Re: LDAP/nss_ldap adduser script

[Matt Juszczak]

Primarily, my aim is to keep it simple, do the basics, thats the itch that
needs scratching for me at the moment. It could be the base of a more
encompassing management system, but that would be a different project.


Count me in on helping you with this.  A nice command line utility for 
ldap is definitely needed.  Something like ldapctl :)

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: LDAP/nss_ldap adduser script

[martin]

 On Wed, Jul 27, 2005 at 10:39:14AM +0100, [EMAIL PROTECTED] wrote:

   I've had a look at the adduser script and it should be straight
 forward
 enough to tailer to this purpose, and I can't see any difficulties in
 writing them - check /etc/ldap.conf for the location of the users 
 groups, pops the details into an ldif and runs it through the ldap

 I'm not sure that such utilities exist, because each environment is
 very different.  On my systems, I'm planning to write own scripts for
 creating, deleting users, etc.  I will be much easier than adaption
 someone's scripts for own purpose.

Each to their own, but most of the stuff is fairly generic. I've written
the scripts to read the ldap settings from the relevent files (the admin
user, and the user  group context).


 client. The one thing I am not sure about is getting the next available
 uid number, but I'm sure the answer will become apparent.

 From my point of view the easiest solution is some directory with files,
 a name of each file is equal to UID of user.  A script should find non-
 existent file with name from UID_min to UID_max and create it.  As an
 optimization it possible to keep list of unused numbers (in file).

Yuch! And what happens if the information gets out of sync. I've come up
with a solution, which was much easier than I had thought -

user_base=`awk '/nss_base_passwd/ {print $2}' /etc/ldap.conf | cut -f1 -d?`
get_next_uid() {

lastuid=`ldapsearch -LLL -b $user_base
objectclass=posixAccount |\
 awk '/uidNumber/ {print $2}' | sort | tail -n1`
if [ -z $lastuid ]; then
uid=$startuid
else
uid=`expr $lastuid + 1`
fi
}

it pulls out all the uids already assigned, sorts them, takes the last
one, and adds one on (or sets it to startuid if none found). It might fall
over if huge numbers of users are in there, but should work for most.



   So before I get into the meat of this, I wanted to check if anyone has
 any suggestions or comments.

 How do you export user home directories?

Thats another task - I'm just interested in easily adding and removing
users easily.

If you are interested, I can send you the full scripts - they are pretty
sparse and general, so should be easy to adapt.

Cheers,
Martin








___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: LDAP/nss_ldap adduser script

[Joerg Pulz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


On Tue, 2 Aug 2005, [EMAIL PROTECTED] wrote:


On Wed, Jul 27, 2005 at 10:39:14AM +0100, [EMAIL PROTECTED] wrote:


  I've had a look at the adduser script and it should be straight
forward
enough to tailer to this purpose, and I can't see any difficulties in
writing them - check /etc/ldap.conf for the location of the users 
groups, pops the details into an ldif and runs it through the ldap


I'm not sure that such utilities exist, because each environment is
very different.  On my systems, I'm planning to write own scripts for
creating, deleting users, etc.  I will be much easier than adaption
someone's scripts for own purpose.


Each to their own, but most of the stuff is fairly generic. I've written
the scripts to read the ldap settings from the relevent files (the admin
user, and the user  group context).




client. The one thing I am not sure about is getting the next available
uid number, but I'm sure the answer will become apparent.


From my point of view the easiest solution is some directory with files,
a name of each file is equal to UID of user.  A script should find non-
existent file with name from UID_min to UID_max and create it.  As an
optimization it possible to keep list of unused numbers (in file).


Yuch! And what happens if the information gets out of sync. I've come up
with a solution, which was much easier than I had thought -

user_base=`awk '/nss_base_passwd/ {print $2}' /etc/ldap.conf | cut -f1 -d?`
get_next_uid() {

   lastuid=`ldapsearch -LLL -b $user_base
objectclass=posixAccount |\
awk '/uidNumber/ {print $2}' | sort | tail -n1`
   if [ -z $lastuid ]; then
   uid=$startuid
   else
   uid=`expr $lastuid + 1`
   fi
}

it pulls out all the uids already assigned, sorts them, takes the last
one, and adds one on (or sets it to startuid if none found). It might fall
over if huge numbers of users are in there, but should work for most.





  So before I get into the meat of this, I wanted to check if anyone has
any suggestions or comments.


How do you export user home directories?


Thats another task - I'm just interested in easily adding and removing
users easily.

If you are interested, I can send you the full scripts - they are pretty
sparse and general, so should be easy to adapt.


Hi

so, why all this scripting?? you could simply use the following line to 
get the next free uid (as long as the system is configured to use LDAP 
accounts)


pw usernext | cut -f1 -d:
the 'cut' is necessary as 'pw usernext' reports the next free uid:gid in 
combination (is this a bug??)


pw groupnext
reports only the next free gid

regards
Joerg

- -- 
The beginning is the most important part of the work.

-Plato
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (FreeBSD)

iD8DBQFC72X8SPOsGF+KA+MRAquVAKCv3jjm4V8INAEuHbAEY2kGk0heYgCfSYaX
yhF36rOl+da279CW6IsGAco=
=czue
-END PGP SIGNATURE-
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: LDAP/nss_ldap adduser script

[Andrey Simonenko]

On Tue, Aug 02, 2005 at 02:24:26PM +0200, Joerg Pulz wrote:
 user_base=`awk '/nss_base_passwd/ {print $2}' /etc/ldap.conf | cut -f1 -d?`
 get_next_uid() {
 
lastuid=`ldapsearch -LLL -b $user_base
 objectclass=posixAccount |\
 awk '/uidNumber/ {print $2}' | sort | tail -n1`
if [ -z $lastuid ]; then
uid=$startuid
else
uid=`expr $lastuid + 1`
fi
 }

#!/bin/sh

uid_min=1000
uid_max=2000

get_uid()
{
uid=${uid_min}
sort -g list-uid | while read uid_used; do
if [ ${uid} -eq ${uid_used} ]; then
uid=`expr ${uid} + 1`
if [ ${uid} -eq ${uid_max} ]; then
echo Out of UID numbers;
exit 1
fi
else
echo ${uid}
break;
fi
done
}

uid=`get_uid`
if [ $? -ne 0 ]; then
echo ${uid}
exit 1
fi
echo Lowest unused UID: ${uid}

 so, why all this scripting?? you could simply use the following line to 
 get the next free uid (as long as the system is configured to use LDAP 
 accounts)

Because everyone has own environment and not enough details about
his/her environment give many solutions, sometimes not optimal for
another environment.  Yours idea is good (if LDAP accounts work on
the system), especially that pw uses bitmap to find first unused UID
(if reuseuids is 'yes').

 the 'cut' is necessary as 'pw usernext' reports the next free uid:gid in 
 combination (is this a bug??)

This is documented in pw(8) manual page.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: LDAP/nss_ldap adduser script

[Ruben de Groot]

On Wed, Jul 27, 2005 at 10:39:14AM +0100, [EMAIL PROTECTED] typed:
 Hi all,
 
I've been using an ldap directory for quite a while now for my network
 logins, and love it. Problem is, it can be quite cumbersome to work
 with, any ldap clients I have looked at are either very sketchy or
 overly cumbersome for simple tasks (adding/removing users etc.), and
 ldif file format is a major pain to work with.
 
   My first question is - is anyone aware of a good light and stable ldap
 client that is easy to setup and use. My own research suggests no, which
 leads onto my proposal -
 
   I'm planning on writing a few basic scripts for working with the system
 - a 'ldap_adduser', 'ldap_rmuser' etc. Nothing major, not a full suite
 of utilities, just the basics to make life a little easier.
 
   I've had a look at the adduser script and it should be straight forward
 enough to tailer to this purpose, and I can't see any difficulties in
 writing them - check /etc/ldap.conf for the location of the users 
 groups, pops the details into an ldif and runs it through the ldap
 client. The one thing I am not sure about is getting the next available
 uid number, but I'm sure the answer will become apparent.
 
   So before I get into the meat of this, I wanted to check if anyone has
 any suggestions or comments.

Well, how would you go about determining the default user's set of objectclasses
and attributes? e.g. we have in our ldap users with different combinations of
sambaSamAccount, posixAccount and courierMailAccount.
If you want your script to be flexible enough to provide all possible options,
you'll end up writing a very complex script. But good luck anyway ;-)

Ruben

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: LDAP/nss_ldap adduser script

[martin]

 On Wed, Jul 27, 2005 at 10:39:14AM +0100, [EMAIL PROTECTED] typed:
 Hi all,

I've been using an ldap directory for quite a while now for my
 network
 logins, and love it. Problem is, it can be quite cumbersome to work
 with, any ldap clients I have looked at are either very sketchy or
 overly cumbersome for simple tasks (adding/removing users etc.), and
 ldif file format is a major pain to work with.

   My first question is - is anyone aware of a good light and stable ldap
 client that is easy to setup and use. My own research suggests no, which
 leads onto my proposal -

   I'm planning on writing a few basic scripts for working with the
 system
 - a 'ldap_adduser', 'ldap_rmuser' etc. Nothing major, not a full suite
 of utilities, just the basics to make life a little easier.

   I've had a look at the adduser script and it should be straight
 forward
 enough to tailer to this purpose, and I can't see any difficulties in
 writing them - check /etc/ldap.conf for the location of the users 
 groups, pops the details into an ldif and runs it through the ldap
 client. The one thing I am not sure about is getting the next available
 uid number, but I'm sure the answer will become apparent.

   So before I get into the meat of this, I wanted to check if anyone has
 any suggestions or comments.

 Well, how would you go about determining the default user's set of
 objectclasses
 and attributes? e.g. we have in our ldap users with different combinations
 of
 sambaSamAccount, posixAccount and courierMailAccount.
 If you want your script to be flexible enough to provide all possible
 options,
 you'll end up writing a very complex script. But good luck anyway ;-)

 Ruben

Primarily, my aim is to keep it simple, do the basics, thats the itch that
needs scratching for me at the moment. It could be the base of a more
encompassing management system, but that would be a different project.





___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]