Forum: Cfengine Help
Subject: Re: 3.0.2 too old?
Author: berntjernberg
Link to topic: https://cfengine.com/forum/read.php?3,20392,20399#msg-20399
Hi,
We use an LDAP-server to store all account info. Application/group-accounts
exist locally but personal accounts only have the home directory locally. If
you remove a user in LDAP the home directory is owned by a uid. I use this
bundle to clean local home directories in Solaris. I have created a group that
only exist centrally which is used for checking connectivity to LDAP before I
start to clean. I hope it helps.
bundle agent remove_recursive(dir)
{
files:
# Delete all files.
"$(dir)"
delete => tidy,
file_select => plain,
depth_search => recurse("inf");
# Delete all subdirectories.
"$(dir)"
delete => tidy,
file_select => dirs,
depth_search => recurse("inf");
# Delete parent.
"$(dir)"
delete => tidy;
}
bundle agent clean_home
{
vars:
"dirs_list" string => execresult("$(g.ls) -ld $(g.homebase)/* |
$(g.nawk) '$3 !~ // { print $NF }'","useshell"),policy => "free";
"dirs_to_remove" slist => splitstring("$(dirs_list)","\n","300"),policy
=> "free";
classes:
"ldap_online" expression => returnszero("$(g.getent) group
$(g.ldapchkgrp) > /dev/null 2>&1","useshell");
methods:
ldap_online.!uid_directories_removed::
"remove_directories_with_uid_owner" usebundle =>
remove_recursive("$(dirs_to_remove)"),
classes => if_repaired("uid_directories_removed");
}
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
