Commit 96b2c92c authored by Haarst, Jan van's avatar Haarst, Jan van
Browse files

Merge branch 'new_dn_menu' into 'master'

Add users to separate AD groups, and also in a database if student.

See merge request !1
parents 21897397 a8cda6a6
#!/bin/bash
SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
set -o nounset
set -o errexit
......@@ -12,9 +14,62 @@ fi
NEW_USER=${1}
ADMINPASSWORD=''
binddn=${SUDO_USER}@wurnet.nl
declare -A DN_ARRAY
DN_ARRAY["dev1_Rusr"]="CN=SERVERS_dev1_Rusr,OU=dev1.ab,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl"
DN_ARRAY["AB"]="CN=USR_BIOINFORMATICS_SERVERS_AB_Rusr,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl"
DN_ARRAY["BIF"]="CN=USR_BIOINFORMATICS_SERVERS_BIF_Rusr,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl"
DN_ARRAY["BIS"]="CN=USR_BIOINFORMATICS_SERVERS_BIS_Rusr,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl"
DN_ARRAY["GEN"]="CN=USR_BIOINFORMATICS_SERVERS_GEN_Rusr,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl"
DN_ARRAY["HMI"]="CN=USR_BIOINFORMATICS_SERVERS_HMI_Rusr,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl"
DN_ARRAY["MOB"]="CN=USR_BIOINFORMATICS_SERVERS_MOB_Rusr,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl"
DN_ARRAY["NEM"]="CN=USR_BIOINFORMATICS_SERVERS_NEM_Rusr,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl"
DB="${SCRIPTPATH}"/users.sqlite3.db
STUDENT=''
SUPERVISOR=''
END_DATE=''
# Six months in the future, last day of that month
DEFAULT_END_DATE=$(date -d "`date +%Y%m01` +7 month -1 day" +%F)
# Functions
# https://gist.github.com/davejamesmiller/1965569
function ask() {
local prompt default reply
if [[ ${2:-} = 'Y' ]]; then
prompt='Y/n'
default='Y'
elif [[ ${2:-} = 'N' ]]; then
prompt='y/N'
default='N'
else
prompt='y/n'
default=''
fi
while true; do
# Ask the question (not using "read -p" as it uses stderr not stdout)
echo -n "$1 [$prompt] "
# Read the answer (use /dev/tty in case stdin is redirected from somewhere else)
read -r reply </dev/tty
# Default?
if [[ -z $reply ]]; then
reply=$default
fi
# Check if the reply is valid
case "$reply" in
Y*|y*) return 0 ;;
N*|n*) return 1 ;;
esac
done
}
function ad_id_to_dn() {
echo $(ldapsearch -x -LLL -E pr=200/noprompt -H ldaps://ldap.wurnet.nl -D "$binddn" -w "${ADMINPASSWORD}" "(&(samAccountName="$1"))" -b "dc=wurnet,dc=nl" dn | sed -e '/^$/,$d' | sed ':a;N;$!ba;s/\n //g'| awk '{$1=""; print $0}')
}
......@@ -31,39 +86,69 @@ function ad_id_to_name() {
function add_to_ad_group() {
binddn=${SUDO_USER}@wurnet.nl
# If changing this, als change DN
# Lookup with
# ldapsearch -x -LLL -E pr=200/noprompt -H ldaps://ldap.wurnet.nl -D srv_ldap_reader@wur.nl -w ldap_reader "(&(samAccountName="SERVERS_dev1_Rusr"))" -b "dc=wurnet,dc=nl" dn
NEW_USER=$1
DN=$2
local USERDN=$(ad_id_to_dn $NEW_USER)
group=SERVERS_dev1_Rusr
echo "Adding $NEW_USER to group $group in the AD."
echo
echo "Adding $NEW_USER to DN $DN in the AD."
ldapmodify -x -H ldaps://ldap.wurnet.nl -D "$binddn" -w "${ADMINPASSWORD}" << EOF
dn: CN=SERVERS_dev1_Rusr,OU=dev1.ab,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl
dn: $DN
changetype: modify
add: member
member: $USERDN
EOF
}
function check_id_in_ad_group() {
binddn=${SUDO_USER}@wurnet.nl
NEW_USER=$1
DN=$2
ldapsearch -LLL -H ldaps://ldap.wurnet.nl -x -b "DC=wurnet,DC=nl" -D "$binddn" -w "${ADMINPASSWORD}" 'memberOf='"$DN" sAMAccountName | grep sAMAccountName| cut -f2 -d ':' | grep -q $NEW_USER
return $?
}
# Start of script
if [ -z "${ADMINPASSWORD-}" ]
then
read -sp "Enter your password for ${SUDO_USER}:" ADMINPASSWORD
echo
fi
# Default to No if the user presses enter without giving an answer:
if ask "Is $NEW_USER a student ?" N; then
STUDENT="Y"
else
STUDENT="N"
fi
if [ "$STUDENT" == "Y" ]
then
read -p "Who is the supervisor of $NEW_USER ? " SUPERVISOR
read -p "What is the end date for access for $NEW_USER ? [${DEFAULT_END_DATE}] " END_DATE
END_DATE=${END_DATE:-${DEFAULT_END_DATE}}
echo
fi
PS3="Select a department to which $NEW_USER belongs: "
select DN_AVAIL in "${!DN_ARRAY[@]}"
do
DN=${DN_ARRAY[$DN_AVAIL]}
break
done
NAME=$(ad_id_to_name $NEW_USER)
MAIL=$(ad_id_to_mail $NEW_USER)
ADMIN_NAME=$(ad_id_to_name $SUDO_USER)
# If the user isn't in the list yet, add her
if $(ldapsearch -LLL -H ldaps://ldap.wurnet.nl -x -b "DC=wurnet,DC=nl" -D "$binddn" -w "${ADMINPASSWORD}" 'memberOf=CN=SERVERS_dev1_Rusr,OU=dev1.ab,OU=BioInformatics,OU=NoPolicy,OU=Servers,DC=wurnet,DC=nl' sAMAccountName | grep sAMAccountName| cut -f2 -d ':' | grep -q $NEW_USER)
if check_id_in_ad_group $NEW_USER $DN
then
echo
echo User already in AD group
echo -e "\e[31m$NEW_USER already in AD group $DN \033[0m"
else
add_to_ad_group $NEW_USER
add_to_ad_group $NEW_USER $DN
fi
# If the folders don't exist yet, create them, and set the correct permissions
......@@ -71,15 +156,19 @@ for dir in /mnt/scratch/${NEW_USER} /mnt/LTR_userdata/${NEW_USER} /lustre/BIF/no
do
if [ -d $dir ]
then
echo $dir already exists :
echo -e "\e[31m$dir already exists : \033[0m"
ls -ld $dir
else
mkdir -p --mode=700 --verbose $dir
chown --verbose ${NEW_USER}:'domain users' $dir
fi
done
# TODO Add user to database/Google Docs sheet.
# Add user to database.
if [ -e "$DB" ]
then
echo "Adding $NEW_USER to database $DB"
sqlite3 -batch "$DB" "insert into users (ACCOUNT,DEPARTMENT,ADDED_BY,SUPERVISOR,END_DATE) values ('"${NEW_USER}"','"${DN_AVAIL}"','"${SUDO_USER}"','"${SUPERVISOR}"','"${END_DATE}"');"
fi
# TODO mail this automatically, using the right return adress
echo "Use this as mail template to mail $MAIL :"
echo
......
-- Create database like this : cat create_table.sql | sqlite3 users.sqlite3.db
CREATE TABLE IF NOT EXISTS users
(
ID INTEGER PRIMARY KEY,
ACCOUNT TEXT NOT NULL,
DEPARTMENT TEXT NOT NULL,
SUPERVISOR TEXT,
ADDED_BY TEXT,
ENTRY_DATE DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
END_DATE DATETIME
);
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment