Commit 8f105764 authored by Haarst, Jan van's avatar Haarst, Jan van
Browse files

Only perform actions if necessary

parent ae4d931b
......@@ -16,7 +16,7 @@ function ad_id_to_mail() {
function ad_id_to_name() {
TERM=cn
echo $(ldapsearch -x -LLL -E pr=200/noprompt -H ldaps://ldap.wurnet.nl -D srv_ldap_reader@wur.nl -w ldap_reader "(&(samAccountName="$1"))" -b "dc=wurnet,dc=nl" $TERM | \
grep $TERM | cut -f 2 -d':') | awk -F, '{ print $2 " " $1 }'
grep $TERM | cut -f 2 -d':') | awk -F, '{ print $2 " " $1 }' | sed 's/^ *//g'
}
function add_to_ad_group() {
......@@ -35,22 +35,7 @@ member: $USERDN
EOF
}
#TODO Fix this, doesn't work
function del_from_ad_group() {
binddn=${SUDO_USER}@wurnet.nl
# If changing this, als change DN
# Lookup with
# ldapsearch -x -LLL -E pr=200/noprompt -H ldaps://ldap.wurnet.nl -D srv_ldap_reader@wur.nl -w ldap_reader "(&(samAccountName="SERVERS_dev1_Rusr"))" -b "dc=wurnet,dc=nl" dn
local USERDN=$(ad_id_to_dn $1)
group=SERVERS_dev1_Rusr
echo "Deleting $1 from group $group in the AD."
ldapmodify -x -H ldaps://ldap.wurnet.nl -D "$binddn" -w "$ADMINPASSWORD" << EOF
dn: CN=SERVERS_dev1_Rusr,OU=dev1.ab,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl
changetype: modify
delete: member
member: $USERDN
EOF
}
############## Start of script
if [ -z "${1-}" ] || [ -z "${SUDO_USER-}" ]
then
......@@ -63,20 +48,34 @@ NAME=$(ad_id_to_name $1)
MAIL=$(ad_id_to_mail $1)
ADMIN_NAME=$(ad_id_to_name $SUDO_USER)
if [ -z "${ADMINPASSWORD-}" ]
# If the user isn't in the list yet, add her
if $(ldapsearch -LLL -h scomp0001.wurnet.nl -x -b "DC=wurnet,DC=nl" -D 'srv_ldap_reader@wur.nl' -w ldap_reader 'memberOf=CN=SERVERS_dev1_Rusr,OU=dev1.ab,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl' sAMAccountName | grep sAMAccountName| cut -f2 -d ':' | grep -q $NEW_USER)
then
read -sp "Enter your password for ${SUDO_USER}:" ADMINPASSWORD
echo
echo User already in AD group
else
if [ -z "${ADMINPASSWORD-}" ]
then
read -sp "Enter your password for ${SUDO_USER}:" ADMINPASSWORD
fi
add_to_ad_group $NEW_USER
fi
#del_from_ad_group $NEW_USER
#exit
add_to_ad_group $NEW_USER
mkdir -p --mode=700 --verbose {/mnt/scratch/,/mnt/LTR_userdata/}${NEW_USER}
chown --verbose ${NEW_USER}:'domain users' /mnt/scratch/${NEW_USER}
chown --verbose ${NEW_USER}:'domain users' /mnt/LTR_userdata/${NEW_USER}
# If the folders don't exist yet, create them, and set the permissions right
for dir in /mnt/scratch/${NEW_USER} /mnt/LTR_userdata/${NEW_USER}
do
if [ -d $dir ]
then
echo $dir already exists :
ls -ld $dir
else
mkdir -p --mode=700 --verbose $dir
chown --verbose ${NEW_USER}:'domain users' $dir
fi
done
# TODO Add user to database/Google Docs sheet.
# TODO mail this automatically, using the right return adress
echo "Use this as mail template to mail $MAIL :"
echo
cat << EOF
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment