Commit 834e3abe authored by Haarst, Jan van's avatar Haarst, Jan van
Browse files

Added menu to select DN to add new user to

parent 21897397
......@@ -12,6 +12,17 @@ fi
NEW_USER=${1}
ADMINPASSWORD=''
binddn=${SUDO_USER}@wurnet.nl
declare -A DN_ARRAY
DN_ARRAY["dev1_Rusr"]="CN=SERVERS_dev1_Rusr,OU=dev1.ab,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl"
DN_ARRAY["HMI"]="CN=USR_BIOINF_HMI,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl"
DN_ARRAY["GEN"]="CN=USR_BIOINF_GEN,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl"
DN_ARRAY["NEM"]="CN=USR_BIOINF_NEM,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl"
DN_ARRAY["BIS"]="CN=USR_BIOINF_BIS,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl"
DN_ARRAY["PPH"]="CN=USR_BIOINF_PPH,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl"
DN_ARRAY["VIR"]="CN=USR_BIOINF_VIR,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl"
DN_ARRAY["BIF"]="CN=USR_BIOINF_BIF,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl"
DN_ARRAY["AB"]="CN=USR_BIOINF_AB,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl"
# Functions
......@@ -31,41 +42,56 @@ function ad_id_to_name() {
function add_to_ad_group() {
binddn=${SUDO_USER}@wurnet.nl
# If changing this, als change DN
# Lookup with
# ldapsearch -x -LLL -E pr=200/noprompt -H ldaps://ldap.wurnet.nl -D srv_ldap_reader@wur.nl -w ldap_reader "(&(samAccountName="SERVERS_dev1_Rusr"))" -b "dc=wurnet,dc=nl" dn
NEW_USER=$1
DN=$2
local USERDN=$(ad_id_to_dn $NEW_USER)
group=SERVERS_dev1_Rusr
echo "Adding $NEW_USER to group $group in the AD."
echo
echo "Adding $NEW_USER to DN $DN in the AD."
ldapmodify -x -H ldaps://ldap.wurnet.nl -D "$binddn" -w "${ADMINPASSWORD}" << EOF
dn: CN=SERVERS_dev1_Rusr,OU=dev1.ab,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl
dn: $DN
changetype: modify
add: member
member: $USERDN
EOF
}
function check_id_in_ad_group() {
binddn=${SUDO_USER}@wurnet.nl
NEW_USER=$1
DN=$2
ldapsearch -LLL -H ldaps://ldap.wurnet.nl -x -b "DC=wurnet,DC=nl" -D "$binddn" -w "${ADMINPASSWORD}" 'memberOf='"$DN" sAMAccountName | grep sAMAccountName| cut -f2 -d ':' | grep -q $NEW_USER
return $?
}
# Start of script
if [ -z "${ADMINPASSWORD-}" ]
then
read -sp "Enter your password for ${SUDO_USER}:" ADMINPASSWORD
echo
fi
PS3="Select a DN: "
select DN_AVAIL in "${!DN_ARRAY[@]}"
do
DN=${DN_ARRAY[$DN_AVAIL]}
break
done
NAME=$(ad_id_to_name $NEW_USER)
MAIL=$(ad_id_to_mail $NEW_USER)
ADMIN_NAME=$(ad_id_to_name $SUDO_USER)
# If the user isn't in the list yet, add her
if $(ldapsearch -LLL -H ldaps://ldap.wurnet.nl -x -b "DC=wurnet,DC=nl" -D "$binddn" -w "${ADMINPASSWORD}" 'memberOf=CN=SERVERS_dev1_Rusr,OU=dev1.ab,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl' sAMAccountName | grep sAMAccountName| cut -f2 -d ':' | grep -q $NEW_USER)
if check_id_in_ad_group $NEW_USER $DN
then
echo
echo User already in AD group
echo $NEW_USER already in AD group $DN
else
add_to_ad_group $NEW_USER
add_to_ad_group $NEW_USER $DN
fi
exit
# If the folders don't exist yet, create them, and set the correct permissions
for dir in /mnt/scratch/${NEW_USER} /mnt/LTR_userdata/${NEW_USER} /lustre/BIF/nobackup/${NEW_USER}
do
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment