121 lines
3.3 KiB
Ruby
Executable file
121 lines
3.3 KiB
Ruby
Executable file
require 'set'
|
|
require 'uri'
|
|
require 'ldap'
|
|
|
|
basedn = ''
|
|
conn = ''
|
|
|
|
File.readlines('/etc/openldap/ldap.conf').each do |line|
|
|
line = line.strip
|
|
next if line.empty?
|
|
next if line.start_with?('#')
|
|
line = line.split
|
|
if line[0] == 'BASE'
|
|
basedn = line[1]
|
|
elsif line[0] == 'URI'
|
|
line.shift
|
|
line.each do |uri|
|
|
uri = URI.parse(uri)
|
|
begin
|
|
if uri.scheme == 'ldaps'
|
|
uri.port = 636 unless uri.port
|
|
conn = LDAP::SSLConn.new(uri.host, uri.port)
|
|
else
|
|
uri.port = 389 unless uri.port
|
|
conn = LDAP::Conn.new(uri.host, uri.port)
|
|
end
|
|
conn.bind
|
|
break
|
|
rescue LDAP::ResultError
|
|
next
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
print "class user::virtual {\n"
|
|
|
|
filter = 'objectClass=posixAccount'
|
|
attrs = [
|
|
'uid',
|
|
'uidNumber',
|
|
'gidNumber',
|
|
'gecos',
|
|
'homeDirectory',
|
|
'loginShell',
|
|
]
|
|
conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, filter, attrs) do |entry|
|
|
dn = entry.get_dn
|
|
uid = entry['uid'][0]
|
|
uidnumber=entry['uidNumber'][0]
|
|
gidnumber=entry['gidNumber'][0]
|
|
|
|
primarygroup = nil
|
|
groups = Set.new
|
|
|
|
filter = '(&(objectClass=posixGroup)(gidNumber=%s))' % gidnumber
|
|
conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, filter, ['cn']) do |group|
|
|
primarygroup = group['cn'][0]
|
|
end
|
|
|
|
continue if primarygroup.nil?
|
|
|
|
filter = '(&(objectClass=posixGroup)(|(uniqueMember=%s)(memberUid=%s)))' % [ dn, uid ]
|
|
conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, filter, ['cn']) do |group|
|
|
groups << group['cn'][0]
|
|
end
|
|
|
|
print "\n"
|
|
print " @user::add { \"%s\":\n" % uid
|
|
print " uid => \"%s\",\n" % uidnumber
|
|
print " gid => \"%s\",\n" % gidnumber
|
|
begin
|
|
print " comment => \"%s\",\n" % entry['gecos'][0]
|
|
rescue
|
|
print " comment => \"%s\",\n" % entry['uid'][0]
|
|
end
|
|
print " home => \"%s\",\n" % entry['homeDirectory'][0]
|
|
begin
|
|
print " shell => \"%s\",\n" % entry['loginShell'][0]
|
|
rescue
|
|
print " shell => \"%s\",\n" % "/bin/bash"
|
|
end
|
|
unless groups.empty?
|
|
print " groups => $::operatingsystem ? {\n"
|
|
print " \"openbsd\" => [ "
|
|
groups.each do |group|
|
|
print "\"%s\", " % group
|
|
end
|
|
print "\"wheel\", " if groups.include?('sysadm')
|
|
print "],\n"
|
|
print " default => [ "
|
|
groups.each do |group|
|
|
print "\"%s\", " % group
|
|
end
|
|
print "],\n },\n"
|
|
end
|
|
print " require => [\n"
|
|
print " Group[\"%s\"],\n" % primarygroup
|
|
groups.each do |group|
|
|
print " Group[\"%s\"],\n" % group
|
|
end
|
|
print " ],\n"
|
|
print " }\n"
|
|
end
|
|
|
|
filter = 'objectClass=posixGroup'
|
|
attrs = [
|
|
'cn',
|
|
'gidNumber',
|
|
'memberUid',
|
|
'uniqueMember',
|
|
]
|
|
conn.search(basedn, LDAP::LDAP_SCOPE_SUBTREE, filter, attrs) do |entry|
|
|
print "\n"
|
|
print " @group { \"%s\":\n" % entry['cn'][0]
|
|
print " ensure => present,\n"
|
|
print " gid => %s,\n" % entry['gidNumber'][0]
|
|
print " }\n"
|
|
end
|
|
|
|
print "\n}\n"
|