summaryrefslogtreecommitdiff
path: root/ldap/mkldapdb
diff options
context:
space:
mode:
authorJonas Smedegaard <dr@jones.dk>2008-10-26 23:03:44 +0100
committerJonas Smedegaard <dr@jones.dk>2008-10-26 23:03:44 +0100
commit637d73aa6e6fb24cd57dc8063af55a203f8ccc64 (patch)
treef9cabd925a18dd3a57e22eebeaf3babde24bdef3 /ldap/mkldapdb
parent96c49c999faaaec0d073637671d1d7ba085d537b (diff)
Major update, including adding cipux role accounts.
Diffstat (limited to 'ldap/mkldapdb')
-rwxr-xr-xldap/mkldapdb74
1 files changed, 65 insertions, 9 deletions
diff --git a/ldap/mkldapdb b/ldap/mkldapdb
index 4e297c3..31ad606 100755
--- a/ldap/mkldapdb
+++ b/ldap/mkldapdb
@@ -23,36 +23,83 @@ for var in basedn dnsdomain orgname backend; do
fi
done
+# concatenate files with an additional newline in between
+spacecat() {
+ perl -e 'foreach (@ARGV) {print "\n" if $n; $n++; open (FH, $_); print while(<FH>); close FH;}' "$@"
+}
+
+#TODO: Somehow lookup id directly instead, as getent might be slow with
+# thousands of entries, and some NSS mechanisms drop at some limit
+# i.e. openldap by default return only first 500 entries
+nextfreeid() {
+ type="$1"
+ id="$2"
+ max="$3"
+ case $type in
+ uid) column="3";;
+ gid) column="4";;
+ esac
+ while getent passwd | awk -F: "{ print \$$column }" | grep -Fqx "$id"; do
+ id=$(($id + 1))
+ [ -z "$max" ] || [ "$id" -lt "$max" ] || return 1
+ done
+ echo "$id"
+}
+
masterdir=/etc/local-COMMON/ldap/db
tempdir=`mktemp -dt slapd.XXXXXX`
snippets="$(LANG=C find "$masterdir" -type f -name '*.conf.in' | sort)"
-# concatenate files with an additional newline in between
-# (perl could replace sed too, but multiline perl inside shell is ugly)
-perl -e 'foreach (@ARGV) {print "\n" if $n; $n++; open (FH, $_); print while(<FH>); close FH;}' $snippets \
- | sed >>"$tempdir/slapd.conf" \
+spacecat $snippets | sed >>"$tempdir/slapd.conf" \
-e "s/@BACKEND@/$backend/g" \
-e "s/@SUFFIX@/$basedn/g" \
-e "s/@ADMIN@/cn=admin,$basedn/g"
+# TODO: Better separate core from normal lif files than "below 100"...
+file=99
for section in core base cipux horde; do
- sed <"$masterdir/$section.ldif.in" >"$tempdir/$section.ldif" \
+ sed <"$masterdir/$section.ldif.in" >"$tempdir/${file}_$section.ldif" \
-e "s/@SUFFIX@/$basedn/g" \
-e "s/@DOMAIN@/$dnsdomain/g" \
-e "s/@ORG@/$orgname/g"
+ file=$(($file + 1))
done
+# FIXME: create cipuxadm in addition to below roles!
+
+# FIXME: fix apply passwords for roles in a sane way!
+uid=10100
+gid=10100
+file=200
+for role in admin professor assistant pupil student tutor teacher lecturer; do
+ uid="$(nextfreeid uid "$uid")"
+ gid="$(nextfreeid gid "$gid")"
+ snippets="$masterdir/cipux_rolegroup.ldif.in $masterdir/cipux_roleuser.ldif.in"
+ spacecat $snippets | sed >"$tempdir/${file}_$role.ldif" \
+ -e "s/@SUFFIX@/$basedn/g" \
+ -e "s/@ROLE@/$role/g" \
+ -e "s/@UID@/$uid/g" \
+ -e "s/@GID@/$gid/g" \
+ -e "s/@DOMAIN@/$dnsdomain/g" \
+ -e "s/@ORG@/$orgname/g"
+ uid=$(($uid + 1))
+ gid=$(($gid + 1))
+ file=$(($file + 1))
+done
+
+file=300
for db in passwd group; do
getent $db >"$tempdir/$db.dump"
- ( cd /usr/share/migrationtools && ./migrate_passwd.pl "$tempdir/$db.dump" >"$tempdir/$db.ldif" )
+ ( cd /usr/share/migrationtools && ./migrate_$db.pl "$tempdir/$db.dump" >"$tempdir/${file}_$db.ldif" )
+ file=$(($file + 1))
done
#invoke-rc.d slapd stop
-#slapadd -l "$tempdir/core.ldif"
+#slapadd -l "$tempdir/99_core.ldif"
#invoke-rc.d slapd start
#ldappasswd -x -h localhost -D "cn=admin,$basedn" -S -w supersecretpassword "cn=admin,$basedn"
-for section in base cipux horde; do
- ldapadd -x -h localhost -D "cn=admin,$basedn" -f "$tempdir/$section.ldif" -W
+for file in $(run-parts --list --regex '^1[0-9]{2}_[a-z0-9-]+\.ldif' "$tempdir"); do
+ ldapadd -x -h localhost -D "cn=admin,$basedn" -f "$file" -W
done
for role in cipux horde; do
echo "Securing $role..."
@@ -83,3 +130,12 @@ EOF
# TODO: Add "uid=cifsdc,ou=Entities,ou=Access Control,@SUFFIX@" to group
# "cn=SAM,ou=Administrators,ou=Access Control,@SUFFIX@" for samba
+
+for file in $(run-parts --list --regex '^2[0-9]{2}_[a-z0-9-]+\.ldif' "$tempdir"); do
+ ldapadd -x -h localhost -D "cn=admin,$basedn" -f "$file" -W
+done
+
+# FIXME: Check (and maybe correct) basedn from migrationtools-generated ldifs
+#for file in $(run-parts --list --regex '^3[0-9]{2}_[a-z0-9-]+\.ldif' "$tempdir"); do
+# ldapadd -x -h localhost -D "cn=admin,$basedn" -f "$file" -W
+#done