Make LDAP user importing work in OpenBSD.

2009-11-12 16:21:05 +02:00 · 2009-11-12 16:21:05 +02:00 · d34b44cf8c
commit d34b44cf8c
parent f23d1d2e91
2 changed files with 48 additions and 14 deletions
--- a/user/scripts/update-classes.rb
+++ b/user/scripts/update-classes.rb
@ -60,7 +60,7 @@ conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, 'objectClass=posixAccount',
    if entry['uid'][0] !~ /.*\$.*/
 	print "class user::" + entry['uid'][0] + " {\n"
        print "    include user::virtual\n"
-	print "    realize(User['" + entry['uid'][0] + "'])\n"
+	print "    realize(User::Virtual::Newuser['" + entry['uid'][0] + "'])\n"
 	groups.each do |group|
 	    print "    realize(Group['" + group + "'])\n"
 	end
--- a/user/scripts/update-virtual.rb
+++ b/user/scripts/update-virtual.rb
@ -40,7 +40,42 @@ end
 f.close


-print "class user::virtual {\n"
+print <<EOF
+class user::virtual {
+
+    define newuser($uid, $gid, $comment, $home, $shell, $groups=undef, $requiregroups=undef) {
+        user { "${name}":
+            ensure  => present,
+            uid     => $uid,
+            gid     => $gid,
+            comment => $comment,
+            home    => $home,
+            shell   => $shell,
+            groups  => $groups,
+            require => $requiregroups,
+            notify  => $operatingsystem ? {
+                OpenBSD => [ Exec["user-mod-${name}"],
+                             Exec["user-home-${name}"], ],
+                default => undef,
+            }
+        }
+
+        exec { "user-mod-${name}":
+            command     => "usermod -L ldap ${name}; groups ${name} | fgrep -q sysadm && usermod -G wheel ${name} || true",
+            path        => "/sbin:/usr/sbin:/bin:/usr/bin",
+            refreshonly => true,
+        }
+
+        exec { "user-home-${name}":
+            command     => "umask 077; mkdir -p ${home} && tar cf - . | tar xf - -C ${home} && chown -R ${uid}:${gid} ${home}",
+            cwd         => "/etc/skel",
+            path        => "/sbin:/usr/sbin:/bin:/usr/bin",
+            unless      => "test -d ${home}",
+            refreshonly => true,
+        }
+
+    }
+EOF


 conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, 'objectClass=posixAccount',
@ -60,20 +95,19 @@ conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, 'objectClass=posixAccount',
    }

    print "\n"
-    print "    @user { '" + entry['uid'][0] + "':\n"
-    print "        ensure  => present,\n"
-    print "        uid     => '" + entry['uidNumber'][0] + "',\n"
-    print "        gid     => '" + entry['gidNumber'][0] + "',\n"
+    print "    @newuser { '%s':\n" % entry['uid'][0]
+    print "        uid           => '%s',\n" % entry['uidNumber'][0]
+    print "        gid           => '%s',\n" % entry['gidNumber'][0]
    begin
-        print "        comment => '" + entry['gecos'][0] + "',\n"
+        print "        comment       => '%s',\n" % entry['gecos'][0]
    rescue
-        print "        comment => '" + entry['uid'][0] + "',\n"
+        print "        comment       => '%s',\n" % entry['uid'][0]
    end
-    print "        home    => '" + entry['homeDirectory'][0] + "',\n"
+    print "        home          => '%s',\n" % entry['homeDirectory'][0]
    begin
-        print "        shell   => '" + entry['loginShell'][0] + "',\n"
+        print "        shell         => '%s',\n" % entry['loginShell'][0]
    rescue
-        print "        shell   => '/bin/false',\n"
+        print "        shell         => '%s',\n" % "/bin/bash"
    end
    if groups.length > 0
 	print "        groups        => [ "
@ -82,7 +116,7 @@ conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, 'objectClass=posixAccount',
 	end
 	print "],\n"
    end
-    print "        require => [ Group['" + prigroup + "'],"
+    print "        requiregroups => [ Group['" + prigroup + "'],"
    groups.each do |group|
 	print "\n                           Group['" + group + "'],"
    end