* Wed May 15 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-10.sme
- fix user@0.service failed to start [SME: 12568] - stop loging in audit crond success - drop cpu and use esmith:util::ldap [SME: 12663]
This commit is contained in:
parent
2a87d8e1ba
commit
d0fb8284d6
@ -2,6 +2,7 @@
|
||||
|
||||
#----------------------------------------------------------------------
|
||||
# copyright (C) 1999-2005 Mitel Networks Corporation
|
||||
# copyright (C) 2024 Koozali foundation inc.
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
@ -27,7 +28,8 @@ use strict;
|
||||
use Errno;
|
||||
use esmith::ConfigDB;
|
||||
use esmith::AccountsDB;
|
||||
use File::Temp;
|
||||
use esmith::util::ldap;
|
||||
use esmith::util;
|
||||
|
||||
my $conf = esmith::ConfigDB->open_ro
|
||||
or die "Could not open Config DB";
|
||||
@ -36,10 +38,10 @@ my $accounts = esmith::AccountsDB->open
|
||||
|
||||
my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
|
||||
my $x = 0; # exit value
|
||||
my $result;
|
||||
|
||||
my $domain = $conf->get('DomainName')
|
||||
|| die("Couldn't determine domain name");
|
||||
$domain = $domain->value;
|
||||
# prepare LDAP bind
|
||||
my $ldap=esmith::util::ldap->new();
|
||||
|
||||
my $event = $ARGV [0];
|
||||
my $groupName = $ARGV [1];
|
||||
@ -97,41 +99,20 @@ if ($ldapauth ne 'enabled')
|
||||
) == 0 or ( $x = 255, warn "Failed to create (unix) user $groupName.\n" );
|
||||
}
|
||||
|
||||
# Create the user's unique group first (in ldap)
|
||||
my $tmpattr = File::Temp->new();
|
||||
print $tmpattr "mail: $groupName\@$domain\n";
|
||||
print $tmpattr "description: $description\n";
|
||||
$tmpattr->flush();
|
||||
system(
|
||||
"/usr/sbin/cpu", "groupadd",
|
||||
"-a", "$tmpattr",
|
||||
"-g", $gid,
|
||||
$groupName
|
||||
) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) group $groupName.\n" );
|
||||
undef $tmpattr;
|
||||
# create group
|
||||
$result = $ldap->ldapgroup($group);
|
||||
$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) group $groupName.\n" );
|
||||
|
||||
# Now create the dummy user account (in ldap)
|
||||
system(
|
||||
"/usr/sbin/cpu", "-C/etc/cpu-system.conf", "useradd",
|
||||
"-u", $uid,
|
||||
"-g", $gid,
|
||||
"-d",
|
||||
"/home/e-smith",
|
||||
"-s",
|
||||
"/bin/false",
|
||||
"$groupName"
|
||||
) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) user $groupName.\n" );
|
||||
#create dedicated group user
|
||||
$result = $ldap->ldapuser($group);
|
||||
$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) user $groupName.\n" );
|
||||
|
||||
# Set the cn of the dummy user account (in ldap)
|
||||
$tmpattr = File::Temp->new();
|
||||
print $tmpattr "cn: $description\n";
|
||||
$tmpattr->flush();
|
||||
system(
|
||||
"/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod",
|
||||
"-a", $tmpattr,
|
||||
"$groupName"
|
||||
) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to update (ldap) user $groupName.\n" );
|
||||
undef $tmpattr;
|
||||
# add to supplementary group
|
||||
# as it is regular group, pm will add www and admin, so no need to add it
|
||||
my @UserArr = ($groupName);
|
||||
$result = $ldap->ldapsetgroupmembers($groupName,\@UserArr);
|
||||
# error code 20 is entry already exits.
|
||||
$result && ( $result->code != 20 ) && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to add (ldap) account $groupName to supplementary group.\n" );
|
||||
|
||||
# Release lock if we have one
|
||||
$lock && esmith::lockfile::UnlockFile($lock);
|
||||
@ -150,8 +131,7 @@ my @groupMembers = split (/,/, $members);
|
||||
# "www" and "admin" are implicit members of all groups
|
||||
push @groupMembers, 'admin', 'www';
|
||||
|
||||
my $member;
|
||||
foreach $member (@groupMembers)
|
||||
foreach my $member (@groupMembers)
|
||||
{
|
||||
# Get a list of this member's supplementary groups, then add the
|
||||
# new group to the list. Finally sort, join and run the usermod
|
||||
@ -179,13 +159,6 @@ foreach $member (@groupMembers)
|
||||
system("/usr/sbin/usermod", "-G", "$groups", "$member") == 0
|
||||
or ( $x = 255, warn "Failed to modify supplementary (unix) group list for $member.\n" );
|
||||
}
|
||||
|
||||
# root user/group isn't in ldap
|
||||
@groupList = grep (!/^root$/, @groupList);
|
||||
$groups = join (',', sort (@groupList));
|
||||
|
||||
system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod", "-G", "$groups", "$member") == 0
|
||||
or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify supplementary (ldap) group list for $member.\n" );
|
||||
}
|
||||
|
||||
exit ($x);
|
||||
|
@ -2,6 +2,7 @@
|
||||
|
||||
#----------------------------------------------------------------------
|
||||
# copyright (C) 1999-2005 Mitel Networks Corporation
|
||||
# copyright (C) 2024 Koozali Foundation inc.
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
@ -26,6 +27,8 @@ package esmith;
|
||||
use strict;
|
||||
use Errno;
|
||||
use esmith::ConfigDB;
|
||||
use esmith::util;
|
||||
use esmith::util::ldap;
|
||||
|
||||
my $conf = esmith::ConfigDB->open_ro
|
||||
or die "Could not open Config DB";
|
||||
@ -33,6 +36,9 @@ my $conf = esmith::ConfigDB->open_ro
|
||||
my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
|
||||
my $x = 0; # exit value
|
||||
|
||||
# prepare LDAP bind
|
||||
my $ldap=esmith::util::ldap->new();
|
||||
|
||||
my $event = $ARGV [0];
|
||||
my $groupName = $ARGV [1] or die "Groupname argument missing.";
|
||||
|
||||
@ -45,10 +51,12 @@ if ($ldapauth ne 'enabled')
|
||||
or ( $x = 255, warn "Failed to delete (unix) group $groupName.\n" );
|
||||
}
|
||||
|
||||
system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "userdel", "$groupName") == 0
|
||||
or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete dummy user for (ldap) group $groupName.\n" );
|
||||
# delete dedicated user group
|
||||
my $result = $ldap->ldapdeluser($groupName);
|
||||
$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete dummy user for (ldap) group $groupName.\n" );
|
||||
|
||||
system("/usr/sbin/cpu", "groupdel", "$groupName") == 0
|
||||
or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete (ldap) group $groupName.\n" );
|
||||
# delete group
|
||||
$result = $ldap->ldapdelgroup($groupName);
|
||||
$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete (ldap) group $groupName.\n" );
|
||||
|
||||
exit ($x);
|
||||
|
@ -2,6 +2,7 @@
|
||||
|
||||
#----------------------------------------------------------------------
|
||||
# copyright (C) 2002-2005 Mitel Networks Corporation
|
||||
# copyright (C) 2024 Koozali Foundation inc.
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
@ -27,17 +28,19 @@ use strict;
|
||||
use Errno;
|
||||
use esmith::ConfigDB;
|
||||
use esmith::AccountsDB;
|
||||
use File::Temp;
|
||||
use esmith::util;
|
||||
use utf8;
|
||||
use esmith::util::ldap;
|
||||
|
||||
my $c = esmith::ConfigDB->open_ro || die "Couldn't open config db\n";
|
||||
my $a = esmith::AccountsDB->open_ro || die "Couldn't open accounts db\n";
|
||||
|
||||
my $ldapauth = $c->get('ldap')->prop('Authentication') || 'disabled';
|
||||
my $x = 0; # exit value
|
||||
my $result;
|
||||
|
||||
my $domain = $c->get('DomainName')
|
||||
|| die("Couldn't determine domain name");
|
||||
$domain = $domain->value;
|
||||
# prepare LDAP bind
|
||||
my $ldap=esmith::util::ldap->new();
|
||||
|
||||
my $event = shift || die "Event name arg missing\n";;
|
||||
my @groups;
|
||||
@ -78,22 +81,12 @@ foreach my $group (@groups)
|
||||
or ( $x = 255, warn "Failed to modify (unix) group description for $groupName.\n" );
|
||||
}
|
||||
|
||||
my $tmpattr = File::Temp->new();
|
||||
print $tmpattr "cn: $groupDesc\n";
|
||||
$tmpattr->flush();
|
||||
system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod", "-a", "$tmpattr", "$groupName") == 0
|
||||
or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify (ldap) group description for $groupName.\n" );
|
||||
|
||||
$tmpattr = File::Temp->new();
|
||||
print $tmpattr "mail: $groupName\@$domain\n";
|
||||
print $tmpattr "description: $groupDesc\n";
|
||||
$tmpattr->flush();
|
||||
system(
|
||||
"/usr/sbin/cpu", "-C/etc/cpu-system.conf", "groupmod",
|
||||
"-a", "$tmpattr",
|
||||
"$groupName"
|
||||
) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify (ldap) group description/email for $groupName.\n" );
|
||||
undef $tmpattr;
|
||||
# modify group dedicated user cn
|
||||
$result = $ldap->ldapmoduser($group);
|
||||
$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify (ldap) group description for $groupName.\n" );
|
||||
# modify Group description and mail
|
||||
$result = $ldap->ldapmodgroup($group);
|
||||
$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify (ldap) group description/email for $groupName.\n" );
|
||||
|
||||
my ($name, $passwd, $gid, $members) = getgrnam ($groupName);
|
||||
my @oldMembers = split (/\s+/, $members);
|
||||
@ -116,7 +109,11 @@ foreach my $group (@groups)
|
||||
{
|
||||
$oldMembers{$member} = 1;
|
||||
}
|
||||
my (@addMembers, @delMembers);
|
||||
|
||||
# applying list of user memberUid for LDAP for this group
|
||||
$result = $ldap->ldapsetgroupmembers($groupName,\@newMembers);
|
||||
# error code 20 is entry already exits.
|
||||
$result && ( $result->code != 20 ) && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify supplementary (ldap) group membership for $groupName.\n" );
|
||||
|
||||
foreach $member (@newMembers, @oldMembers)
|
||||
{
|
||||
@ -157,13 +154,8 @@ foreach my $group (@groups)
|
||||
or ( $x = 255, warn "Failed to modify supplementary (unix) group list for $member.\n" );
|
||||
}
|
||||
|
||||
# root user/group isn't in ldap
|
||||
@groupList = grep (!/^root$/, @groupList);
|
||||
$groups = join (',', sort (@groupList));
|
||||
}
|
||||
|
||||
system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod", "-G", "$groups", "$member") == 0
|
||||
or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify supplementary (ldap) group list for $member.\n" );
|
||||
}
|
||||
}
|
||||
} # end of list of groups
|
||||
|
||||
exit ($x);
|
||||
|
@ -2,6 +2,7 @@
|
||||
|
||||
#----------------------------------------------------------------------
|
||||
# copyright (C) 1999-2005 Mitel Networks Corporation
|
||||
# copyright (C) 2024 Koozali foundation inc.
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
@ -27,7 +28,9 @@ use strict;
|
||||
use Errno;
|
||||
use esmith::ConfigDB;
|
||||
use esmith::AccountsDB;
|
||||
use File::Temp;
|
||||
use esmith::util;
|
||||
use utf8;
|
||||
use esmith::util::ldap;
|
||||
|
||||
my $conf = esmith::ConfigDB->open_ro;
|
||||
my $accounts = esmith::AccountsDB->open;
|
||||
@ -35,9 +38,8 @@ my $accounts = esmith::AccountsDB->open;
|
||||
my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
|
||||
my $x = 0; # exit value
|
||||
|
||||
my $domain = $conf->get('DomainName')
|
||||
|| die("Couldn't determine domain name");
|
||||
$domain = $domain->value;
|
||||
# prepare LDAP bind
|
||||
my $ldap=esmith::util::ldap->new();
|
||||
|
||||
my $event = $ARGV [0];
|
||||
my $userName = $ARGV [1];
|
||||
@ -65,13 +67,13 @@ unless ($uid = $acct->prop('Uid'))
|
||||
$acct->set_prop('Uid', $uid);
|
||||
}
|
||||
my $gid = $acct->prop('Gid') || $uid;
|
||||
my $first = $acct->prop('FirstName') || '';
|
||||
my $last = $acct->prop('LastName') || '';
|
||||
my $phone = $acct->prop('Phone') || '';
|
||||
my $company = $acct->prop('Company') || '';
|
||||
my $dept = $acct->prop('Dept') || '';
|
||||
my $city = $acct->prop('City') || '';
|
||||
my $street = $acct->prop('Street') || '';
|
||||
my $first = stringToASCII($acct->prop('FirstName')) || '';
|
||||
my $last = stringToASCII($acct->prop('LastName')) || '';
|
||||
my $phone = stringToASCII($acct->prop('Phone')) || '';
|
||||
my $company = stringToASCII($acct->prop('Company')) || '';
|
||||
my $dept = stringToASCII($acct->prop('Dept')) || '';
|
||||
my $city = stringToASCII($acct->prop('City')) || '';
|
||||
my $street = stringToASCII($acct->prop('Street')) || '';
|
||||
my $shell = $acct->prop('Shell') || '/usr/bin/false';
|
||||
my $groups = "shared";
|
||||
|
||||
@ -101,38 +103,17 @@ if ($ldapauth ne 'enabled')
|
||||
}
|
||||
|
||||
# Create the user's unique group first (in ldap)
|
||||
system(
|
||||
"/usr/sbin/cpu", "-C/etc/cpu-system.conf", "groupadd",
|
||||
"-g",
|
||||
$gid,
|
||||
$userName
|
||||
) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) group $userName.\n" );
|
||||
my $result = $ldap->ldapgroup($acct);
|
||||
$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) group $userName.\n" );
|
||||
|
||||
# Now create the user account (in ldap)
|
||||
my $tmpattr = File::Temp->new();
|
||||
print $tmpattr "telephoneNumber: $phone\n";
|
||||
print $tmpattr "o: $company\n";
|
||||
print $tmpattr "ou: $dept\n";
|
||||
print $tmpattr "l: $city\n";
|
||||
print $tmpattr "street: $street\n";
|
||||
$tmpattr->flush();
|
||||
system(
|
||||
"/usr/sbin/cpu", "useradd",
|
||||
"-u", $uid,
|
||||
"-g", $gid,
|
||||
"-f", "$first",
|
||||
"-E", "$last",
|
||||
"-e", "$userName\@$domain",
|
||||
"-a", "$tmpattr",
|
||||
"-d", "/home/e-smith/files/users/$userName",
|
||||
"-G", "$groups",
|
||||
"-m",
|
||||
"-k/etc/e-smith/skel/user",
|
||||
"-s", "$shell",
|
||||
$userName
|
||||
) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) account $userName.\n" );
|
||||
undef $tmpattr;
|
||||
$result = $ldap->ldapuser($acct);
|
||||
$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) account $userName.\n" );
|
||||
|
||||
# add to supplementary group
|
||||
my @UserArr = ($userName);
|
||||
$result = $ldap->ldapsetgroupmembers($userName,\@UserArr);
|
||||
$result && ( $result != 20 ) && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to add (ldap) account $userName to supplementary group.\n" );
|
||||
|
||||
# Release lock if we have one
|
||||
$lock && esmith::lockfile::UnlockFile($lock);
|
||||
@ -141,13 +122,15 @@ $lock && esmith::lockfile::UnlockFile($lock);
|
||||
|
||||
chmod 0700, "/home/e-smith/files/users/$userName";
|
||||
|
||||
# lock user password
|
||||
if ($ldapauth ne 'enabled')
|
||||
{
|
||||
system("/usr/bin/passwd", "-l", "$userName")
|
||||
and ( $x = 255, warn "Could not lock (unix) password for $userName\n" );
|
||||
}
|
||||
system("/usr/sbin/cpu", "usermod", "-L", "$userName")
|
||||
and ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Could not lock (ldap) password for $userName\n" );
|
||||
|
||||
# esmith::util::ldap already lock user on creation, this avoid one more ldap write access.
|
||||
|
||||
system("/usr/bin/smbpasswd", "-a", "-d", "$userName")
|
||||
and ( $x = 255, warn "Could not lock (smb) password for $userName\n" );
|
||||
|
||||
|
@ -2,6 +2,7 @@
|
||||
|
||||
#----------------------------------------------------------------------
|
||||
# copyright (C) 1999-2005 Mitel Networks Corporation
|
||||
# copyright (C) 2024 Koozali Foundation inc.
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
@ -27,6 +28,7 @@ use strict;
|
||||
use Errno;
|
||||
use esmith::util;
|
||||
use esmith::ConfigDB;
|
||||
use esmith::util::ldap;
|
||||
|
||||
my $conf = esmith::ConfigDB->open_ro
|
||||
or die "Could not open Config DB";
|
||||
@ -34,6 +36,9 @@ my $conf = esmith::ConfigDB->open_ro
|
||||
my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
|
||||
my $x = 0; # exit value
|
||||
|
||||
# prepare LDAP bind
|
||||
my $ldap=esmith::util::ldap->new();
|
||||
|
||||
my $event = $ARGV [0];
|
||||
my $userName = $ARGV [1];
|
||||
|
||||
@ -53,11 +58,21 @@ if ($ldapauth ne 'enabled')
|
||||
( $x = 255, warn "Failed to delete (unix) account $userName.\n" );
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
my $discard = `/bin/rm -rf /home/e-smith/files/users/$userName`;
|
||||
if ($? != 0)
|
||||
{
|
||||
( $x = 255, warn "Failed to delete home dir of account $userName.\n" );
|
||||
}
|
||||
|
||||
system("/usr/sbin/cpu", "userdel", "-r", $userName) == 0
|
||||
or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete (ldap) account $userName.\n" );
|
||||
}
|
||||
# delete user
|
||||
my $result = $ldap->ldapdeluser($userName);
|
||||
$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete (ldap) account $userName.\n" );
|
||||
|
||||
system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "groupdel", $userName) == 0
|
||||
or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete (ldap) group account $userName.\n" );
|
||||
# delete user dedicated group
|
||||
$result = $ldap->ldapdelgroup($userName);
|
||||
$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete (ldap) group account $userName.\n" );
|
||||
|
||||
exit ($x);
|
||||
|
@ -2,6 +2,7 @@
|
||||
|
||||
#----------------------------------------------------------------------
|
||||
# copyright (C) 2001-2006 Mitel Networks Corporation
|
||||
# copyright (C) 2024 Koozali foundation inc.
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
@ -25,6 +26,7 @@ use Errno;
|
||||
use esmith::AccountsDB;
|
||||
use esmith::ConfigDB;
|
||||
use English;
|
||||
use esmith::util::ldap;
|
||||
|
||||
my $a = esmith::AccountsDB->open or die "Could not open accounts db";
|
||||
my $conf = esmith::ConfigDB->open or die "Could not open configuration db";
|
||||
@ -32,6 +34,9 @@ my $conf = esmith::ConfigDB->open or die "Could not open configuration db";
|
||||
my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
|
||||
my $x = 0; # exit value
|
||||
|
||||
# prepare LDAP bind
|
||||
my $ldap=esmith::util::ldap->new();
|
||||
|
||||
my $event = $ARGV [0];
|
||||
|
||||
my @users_to_lock = bad_password_users();
|
||||
@ -54,13 +59,16 @@ sub lock_user
|
||||
|
||||
my $u = $a->get($userName) or die "No account record for user $userName";
|
||||
|
||||
# lock in unix shadow/passwd if used.
|
||||
if ($ldapauth ne 'enabled')
|
||||
{
|
||||
system("/usr/bin/passwd", "-l", $userName) == 0
|
||||
or ( $x = 255, warn "Error locking (unix) account $userName" );
|
||||
}
|
||||
system("/usr/sbin/cpu", "usermod", "-L", $userName) == 0
|
||||
or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Error locking (ldap) account $userName" );
|
||||
# lock in LDAP
|
||||
$result = $ldap->ldaplockuser($userName);
|
||||
$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Error locking (ldap) account $userName.\n" );
|
||||
# lock in samba
|
||||
system("/usr/bin/smbpasswd", "-d", $userName) == 0
|
||||
or ( $x = 255, warn "Error locking (smb) account $userName" );
|
||||
$u->set_prop('PasswordSet', 'no');
|
||||
|
@ -22,29 +22,17 @@ use strict;
|
||||
use Errno;
|
||||
use esmith::AccountsDB;
|
||||
use esmith::ConfigDB;
|
||||
use Net::LDAP;
|
||||
use esmith::util;
|
||||
use utf8;
|
||||
use esmith::util::ldap;
|
||||
|
||||
my $conf = esmith::ConfigDB->open or die "Could not open configuration db";
|
||||
|
||||
my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
|
||||
my $x = 0; # exit value
|
||||
|
||||
my $domain = $conf->get('DomainName')
|
||||
|| die("Couldn't determine domain name");
|
||||
$domain = $domain->value;
|
||||
|
||||
# prepare LDAP bind
|
||||
my $pw = esmith::util::LdapPassword();
|
||||
my $base = esmith::util::ldapBase ($domain);
|
||||
|
||||
my $ldap = Net::LDAP->new('localhost')
|
||||
or die "$@";
|
||||
|
||||
$ldap->bind(
|
||||
dn => "cn=root,$base",
|
||||
password => $pw
|
||||
);
|
||||
my $ldap=esmith::util::ldap->new();
|
||||
|
||||
my $event = $ARGV [0];
|
||||
my $userName = $ARGV [1];
|
||||
@ -94,22 +82,14 @@ foreach my $u (@users)
|
||||
system("/usr/sbin/usermod", '-s', "$new_shell", $userName) == 0
|
||||
or ( $x = 255, warn "Failed to modify shell of (unix) account $userName.\n" );
|
||||
}
|
||||
|
||||
my @new_shell = ($new_shell);
|
||||
$result = $ldap->modify("uid=$userName,ou=Users,$base",
|
||||
replace => {
|
||||
loginShell => \@new_shell
|
||||
}
|
||||
);
|
||||
$result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify shell of (ldap) account $userName.\n" );
|
||||
}
|
||||
|
||||
#------------------------------------------------------------
|
||||
# Modify user's first name and last name if required,
|
||||
# in /etc/passwd using "usermod"
|
||||
#------------------------------------------------------------
|
||||
my $first = $u->prop('FirstName') || "";
|
||||
my $last = $u->prop('LastName') || "";
|
||||
my $first = stringToASCII($u->prop('FirstName') || "");
|
||||
my $last = stringToASCII($u->prop('LastName') || "");
|
||||
my $new_comment = "$first $last";
|
||||
|
||||
unless ($comment eq $new_comment)
|
||||
@ -119,36 +99,11 @@ foreach my $u (@users)
|
||||
system("/usr/sbin/usermod", "-c", "$first $last", $userName) == 0
|
||||
or ( $x = 255, warn "Failed to modify comment of (unix) account $userName.\n" );
|
||||
}
|
||||
|
||||
my @new_comment = ($new_comment);
|
||||
my @first = ($first);
|
||||
my @last = ($last);
|
||||
$result = $ldap->modify("uid=$userName,ou=Users,$base",
|
||||
replace => {
|
||||
givenName => \@first,
|
||||
sn => \@last,
|
||||
cn => \@new_comment,
|
||||
displayName => \@new_comment
|
||||
}
|
||||
);
|
||||
$result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify comment/name of (ldap) account $userName.\n" );
|
||||
}
|
||||
|
||||
my @new_phone = ($u->prop('Phone')) || ();
|
||||
my @new_company = ($u->prop('Company')) || ();
|
||||
my @new_dept = ($u->prop('Dept')) || ();
|
||||
my @new_city = ($u->prop('City')) || ();
|
||||
my @new_street = ($u->prop('Street')) || ();
|
||||
$result = $ldap->modify("uid=$userName,ou=Users,$base",
|
||||
replace => {
|
||||
telephoneNumber => \@new_phone,
|
||||
o => \@new_company,
|
||||
ou => \@new_dept,
|
||||
l => \@new_city,
|
||||
street => \@new_street
|
||||
}
|
||||
);
|
||||
$result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify email of (ldap) account $userName.\n" );
|
||||
# we do all the test in ldap pm to avoid 3 differents write access, which are costly.
|
||||
$result = $ldap->ldapuser($u);
|
||||
$result && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify email of (ldap) account $userName.\n" );
|
||||
|
||||
}
|
||||
|
||||
|
@ -1,4 +1,6 @@
|
||||
session required pam_limits.so
|
||||
-session optional pam_systemd.so
|
||||
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet_success use_uid
|
||||
session required pam_unix.so
|
||||
{
|
||||
my $status = $ldap{Authentication} || 'disabled';
|
||||
|
@ -4,7 +4,7 @@ Summary: smeserver server and gateway - base module
|
||||
%define name smeserver-base
|
||||
Name: %{name}
|
||||
%define version 11.0.0
|
||||
%define release 9
|
||||
%define release 10
|
||||
Version: %{version}
|
||||
Release: %{release}%{?dist}
|
||||
License: GPL
|
||||
@ -15,7 +15,7 @@ Source: %{name}-%{version}.tar.xz
|
||||
|
||||
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
|
||||
Requires: pwauth
|
||||
Requires: smeserver-lib >= 2.2.0-2
|
||||
Requires: smeserver-lib >= 11.0.0-7
|
||||
Requires: server-manager-images, server-manager
|
||||
Requires: smeserver-formmagick >= 1.4.0-12
|
||||
Requires: plymouth
|
||||
@ -50,7 +50,7 @@ Requires: smeserver-runit >= 2.6.0-7
|
||||
Requires: smeserver-php >= 3.0.0-22
|
||||
Requires: smeserver-yum >= 2.6.0-43
|
||||
Obsoletes: nss_ldap < 254
|
||||
Requires: cpu >= 1.4.3
|
||||
Obsoletes: cpu
|
||||
Obsoletes: rlinetd, e-smith-mod_ssl
|
||||
Obsoletes: e-smith-serial-console
|
||||
Obsoletes: sshell
|
||||
@ -184,6 +184,11 @@ fi
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed May 15 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-10.sme
|
||||
- fix user@0.service failed to start [SME: 12568]
|
||||
- stop loging in audit crond success
|
||||
- drop cpu and use esmith:util::ldap [SME: 12663]
|
||||
|
||||
* Wed Apr 17 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-9.sme
|
||||
- fix self-signed cert renewd when not necessary [SME: 12606]
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user