Make LDAP user importing work in OpenBSD.

user/scripts/update-classes.rb

@@ -60,7 +60,7 @@ conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, 'objectClass=posixAccount',
     if entry['uid'][0] !~ /.*\$.*/
 	print "class user::" + entry['uid'][0] + " {\n"
         print "    include user::virtual\n"
-	print "    realize(User['" + entry['uid'][0] + "'])\n"
+	print "    realize(User::Virtual::Newuser['" + entry['uid'][0] + "'])\n"
 	groups.each do |group|
 	    print "    realize(Group['" + group + "'])\n"
 	end

user/scripts/update-virtual.rb

@@ -40,7 +40,42 @@ end
 f.close
 
 
-print "class user::virtual {\n"
+print <<EOF
+class user::virtual {
+
+    define newuser($uid, $gid, $comment, $home, $shell, $groups=undef, $requiregroups=undef) {
+        user { "${name}":
+            ensure  => present,
+            uid     => $uid,
+            gid     => $gid,
+            comment => $comment,
+            home    => $home,
+            shell   => $shell,
+            groups  => $groups,
+            require => $requiregroups,
+            notify  => $operatingsystem ? {
+                OpenBSD => [ Exec["user-mod-${name}"],
+                             Exec["user-home-${name}"], ],
+                default => undef,
+            }
+        }
+
+        exec { "user-mod-${name}":
+            command     => "usermod -L ldap ${name}; groups ${name} | fgrep -q sysadm && usermod -G wheel ${name} || true",
+            path        => "/sbin:/usr/sbin:/bin:/usr/bin",
+            refreshonly => true,
+        }
+
+        exec { "user-home-${name}":
+            command     => "umask 077; mkdir -p ${home} && tar cf - . | tar xf - -C ${home} && chown -R ${uid}:${gid} ${home}",
+            cwd         => "/etc/skel",
+            path        => "/sbin:/usr/sbin:/bin:/usr/bin",
+            unless      => "test -d ${home}",
+            refreshonly => true,
+        }
+
+    }
+EOF
 
 
 conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, 'objectClass=posixAccount',
@@ -60,31 +95,30 @@ conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, 'objectClass=posixAccount',
     }
 
     print "\n"
-    print "    @user { '" + entry['uid'][0] + "':\n"
+    print "    @newuser { '%s':\n" % entry['uid'][0]
-    print "        ensure  => present,\n"
+    print "        uid           => '%s',\n" % entry['uidNumber'][0]
-    print "        uid     => '" + entry['uidNumber'][0] + "',\n"
+    print "        gid           => '%s',\n" % entry['gidNumber'][0]
-    print "        gid     => '" + entry['gidNumber'][0] + "',\n"
     begin
-        print "        comment => '" + entry['gecos'][0] + "',\n"
+        print "        comment       => '%s',\n" % entry['gecos'][0]
     rescue
-        print "        comment => '" + entry['uid'][0] + "',\n"
+        print "        comment       => '%s',\n" % entry['uid'][0]
     end
-    print "        home    => '" + entry['homeDirectory'][0] + "',\n"
+    print "        home          => '%s',\n" % entry['homeDirectory'][0]
     begin
-        print "        shell   => '" + entry['loginShell'][0] + "',\n"
+        print "        shell         => '%s',\n" % entry['loginShell'][0]
     rescue
-        print "        shell   => '/bin/false',\n"
+        print "        shell         => '%s',\n" % "/bin/bash"
     end
     if groups.length > 0
-	print "        groups  => [ "
+	print "        groups        => [ "
 	groups.each do |group|
 	    print "'" + group + "', "
 	end
 	print "],\n"
     end
-    print "        require => [ Group['" + prigroup + "'],"
+    print "        requiregroups => [ Group['" + prigroup + "'],"
     groups.each do |group|
-	print "\n                     Group['" + group + "'],"
+	print "\n                           Group['" + group + "'],"
     end
     print " ],\n"
     print "    }\n"