Allow to enter ldap_user and ldap_passwd commands

This commit is contained in:
Jeremy Gardais 2021-11-19 14:45:06 +01:00
parent 2be03f6701
commit c9991761dc
Signed by: jegardai
GPG Key ID: E759BAA22501AF32
1 changed files with 42 additions and 1 deletions

View File

@ -19,6 +19,10 @@ export DEBUG
# Default values for some vars # Default values for some vars
readonly LDAP_GROUP_BASE_DEFAULT="ou=grouper,dc=univ-rennes1,dc=fr" readonly LDAP_GROUP_BASE_DEFAULT="ou=grouper,dc=univ-rennes1,dc=fr"
readonly LDAP_SERVER_DEFAULT="ldap://ldap.univ-rennes1.fr" readonly LDAP_SERVER_DEFAULT="ldap://ldap.univ-rennes1.fr"
if [ -f /etc/nslcd.conf ]; then
readonly LDAP_PASSWD_CMD_DEFAULT=$(sed -n 's/\(^bindpw \)\(.*\)/\2/p' /etc/nslcd.conf)
readonly LDAP_USER_CMD_DEFAULT=$(sed -n 's/\(^binddn \)\(.*\)/\2/p' /etc/nslcd.conf)
fi
## Colors ## Colors
readonly PURPLE='\033[1;35m' readonly PURPLE='\033[1;35m'
@ -29,7 +33,7 @@ readonly COLOR_DEBUG="${PURPLE}"
usage() { # {{{ usage() { # {{{
cat <<- EOF cat <<- EOF
usage: $PROGNAME [-b|-d|-g|-h|-s] usage: $PROGNAME [-b|-d|-g|-h|-p|-s|-u]
Create homedir for members of the given LDAP group. Create homedir for members of the given LDAP group.
@ -37,6 +41,9 @@ EXAMPLES:
- Create homedir for members of "ldap:group:my_group" - Create homedir for members of "ldap:group:my_group"
${PROGNAME} --group "ldap:group:my_group" ${PROGNAME} --group "ldap:group:my_group"
- Use default SSSD user for ldap requests
${PROGNAME} --user-cmd "sed -n 's/\(^ldap_default_bind_dn = \)\(.*\)/\2/p' /etc/sssd/sssd.conf"
OPTIONS: OPTIONS:
-b,--base LDAP_BASE -b,--base LDAP_BASE
Set different LDAP base (default: ${LDAP_GROUP_BASE_DEFAULT}). Set different LDAP base (default: ${LDAP_GROUP_BASE_DEFAULT}).
@ -52,9 +59,17 @@ OPTIONS:
-h,--help -h,--help
Print this help message. Print this help message.
-p,--password,--password-cmd "sed -n … /etc/…"
Command to get LDAP bind password from a file (by default,
works with NSLCD /etc/nslcd.conf).
-s,--server ldap://ldap.domain.tld -s,--server ldap://ldap.domain.tld
LDAP url to use for ldapsearch request (default: ${LDAP_SERVER_DEFAULT}). LDAP url to use for ldapsearch request (default: ${LDAP_SERVER_DEFAULT}).
-u,--user,--user-cmd "sed -n … /etc/…"
Command to get LDAP bind user from a file (by default,
works with NSLCD /etc/nslcd.conf).
EOF EOF
} }
@ -100,6 +115,20 @@ define_vars() { # {{{
ldap_server="${LDAP_SERVER_DEFAULT}" ldap_server="${LDAP_SERVER_DEFAULT}"
fi fi
# }}} # }}}
# If ldap_passwd wasn't defined (argument) {{{
if [ -z "${ldap_passwd}" ]; then
## Use default command
ldap_passwd="${LDAP_PASSWD_CMD_DEFAULT}"
debug_message "Use default command to get LDAP password."
fi
# }}}
# If ldap_user wasn't defined (argument) {{{
if [ -z "${ldap_user}" ]; then
## Use default command
ldap_user="${LDAP_USER_CMD_DEFAULT}"
debug_message "Use default command to get LDAP user."
fi
# }}}
} }
# }}} # }}}
@ -193,12 +222,24 @@ if [ ! "${NBARGS}" -eq "0" ]; then
## Exit after help informations ## Exit after help informations
exit 0 exit 0
;; ;;
-p|--password|--password-cmd ) ## Define ldap_passwd
## Move to the next argument
shift
## Define var
readonly ldap_passwd="${1}"
;;
-s|--server) ## Define ldap_server -s|--server) ## Define ldap_server
## Move to the next argument ## Move to the next argument
shift shift
## Define var ## Define var
readonly ldap_server="${1}" readonly ldap_server="${1}"
;; ;;
-u|--user|--user-cmd ) ## Define ldap_user
## Move to the next argument
shift
## Define var
readonly ldap_user="${1}"
;;
* ) ## unknow option * ) ## unknow option
printf '%b\n' "${RED}Invalid option: ${1}${RESET}" printf '%b\n' "${RED}Invalid option: ${1}${RESET}"
printf '%b\n' "---" printf '%b\n' "---"