* Sat May 18 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-7.sme

- edit LDAP entries using Net::LDAP rather than cpu [SME: 12687]
This commit is contained in:
Jean-Philippe Pialasse 2024-05-18 14:07:19 -04:00
parent 0e72a182b7
commit 1d67d9bd64
3 changed files with 169 additions and 59 deletions

View File

@ -1,7 +1,7 @@
#!/bin/sh #!/usr/bin/perl
#---------------------------------------------------------------------- #----------------------------------------------------------------------
# copyright (C) 1999-2005 Mitel Networks Corporation # copyright (C) 2024 Koozali foundation inc.
# #
# This program is free software; you can redistribute it and/or modify # This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by # it under the terms of the GNU General Public License as published by
@ -22,28 +22,76 @@
#------------------------------------------------------------ #------------------------------------------------------------
# Delete the Unix account and files for the ibay. # Delete the Unix account and files for the ibay.
#------------------------------------------------------------ #------------------------------------------------------------
package esmith;
event=$1 use strict;
ibay=$2 use Errno;
use esmith::ConfigDB;
use esmith::util;
use Net::LDAP;
use esmith::AccountsDB;
if [ -z "$ibay" ] my $adb = esmith::AccountsDB->open_ro();
then
echo ibayName argument missing
exit 1
fi
ldapauth=$(/sbin/e-smith/config getprop ldap Authentication || echo disabled) my $conf = esmith::ConfigDB->open_ro or die "Could not open config db";
x=0 # exit value
/bin/rm -rf /home/e-smith/files/ibays/$ibay unless ($conf->get('ldap')->prop('status') eq "enabled" )
if [ "$ldapauth" != "enabled" ] {
then warn "Not running action script $0, LDAP service not enabled!\n";
/usr/sbin/userdel "$ibay" || x=1 exit(0);
/usr/sbin/cpu -C/etc/cpu-system.conf userdel "$ibay" }
/usr/sbin/cpu -C/etc/cpu-system.conf groupdel "$ibay"
else my $domain = $conf->get('DomainName')
/usr/sbin/cpu userdel "$ibay" || x=1 || die("Couldn't determine domain name");
/usr/sbin/cpu -C/etc/cpu-system.conf groupdel "$ibay" || x=1 $domain = $domain->value;
fi
# prepare LDAP bind
my $pw = esmith::util::LdapPassword();
my $base = esmith::util::ldapBase ($domain);
my $ldap = Net::LDAP->new('localhost')
or die "$@";
$ldap->bind(
dn => "cn=root,$base",
password => $pw
);
my $event = $ARGV [0];
my $ibay = $ARGV [1];
die "Username argument missing." unless defined ($ibay);
$a = $adb->get($ibay) || undef;
unless ( defined $a && $a->prop('type') eq "ibay-deleted" )
{
warn "$ibay is not an Ibay account\n";
exit (0);
}
my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
my $x = 0; # exit value
my $discard = `/bin/rm -rf /home/e-smith/files/ibays/$ibay`;
if ($? != 0)
{
( $x = 255, warn "Failed to delete content of ibay $ibay.\n" );
}
if ( "$ldapauth" ne "enabled" )
{
$discard = `/usr/sbin/userdel "$ibay"`;
if ($? != 0)
{
( $x = 255, warn "Failed to delete (unix) account $ibay.\n" );
}
}
my $result = $ldap->delete("uid=$ibay,ou=Users,$base");
$result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete (ldap) ibay account $ibay.\n" );
$result = $ldap->delete("cn=$ibay,ou=Groups,$base");
$result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete (ldap) group account $ibay.\n" );
exit $x exit $x

View File

@ -2,6 +2,7 @@
#---------------------------------------------------------------------- #----------------------------------------------------------------------
# copyright (C) 1999-2005 Mitel Networks Corporation # copyright (C) 1999-2005 Mitel Networks Corporation
# copyright (C) 2024 Koozali foundation inc.
# #
# This program is free software; you can redistribute it and/or modify # This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by # it under the terms of the GNU General Public License as published by
@ -27,6 +28,7 @@ use esmith::util;
use esmith::templates; use esmith::templates;
use esmith::AccountsDB; use esmith::AccountsDB;
use esmith::ConfigDB; use esmith::ConfigDB;
use Net::LDAP;
my $conf = esmith::ConfigDB->open_ro my $conf = esmith::ConfigDB->open_ro
or die "Could not open Config DB"; or die "Could not open Config DB";
@ -34,6 +36,23 @@ my $conf = esmith::ConfigDB->open_ro
my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled'; my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
my $x = 0; # exit value my $x = 0; # exit value
my $domain = $conf->get('DomainName')
|| die("Couldn't determine domain name");
$domain = $domain->value;
my $result;
# prepare LDAP bind
my $pw = esmith::util::LdapPassword();
my $base = esmith::util::ldapBase ($domain);
my $ldap = Net::LDAP->new('localhost')
or die "$@";
$ldap->bind(
dn => "cn=root,$base",
password => $pw
);
$ENV{'PATH'} = "/bin"; $ENV{'PATH'} = "/bin";
my $event = $ARGV [0]; my $event = $ARGV [0];
@ -54,8 +73,9 @@ if ($event eq 'ibay-create')
# Check the Unix account. # Check the Unix account.
#------------------------------------------------------------ #------------------------------------------------------------
# Create the ibay's unique group first #------------------------------------------------------------
# create unix user and group account, unless we switch to ldap authentication
#------------------------------------------------------------
if ($ldapauth ne 'enabled') if ($ldapauth ne 'enabled')
{ {
system( system(
@ -85,31 +105,49 @@ if ($event eq 'ibay-create')
) == 0 or ( $x = 255, warn "Failed to create (unix) account $ibayName.\n" ); ) == 0 or ( $x = 255, warn "Failed to create (unix) account $ibayName.\n" );
} }
system( #------------------------------------------------------------
"/usr/sbin/cpu", "-C/etc/cpu-system.conf", "groupadd", # add new ibay group to ldap
"-g", #------------------------------------------------------------
$ibay->prop("Gid"), $result = $ldap->add("cn=$ibayName,ou=Groups,$base",
$ibayName attrs => [
) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) group $ibayName.\n" ); "cn"=> $ibayName,
"gidNumber"=> $ibay->prop("Gid"),
system( "objectClass" => [ 'posixGroup', 'mailboxRelatedObject']
"/usr/sbin/cpu", "-C/etc/cpu-system.conf", "useradd", ]);
"-u", $result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) group $ibayName.\n" );
$ibay->prop("Uid"),
"-g",
$ibay->prop("Gid"),
"-c",
$ibay->prop("Name"),
"-d",
"/home/e-smith/files/ibays/$ibayName/files",
"-G",
"shared,"
. $ibay->prop("Group"),
"-s",
"/bin/false",
"$ibayName"
) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) account $ibayName.\n" );
#------------------------------------------------------------
# add new ibay user to ldap
#------------------------------------------------------------
$result = $ldap->add("uid=$ibayName,ou=Users,$base",
attrs => [
"uidNumber" => $ibay->prop("Uid"),
"gidNumber" => $ibay->prop("Gid"),
"cn" => $ibay->prop("Name"),
"objectClass" => [ 'account', 'posixAccount', 'shadowAccount'],
"homeDirectory" => "/home/e-smith/files/ibays/$ibayName",
"loginShell" => "/bin/false",
"shadowExpire" => -1,
"shadowFlag" => 134538308,
"shadowInactive" => -1,
"shadowLastChange" => 15997,
"shadowMax" => 99999,
"shadowMin" => -1,
"shadowWarning"=> 7,
]
);
$result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) account $ibayName.\n" );
#------------------------------------------------------------
# Loop to add new user to groups "shared,". $ibay->prop("Group")
#------------------------------------------------------------
foreach my $grp ( 'shared', $ibay->prop("Group") ) {
$result = $ldap->modify("cn=$grp,ou=Groups,$base",
add => {
"memberUid"=> [ $ibay->prop("Uid")]
});
# error code 20 is entry already exits.
$result->code && ( $result->code != 20 ) && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to add (ldap) account $ibayName to supplementary group $grp.\n" );
}
#------------------------------------------------------------ #------------------------------------------------------------
# Create the ibay files and set the password. # Create the ibay files and set the password.
#------------------------------------------------------------ #------------------------------------------------------------
@ -130,15 +168,18 @@ if ($event eq 'ibay-create')
or ( $x = 255, warn "Error locking (unix) account $ibayName" ); or ( $x = 255, warn "Error locking (unix) account $ibayName" );
} }
system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod", "-L", $ibayName) == 0 #------------------------------------------------------------
or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Error locking (ldap) account $ibayName" ); # lock password in ldap
#------------------------------------------------------------
$result = $ldap->modify("uid=$ibayName,ou=Users,$base",
replace => { 'userPassword' => "{crypt}!*"});
$result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Error locking (ldap) account $ibayName.\n" );
} }
elsif ($event eq 'ibay-modify' and $ibayName ne 'Primary') elsif ($event eq 'ibay-modify' and $ibayName ne 'Primary')
{ {
#------------------------------------------------------------ #------------------------------------------------------------
# Modify ibay description in /etc/passwd using "usermod" # Modify ibay description in /etc/passwd using "usermod"
#------------------------------------------------------------ #------------------------------------------------------------
if ($ldapauth ne 'enabled') if ($ldapauth ne 'enabled')
{ {
system("/usr/sbin/usermod", "-c", $ibay->prop("Name"), system("/usr/sbin/usermod", "-c", $ibay->prop("Name"),
@ -146,9 +187,28 @@ elsif ($event eq 'ibay-modify' and $ibayName ne 'Primary')
or ( $x = 255, warn "Failed to modify (unix) account $ibayName.\n" ); or ( $x = 255, warn "Failed to modify (unix) account $ibayName.\n" );
} }
system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod", "-c", $ibay->prop("Name"), #------------------------------------------------------------
"-G", "shared," . $ibay->prop("Group"), "$ibayName") == 0 # Modify ibay description in ldap"
or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify (ldap) account $ibayName.\n" ); #------------------------------------------------------------
$result = $ldap->modify("uid=$ibayName,ou=Users,$base",
replace => {
"cn" => $ibay->prop("Name"),
}
);
$result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify email of (ldap) account $ibayName.\n" );
#------------------------------------------------------------
# Loop to add new user to groups "shared,". $ibay->prop("Group")
#------------------------------------------------------------
foreach my $grp ( 'shared', $ibay->prop("Group") ) {
$result = $ldap->modify("cn=$grp,ou=Groups,$base",
add=> {
"memberUid"=> [ $ibay->prop("Uid")]
} );
# error code 20 is entry already exits.
$result->code && ( $result->code != 20 ) && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to add (ldap) account $ibayName to supplementary group $grp.\n" );
}
} }
#------------------------------------------------------------ #------------------------------------------------------------

View File

@ -4,7 +4,7 @@ Summary: smeserver server and gateway - ibays module
%define name smeserver-ibays %define name smeserver-ibays
Name: %{name} Name: %{name}
%define version 11.0.0 %define version 11.0.0
%define release 6 %define release 7
Version: %{version} Version: %{version}
Release: %{release}%{?dist} Release: %{release}%{?dist}
License: GPL License: GPL
@ -13,13 +13,12 @@ Source: %{name}-%{version}.tar.xz
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
BuildArchitectures: noarch BuildArchitectures: noarch
Requires: smeserver-base >= 4.13.15-76 Requires: smeserver-base
Requires: perl(CGI::FormMagick) Requires: perl(CGI::FormMagick)
Requires: smeserver-formmagick >= 1.4.0-12 Requires: smeserver-formmagick
#Conflicts: e-smith-apache < 0.1.1 Requires: smeserver-apache
Requires: smeserver-apache >= 2.6.0-19
BuildRequires: perl, perl(Test::Inline) BuildRequires: perl, perl(Test::Inline)
BuildRequires: smeserver-devtools >= 1.11.0-03 BuildRequires: smeserver-devtools
AutoReqProv: no AutoReqProv: no
@ -28,6 +27,9 @@ Provides: e-smith-ibays
smeserver server and gateway software - ibays module. smeserver server and gateway software - ibays module.
%changelog %changelog
* Sat May 18 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-7.sme
- edit LDAP entries using Net::LDAP rather than cpu [SME: 12687]
* Sat Apr 13 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-6.sme * Sat Apr 13 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-6.sme
- fix path for store-ldap-smbpasswd [SME: 12614] - fix path for store-ldap-smbpasswd [SME: 12614]