diff --git a/cluster/auto.create.all.homedir.sh b/cluster/auto.create.all.homedir.sh new file mode 100755 index 0000000..cde1670 --- /dev/null +++ b/cluster/auto.create.all.homedir.sh @@ -0,0 +1,76 @@ +#!/bin/sh +# Purpose {{{ +## This script will : +### Try to get the member of an LDAP group (allowed to connect to Compute Cluster). +### Call a script in order to create the homedir for each user. +### If the list of member is unchanged from a previous run, the script exit. +# }}} +# Vars {{{ +DEBUG=0 + +group_cn="ur1:div:lab:r423:ipr:app:calcul:util_calcul" +group_base="ou=grouper,dc=univ-rennes1,dc=fr" +ldap_url="ldap://ldap.univ-rennes1.fr" + +ldap_user=$(sed -n 's/\(^ldap_default_bind_dn = \)\(.*\)/\2/p' /etc/sssd/sssd.conf) +ldap_tok=$(find /etc/sssd/conf.d -type f -exec sed -n 's/\(^ldap_default_authtok = \)\(.*\)/\2/p' {} \; -quit) + +new_user_list_path="/tmp/cluster.user.list" +old_user_list_path="/tmp/cluster.user.list.old" + +script_wd=$(dirname -- "${0}") +homedir_script="${script_wd}/create.homedir.sh" +# }}} + +# Check if ldap-utils/ldapsearch is available {{{ +if [ ! "$(command -v ldapsearch)" ]; then + [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : ldapsearch check — ldapsearch doesn't seems to be available. Please install ldap-utils package." + exit 1 +fi +# }}} +# Check if a new user list already exist {{{ +if [ -s "${new_user_list_path}" ]; then + [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : New user list — ${new_user_list_path} already exists." + exit 1 +else + [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : New User list — Get the user list." + if command ldapsearch -ZZ -D "${ldap_user}" -w "${ldap_tok}" -H "${ldap_url}" -s one -b "${group_base}" "(cn=${group_cn})" member | sed -n 's/\(^member: uid=\)\(.*\)\(,ou=.*\)/\2/p' > "${new_user_list_path}"; then + if [ -s "${new_user_list_path}" ]; then + [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : New User list — ${new_user_list_path} successfully created." + command chmod 0400 -- "${new_user_list_path}" + else + [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : New User list — Error. ${new_user_list_path} is empty." + exit 1 + fi + else + [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : New User list — Error in ldapsearch command." + exit 1 + fi +fi +# }}} +# Compare new user list with the previous one {{{ +if [ -s "${old_user_list_path}" ]; then + [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : Old user list — Compare ${new_user_list_path} with ${old_user_list_path}." +diff -- "${new_user_list_path}" "${old_user_list_path}" + if command diff -q -- "${new_user_list_path}" "${old_user_list_path}" > /dev/null; then + [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : Old user list — ${new_user_list_path} and ${old_user_list_path} are the same, no need to create directories." + command mv -f -- "${new_user_list_path}" "${old_user_list_path}" + command chmod 0400 -- "${old_user_list_path}" + exit 0 + else + [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : Old user list — ${new_user_list_path} and ${old_user_list_path} are NOT the same." + fi +fi +# }}} +# Create user homedir {{{ +while IFS= read -r username; do + [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : Homedir — Apply ${homedir_script} for ${username}." + ${homedir_script} "${username}" +done < "${new_user_list_path}" +# }}} + +# Keep a record of user list for next use and restrict access +command mv -f -- "${new_user_list_path}" "${old_user_list_path}" +command chmod 0400 -- "${old_user_list_path}" + +exit 0