Major update, including adding cipux role accounts.

1 files changed, 65 insertions, 9 deletions

diff --git a/ldap/mkldapdb b/ldap/mkldapdb
index 4e297c3..31ad606 100755
--- a/ldap/mkldapdb
+++ b/ldap/mkldapdb
@@ -23,36 +23,83 @@ for var in basedn dnsdomain orgname backend; do
 	fi
 done
 
+# concatenate files with an additional newline in between
+spacecat() {
+	perl -e 'foreach (@ARGV) {print "\n" if $n; $n++; open (FH, $_); print while(<FH>); close FH;}' "$@"
+}
+
+#TODO: Somehow lookup id directly instead, as getent might be slow with
+#      thousands of entries, and some NSS mechanisms drop at some limit
+#      i.e. openldap by default return only first 500 entries
+nextfreeid() {
+	type="$1"
+	id="$2"
+	max="$3"
+	case $type in
+		uid) column="3";;
+		gid) column="4";;
+	esac
+	while getent passwd | awk -F: "{ print \$$column }" | grep -Fqx "$id"; do
+		id=$(($id + 1))
+		[ -z "$max" ] || [ "$id" -lt "$max" ] || return 1
+	done
+	echo "$id"
+}
+
 masterdir=/etc/local-COMMON/ldap/db
 tempdir=`mktemp -dt slapd.XXXXXX`
 
 snippets="$(LANG=C find "$masterdir" -type f -name '*.conf.in' | sort)"
-# concatenate files with an additional newline in between
-# (perl could replace sed too, but multiline perl inside shell is ugly)
-perl -e 'foreach (@ARGV) {print "\n" if $n; $n++; open (FH, $_); print while(<FH>); close FH;}' $snippets \
-	| sed >>"$tempdir/slapd.conf" \
+spacecat $snippets | sed >>"$tempdir/slapd.conf" \
 		-e "s/@BACKEND@/$backend/g" \
 		-e "s/@SUFFIX@/$basedn/g" \
 		-e "s/@ADMIN@/cn=admin,$basedn/g"
 
+# TODO: Better separate core from normal lif files than "below 100"...
+file=99
 for section in core base cipux horde; do
-	sed <"$masterdir/$section.ldif.in" >"$tempdir/$section.ldif" \
+	sed <"$masterdir/$section.ldif.in" >"$tempdir/${file}_$section.ldif" \
 		-e "s/@SUFFIX@/$basedn/g" \
 		-e "s/@DOMAIN@/$dnsdomain/g" \
 		-e "s/@ORG@/$orgname/g"
+	file=$(($file + 1))
 done
 
+# FIXME: create cipuxadm in addition to below roles!
+
+# FIXME: fix apply passwords for roles in a sane way!
+uid=10100
+gid=10100
+file=200
+for role in admin professor assistant pupil student tutor teacher lecturer; do
+	uid="$(nextfreeid uid "$uid")"
+	gid="$(nextfreeid gid "$gid")"
+	snippets="$masterdir/cipux_rolegroup.ldif.in $masterdir/cipux_roleuser.ldif.in"
+	spacecat $snippets | sed >"$tempdir/${file}_$role.ldif" \
+		-e "s/@SUFFIX@/$basedn/g" \
+		-e "s/@ROLE@/$role/g" \
+		-e "s/@UID@/$uid/g" \
+		-e "s/@GID@/$gid/g" \
+		-e "s/@DOMAIN@/$dnsdomain/g" \
+		-e "s/@ORG@/$orgname/g"
+	uid=$(($uid + 1))
+	gid=$(($gid + 1))
+	file=$(($file + 1))
+done
+
+file=300
 for db in passwd group; do
 	getent $db >"$tempdir/$db.dump"
-	( cd /usr/share/migrationtools && ./migrate_passwd.pl "$tempdir/$db.dump" >"$tempdir/$db.ldif" )
+	( cd /usr/share/migrationtools && ./migrate_$db.pl "$tempdir/$db.dump" >"$tempdir/${file}_$db.ldif" )
+	file=$(($file + 1))
 done
 
 #invoke-rc.d slapd stop
-#slapadd -l "$tempdir/core.ldif"
+#slapadd -l "$tempdir/99_core.ldif"
 #invoke-rc.d slapd start
 #ldappasswd -x -h localhost -D "cn=admin,$basedn" -S -w supersecretpassword "cn=admin,$basedn"
-for section in base cipux horde; do
-	ldapadd -x -h localhost -D "cn=admin,$basedn" -f "$tempdir/$section.ldif" -W
+for file in $(run-parts --list --regex '^1[0-9]{2}_[a-z0-9-]+\.ldif' "$tempdir"); do
+	ldapadd -x -h localhost -D "cn=admin,$basedn" -f "$file" -W
 done
 for role in cipux horde; do
 	echo "Securing $role..."
@@ -83,3 +130,12 @@ EOF
 
 # TODO: Add "uid=cifsdc,ou=Entities,ou=Access Control,@SUFFIX@" to group
 #       "cn=SAM,ou=Administrators,ou=Access Control,@SUFFIX@" for samba
+
+for file in $(run-parts --list --regex '^2[0-9]{2}_[a-z0-9-]+\.ldif' "$tempdir"); do
+	ldapadd -x -h localhost -D "cn=admin,$basedn" -f "$file" -W
+done
+
+# FIXME: Check (and maybe correct) basedn from migrationtools-generated ldifs
+#for file in $(run-parts --list --regex '^3[0-9]{2}_[a-z0-9-]+\.ldif' "$tempdir"); do
+#	ldapadd -x -h localhost -D "cn=admin,$basedn" -f "$file" -W
+#done