tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make LDAP user importing work in OpenBSD.

Browse source
This commit is contained in:
Ossi Salmi 2009-11-12 16:21:05 +02:00 committed by Timo Mkinen
parent f23d1d2e91
commit d34b44cf8c
2 changed files with 48 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
user/scripts/update-classes.rb
View file

@ -60,7 +60,7 @@ conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, 'objectClass=posixAccount',
if entry['uid'][0] !~ /.*\$.*/ if entry['uid'][0] !~ /.*\$.*/
print "class user::" + entry['uid'][0] + " {\n" print "class user::" + entry['uid'][0] + " {\n"
print " include user::virtual\n" print " include user::virtual\n"
print " realize(User['" + entry['uid'][0] + "'])\n" print " realize(User::Virtual::Newuser['" + entry['uid'][0] + "'])\n"
groups.each do |group| groups.each do |group|
print " realize(Group['" + group + "'])\n" print " realize(Group['" + group + "'])\n"
end end

56
user/scripts/update-virtual.rb
View file

@ -40,7 +40,42 @@ end
f.close f.close
print "class user::virtual {\n" print <<EOF
class user::virtual {
define newuser($uid, $gid, $comment, $home, $shell, $groups=undef, $requiregroups=undef) {
user { "${name}":
ensure => present,
uid => $uid,
gid => $gid,
comment => $comment,
home => $home,
shell => $shell,
groups => $groups,
require => $requiregroups,
notify => $operatingsystem ? {
OpenBSD => [ Exec["user-mod-${name}"],
Exec["user-home-${name}"], ],
default => undef,
}
}
exec { "user-mod-${name}":
command => "usermod -L ldap ${name}; groups ${name} | fgrep -q sysadm && usermod -G wheel ${name} || true",
path => "/sbin:/usr/sbin:/bin:/usr/bin",
refreshonly => true,
}
exec { "user-home-${name}":
command => "umask 077; mkdir -p ${home} && tar cf - . | tar xf - -C ${home} && chown -R ${uid}:${gid} ${home}",
cwd => "/etc/skel",
path => "/sbin:/usr/sbin:/bin:/usr/bin",
unless => "test -d ${home}",
refreshonly => true,
}
}
EOF
conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, 'objectClass=posixAccount', conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, 'objectClass=posixAccount',
@ -60,20 +95,19 @@ conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, 'objectClass=posixAccount',
} }
print "\n" print "\n"
print " @user { '" + entry['uid'][0] + "':\n" print " @newuser { '%s':\n" % entry['uid'][0]
print " ensure => present,\n" print " uid => '%s',\n" % entry['uidNumber'][0]
print " uid => '" + entry['uidNumber'][0] + "',\n" print " gid => '%s',\n" % entry['gidNumber'][0]
print " gid => '" + entry['gidNumber'][0] + "',\n"
begin begin
print " comment => '" + entry['gecos'][0] + "',\n" print " comment => '%s',\n" % entry['gecos'][0]
rescue rescue
print " comment => '" + entry['uid'][0] + "',\n" print " comment => '%s',\n" % entry['uid'][0]
end end
print " home => '" + entry['homeDirectory'][0] + "',\n" print " home => '%s',\n" % entry['homeDirectory'][0]
begin begin
print " shell => '" + entry['loginShell'][0] + "',\n" print " shell => '%s',\n" % entry['loginShell'][0]
rescue rescue
print " shell => '/bin/false',\n" print " shell => '%s',\n" % "/bin/bash"
end end
if groups.length > 0 if groups.length > 0
print " groups => [ " print " groups => [ "
@ -82,7 +116,7 @@ conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, 'objectClass=posixAccount',
end end
print "],\n" print "],\n"
end end
print " require => [ Group['" + prigroup + "']," print " requiregroups => [ Group['" + prigroup + "'],"
groups.each do |group| groups.each do |group|
print "\n Group['" + group + "']," print "\n Group['" + group + "'],"
end end