Script to create new user in LDAP

Hello all,

I am currently attempting to write a bash script that will ask for the various criteria we need to create a new user in OpenLDAP and then execute the commands creating the user. The hangup I have right now is we have two text files, availableuid and availablegid, which contain the next available uid or gid respectively. The problem is how do I get the number out of these two text files, use them as a variable, then once the script runs successfully increment each of the numbers by 1.

Beyond that I should be able to do what I need. Although I am currently trying to do this in a bash script, I have thought of possibly trying to do a php page that we can input the needed data in and have it run all the commands on the various servers needed to create the user. However I am not that versed in php or how it can interact with the command line so that may be better for another day.

I have done bash scripts before but never anything this "fancy". So any help is very welcome.

Quote:

Originally Posted by kameleon25 Hello all, I am currently attempting to write a bash script that will ask for the various criteria we need to create a new user in OpenLDAP and then execute the commands creating the user. The hangup I have right now is we have two text files, availableuid and availablegid, which contain the next available uid or gid respectively. The problem is how do I get the number out of these two text files, use them as a variable, then once the script runs successfully increment each of the numbers by 1. Beyond that I should be able to do what I need. Although I am currently trying to do this in a bash script, I have thought of possibly trying to do a php page that we can input the needed data in and have it run all the commands on the various servers needed to create the user. However I am not that versed in php or how it can interact with the command line so that may be better for another day. I have done bash scripts before but never anything this "fancy". So any help is very welcome.

Post what you've written so far, and where you're stuck, and we can help. And there are many bash scripting guides you can reference and find via Google, to get you started. One of the best is this:
http://tldp.org/LDP/abs/html/

I'd suggest using "tail -n 1 <filename>" to grab just the last line of a file, then put it through "cut" to grab the field you're interested in. Once you do that, you've got your two variables, so run the rest of the commands, and (at the very last), write a new line to the files with "echo <whatever variable/string you want> >> <filename>".

Quote:

Originally Posted by TB0ne Post what you've written so far, and where you're stuck, and we can help. And there are many bash scripting guides you can reference and find via Google, to get you started. One of the best is this: http://tldp.org/LDP/abs/html/ I'd suggest using "tail -n 1 <filename>" to grab just the last line of a file, then put it through "cut" to grab the field you're interested in. Once you do that, you've got your two variables, so run the rest of the commands, and (at the very last), write a new line to the files with "echo <whatever variable/string you want> >> <filename>".

So far I have the code below. I can successfully pull the numbers for VAR1 and VAR2. My problem is that I need to take VAR1/VAR2 and increment them each by +1 and rewrite it back to the respective file. So if it starts at 1052 it will write 1053 to the file. Also I need to figure out how to make 'smbpasswd -a username' work properly in the script. I will use a temporary password to setup the account.

Code:

#!/bin/bash
# We get the variables by running as:
# /root/scripts/newuser.sh Firstname Lastname username homesambaserver
# for reference:           $1        $2       $3       $4              
#
# Set the LDAP admin password so it is not plaintext and not in .bash_history 
read -p "Enter the password for the LDAP administrator: "
# This variable is set as $REPLY
#
# Set uid and gid variables
VAR1=$(tail -n 1 /root/ldap/availableuid | cut -f1)
VAR2=$(tail -n 1 /root/ldap/availablegid | cut -f1)

# First start by creating the ldif file for the user and 
# placing it in /root/ldap/newusers

echo "dn: uid=$3,ou=People,dc=mdah,dc=state,dc=ms,dc=us
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
objectClass: hostObject
cn: $1 $2
sn: $2
givenName: $1
uid: $3
uidNumber: $VAR1
gidNumber: $VAR2
homeDirectory: /home/$3
mail: $3@mdah.state.ms.us
shadowLastChange: 13896
shadowMax: 99999
shadowWarning: 7
loginShell: /bin/bash
gecos: $1 $2
userPassword: {CRYPT}blahbityblahblah
host: $4" > /root/ldap/newusers/$3.ldif

# Now we create the profilepaths.ldif file for the user
 
echo "dn: uid=$3,ou=People,dc=mdah,dc=state,dc=ms,dc=us
changetype: modify
replace: sambaProfilePath
sambaProfilePath: //$4/profiles/$3
-
replace: sambaHomePath
sambaHomePath: //$4/$3
-
replace: sambaLogonScript
sambaLogonScript: scripts/$3.bat
-
replace: sambaHomeDrive
sambaHomeDrive: R:" > /root/ldap/newusers/$3-profilepath.ldif

# and we use sed to replace the forward slashes with backslashes

sed -i 's/\//\\/g' /root/ldap/newusers/$3-profilepath.ldif

# Now we use ldapadd to add the user

ldapadd -D "cn=superuser,dc=mdah,dc=state,dc=ms,dc=us" -w $REPLY -x -v -f /root/ldap/newusers/$3.ldif

# I need to figure out how to set the default temporary password here.
# Normally we would run 'smbpasswd -a username' and type the password twice
# but not sure how to do it in a script. Investigating that now.

smbpasswd -a $3

# Now we run the ldapmodify command to add the profilepaths to the user in ldap

ldapmodify -D "cn=superuser,dc=mdah,dc=state,dc=ms,dc=us" -w $REPLY -x -v -f /root/ldap/newusers/$3-profilepath.ldif

More to come as I add the logging in to the users home server and creating the proper directories.

Quote:

Originally Posted by kameleon25 So far I have the code below. I can successfully pull the numbers for VAR1 and VAR2. My problem is that I need to take VAR1/VAR2 and increment them each by +1 and rewrite it back to the respective file. So if it starts at 1052 it will write 1053 to the file. Also I need to figure out how to make 'smbpasswd -a username' work properly in the script. I will use a temporary password to setup the account. Code: #!/bin/bash # We get the variables by running as: # /root/scripts/newuser.sh Firstname Lastname username homesambaserver # for reference: $1 $2 $3 $4 # I need to figure out how to set the default temporary password here. # Normally we would run 'smbpasswd -a username' and type the password twice # but not sure how to do it in a script. Investigating that now. smbpasswd -a $3 # Now we run the ldapmodify command to add the profilepaths to the user in ldap ldapmodify -D "cn=superuser,dc=mdah,dc=state,dc=ms,dc=us" -w $REPLY -x -v -f /root/ldap/newusers/$3-profilepath.ldif More to come as I add the logging in to the users home server and creating the proper directories.

Good start..you're almost there. To address the first issue about the smbpasswd command, look at the man page for smbpasswd, specifically the "-w" option. From the man page:

Code:

-w password
           This parameter is only available if Samba has been compiled with LDAP support. The -w switch is used 
           to specify the password to be used with the ldap admin dn. Note that the password is stored in the 
           secrets.tdb and is keyed off of the admin´s DN. This means that if the value of ldap
           admin dn ever changes, the password will need to be manually updated as well.

..that may work. As far as updating the number, since you're already pulling it out into VAR1 and 2, just put something in there to tick up the value by one at the very end, something like:

Code:

$VAR1 = $VAR1 + 1  will increment the variable by 1
...then when you're done....
echo $VAR1 >>  /root/ldap/availableuid  will append the new value to the file

Needs polish, but you get the idea.

Quote:

Originally Posted by TB0ne Good start..you're almost there. To address the first issue about the smbpasswd command, look at the man page for smbpasswd, specifically the "-w" option. From the man page: Code: -w password This parameter is only available if Samba has been compiled with LDAP support. The -w switch is used to specify the password to be used with the ldap admin dn. Note that the password is stored in the secrets.tdb and is keyed off of the admin´s DN. This means that if the value of ldap admin dn ever changes, the password will need to be manually updated as well.

That is only for adding a server AFAIK. The -a option is to add a user and believe me you must have that -a or things go bad quickly. Maybe I can automate this with expect

Quote:

..that may work. As far as updating the number, since you're already pulling it out into VAR1 and 2, just put something in there to tick up the value by one at the very end, something like: Code: $VAR1 = $VAR1 + 1 will increment the variable by 1 ...then when you're done.... echo $VAR1 >> /root/ldap/availableuid will append the new value to the file Needs polish, but you get the idea.

Thanks for that. I have tried what you said in a small test script as below:

Code:

VAR1=$(tail -n 1 /root/ldap/availableuid | cut -f1)
VAR2=$(tail -n 1 /root/ldap/availablegid | cut -f1)
echo "before uid: $VAR1"
echo "before gid: $VAR2"
$VAR1 = $VAR1 + 1
$VAR2 = $VAR2 + 1
echo $VAR1 >> /root/ldap/availableuid
echo $VAR2 >> /root/ldap/availablegid

However when I run it I get this as the output:

Code:

[root@mail newusers]# /root/scripts/newuser.sh
before uid: 1052
before gid: 1062
: command not founder.sh: line 6: 1052
: command not founder.sh: line 7: 1062
[root@mail newusers]#

So I am not sure what all that means.

On a side note: I am having good luck so far in my testing with embedding expect commands in the bash script. Once I get done with the bash script I may look at porting it to a php script so we can do it web based instead of command line.

Quote:

Originally Posted by kameleon25 I have tried what you said in a small test script as below: Code: VAR1=$(tail -n 1 /root/ldap/availableuid | cut -f1) VAR2=$(tail -n 1 /root/ldap/availablegid | cut -f1) echo "before uid: $VAR1" echo "before gid: $VAR2" $VAR1 = $VAR1 + 1 $VAR2 = $VAR2 + 1 echo $VAR1 >> /root/ldap/availableuid echo $VAR2 >> /root/ldap/availablegid However when I run it I get this as the output: Code: [root@mail newusers]# /root/scripts/newuser.sh before uid: 1052 before gid: 1062 : command not founder.sh: line 6: 1052 : command not founder.sh: line 7: 1062 [root@mail newusers]# So I am not sure what all that means.

You only need to prepend a dollar sign when you need to get the value of a variable. Therefore your lines 6 and 7 should be:

Code:

VAR1 = $VAR1 + 1
VAR2 = $VAR2 + 1

Otherwise Bash tries to execute the values of VARs as commands, and you get "command not found".

Quote:

Originally Posted by Marios Zindilis You only need to prepend a dollar sign when you need to get the value of a variable. Therefore your lines 6 and 7 should be: Code: VAR1 = $VAR1 + 1 VAR2 = $VAR2 + 1 Otherwise Bash tries to execute the values of VARs as commands, and you get "command not found".

Ahhh that explains it. I will try it as soon as I get back to the office in the morning. Thanks!

Ok this is odd. Here is the updated file:

Code:

#!/bin/bash
VAR1=$(tail -n 1 /root/ldap/availableuid | cut -f1)
VAR2=$(tail -n 1 /root/ldap/availablegid | cut -f1)
echo "before uid: $VAR1"
echo "before gid: $VAR2"
VAR1 = $VAR1 + 1
VAR2 = $VAR2 + 1
echo $VAR1 >> /root/ldap/availableuid
echo $VAR2 >> /root/ldap/availablegid

But now I get this:

Code:

/root/scripts/newuser.sh
before uid: 1052
before gid: 1062
/root/scripts/newuser.sh: line 6: VAR1: command not found
/root/scripts/newuser.sh: line 7: VAR2: command not found

I took the $ out from before the VAR1 and VAR2 where I am adding the +1 but it still don't like that. I figured it wouldn't be that easy.

Got it! Here is the working code:

Code:

#!/bin/bash
VAR1=$(tail -n 1 /root/ldap/availableuid | cut -f1)
VAR2=$(tail -n 1 /root/ldap/availablegid | cut -f1)
echo "before uid: $VAR1"
echo "before gid: $VAR2"
let "VAR3=$VAR1+1"
let "VAR4=$VAR2+1"
echo $VAR3 >> /root/ldap/availableuid
echo $VAR4 >> /root/ldap/availablegid

Plus I had to remove any other marks in the /root/ldap/availableu(g)id files. I think they were formatted DOS files at one point because they had a ^M at the end of the first line. I figure the +1 had a hard time with that! Now on to bigger things.

Right, I only caught the thing with the dollar sign. You can also increment a variable a-la-C, like (( VAR++ )) or let "VAR++", thus saving the need for additional variables. For example the following script:

Code:

#!/bin/bash

VAR1=10
VAR2=20 

echo $VAR1
echo $VAR2

(( VAR1++ ))
let "VAR2++"

echo $VAR1
echo $VAR2

outputs:

Code:

10
20
11
21