* Sat May 18 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-7.sme
- edit LDAP entries using Net::LDAP rather than cpu [SME: 12687]
This commit is contained in:
parent
0e72a182b7
commit
1d67d9bd64
@ -1,7 +1,7 @@
|
|||||||
#!/bin/sh
|
#!/usr/bin/perl
|
||||||
|
|
||||||
#----------------------------------------------------------------------
|
#----------------------------------------------------------------------
|
||||||
# copyright (C) 1999-2005 Mitel Networks Corporation
|
# copyright (C) 2024 Koozali foundation inc.
|
||||||
#
|
#
|
||||||
# This program is free software; you can redistribute it and/or modify
|
# This program is free software; you can redistribute it and/or modify
|
||||||
# it under the terms of the GNU General Public License as published by
|
# it under the terms of the GNU General Public License as published by
|
||||||
@ -22,28 +22,76 @@
|
|||||||
#------------------------------------------------------------
|
#------------------------------------------------------------
|
||||||
# Delete the Unix account and files for the ibay.
|
# Delete the Unix account and files for the ibay.
|
||||||
#------------------------------------------------------------
|
#------------------------------------------------------------
|
||||||
|
package esmith;
|
||||||
|
|
||||||
event=$1
|
use strict;
|
||||||
ibay=$2
|
use Errno;
|
||||||
|
use esmith::ConfigDB;
|
||||||
|
use esmith::util;
|
||||||
|
use Net::LDAP;
|
||||||
|
use esmith::AccountsDB;
|
||||||
|
|
||||||
if [ -z "$ibay" ]
|
my $adb = esmith::AccountsDB->open_ro();
|
||||||
then
|
|
||||||
echo ibayName argument missing
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
ldapauth=$(/sbin/e-smith/config getprop ldap Authentication || echo disabled)
|
my $conf = esmith::ConfigDB->open_ro or die "Could not open config db";
|
||||||
x=0 # exit value
|
|
||||||
|
|
||||||
/bin/rm -rf /home/e-smith/files/ibays/$ibay
|
unless ($conf->get('ldap')->prop('status') eq "enabled" )
|
||||||
if [ "$ldapauth" != "enabled" ]
|
{
|
||||||
then
|
warn "Not running action script $0, LDAP service not enabled!\n";
|
||||||
/usr/sbin/userdel "$ibay" || x=1
|
exit(0);
|
||||||
/usr/sbin/cpu -C/etc/cpu-system.conf userdel "$ibay"
|
}
|
||||||
/usr/sbin/cpu -C/etc/cpu-system.conf groupdel "$ibay"
|
|
||||||
else
|
my $domain = $conf->get('DomainName')
|
||||||
/usr/sbin/cpu userdel "$ibay" || x=1
|
|| die("Couldn't determine domain name");
|
||||||
/usr/sbin/cpu -C/etc/cpu-system.conf groupdel "$ibay" || x=1
|
$domain = $domain->value;
|
||||||
fi
|
|
||||||
|
# prepare LDAP bind
|
||||||
|
my $pw = esmith::util::LdapPassword();
|
||||||
|
my $base = esmith::util::ldapBase ($domain);
|
||||||
|
|
||||||
|
my $ldap = Net::LDAP->new('localhost')
|
||||||
|
or die "$@";
|
||||||
|
|
||||||
|
$ldap->bind(
|
||||||
|
dn => "cn=root,$base",
|
||||||
|
password => $pw
|
||||||
|
);
|
||||||
|
|
||||||
|
|
||||||
|
my $event = $ARGV [0];
|
||||||
|
my $ibay = $ARGV [1];
|
||||||
|
|
||||||
|
die "Username argument missing." unless defined ($ibay);
|
||||||
|
$a = $adb->get($ibay) || undef;
|
||||||
|
unless ( defined $a && $a->prop('type') eq "ibay-deleted" )
|
||||||
|
{
|
||||||
|
warn "$ibay is not an Ibay account\n";
|
||||||
|
exit (0);
|
||||||
|
}
|
||||||
|
|
||||||
|
my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
|
||||||
|
my $x = 0; # exit value
|
||||||
|
|
||||||
|
|
||||||
|
my $discard = `/bin/rm -rf /home/e-smith/files/ibays/$ibay`;
|
||||||
|
if ($? != 0)
|
||||||
|
{
|
||||||
|
( $x = 255, warn "Failed to delete content of ibay $ibay.\n" );
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( "$ldapauth" ne "enabled" )
|
||||||
|
{
|
||||||
|
$discard = `/usr/sbin/userdel "$ibay"`;
|
||||||
|
if ($? != 0)
|
||||||
|
{
|
||||||
|
( $x = 255, warn "Failed to delete (unix) account $ibay.\n" );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
my $result = $ldap->delete("uid=$ibay,ou=Users,$base");
|
||||||
|
$result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete (ldap) ibay account $ibay.\n" );
|
||||||
|
|
||||||
|
$result = $ldap->delete("cn=$ibay,ou=Groups,$base");
|
||||||
|
$result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to delete (ldap) group account $ibay.\n" );
|
||||||
|
|
||||||
exit $x
|
exit $x
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
#----------------------------------------------------------------------
|
#----------------------------------------------------------------------
|
||||||
# copyright (C) 1999-2005 Mitel Networks Corporation
|
# copyright (C) 1999-2005 Mitel Networks Corporation
|
||||||
|
# copyright (C) 2024 Koozali foundation inc.
|
||||||
#
|
#
|
||||||
# This program is free software; you can redistribute it and/or modify
|
# This program is free software; you can redistribute it and/or modify
|
||||||
# it under the terms of the GNU General Public License as published by
|
# it under the terms of the GNU General Public License as published by
|
||||||
@ -27,6 +28,7 @@ use esmith::util;
|
|||||||
use esmith::templates;
|
use esmith::templates;
|
||||||
use esmith::AccountsDB;
|
use esmith::AccountsDB;
|
||||||
use esmith::ConfigDB;
|
use esmith::ConfigDB;
|
||||||
|
use Net::LDAP;
|
||||||
|
|
||||||
my $conf = esmith::ConfigDB->open_ro
|
my $conf = esmith::ConfigDB->open_ro
|
||||||
or die "Could not open Config DB";
|
or die "Could not open Config DB";
|
||||||
@ -34,6 +36,23 @@ my $conf = esmith::ConfigDB->open_ro
|
|||||||
my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
|
my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
|
||||||
my $x = 0; # exit value
|
my $x = 0; # exit value
|
||||||
|
|
||||||
|
my $domain = $conf->get('DomainName')
|
||||||
|
|| die("Couldn't determine domain name");
|
||||||
|
$domain = $domain->value;
|
||||||
|
my $result;
|
||||||
|
|
||||||
|
# prepare LDAP bind
|
||||||
|
my $pw = esmith::util::LdapPassword();
|
||||||
|
my $base = esmith::util::ldapBase ($domain);
|
||||||
|
|
||||||
|
my $ldap = Net::LDAP->new('localhost')
|
||||||
|
or die "$@";
|
||||||
|
|
||||||
|
$ldap->bind(
|
||||||
|
dn => "cn=root,$base",
|
||||||
|
password => $pw
|
||||||
|
);
|
||||||
|
|
||||||
$ENV{'PATH'} = "/bin";
|
$ENV{'PATH'} = "/bin";
|
||||||
|
|
||||||
my $event = $ARGV [0];
|
my $event = $ARGV [0];
|
||||||
@ -54,8 +73,9 @@ if ($event eq 'ibay-create')
|
|||||||
# Check the Unix account.
|
# Check the Unix account.
|
||||||
#------------------------------------------------------------
|
#------------------------------------------------------------
|
||||||
|
|
||||||
# Create the ibay's unique group first
|
#------------------------------------------------------------
|
||||||
|
# create unix user and group account, unless we switch to ldap authentication
|
||||||
|
#------------------------------------------------------------
|
||||||
if ($ldapauth ne 'enabled')
|
if ($ldapauth ne 'enabled')
|
||||||
{
|
{
|
||||||
system(
|
system(
|
||||||
@ -85,31 +105,49 @@ if ($event eq 'ibay-create')
|
|||||||
) == 0 or ( $x = 255, warn "Failed to create (unix) account $ibayName.\n" );
|
) == 0 or ( $x = 255, warn "Failed to create (unix) account $ibayName.\n" );
|
||||||
}
|
}
|
||||||
|
|
||||||
system(
|
#------------------------------------------------------------
|
||||||
"/usr/sbin/cpu", "-C/etc/cpu-system.conf", "groupadd",
|
# add new ibay group to ldap
|
||||||
"-g",
|
#------------------------------------------------------------
|
||||||
$ibay->prop("Gid"),
|
$result = $ldap->add("cn=$ibayName,ou=Groups,$base",
|
||||||
$ibayName
|
attrs => [
|
||||||
) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) group $ibayName.\n" );
|
"cn"=> $ibayName,
|
||||||
|
"gidNumber"=> $ibay->prop("Gid"),
|
||||||
system(
|
"objectClass" => [ 'posixGroup', 'mailboxRelatedObject']
|
||||||
"/usr/sbin/cpu", "-C/etc/cpu-system.conf", "useradd",
|
]);
|
||||||
"-u",
|
$result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) group $ibayName.\n" );
|
||||||
$ibay->prop("Uid"),
|
|
||||||
"-g",
|
|
||||||
$ibay->prop("Gid"),
|
|
||||||
"-c",
|
|
||||||
$ibay->prop("Name"),
|
|
||||||
"-d",
|
|
||||||
"/home/e-smith/files/ibays/$ibayName/files",
|
|
||||||
"-G",
|
|
||||||
"shared,"
|
|
||||||
. $ibay->prop("Group"),
|
|
||||||
"-s",
|
|
||||||
"/bin/false",
|
|
||||||
"$ibayName"
|
|
||||||
) == 0 or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) account $ibayName.\n" );
|
|
||||||
|
|
||||||
|
#------------------------------------------------------------
|
||||||
|
# add new ibay user to ldap
|
||||||
|
#------------------------------------------------------------
|
||||||
|
$result = $ldap->add("uid=$ibayName,ou=Users,$base",
|
||||||
|
attrs => [
|
||||||
|
"uidNumber" => $ibay->prop("Uid"),
|
||||||
|
"gidNumber" => $ibay->prop("Gid"),
|
||||||
|
"cn" => $ibay->prop("Name"),
|
||||||
|
"objectClass" => [ 'account', 'posixAccount', 'shadowAccount'],
|
||||||
|
"homeDirectory" => "/home/e-smith/files/ibays/$ibayName",
|
||||||
|
"loginShell" => "/bin/false",
|
||||||
|
"shadowExpire" => -1,
|
||||||
|
"shadowFlag" => 134538308,
|
||||||
|
"shadowInactive" => -1,
|
||||||
|
"shadowLastChange" => 15997,
|
||||||
|
"shadowMax" => 99999,
|
||||||
|
"shadowMin" => -1,
|
||||||
|
"shadowWarning"=> 7,
|
||||||
|
]
|
||||||
|
);
|
||||||
|
$result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to create (ldap) account $ibayName.\n" );
|
||||||
|
#------------------------------------------------------------
|
||||||
|
# Loop to add new user to groups "shared,". $ibay->prop("Group")
|
||||||
|
#------------------------------------------------------------
|
||||||
|
foreach my $grp ( 'shared', $ibay->prop("Group") ) {
|
||||||
|
$result = $ldap->modify("cn=$grp,ou=Groups,$base",
|
||||||
|
add => {
|
||||||
|
"memberUid"=> [ $ibay->prop("Uid")]
|
||||||
|
});
|
||||||
|
# error code 20 is entry already exits.
|
||||||
|
$result->code && ( $result->code != 20 ) && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to add (ldap) account $ibayName to supplementary group $grp.\n" );
|
||||||
|
}
|
||||||
#------------------------------------------------------------
|
#------------------------------------------------------------
|
||||||
# Create the ibay files and set the password.
|
# Create the ibay files and set the password.
|
||||||
#------------------------------------------------------------
|
#------------------------------------------------------------
|
||||||
@ -130,15 +168,18 @@ if ($event eq 'ibay-create')
|
|||||||
or ( $x = 255, warn "Error locking (unix) account $ibayName" );
|
or ( $x = 255, warn "Error locking (unix) account $ibayName" );
|
||||||
}
|
}
|
||||||
|
|
||||||
system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod", "-L", $ibayName) == 0
|
#------------------------------------------------------------
|
||||||
or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Error locking (ldap) account $ibayName" );
|
# lock password in ldap
|
||||||
|
#------------------------------------------------------------
|
||||||
|
$result = $ldap->modify("uid=$ibayName,ou=Users,$base",
|
||||||
|
replace => { 'userPassword' => "{crypt}!*"});
|
||||||
|
$result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Error locking (ldap) account $ibayName.\n" );
|
||||||
}
|
}
|
||||||
elsif ($event eq 'ibay-modify' and $ibayName ne 'Primary')
|
elsif ($event eq 'ibay-modify' and $ibayName ne 'Primary')
|
||||||
{
|
{
|
||||||
#------------------------------------------------------------
|
#------------------------------------------------------------
|
||||||
# Modify ibay description in /etc/passwd using "usermod"
|
# Modify ibay description in /etc/passwd using "usermod"
|
||||||
#------------------------------------------------------------
|
#------------------------------------------------------------
|
||||||
|
|
||||||
if ($ldapauth ne 'enabled')
|
if ($ldapauth ne 'enabled')
|
||||||
{
|
{
|
||||||
system("/usr/sbin/usermod", "-c", $ibay->prop("Name"),
|
system("/usr/sbin/usermod", "-c", $ibay->prop("Name"),
|
||||||
@ -146,9 +187,28 @@ elsif ($event eq 'ibay-modify' and $ibayName ne 'Primary')
|
|||||||
or ( $x = 255, warn "Failed to modify (unix) account $ibayName.\n" );
|
or ( $x = 255, warn "Failed to modify (unix) account $ibayName.\n" );
|
||||||
}
|
}
|
||||||
|
|
||||||
system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod", "-c", $ibay->prop("Name"),
|
#------------------------------------------------------------
|
||||||
"-G", "shared," . $ibay->prop("Group"), "$ibayName") == 0
|
# Modify ibay description in ldap"
|
||||||
or ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify (ldap) account $ibayName.\n" );
|
#------------------------------------------------------------
|
||||||
|
$result = $ldap->modify("uid=$ibayName,ou=Users,$base",
|
||||||
|
replace => {
|
||||||
|
"cn" => $ibay->prop("Name"),
|
||||||
|
}
|
||||||
|
);
|
||||||
|
$result->code && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to modify email of (ldap) account $ibayName.\n" );
|
||||||
|
|
||||||
|
#------------------------------------------------------------
|
||||||
|
# Loop to add new user to groups "shared,". $ibay->prop("Group")
|
||||||
|
#------------------------------------------------------------
|
||||||
|
foreach my $grp ( 'shared', $ibay->prop("Group") ) {
|
||||||
|
$result = $ldap->modify("cn=$grp,ou=Groups,$base",
|
||||||
|
add=> {
|
||||||
|
"memberUid"=> [ $ibay->prop("Uid")]
|
||||||
|
} );
|
||||||
|
# error code 20 is entry already exits.
|
||||||
|
$result->code && ( $result->code != 20 ) && ( $x = $ldapauth ne 'enabled' ? $x : 255, warn "Failed to add (ldap) account $ibayName to supplementary group $grp.\n" );
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#------------------------------------------------------------
|
#------------------------------------------------------------
|
||||||
|
@ -4,7 +4,7 @@ Summary: smeserver server and gateway - ibays module
|
|||||||
%define name smeserver-ibays
|
%define name smeserver-ibays
|
||||||
Name: %{name}
|
Name: %{name}
|
||||||
%define version 11.0.0
|
%define version 11.0.0
|
||||||
%define release 6
|
%define release 7
|
||||||
Version: %{version}
|
Version: %{version}
|
||||||
Release: %{release}%{?dist}
|
Release: %{release}%{?dist}
|
||||||
License: GPL
|
License: GPL
|
||||||
@ -13,13 +13,12 @@ Source: %{name}-%{version}.tar.xz
|
|||||||
|
|
||||||
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
|
BuildRoot: /var/tmp/%{name}-%{version}-%{release}-buildroot
|
||||||
BuildArchitectures: noarch
|
BuildArchitectures: noarch
|
||||||
Requires: smeserver-base >= 4.13.15-76
|
Requires: smeserver-base
|
||||||
Requires: perl(CGI::FormMagick)
|
Requires: perl(CGI::FormMagick)
|
||||||
Requires: smeserver-formmagick >= 1.4.0-12
|
Requires: smeserver-formmagick
|
||||||
#Conflicts: e-smith-apache < 0.1.1
|
Requires: smeserver-apache
|
||||||
Requires: smeserver-apache >= 2.6.0-19
|
|
||||||
BuildRequires: perl, perl(Test::Inline)
|
BuildRequires: perl, perl(Test::Inline)
|
||||||
BuildRequires: smeserver-devtools >= 1.11.0-03
|
BuildRequires: smeserver-devtools
|
||||||
AutoReqProv: no
|
AutoReqProv: no
|
||||||
|
|
||||||
|
|
||||||
@ -28,6 +27,9 @@ Provides: e-smith-ibays
|
|||||||
smeserver server and gateway software - ibays module.
|
smeserver server and gateway software - ibays module.
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sat May 18 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-7.sme
|
||||||
|
- edit LDAP entries using Net::LDAP rather than cpu [SME: 12687]
|
||||||
|
|
||||||
* Sat Apr 13 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-6.sme
|
* Sat Apr 13 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-6.sme
|
||||||
- fix path for store-ldap-smbpasswd [SME: 12614]
|
- fix path for store-ldap-smbpasswd [SME: 12614]
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user