Major update, including adding cipux role accounts.

3 files changed, 127 insertions, 9 deletions

diff --git a/ldap/db/cipux_rolegroup.ldif.in b/ldap/db/cipux_rolegroup.ldif.in
new file mode 100644
index 0000000..bff7f56
--- /dev/null
+++ b/ldap/db/cipux_rolegroup.ldif.in
@@ -0,0 +1,26 @@
+dn: cn=@ROLE@,ou=Group,ou=CipUX,@SUFFIX@
+cipuxCreationDate: 2008-07-31T01:54:00
+cipuxGroupLeaderUid: @ROLE@
+cipuxHardQuota: 50000
+cipuxInternetStatus: accept
+cipuxIsAccount: TRUE
+cipuxIsRole: TRUE
+cipuxIsShare: FALSE
+cipuxIsSkel: TRUE
+cipuxRemark: Hand made account
+cipuxRole: role
+cipuxSoftQuota: 40000
+cn: @ROLE@
+gidNumber: @GID@
+memberUid: @ROLE@
+objectClass: top
+objectClass: posixGroup
+objectClass: cipuxGroup
+structuralObjectClass: posixGroup
+entryUUID: b72b2286-1c30-102d-92b5-c966c0ff3d4a
+creatorsName: cn=cipuxadm,dc=jones,dc=dk
+createTimestamp: 20080921135538Z
+userPassword:: e1NTSEF9MllkUGRjV3RKYmhNdUZWODVaQ1pJWHNyZE5rTGVXdjM=
+entryCSN: 20080921135647.732164Z#000000#000#000000
+modifiersName: cn=cipuxadm,dc=jones,dc=dk
+modifyTimestamp: 20080921135647Z
diff --git a/ldap/db/cipux_roleuser.ldif.in b/ldap/db/cipux_roleuser.ldif.in
new file mode 100644
index 0000000..a19b1b8
--- /dev/null
+++ b/ldap/db/cipux_roleuser.ldif.in
@@ -0,0 +1,36 @@
+dn: uid=@ROLE@,ou=User,ou=CipUX,@SUFFIX@
+cipuxCreationDate: 2008-07-31T01:54:00
+cipuxFirstname: Role
+cipuxHardQuota: 50000
+cipuxInternetStatus: accept
+cipuxIsAccount: TRUE
+cipuxIsRole: TRUE
+cipuxIsShare: FALSE
+cipuxIsSkel: TRUE
+cipuxLastname: Account
+cipuxRemark: CipUX task layer
+cipuxRole: role
+cipuxSkeletonUid: none
+cipuxSoftQuota: 40000
+cipuxStatus: idle
+cn: Default Role
+gecos: Default Role
+gidNumber: @GID@
+homeDirectory: /home/cipux0/@ROLE@
+loginShell: /bin/bash
+mailMessageStore: /var/lib/maildirs/@ROLE@
+objectClass: posixAccount
+objectClass: top
+objectClass: shadowAccount
+objectClass: imapUser
+objectClass: cipuxAccount
+uid: @ROLE@
+uidNumber: @UID@
+userPassword:: ZHV0
+structuralObjectClass: imapUser
+entryUUID: b72bb2e6-1c30-102d-92b6-c966c0ff3d4a
+creatorsName: cn=cipuxadm,dc=jones,dc=dk
+createTimestamp: 20080921135538Z
+entryCSN: 20080921144317.807008Z#000000#000#000000
+modifiersName: cn=cipuxadm,dc=jones,dc=dk
+modifyTimestamp: 20080921144317Z
diff --git a/ldap/mkldapdb b/ldap/mkldapdb
index 4e297c3..31ad606 100755
--- a/ldap/mkldapdb
+++ b/ldap/mkldapdb
@@ -23,36 +23,83 @@ for var in basedn dnsdomain orgname backend; do
 	fi
 done
 
+# concatenate files with an additional newline in between
+spacecat() {
+	perl -e 'foreach (@ARGV) {print "\n" if $n; $n++; open (FH, $_); print while(<FH>); close FH;}' "$@"
+}
+
+#TODO: Somehow lookup id directly instead, as getent might be slow with
+#      thousands of entries, and some NSS mechanisms drop at some limit
+#      i.e. openldap by default return only first 500 entries
+nextfreeid() {
+	type="$1"
+	id="$2"
+	max="$3"
+	case $type in
+		uid) column="3";;
+		gid) column="4";;
+	esac
+	while getent passwd | awk -F: "{ print \$$column }" | grep -Fqx "$id"; do
+		id=$(($id + 1))
+		[ -z "$max" ] || [ "$id" -lt "$max" ] || return 1
+	done
+	echo "$id"
+}
+
 masterdir=/etc/local-COMMON/ldap/db
 tempdir=`mktemp -dt slapd.XXXXXX`
 
 snippets="$(LANG=C find "$masterdir" -type f -name '*.conf.in' | sort)"
-# concatenate files with an additional newline in between
-# (perl could replace sed too, but multiline perl inside shell is ugly)
-perl -e 'foreach (@ARGV) {print "\n" if $n; $n++; open (FH, $_); print while(<FH>); close FH;}' $snippets \
-	| sed >>"$tempdir/slapd.conf" \
+spacecat $snippets | sed >>"$tempdir/slapd.conf" \
 		-e "s/@BACKEND@/$backend/g" \
 		-e "s/@SUFFIX@/$basedn/g" \
 		-e "s/@ADMIN@/cn=admin,$basedn/g"
 
+# TODO: Better separate core from normal lif files than "below 100"...
+file=99
 for section in core base cipux horde; do
-	sed <"$masterdir/$section.ldif.in" >"$tempdir/$section.ldif" \
+	sed <"$masterdir/$section.ldif.in" >"$tempdir/${file}_$section.ldif" \
 		-e "s/@SUFFIX@/$basedn/g" \
 		-e "s/@DOMAIN@/$dnsdomain/g" \
 		-e "s/@ORG@/$orgname/g"
+	file=$(($file + 1))
 done
 
+# FIXME: create cipuxadm in addition to below roles!
+
+# FIXME: fix apply passwords for roles in a sane way!
+uid=10100
+gid=10100
+file=200
+for role in admin professor assistant pupil student tutor teacher lecturer; do
+	uid="$(nextfreeid uid "$uid")"
+	gid="$(nextfreeid gid "$gid")"
+	snippets="$masterdir/cipux_rolegroup.ldif.in $masterdir/cipux_roleuser.ldif.in"
+	spacecat $snippets | sed >"$tempdir/${file}_$role.ldif" \
+		-e "s/@SUFFIX@/$basedn/g" \
+		-e "s/@ROLE@/$role/g" \
+		-e "s/@UID@/$uid/g" \
+		-e "s/@GID@/$gid/g" \
+		-e "s/@DOMAIN@/$dnsdomain/g" \
+		-e "s/@ORG@/$orgname/g"
+	uid=$(($uid + 1))
+	gid=$(($gid + 1))
+	file=$(($file + 1))
+done
+
+file=300
 for db in passwd group; do
 	getent $db >"$tempdir/$db.dump"
-	( cd /usr/share/migrationtools && ./migrate_passwd.pl "$tempdir/$db.dump" >"$tempdir/$db.ldif" )
+	( cd /usr/share/migrationtools && ./migrate_$db.pl "$tempdir/$db.dump" >"$tempdir/${file}_$db.ldif" )
+	file=$(($file + 1))
 done
 
 #invoke-rc.d slapd stop
-#slapadd -l "$tempdir/core.ldif"
+#slapadd -l "$tempdir/99_core.ldif"
 #invoke-rc.d slapd start
 #ldappasswd -x -h localhost -D "cn=admin,$basedn" -S -w supersecretpassword "cn=admin,$basedn"
-for section in base cipux horde; do
-	ldapadd -x -h localhost -D "cn=admin,$basedn" -f "$tempdir/$section.ldif" -W
+for file in $(run-parts --list --regex '^1[0-9]{2}_[a-z0-9-]+\.ldif' "$tempdir"); do
+	ldapadd -x -h localhost -D "cn=admin,$basedn" -f "$file" -W
 done
 for role in cipux horde; do
 	echo "Securing $role..."
@@ -83,3 +130,12 @@ EOF
 
 # TODO: Add "uid=cifsdc,ou=Entities,ou=Access Control,@SUFFIX@" to group
 #       "cn=SAM,ou=Administrators,ou=Access Control,@SUFFIX@" for samba
+
+for file in $(run-parts --list --regex '^2[0-9]{2}_[a-z0-9-]+\.ldif' "$tempdir"); do
+	ldapadd -x -h localhost -D "cn=admin,$basedn" -f "$file" -W
+done
+
+# FIXME: Check (and maybe correct) basedn from migrationtools-generated ldifs
+#for file in $(run-parts --list --regex '^3[0-9]{2}_[a-z0-9-]+\.ldif' "$tempdir"); do
+#	ldapadd -x -h localhost -D "cn=admin,$basedn" -f "$file" -W
+#done