#!/bin/sh # Purpose {{{ ## This script will : ### Try to get the member of an LDAP group (allowed to connect to Compute Cluster). ### Call the script passed in argument in order to create the wanted directory for each user (eg. home,…). ### If the list of member is unchanged from a previous run, the script exit. # }}} # Vars {{{ DEBUG=0 group_cn="ur1:div:lab:r423:ipr:app:calcul:util_calcul" group_base="ou=grouper,dc=univ-rennes1,dc=fr" ldap_url="ldap://ldap.univ-rennes1.fr" ldap_user=$(sed -n 's/\(^binddn \)\(.*\)/\2/p' /etc/nslcd.conf) ldap_passwd=$(sed -n 's/\(^bindpw \)\(.*\)/\2/p' /etc/nslcd.conf) new_user_list_path="/tmp/cluster.user.list" old_user_list_path="/tmp/cluster.user.list.old" script_wd=$(dirname -- "${0}") newdir_script_name="${1}" newdir_script_path="${script_wd}/${newdir_script_name}" # }}} # Ensure to get one argument {{{ if [ "${#}" -eq 1 ]; then [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : arg check — ${0} get one argument: ${1}." else [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : arg check — ${0} should get one argument." exit 1 fi # }}} # Check if ldap-utils/ldapsearch is available {{{ if [ ! "$(command -v ldapsearch)" ]; then [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : ldapsearch check — ldapsearch doesn't seems to be available. Please install ldap-utils package." exit 1 fi # }}} # Check if a new user list already exist {{{ if [ -s "${new_user_list_path}" ]; then [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : New user list — ${new_user_list_path} already exists." exit 1 else [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : New User list — Get the user list." if command ldapsearch -ZZ -D "${ldap_user}" -w "${ldap_passwd}" -H "${ldap_url}" -s one -b "${group_base}" "(cn=${group_cn})" member | sed -n 's/\(^member: uid=\)\(.*\)\(,ou=.*\)/\2/p' > "${new_user_list_path}"; then if [ -s "${new_user_list_path}" ]; then [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : New User list — ${new_user_list_path} successfully created." command chmod 0400 -- "${new_user_list_path}" else [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : New User list — Error. ${new_user_list_path} is empty." exit 1 fi else [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : New User list — Error in ldapsearch command." exit 1 fi fi # }}} # Compare new user list with the previous one {{{ if [ -s "${old_user_list_path}" ]; then [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : Old user list — Compare ${new_user_list_path} with ${old_user_list_path}." diff -- "${new_user_list_path}" "${old_user_list_path}" if command diff -q -- "${new_user_list_path}" "${old_user_list_path}" > /dev/null; then [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : Old user list — ${new_user_list_path} and ${old_user_list_path} are the same, no need to create directories." command mv -f -- "${new_user_list_path}" "${old_user_list_path}" command chmod 0400 -- "${old_user_list_path}" exit 0 else [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : Old user list — ${new_user_list_path} and ${old_user_list_path} are NOT the same." fi fi # }}} # Create wanted directory for user {{{ while IFS= read -r username; do [ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : New dir — Apply ${newdir_script_name} for ${username}." ${newdir_script_path} "${username}" done < "${new_user_list_path}" # }}} # Keep a record of user list for next run and restrict access command mv -f -- "${new_user_list_path}" "${old_user_list_path}" command chmod 0400 -- "${old_user_list_path}" exit 0