2018-10-08 18:15:28 +02:00
#!/bin/sh
# Purpose {{{
## This script will :
### Try to get the member of an LDAP group (allowed to connect to Compute Cluster).
2018-10-10 11:02:55 +02:00
### Call the script passed in argument in order to create the wanted directory for each user (eg. home,…).
2018-10-08 18:15:28 +02:00
### If the list of member is unchanged from a previous run, the script exit.
# }}}
# Vars {{{
DEBUG = 0
group_cn = "ur1:div:lab:r423:ipr:app:calcul:util_calcul"
group_base = "ou=grouper,dc=univ-rennes1,dc=fr"
ldap_url = "ldap://ldap.univ-rennes1.fr"
ldap_user = $( sed -n 's/\(^ldap_default_bind_dn = \)\(.*\)/\2/p' /etc/sssd/sssd.conf)
ldap_tok = $( find /etc/sssd/conf.d -type f -exec sed -n 's/\(^ldap_default_authtok = \)\(.*\)/\2/p' { } \; -quit)
new_user_list_path = "/tmp/cluster.user.list"
old_user_list_path = "/tmp/cluster.user.list.old"
script_wd = $( dirname -- " ${ 0 } " )
2018-10-10 11:02:55 +02:00
newdir_script_name = " ${ 1 } "
newdir_script_path = " ${ script_wd } / ${ newdir_script_name } "
2018-10-08 18:15:28 +02:00
# }}}
2018-10-10 11:02:55 +02:00
# Ensure to get one argument {{{
if [ " ${# } " -eq 1 ] ; then
[ " ${ DEBUG } " -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' " DEBUG : arg check — ${ 0 } get one argument: ${ 1 } . "
else
[ " ${ DEBUG } " -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' " DEBUG : arg check — ${ 0 } should get one argument. "
exit 1
fi
# }}}
2018-10-08 18:15:28 +02:00
# Check if ldap-utils/ldapsearch is available {{{
if [ ! " $( command -v ldapsearch) " ] ; then
[ " ${ DEBUG } " -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : ldapsearch check — ldapsearch doesn't seems to be available. Please install ldap-utils package."
exit 1
fi
# }}}
# Check if a new user list already exist {{{
if [ -s " ${ new_user_list_path } " ] ; then
[ " ${ DEBUG } " -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' " DEBUG : New user list — ${ new_user_list_path } already exists. "
exit 1
else
[ " ${ DEBUG } " -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : New User list — Get the user list."
if command ldapsearch -ZZ -D " ${ ldap_user } " -w " ${ ldap_tok } " -H " ${ ldap_url } " -s one -b " ${ group_base } " " (cn= ${ group_cn } ) " member | sed -n 's/\(^member: uid=\)\(.*\)\(,ou=.*\)/\2/p' > " ${ new_user_list_path } " ; then
if [ -s " ${ new_user_list_path } " ] ; then
[ " ${ DEBUG } " -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' " DEBUG : New User list — ${ new_user_list_path } successfully created. "
command chmod 0400 -- " ${ new_user_list_path } "
else
[ " ${ DEBUG } " -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' " DEBUG : New User list — Error. ${ new_user_list_path } is empty. "
exit 1
fi
else
[ " ${ DEBUG } " -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : New User list — Error in ldapsearch command."
exit 1
fi
fi
# }}}
# Compare new user list with the previous one {{{
if [ -s " ${ old_user_list_path } " ] ; then
[ " ${ DEBUG } " -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' " DEBUG : Old user list — Compare ${ new_user_list_path } with ${ old_user_list_path } . "
diff -- " ${ new_user_list_path } " " ${ old_user_list_path } "
if command diff -q -- " ${ new_user_list_path } " " ${ old_user_list_path } " > /dev/null; then
[ " ${ DEBUG } " -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' " DEBUG : Old user list — ${ new_user_list_path } and ${ old_user_list_path } are the same, no need to create directories. "
command mv -f -- " ${ new_user_list_path } " " ${ old_user_list_path } "
command chmod 0400 -- " ${ old_user_list_path } "
exit 0
else
[ " ${ DEBUG } " -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' " DEBUG : Old user list — ${ new_user_list_path } and ${ old_user_list_path } are NOT the same. "
fi
fi
# }}}
2018-10-10 11:02:55 +02:00
# Create wanted directory for user {{{
2018-10-08 18:15:28 +02:00
while IFS = read -r username; do
2018-10-10 11:02:55 +02:00
[ " ${ DEBUG } " -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' " DEBUG : New dir — Apply ${ newdir_script_name } for ${ username } . "
${ newdir_script_path } " ${ username } "
2018-10-08 18:15:28 +02:00
done < " ${ new_user_list_path } "
# }}}
2018-10-10 11:02:55 +02:00
# Keep a record of user list for next run and restrict access
2018-10-08 18:15:28 +02:00
command mv -f -- " ${ new_user_list_path } " " ${ old_user_list_path } "
command chmod 0400 -- " ${ old_user_list_path } "
exit 0