endReturn -o $? "Adding user to group failed"
}
#remove empty member
add2group="dn: cn=\$groupName,\$LDAP_OU_GROUPS,\$LDAP_DC
changetype: modify
add: member
member: uid=\$userId,\$LDAP_OU_USERS,\$LDAP_DC
dn: cn=\$groupName,\$LDAP_OU_GROUPS,\$LDAP_DC
changetype: modify
delete: member
member:
"
step_107_info() { echo "Removing <USER ID> from existing group <GROUP NAME>"; }
step_107_alias() { ALIAS="rmusergroup"; }
step_107() {
shift
if [ ! -z $1 ] ; then
userId="$1"
echo " [I] User operation for $userId"
elif [ ! -z $userId ] ; then
echo " [I] User operation for $userId"
else
echoerr " [E] No user id provided"
return 1
fi
if [ -z $2 ] ; then
echoerr " [E] No group name provided"
return 2
fi
local groupName="$2"
variable2Ldif modify "$removeFromgroup"
}
# try to delete user entry first to ensure correct memberof status
# make sure an empty member entry exists
removeFromgroup="dn: cn=\$groupName,\$LDAP_OU_GROUPS,\$LDAP_DC
changetype: modify
add: member
member:
dn: cn=\$groupName,\$LDAP_OU_GROUPS,\$LDAP_DC
changetype: modify
delete: member
member: uid=\$userId,\$LDAP_OU_USERS,\$LDAP_DC
"
step_110_info() { echo "Remove group <GROUP NAME>"; } step_110_info() { echo "Remove group <GROUP NAME>"; }
step_110_alias() { ALIAS="rmgroup"; } step_110_alias() { ALIAS="rmgroup"; }
step_110() { step_110() {
local groupName=g2 shift
if [ -z $1 ] ; then
echoerr " [E] No group name provided"
return 1
fi
local groupName=$1
variable2Ldif modify "$rmGroup" variable2Ldif modify "$rmGroup"
} }
rmGroup="dn: cn=\${groupName},\${LDAP_OU_GROUPS},\${LDAP_DC} rmGroup="dn: cn=\${groupName},\${LDAP_OU_GROUPS},\${LDAP_DC}
changetype: delete changetype: delete
" "
step_104_info() { echo "List available groups"; } step_112_info() { echo "Remove user <USER ID>"; }
step_104_alias() { ALIAS="listgroups"; } step_112_alias() { ALIAS="rmuser"; }
step_104() { step_112() {
shift
if [ -z $1 ] ; then
echoerr " [E] No user id provided"
return 1
fi
local userName=$1
variable2Ldif modify "$rmUser"
}
rmUser="dn: uid=\${userName},\${LDAP_OU_USERS},\${LDAP_DC}
changetype: delete
"
step_200_info() { echo "List available groups <ADDITONAL ATTRIBUTES...>"; }
step_200_alias() { ALIAS="listgroups"; }
step_200() {
shift
echo " [I] Available groups:" echo " [I] Available groups:"
ldapsearch -x -LLL -H ldap:/// -b ${LDAP_OU_GROUPS},${LDAP_DC} dn gidNumber $2 exe ldapsearch -x -LLL -H ldap:/// -b ${LDAP_OU_GROUPS},${LDAP_DC} dn gidNumber $*
} }
step_106_info() { echo "List available users"; } step_202_info() { echo "List available users <ADDITONAL ATTRIBUTES...>"; }
step_106_alias() { ALIAS="listusers"; } step_202_alias() { ALIAS="listusers"; }
step_106() { step_202() {
shift
echo " [I] Available user:" echo " [I] Available user:"
ldapsearch -x -LLL -H ldap:/// -b ${LDAP_OU_USERS},${LDAP_DC} dn uidNumber gidNumber $2 exe ldapsearch -x -LLL -H ldap:/// -b ${LDAP_OU_USERS},${LDAP_DC} dn uidNumber gidNumber $*
} }
variable2Ldif() { variable2Ldif() {
local cmd="ldapmodify" local cmd="ldapmodify"
local tempLdif=`eval "echo \"$2\""` local tempLdif=`eval "echo \"$2\""`
@@ -65,6 +296,10 @@ variable2Ldif() {
esac esac
exep "echo \"$tempLdif\" | $cmd -x -D cn=admin,${LDAP_DC} -W" exep "echo \"$tempLdif\" | $cmd -x -D cn=admin,${LDAP_DC} -W"
} }
variable2LdifEcho() {
local tempLdif=`eval "echo \"$2\""`
echo "$tempLdif"
}
VERSION_SEQREV=10 VERSION_SEQREV=10
. /usr/local/bin/sequencer.sh . /usr/local/bin/sequencer.sh