scripts/cluster/auto.create.all.dir.sh

#!/bin/sh
# Purpose {{{
## This script will :
### Try to get the member of an LDAP group (allowed to connect to Compute Cluster).
### Call the script passed in argument in order to create the wanted directory for each user (eg. home,…).
### If the list of member is unchanged from a previous run, the script exit.
# }}}
# Vars {{{
DEBUG=0

group_cn="ur1:div:lab:r423:ipr:app:calcul:util_calcul"
group_base="ou=grouper,dc=univ-rennes1,dc=fr"
ldap_url="ldap://ldap.univ-rennes1.fr"

ldap_user=$(sed -n 's/\(^ldap_default_bind_dn = \)\(.*\)/\2/p' /etc/sssd/sssd.conf)
ldap_tok=$(find /etc/sssd/conf.d -type f -exec sed -n 's/\(^ldap_default_authtok = \)\(.*\)/\2/p' {} \; -quit)

new_user_list_path="/tmp/cluster.user.list"
old_user_list_path="/tmp/cluster.user.list.old"

script_wd=$(dirname -- "${0}")
newdir_script_name="${1}"
newdir_script_path="${script_wd}/${newdir_script_name}"
# }}}

# Ensure to get one argument {{{
if [ "${#}" -eq 1 ]; then
	[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : arg check — ${0} get one argument: ${1}."
else
	[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : arg check — ${0} should get one argument."
	exit 1
fi
# }}}
# Check if ldap-utils/ldapsearch is available {{{
if [ ! "$(command -v ldapsearch)" ]; then
	[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : ldapsearch check — ldapsearch doesn't seems to be available. Please install ldap-utils package."
	exit 1
fi
# }}}
# Check if a new user list already exist {{{
if [ -s "${new_user_list_path}" ]; then
	[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : New user list — ${new_user_list_path} already exists."
	exit 1
else
	[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : New User list — Get the user list."
	if command ldapsearch -ZZ -D "${ldap_user}" -w "${ldap_tok}" -H "${ldap_url}" -s one -b "${group_base}" "(cn=${group_cn})" member | sed -n 's/\(^member: uid=\)\(.*\)\(,ou=.*\)/\2/p' > "${new_user_list_path}"; then
		if [ -s "${new_user_list_path}" ]; then
			[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : New User list — ${new_user_list_path} successfully created."
			command chmod 0400 -- "${new_user_list_path}"
		else
			[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : New User list — Error. ${new_user_list_path} is empty."
			exit 1
		fi
	else
		[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : New User list — Error in ldapsearch command."
		exit 1
	fi
fi
# }}}
# Compare new user list with the previous one {{{
if [ -s "${old_user_list_path}" ]; then
	[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : Old user list — Compare ${new_user_list_path} with ${old_user_list_path}."
diff -- "${new_user_list_path}" "${old_user_list_path}"
	if command diff -q -- "${new_user_list_path}" "${old_user_list_path}" > /dev/null; then
		[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : Old user list — ${new_user_list_path} and ${old_user_list_path} are the same, no need to create directories."
		command mv -f -- "${new_user_list_path}" "${old_user_list_path}"
		command chmod 0400 -- "${old_user_list_path}"
		exit 0
		else
		[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : Old user list — ${new_user_list_path} and ${old_user_list_path} are NOT the same."
	fi
fi
# }}}
# Create wanted directory for user {{{
while IFS= read -r username; do
	[ "${DEBUG}" -eq "0" ] && printf '\e[1;35m%-6s\e[m\n' "DEBUG : New dir — Apply ${newdir_script_name} for ${username}."
	${newdir_script_path} "${username}"
done < "${new_user_list_path}"
# }}}

# Keep a record of user list for next run and restrict access
command mv -f -- "${new_user_list_path}" "${old_user_list_path}"
command chmod 0400 -- "${old_user_list_path}"

exit 0