Merge branch 'new_dn_menu' into 'master'

Add users to separate AD groups, and also in a database if student. See merge request !1

Merge branch 'new_dn_menu' into 'master'
Add users to separate AD groups, and also in a database if student. See merge request !1
96b2c92c · Haarst, Jan van · 21897397 · a8cda6a6 · 96b2c92c · 96b2c92c
Commit 96b2c92c authored Apr 30, 2021 by Haarst, Jan van
--- a/create_new_user.sh
+++ b/create_new_user.sh
 #!/bin/bash
+SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
+
 set -o nounset
 set -o errexit

@@ -12,9 +14,62 @@ fi
 NEW_USER=${1}
 ADMINPASSWORD=''
 binddn=${SUDO_USER}@wurnet.nl
-
+declare -A DN_ARRAY
+DN_ARRAY["dev1_Rusr"]="CN=SERVERS_dev1_Rusr,OU=dev1.ab,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl"
+DN_ARRAY["AB"]="CN=USR_BIOINFORMATICS_SERVERS_AB_Rusr,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl"
+DN_ARRAY["BIF"]="CN=USR_BIOINFORMATICS_SERVERS_BIF_Rusr,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl"
+DN_ARRAY["BIS"]="CN=USR_BIOINFORMATICS_SERVERS_BIS_Rusr,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl"
+DN_ARRAY["GEN"]="CN=USR_BIOINFORMATICS_SERVERS_GEN_Rusr,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl"
+DN_ARRAY["HMI"]="CN=USR_BIOINFORMATICS_SERVERS_HMI_Rusr,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl"
+DN_ARRAY["MOB"]="CN=USR_BIOINFORMATICS_SERVERS_MOB_Rusr,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl"
+DN_ARRAY["NEM"]="CN=USR_BIOINFORMATICS_SERVERS_NEM_Rusr,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl"
+
+DB="${SCRIPTPATH}"/users.sqlite3.db
+
+STUDENT=''
+SUPERVISOR=''
+END_DATE=''
+# Six months in the future, last day of that month
+DEFAULT_END_DATE=$(date -d "`date +%Y%m01` +7  month -1 day" +%F)
 # Functions

+# https://gist.github.com/davejamesmiller/1965569
+function ask() {
+    local prompt default reply
+
+    if [[ ${2:-} = 'Y' ]]; then
+        prompt='Y/n'
+        default='Y'
+    elif [[ ${2:-} = 'N' ]]; then
+        prompt='y/N'
+        default='N'
+    else
+        prompt='y/n'
+        default=''
+    fi
+
+    while true; do
+
+        # Ask the question (not using "read -p" as it uses stderr not stdout)
+        echo -n "$1 [$prompt] "
+
+        # Read the answer (use /dev/tty in case stdin is redirected from somewhere else)
+        read -r reply </dev/tty
+
+        # Default?
+        if [[ -z $reply ]]; then
+            reply=$default
+        fi
+
+        # Check if the reply is valid
+        case "$reply" in
+            Y*|y*) return 0 ;;
+            N*|n*) return 1 ;;
+        esac
+
+    done
+}
+
 function ad_id_to_dn() {
 echo $(ldapsearch -x -LLL -E pr=200/noprompt -H ldaps://ldap.wurnet.nl -D "$binddn" -w "${ADMINPASSWORD}" "(&(samAccountName="$1"))" -b "dc=wurnet,dc=nl" dn | sed -e '/^$/,$d' | sed ':a;N;$!ba;s/\n //g'| awk '{$1=""; print $0}')
 }
@@ -31,39 +86,69 @@ function ad_id_to_name() {

 function add_to_ad_group() {
  binddn=${SUDO_USER}@wurnet.nl
-  # If changing this, als change DN
-  # Lookup with
-  # ldapsearch -x -LLL -E pr=200/noprompt -H ldaps://ldap.wurnet.nl -D srv_ldap_reader@wur.nl -w ldap_reader "(&(samAccountName="SERVERS_dev1_Rusr"))" -b "dc=wurnet,dc=nl" dn
+  NEW_USER=$1
+  DN=$2
  local USERDN=$(ad_id_to_dn $NEW_USER)
-  group=SERVERS_dev1_Rusr
-  echo "Adding $NEW_USER to group $group in the AD."
+  echo
+  echo "Adding $NEW_USER to DN $DN in the AD."
 ldapmodify -x -H ldaps://ldap.wurnet.nl -D "$binddn" -w "${ADMINPASSWORD}" << EOF
-dn: CN=SERVERS_dev1_Rusr,OU=dev1.ab,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl
+dn: $DN
 changetype: modify
 add: member
 member: $USERDN
 EOF
 }

+function check_id_in_ad_group() {
+  binddn=${SUDO_USER}@wurnet.nl
+  NEW_USER=$1
+  DN=$2
+  ldapsearch -LLL -H ldaps://ldap.wurnet.nl -x -b "DC=wurnet,DC=nl"  -D "$binddn" -w "${ADMINPASSWORD}" 'memberOf='"$DN" sAMAccountName | grep sAMAccountName| cut -f2 -d ':'  | grep -q $NEW_USER
+  return $?
+}

 # Start of script

 if [ -z "${ADMINPASSWORD-}" ]
 then
    read -sp "Enter your password for ${SUDO_USER}:" ADMINPASSWORD
+    echo
+fi
+
+# Default to No if the user presses enter without giving an answer:
+if ask "Is $NEW_USER a student ?" N; then
+    STUDENT="Y"
+else
+    STUDENT="N"
+fi
+
+if [ "$STUDENT" == "Y" ]
+then 
+    read -p "Who is the supervisor of $NEW_USER ? " SUPERVISOR
+    read -p "What is the end date for access for $NEW_USER ? [${DEFAULT_END_DATE}] " END_DATE
+    END_DATE=${END_DATE:-${DEFAULT_END_DATE}}
+    echo
 fi

+PS3="Select a department to which $NEW_USER belongs: "
+
+select DN_AVAIL in "${!DN_ARRAY[@]}"
+do
+    DN=${DN_ARRAY[$DN_AVAIL]}
+    break
+done
+
 NAME=$(ad_id_to_name $NEW_USER)
 MAIL=$(ad_id_to_mail $NEW_USER)
 ADMIN_NAME=$(ad_id_to_name $SUDO_USER)

 # If the user isn't in the list yet, add her
-if $(ldapsearch -LLL -H ldaps://ldap.wurnet.nl -x -b "DC=wurnet,DC=nl"  -D "$binddn" -w "${ADMINPASSWORD}" 'memberOf=CN=SERVERS_dev1_Rusr,OU=dev1.ab,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl' sAMAccountName | grep sAMAccountName| cut -f2 -d ':'  | grep -q $NEW_USER)
+if check_id_in_ad_group $NEW_USER $DN
 then
    echo
-    echo User already in AD group
+    echo -e "\e[31m$NEW_USER already in AD group $DN \033[0m"
 else
-    add_to_ad_group $NEW_USER
+    add_to_ad_group $NEW_USER $DN
 fi

 # If the folders don't exist yet, create them, and set the correct permissions
@@ -71,15 +156,19 @@ for dir in /mnt/scratch/${NEW_USER} /mnt/LTR_userdata/${NEW_USER} /lustre/BIF/no
 do
    if [ -d $dir ]
    then
-        echo $dir already exists :
+        echo -e "\e[31m$dir already exists : \033[0m"
        ls -ld $dir
    else
        mkdir -p --mode=700 --verbose $dir
        chown --verbose ${NEW_USER}:'domain users' $dir
    fi
 done
-# TODO Add user to database/Google Docs sheet.
-
+# Add user to database.
+if [ -e "$DB" ]
+then
+    echo "Adding $NEW_USER to database $DB"
+    sqlite3 -batch "$DB"  "insert into users (ACCOUNT,DEPARTMENT,ADDED_BY,SUPERVISOR,END_DATE) values ('"${NEW_USER}"','"${DN_AVAIL}"','"${SUDO_USER}"','"${SUPERVISOR}"','"${END_DATE}"');"
+fi
 # TODO mail this automatically, using the right return adress
 echo "Use this as mail template to mail $MAIL :"
 echo

--- a/create_table.sql
+++ b/create_table.sql
+-- Create database like this : cat create_table.sql | sqlite3 users.sqlite3.db
+CREATE TABLE IF NOT EXISTS users
+(
+    ID          INTEGER PRIMARY KEY,
+    ACCOUNT     TEXT NOT NULL,
+    DEPARTMENT  TEXT NOT NULL,
+    SUPERVISOR  TEXT,
+    ADDED_BY    TEXT,
+    ENTRY_DATE  DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    END_DATE    DATETIME
+);
\ No newline at end of file