LPT: fix grant-lab and add delete account capability

2013-11-07 14:46:28 +01:00 · 2013-11-07 14:46:28 +01:00 · cda7b5b026
commit cda7b5b026
parent de88e60fa5
2 changed files with 98 additions and 16 deletions
--- a/ACU/LDAP.pm
+++ b/ACU/LDAP.pm
@ -193,9 +193,9 @@ sub get_dn($$@)
 			      base   => "$dn",
 			      filter => Net::LDAP::Filter->new("(objectClass=*)"),
 			      attrs => \@_,
-			      scope => "sub"
+			      scope => "base"
 	);
-    if ($mesg->code != 0) { log(WARN, $mesg->error); return undef; }
+    return undef if ($mesg->code != 0);
    if ($mesg->count != 1) { log(WARN, "$dn not found or multiple entries match"); return undef; }
    return $mesg->entry(0);
@ -331,7 +331,7 @@ sub search_dn($$@)
 			      attrs => [ ],
 			      scope => "sub"
 	);
-    croak($mesg->error) if ($mesg->code != 0);
+    return undef if ($mesg->code != 0);
    croak("$filter not found") if ($mesg->count == 0);
    croak("$filter not unique") if ($mesg->count > 1);
--- a/utils/lpt
+++ b/utils/lpt
@ -73,6 +73,7 @@ my %cmds_account =
  "close"	  => \&cmd_account_close,
  "cn"		  => \&cmd_account_cn,
  "create"	  => \&cmd_account_create,
  "delete"	  => \&cmd_account_delete,
  "finger"	  => \&cmd_account_view,
  "mail"	  => \&cmd_account_mail,
  "name"	  => \&cmd_account_cn,
@ -259,11 +260,31 @@ sub cmd_account_create($@)
    log(DEBUG, "Adding dn: uid=$login,ou=$group,ou=users,dc=acu,dc=epita,dc=fr ...");
    my $ldap = LDAP::ldap_connect();
-    my $mesg = $ldap->add( "uid=$login,ou=$group,ou=users,dc=acu,dc=epita,dc=fr",
+
    # Check if the OU exists
    my $oudn = "ou=$group,ou=users,dc=acu,dc=epita,dc=fr";
    my $ou = LDAP::get_dn($ldap, $oudn);
    if (! $ou)
    {
 	my $mesg = $ldap->add( "$oudn",
 			       attrs => [
 				   objectclass => [ "top", "organizationalUnit" ],
 				   ou => "$group",
 			       ]
 	    );
 	if ($mesg->code == 0) {
 	    log(INFO, "New OU created: $oudn");
 	} else {
 	    log(WARN, "Unable to add new OU $oudn: ", RESET, $mesg->error);
 	}
    }
    my $mesg = $ldap->add( "uid=$login,$oudn",
 			   attrs => [
 			       objectclass => [ "top", "epitaAccount" ],
 			       uidNumber => shift,
-			       cn => shift(@_)." ".shift(@_),
+			       cn => ucfirst(shift(@_))." ".ucfirst(shift(@_)),
 			       mail => "$login\@epita.fr",
 			       uid => $login,
 			   ]
@ -271,10 +292,11 @@ sub cmd_account_create($@)
    #$ldap->unbind or die ("couldn't disconnect correctly");
-    if ($mesg->code == 0) {
+    if ($mesg->code == 0)
    {
 	log(INFO, "Account added: $login");
 	my $pass = shift;
-	return cmd_account($login, $pass) if ($pass ne "nopass");
+	return cmd_account($login, $pass, @_) if ($pass ne "nopass");
 	return 0;
    }
    else {
@ -282,6 +304,28 @@ sub cmd_account_create($@)
    }
 }
 sub cmd_account_delete($@)
 {
    my $login = shift;
    my $ldap = LDAP::ldap_connect();
    my $dn = LDAP::search_dn($ldap, "ou=users", "uid=$login");
    log(DEBUG, "Deleting dn: $dn ...");
    if (LDAP::delete_entry($ldap, $dn))
    {
 	log DONE, "Account ", YELLOW, $login, RESET, " successfully deleted.";
 	return 0;
    }
    else
    {
 	log ERROR, "Unable to delete account ", YELLOW, $login, RESET, ".";
 	return 1;
    }
 }
 sub cmd_account_grantintra($@)
 {
    my $login = shift;
@ -300,27 +344,58 @@ sub cmd_account_grantintra($@)
 sub cmd_account_grantlab($@)
 {
    my $login = shift;
-    my $group = shift;
+    my $group = shift // "";
-    if ($group ne "acu" && $group ne "yaka") {
+    if ($group ne "acu" && $group ne "yaka" && $group ne "ferry")
-	log(USAGE, "lpt account <login> grantlab <acu|yaka>");
+    {
 	log(USAGE, "lpt account <login> grant-lab <acu|yaka|ferry>");
 	return 1;
    }
    my $ldap = LDAP::ldap_connect();
    my $dn = LDAP::search_dn($ldap, "ou=users", "uid=$login");
    my $entry = LDAP::get_dn($ldap, $dn, "objectClass", "mail", "mailAlias", "mailAccountActive", "loginShell", "homeDirectory", "gidNumber");
    if (!LDAP::get_attribute($ldap, $dn, "mail")) {
 	LDAP::add_attribute($ldap, $dn, "mail", "$login\@epita.fr");
    }
-    LDAP::add_attribute($ldap, $dn, "mailAlias", "$login\@$group.epita.fr");
+    if ($group eq "acu" || $group eq "yaka")
-    LDAP::update_attribute($ldap, $dn, "mailAccountActive", "yes");
+    {
-    LDAP::add_attribute($ldap, $dn, "objectClass", "MailAccount");
+	if (! grep { $_ eq "MailAccount" } @{ $entry->get_value("objectClass") })
-    LDAP::add_attribute($ldap, $dn, "objectClass", "labAccount");
+	{
 	    $entry->replace("mailAccountActive" => [ "yes" ]);
-    log(INFO, "$login now grants to receive e-mail and connect in laboratory.");
+	    my @oc = $entry->get_value("objectClass");
 	    push @oc, "MailAccount";
 	    $entry->replace("objectClass" => \@oc);
 	    my @aliases = $entry->get_value("mailAlias");
 	    push @aliases, "$login\@$group.epita.fr";
 	    $entry->replace("objectClass" => \@aliases);
 	}
 	$entry->replace("loginShell" => [ "/bin/zsh" ]) if ($entry->get_value("loginShell"));
 	$entry->replace("homeDirectory" => [ "/home/201X/$login" ]) if ($entry->get_value("homeDirectory"));
 	$entry->replace("gidNumber" => [ "4242" ]) if ($entry->get_value("gidNumber"));
    }
    elsif ($group eq "ferry")
    {
 	$entry->replace("loginShell" => [ "/bin/noexists" ]);
 	$entry->replace("homeDirectory" => [ "/dev/null" ]);
 	$entry->replace("gidNumber" => [ "4243" ]);
    }
    my @oc = $entry->get_value("objectClass");
    push @oc, "labAccount";
    $entry->replace("objectClass" => \@oc);
    my $mesg = $entry->update($ldap) or die $!;
    if ($mesg->code != 0) { log(WARN, $mesg->error); return 0; }
    log(INFO, "$login now grants to receive e-mail and connect in laboratory.") if ($group eq "acu" || $group eq "yaka");
    log(INFO, "$login now grants to connect in laboratory for exam.") if ($group eq "ferry");
    $ldap->unbind or die ("couldn't disconnect correctly");
 }
@ -1855,10 +1930,12 @@ B<lpt account> <login> I<grant-intra>
 	Give rights to the user to access the intranet.
-B<lpt account> <login> I<grant-lab>
+B<lpt account> <login> I<grant-lab> <acu | yaka | ferry>
 	Give rights to the user to access intern systems of the laboratory (SSH, Unix, ...)
        If ferry is given, open an account for exam only, with restricted rights.
 B<lpt account> <login> I<grant-mail>
 	Give rights to the user to receive e-mails.
@ -1871,6 +1948,11 @@ B<lpt account> <login> I<close>
 	This is used to close an existing account.
 B<lpt account> <login> I<delete>
 	This is used to delete an existing account.
        NEVER DELETE AN ACCOUNT, close it instead.
 B<lpt account> <login> I<mail> [new-mail]
 	This is used to display, or change if [new-mail] is given, the account contact adress.