Also add admin users to posixGroup for sudo privileges.

2026-01-28 08:03:36 +00:00 · 2015-07-12 13:36:36 -04:00 · 2015-07-12 13:36:36 -04:00 · 32bb08c269
commit 32bb08c269
parent 6ca38ba665
4 changed files with 70 additions and 0 deletions
--- a/actions/add-ldap-user-to-group
+++ b/actions/add-ldap-user-to-group
@ -41,3 +41,28 @@ add: member
 member: uid=$username,ou=users,dc=thisbox
 EOF
 fi
+
+# For admin users, also need a posixAccount for sudo.
+if [ "$groupname" == "admin" ]; then
+    # check if sudo group already exists
+    results=$(ldapsearch -Y EXTERNAL -H ldapi:/// -b 'ou=groups,dc=thisbox' -LLL "(cn=sudo)" cn)
+
+    if [ -z "$results" ]; then
+	# create sudo group
+	cat <<EOF |ldapadd -Y EXTERNAL -H ldapi:///
+dn: cn=sudo,ou=groups,dc=thisbox
+objectClass: posixGroup
+cn: sudo
+gidNumber: 27
+memberUid: $username
+EOF
+    else
+	# add user to sudo group
+	cat <<EOF |ldapmodify -Y EXTERNAL -H ldapi:///
+dn: cn=sudo,ou=groups,dc=thisbox
+changetype: modify
+add: memberUid
+memberUid: $username
+EOF
+    fi
+fi
--- a/actions/delete-ldap-user
+++ b/actions/delete-ldap-user
@ -46,3 +46,15 @@ EOF
 	ldapdelete -Y EXTERNAL -H ldapi:/// "$dn"
    fi
 done <<< "$results"
+
+# update sudo group if needed
+results=$(ldapsearch -Y EXTERNAL -H ldapi:/// -b 'cn=sudo,ou=groups,dc=thisbox' -LLL "(memberUid=$username)")
+
+if [ -n "$results" ]; then
+    cat <<EOF |ldapmodify -Y EXTERNAL -H ldapi:///
+dn: cn=sudo,ou=groups,dc=thisbox
+changetype: modify
+delete: memberUid
+memberUid: $username
+EOF
+fi
--- a/actions/remove-ldap-user-from-group
+++ b/actions/remove-ldap-user-from-group
@ -44,3 +44,17 @@ elif [ $? -eq 65 ]; then
 	exit 1
    fi
 fi
+
+if [ "$groupname" == "admin" ]; then
+    # update sudo group if needed
+    results=$(ldapsearch -Y EXTERNAL -H ldapi:/// -b 'cn=sudo,ou=groups,dc=thisbox' -LLL "(memberUid=$username)")
+
+    if [ -n "$results" ]; then
+	cat <<EOF |ldapmodify -Y EXTERNAL -H ldapi:///
+dn: cn=sudo,ou=groups,dc=thisbox
+changetype: modify
+delete: memberUid
+memberUid: $username
+EOF
+    fi
+fi
--- a/actions/rename-ldap-user
+++ b/actions/rename-ldap-user
@ -53,3 +53,22 @@ delete: member
 member: uid=$old_username,ou=users,dc=thisbox
 EOF
 done <<< "$results"
+
+# update sudo group if needed
+results=$(ldapsearch -Y EXTERNAL -H ldapi:/// -b 'cn=sudo,ou=groups,dc=thisbox' -LLL "(memberUid=$old_username)")
+
+if [ -n "$results" ]; then
+    cat <<EOF |ldapmodify -Y EXTERNAL -H ldapi:///
+dn: cn=sudo,ou=groups,dc=thisbox
+changetype: modify
+delete: memberUid
+memberUid: $old_username
+EOF
+
+    cat <<EOF |ldapmodify -Y EXTERNAL -H ldapi:///
+dn: cn=sudo,ou=groups,dc=thisbox
+changetype: modify
+add: memberUid
+memberUid: $new_username
+EOF
+fi