epita-std/ACU
Archived
1
0
Fork 0
Code Releases Activity

LPT: fix grant-lab and add delete account capability

Browse source
This commit is contained in:
Mercier Pierre-Olivier 2013-11-07 14:46:28 +01:00
parent de88e60fa5
commit cda7b5b026
2 changed files with 98 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

108
utils/lpt
View file

@ -73,6 +73,7 @@ my %cmds_account =
"close" => \&cmd_account_close,
"cn" => \&cmd_account_cn,
"create" => \&cmd_account_create,
"delete" => \&cmd_account_delete,
"finger" => \&cmd_account_view,
"mail" => \&cmd_account_mail,
"name" => \&cmd_account_cn,
@ -259,11 +260,31 @@ sub cmd_account_create($@)
log(DEBUG, "Adding dn: uid=$login,ou=$group,ou=users,dc=acu,dc=epita,dc=fr ...");
my $ldap = LDAP::ldap_connect();
my $mesg = $ldap->add( "uid=$login,ou=$group,ou=users,dc=acu,dc=epita,dc=fr",
# Check if the OU exists
my $oudn = "ou=$group,ou=users,dc=acu,dc=epita,dc=fr";
my $ou = LDAP::get_dn($ldap, $oudn);
if (! $ou)
{
my $mesg = $ldap->add( "$oudn",
attrs => [
objectclass => [ "top", "organizationalUnit" ],
ou => "$group",
]
);
if ($mesg->code == 0) {
log(INFO, "New OU created: $oudn");
} else {
log(WARN, "Unable to add new OU $oudn: ", RESET, $mesg->error);
}
}
my $mesg = $ldap->add( "uid=$login,$oudn",
attrs => [
objectclass => [ "top", "epitaAccount" ],
uidNumber => shift,
cn => shift(@_)." ".shift(@_),
cn => ucfirst(shift(@_))." ".ucfirst(shift(@_)),
mail => "$login\@epita.fr",
uid => $login,
]
@ -271,10 +292,11 @@ sub cmd_account_create($@)
#$ldap->unbind or die ("couldn't disconnect correctly");
if ($mesg->code == 0) {
if ($mesg->code == 0)
{
log(INFO, "Account added: $login");
my $pass = shift;
return cmd_account($login, $pass) if ($pass ne "nopass");
return cmd_account($login, $pass, @_) if ($pass ne "nopass");
return 0;
}
else {
@ -282,6 +304,28 @@ sub cmd_account_create($@)
}
}
sub cmd_account_delete($@)
{
my $login = shift;
my $ldap = LDAP::ldap_connect();
my $dn = LDAP::search_dn($ldap, "ou=users", "uid=$login");
log(DEBUG, "Deleting dn: $dn ...");
if (LDAP::delete_entry($ldap, $dn))
{
log DONE, "Account ", YELLOW, $login, RESET, " successfully deleted.";
return 0;
}
else
{
log ERROR, "Unable to delete account ", YELLOW, $login, RESET, ".";
return 1;
}
}
sub cmd_account_grantintra($@)
{
my $login = shift;
@ -300,27 +344,58 @@ sub cmd_account_grantintra($@)
sub cmd_account_grantlab($@)
{
my $login = shift;
my $group = shift;
my $group = shift // "";
if ($group ne "acu" && $group ne "yaka") {
log(USAGE, "lpt account <login> grantlab <acu|yaka>");
if ($group ne "acu" && $group ne "yaka" && $group ne "ferry")
{
log(USAGE, "lpt account <login> grant-lab <acu|yaka|ferry>");
return 1;
}
my $ldap = LDAP::ldap_connect();
my $dn = LDAP::search_dn($ldap, "ou=users", "uid=$login");
my $entry = LDAP::get_dn($ldap, $dn, "objectClass", "mail", "mailAlias", "mailAccountActive", "loginShell", "homeDirectory", "gidNumber");
if (!LDAP::get_attribute($ldap, $dn, "mail")) {
LDAP::add_attribute($ldap, $dn, "mail", "$login\@epita.fr");
}
LDAP::add_attribute($ldap, $dn, "mailAlias", "$login\@$group.epita.fr");
LDAP::update_attribute($ldap, $dn, "mailAccountActive", "yes");
LDAP::add_attribute($ldap, $dn, "objectClass", "MailAccount");
LDAP::add_attribute($ldap, $dn, "objectClass", "labAccount");
if ($group eq "acu" || $group eq "yaka")
{
if (! grep { $_ eq "MailAccount" } @{ $entry->get_value("objectClass") })
{
$entry->replace("mailAccountActive" => [ "yes" ]);
log(INFO, "$login now grants to receive e-mail and connect in laboratory.");
my @oc = $entry->get_value("objectClass");
push @oc, "MailAccount";
$entry->replace("objectClass" => \@oc);
my @aliases = $entry->get_value("mailAlias");
push @aliases, "$login\@$group.epita.fr";
$entry->replace("objectClass" => \@aliases);
}
$entry->replace("loginShell" => [ "/bin/zsh" ]) if ($entry->get_value("loginShell"));
$entry->replace("homeDirectory" => [ "/home/201X/$login" ]) if ($entry->get_value("homeDirectory"));
$entry->replace("gidNumber" => [ "4242" ]) if ($entry->get_value("gidNumber"));
}
elsif ($group eq "ferry")
{
$entry->replace("loginShell" => [ "/bin/noexists" ]);
$entry->replace("homeDirectory" => [ "/dev/null" ]);
$entry->replace("gidNumber" => [ "4243" ]);
}
my @oc = $entry->get_value("objectClass");
push @oc, "labAccount";
$entry->replace("objectClass" => \@oc);
my $mesg = $entry->update($ldap) or die $!;
if ($mesg->code != 0) { log(WARN, $mesg->error); return 0; }
log(INFO, "$login now grants to receive e-mail and connect in laboratory.") if ($group eq "acu" || $group eq "yaka");
log(INFO, "$login now grants to connect in laboratory for exam.") if ($group eq "ferry");
$ldap->unbind or die ("couldn't disconnect correctly");
}
@ -1855,10 +1930,12 @@ B<lpt account> <login> I<grant-intra>
Give rights to the user to access the intranet.
B<lpt account> <login> I<grant-lab>
B<lpt account> <login> I<grant-lab> <acu | yaka | ferry>
Give rights to the user to access intern systems of the laboratory (SSH, Unix, ...)
If ferry is given, open an account for exam only, with restricted rights.
B<lpt account> <login> I<grant-mail>
Give rights to the user to receive e-mails.
@ -1871,6 +1948,11 @@ B<lpt account> <login> I<close>
This is used to close an existing account.
B<lpt account> <login> I<delete>
This is used to delete an existing account.
NEVER DELETE AN ACCOUNT, close it instead.
B<lpt account> <login> I<mail> [new-mail]
This is used to display, or change if [new-mail] is given, the account contact adress.