diff --git a/user/scripts/update-classes.rb b/user/scripts/update-classes.rb index 915c600..9e83f9c 100755 --- a/user/scripts/update-classes.rb +++ b/user/scripts/update-classes.rb @@ -60,7 +60,7 @@ conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, 'objectClass=posixAccount', if entry['uid'][0] !~ /.*\$.*/ print "class user::" + entry['uid'][0] + " {\n" print " include user::virtual\n" - print " realize(User['" + entry['uid'][0] + "'])\n" + print " realize(User::Virtual::Newuser['" + entry['uid'][0] + "'])\n" groups.each do |group| print " realize(Group['" + group + "'])\n" end diff --git a/user/scripts/update-virtual.rb b/user/scripts/update-virtual.rb index 9a73745..0adcdac 100755 --- a/user/scripts/update-virtual.rb +++ b/user/scripts/update-virtual.rb @@ -40,7 +40,42 @@ end f.close -print "class user::virtual {\n" +print < present, + uid => $uid, + gid => $gid, + comment => $comment, + home => $home, + shell => $shell, + groups => $groups, + require => $requiregroups, + notify => $operatingsystem ? { + OpenBSD => [ Exec["user-mod-${name}"], + Exec["user-home-${name}"], ], + default => undef, + } + } + + exec { "user-mod-${name}": + command => "usermod -L ldap ${name}; groups ${name} | fgrep -q sysadm && usermod -G wheel ${name} || true", + path => "/sbin:/usr/sbin:/bin:/usr/bin", + refreshonly => true, + } + + exec { "user-home-${name}": + command => "umask 077; mkdir -p ${home} && tar cf - . | tar xf - -C ${home} && chown -R ${uid}:${gid} ${home}", + cwd => "/etc/skel", + path => "/sbin:/usr/sbin:/bin:/usr/bin", + unless => "test -d ${home}", + refreshonly => true, + } + + } +EOF conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, 'objectClass=posixAccount', @@ -60,31 +95,30 @@ conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, 'objectClass=posixAccount', } print "\n" - print " @user { '" + entry['uid'][0] + "':\n" - print " ensure => present,\n" - print " uid => '" + entry['uidNumber'][0] + "',\n" - print " gid => '" + entry['gidNumber'][0] + "',\n" + print " @newuser { '%s':\n" % entry['uid'][0] + print " uid => '%s',\n" % entry['uidNumber'][0] + print " gid => '%s',\n" % entry['gidNumber'][0] begin - print " comment => '" + entry['gecos'][0] + "',\n" + print " comment => '%s',\n" % entry['gecos'][0] rescue - print " comment => '" + entry['uid'][0] + "',\n" + print " comment => '%s',\n" % entry['uid'][0] end - print " home => '" + entry['homeDirectory'][0] + "',\n" + print " home => '%s',\n" % entry['homeDirectory'][0] begin - print " shell => '" + entry['loginShell'][0] + "',\n" + print " shell => '%s',\n" % entry['loginShell'][0] rescue - print " shell => '/bin/false',\n" + print " shell => '%s',\n" % "/bin/bash" end if groups.length > 0 - print " groups => [ " + print " groups => [ " groups.each do |group| print "'" + group + "', " end print "],\n" end - print " require => [ Group['" + prigroup + "']," + print " requiregroups => [ Group['" + prigroup + "']," groups.each do |group| - print "\n Group['" + group + "']," + print "\n Group['" + group + "']," end print " ],\n" print " }\n"