Also add admin users to posixGroup for sudo privileges.

2026-04-29 10:10:19 +00:00 · 2015-07-12 13:36:36 -04:00 · 2015-07-12 13:36:36 -04:00 · 32bb08c269
commit 32bb08c269
parent 6ca38ba665
4 changed files with 70 additions and 0 deletions
--- a/actions/add-ldap-user-to-group
+++ b/actions/add-ldap-user-to-group
@ -41,3 +41,28 @@ add: member
 member: uid=$username,ou=users,dc=thisbox
 EOF
 fi
 # For admin users, also need a posixAccount for sudo.
 if [ "$groupname" == "admin" ]; then
    # check if sudo group already exists
    results=$(ldapsearch -Y EXTERNAL -H ldapi:/// -b 'ou=groups,dc=thisbox' -LLL "(cn=sudo)" cn)
    if [ -z "$results" ]; then
 	# create sudo group
 	cat <<EOF |ldapadd -Y EXTERNAL -H ldapi:///
 dn: cn=sudo,ou=groups,dc=thisbox
 objectClass: posixGroup
 cn: sudo
 gidNumber: 27
 memberUid: $username
 EOF
    else
 	# add user to sudo group
 	cat <<EOF |ldapmodify -Y EXTERNAL -H ldapi:///
 dn: cn=sudo,ou=groups,dc=thisbox
 changetype: modify
 add: memberUid
 memberUid: $username
 EOF
    fi
 fi
--- a/actions/delete-ldap-user
+++ b/actions/delete-ldap-user
@ -46,3 +46,15 @@ EOF
 	ldapdelete -Y EXTERNAL -H ldapi:/// "$dn"
    fi
 done <<< "$results"
 # update sudo group if needed
 results=$(ldapsearch -Y EXTERNAL -H ldapi:/// -b 'cn=sudo,ou=groups,dc=thisbox' -LLL "(memberUid=$username)")
 if [ -n "$results" ]; then
    cat <<EOF |ldapmodify -Y EXTERNAL -H ldapi:///
 dn: cn=sudo,ou=groups,dc=thisbox
 changetype: modify
 delete: memberUid
 memberUid: $username
 EOF
 fi
--- a/actions/remove-ldap-user-from-group
+++ b/actions/remove-ldap-user-from-group
@ -44,3 +44,17 @@ elif [ $? -eq 65 ]; then
 	exit 1
    fi
 fi
 if [ "$groupname" == "admin" ]; then
    # update sudo group if needed
    results=$(ldapsearch -Y EXTERNAL -H ldapi:/// -b 'cn=sudo,ou=groups,dc=thisbox' -LLL "(memberUid=$username)")
    if [ -n "$results" ]; then
 	cat <<EOF |ldapmodify -Y EXTERNAL -H ldapi:///
 dn: cn=sudo,ou=groups,dc=thisbox
 changetype: modify
 delete: memberUid
 memberUid: $username
 EOF
    fi
 fi
--- a/actions/rename-ldap-user
+++ b/actions/rename-ldap-user
@ -53,3 +53,22 @@ delete: member
 member: uid=$old_username,ou=users,dc=thisbox
 EOF
 done <<< "$results"
 # update sudo group if needed
 results=$(ldapsearch -Y EXTERNAL -H ldapi:/// -b 'cn=sudo,ou=groups,dc=thisbox' -LLL "(memberUid=$old_username)")
 if [ -n "$results" ]; then
    cat <<EOF |ldapmodify -Y EXTERNAL -H ldapi:///
 dn: cn=sudo,ou=groups,dc=thisbox
 changetype: modify
 delete: memberUid
 memberUid: $old_username
 EOF
    cat <<EOF |ldapmodify -Y EXTERNAL -H ldapi:///
 dn: cn=sudo,ou=groups,dc=thisbox
 changetype: modify
 add: memberUid
 memberUid: $new_username
 EOF
 fi