Implement posix group for all users in LDAP.

2019-12-01 18:21:24 +01:00 · 2019-12-01 18:21:24 +01:00 · 8c896c90e6
commit 8c896c90e6
parent 43cb4dcf13
2 changed files with 36 additions and 0 deletions
--- a/roles/ldap/templates/debian-lan.j2
+++ b/roles/ldap/templates/debian-lan.j2
@ -123,6 +123,14 @@ dn: cn=${id},ou=groups,$BASEDN
 objectClass: posixGroup
 gidNumber: ${gidNumber}
 ##################################
+EOF
+
+    cat <<EOF | ldapmodify -H ldapi:/// -D "$LDAPADMIN"  -w "$ADPASSWD" | sed '/^$/d'
+############## LDIF ##############
+dn: cn=ldapuser,ou=groups,$BASEDN
+add: memberUid
+memberUid: ${id}
+##################################
 EOF

    if [ $KRB5 ] ; then
@ -132,6 +140,7 @@ EOF
            echo "uidNumber: ${uidNumber}  gidNumber: ${gidNumber}"
            cp -r /etc/skel ${HOMES}/${id}
            chown -R ${uidNumber}:${gidNumber} ${HOMES}/${id}
+            #chmod -R o= ${HOMES}/${id}
            ls -nld ${HOMES}/${id}
        fi
    fi
@ -150,6 +159,14 @@ del-user(){
    ldapdelete -v -H ldapi:/// -D "$LDAPADMIN"  -w "$ADPASSWD" "uid=${id},ou=people,$BASEDN"  "cn=${id},ou=groups,$BASEDN" 2>&1 \
        | sed '/ldap_initialize/d'

+    cat <<EOF | ldapmodify -H ldapi:/// -D "$LDAPADMIN"  -w "$ADPASSWD" | sed '/^$/d'
+############## LDIF ##############
+dn: cn=ldapuser,ou=groups,$BASEDN
+delete: memberUid
+memberUid: ${id}
+##################################
+EOF
+
    if [ -d ${HOMES}/${id} ] ; then
        KEEPDIR="${HOMES}/rm_$(date '+%Y%m%d')_${id}"
        mv ${HOMES}/${id} "${KEEPDIR}"