usage "Host must be specified using the -H option"
fi
if [ -z "${search_dn}" ]; then
usage "Search DN must be specified using the -b option"
fi
if ! users="$(get_users "${host}" "${search_dn}" "${port}" "${user_field}")"; then
echo "ERROR: looking up user list from '${host}' at '${search_dn}' failed." >&2
exit 1
fi
for u in ${users}; do
if ! shell="$(get_user_shell "${u}" "${host}" "${search_dn}" "${port}" "${user_field}" "$
{shell_field}")"; then
echo "WARNING: could not find shell for '${u}', skipping..."
continue
fi
if [ -z "${remove_flag}" ]; then
if [ -z "${dry_run}" ]; then
echo "Adding user '${u}' with crayLoginShell '${shell}'"
if ! ux-tenant-add-user -s "${shell}" -u "${u}" ; then
echo "WARNING: adding user '${u}' with crayLoginShell '${shell}' failed, skipping this
user"
continue
fi
else
echo "Not really adding user '${u}' with crayLoginShell '${shell}' (dry-run)"
fi
else
if [ -z "${dry_run}" ]; then
echo "Removing user '${u}'"
if ! ux-tenant-remove-user -u "${u}" ; then
echo "WARNING: removing user '${u}' failed, skipping this user"
continue
fi
else
echo "Not really removing user '${u}' (dry-run)"
fi
fi
done
exit 0
This script mainly provides the means for getting a list of users, and for each user:
●
getting the user's login shell setting
●
adding the user using
uxtenant-add-user
The following code snippet shows how the list of users is retrieved by this script:
# Read a list of users from LDAP and return the list as a space
# separated list of user names.
get_users() {
host="-h ${1}"
search_dn="-b ${2}"
port=""
query="-t uid"
user_field="uid"
if [ ! -z "${3}" ]; then
port="-p ${3}"
fi
if [ ! -z "${4}" ]; then
query="-t ${4}"
user_field="${4}"
fi
search="ldapsearch ${host} ${port} -x ${search_dn} ${query}"
grep="grep ^${user_field}:[[:space:]]"
sed="sed -e s/^${user_field}:[[:space:]][[:space:]]*//"
out="$(${search} | ${grep} | ${sed})"
if [ $? -ne 0 ]; then
return 1
fi
echo ${out}
Security
S3016
212
