adduser-devel@lists.alioth.debian.org
2003-Aug-31 12:19 UTC
[Adduser-devel] rev 103 - in branches/adduser-ldap: . debian
Author: rb
Date: 2003-08-31 14:19:31 +0200 (Sun, 31 Aug 2003)
New Revision: 103
Added:
branches/adduser-ldap/AdduserFile.pm
branches/adduser-ldap/AdduserLDAP.pm
branches/adduser-ldap/README.LDAP
branches/adduser-ldap/notes.LDAP
Modified:
branches/adduser-ldap/AdduserCommon.pm
branches/adduser-ldap/adduser
branches/adduser-ldap/adduser.conf
branches/adduser-ldap/debian/conffiles
branches/adduser-ldap/debian/control
branches/adduser-ldap/debian/postinst
branches/adduser-ldap/debian/rules
branches/adduser-ldap/deluser
Log:
applied LDAP patch by Matthew Palmer
Modified: branches/adduser-ldap/AdduserCommon.pm
==================================================================---
branches/adduser-ldap/AdduserCommon.pm 2003-08-31 12:14:15 UTC (rev 102)
+++ branches/adduser-ldap/AdduserCommon.pm 2003-08-31 12:19:31 UTC (rev 103)
@@ -84,7 +84,7 @@
chomp;
next if /^#/ || /^\s*$/;
- if ((($var, $val) = /^\s*(\S+)\s*=\s*(.*)/) != 2) {
+ if ((($var, $val) = /^\s*([a-zA-Z0-9_]+)\s*=\s*(.*)/) != 2) {
warnf(_("Couldn''t parse %s:%s.\n"),$conf_file,$.);
next;
}
Added: branches/adduser-ldap/AdduserFile.pm
==================================================================---
branches/adduser-ldap/AdduserFile.pm 2003-08-31 12:14:15 UTC (rev 102)
+++ branches/adduser-ldap/AdduserFile.pm 2003-08-31 12:19:31 UTC (rev 103)
@@ -0,0 +1,92 @@
+# Functions used to manipulate user and group information with the standard
+# file-based tools (useradd, groupadd, et al)
+#
+# Based on the code previously in adduser(8), ripped out and procedurised by
+# Matthew Palmer <mpalmer@debian.org>.
+#
+# Copyright (C) 2003 Matthew Palmer <mpalmer@debian.org>
+# Copyright (C) 1997, 1998, 1999 Guy Maor <maor@debian.org>
+# Copyright (C) 1995 Ted Hajek <tedhajek@boombox.micro.umn.edu>
+# Ian A. Murdock <imurdock@gnu.ai.mit.edu>
+# Bugfixes and other improvements Roland Bauerschmidt <rb@debian.org>
+# LDAP support programmed by Matthew Palmer <mpalmer@debian.org>
+# General scheme of the program adapted by the original debian
''adduser''
+# program by Ian A. Murdock <imurdock@gnu.ai.mit.edu>.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+sub addgroup_file
+{
+ my ($name,$gid) = @_;
+
+ &systemcall(''/usr/sbin/groupadd'',
''-g'', $gid, $name);
+}
+
+sub addusertogroup_file
+{
+ my ($user, $group) = @_;
+
+ &systemcall(''/usr/bin/gpasswd'', ''-M'',
+ join('','', get_group_members($group), $user),
+ $group);
+}
+
+sub adduser_file
+{
+ my ($name, $uid, $gid, $home, $shell, $gecos) = @_;
+
+ &systemcall(''/usr/sbin/useradd'', ''-d'',
$home, ''-g'', $gid,
+ ''-s'', $shell, ''-u'', $uid, $name);
+
+ if (defined($gecos)) {
+ &ch_gecos($gecos);
+ }
+}
+
+sub deluser_file
+{
+ my $user = shift;
+
+ systemcall("/usr/sbin/userdel", $user);
+}
+
+sub delgroup_file
+{
+ my $group = shift;
+
+ systemcall("/usr/sbin/groupdel", $group);
+}
+
+sub deluserfromgroup_file
+{
+ my @members = get_group_members($group);
+ my $ismember = 0;
+
+ for($i = 0; $i <= $#members; $i++) {
+ if($members[$i] eq $user) {
+ $ismember = 1;
+ splice(@members,$i,1);
+ }
+ }
+
+ unless($ismember) {
+ dief(_("%s is not a member of group %s.\n"),$user,$group);
+ }
+
+ #systemcall("usermod","-G",
join(",",@groups), $user );
+ systemcall(''/usr/bin/gpasswd'',''-M'',
join('','',@members), $group);
+}
+
+return 1;
Added: branches/adduser-ldap/AdduserLDAP.pm
==================================================================---
branches/adduser-ldap/AdduserLDAP.pm 2003-08-31 12:14:15 UTC (rev 102)
+++ branches/adduser-ldap/AdduserLDAP.pm 2003-08-31 12:19:31 UTC (rev 103)
@@ -0,0 +1,205 @@
+# Functions used to manipulate user and group information stored in LDAP.
+#
+# Copyright (C) 2003 Matthew Palmer <mpalmer@debian.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+use Net::LDAP;
+
+sub bind_db
+{
+ my $binddn = $config{ldap_binddn};
+ my $bindpw = $config{ldap_bindpw};
+ my $host = $config{ldap_server};
+ my $port = $config{ldap_port};
+
+ my $ds = Net::LDAP->new($host, port => $port);
+
+ my $rv;
+ $rv = $ds->bind($binddn, password => $bindpw);
+
+ if ($rv->code)
+ {
+ die "LDAP Failure: ".$rv->error;
+ }
+
+ return $ds;
+}
+
+sub addgroup_ldap
+{
+ my ($name,$gid) = @_;
+ my $rv;
+
+ # Create a new entry under LDAP_RDN_GROUPS of type posixGroup
+ $ds = bind_db();
+
+ my $entry_dn =
"cn=$name,$config{ldap_rdn_groups},$config{ldap_basedn}";
+ my $add_data = [ ''objectclass'' => [
''top'', ''posixGroup'' ],
+ ''cn'' => $name,
+ ''gidNumber'' => $gid
+ ];
+ $rv = $ds->add($entry_dn, attrs => $add_data);
+
+ if ($rv->code)
+ {
+ print "Failed to add the group: ".$rv->error."\n";
+ }
+
+ $ds->unbind();
+}
+
+sub addusertogroup_ldap
+{
+ my ($user, $group) = @_;
+
+ my $rv;
+
+ # Add a new attribute to cn=$group,LDAP_RDN_GROUPS,LDAP_BASEDN
+ # of "memberuid=$user"
+ $ds = bind_db();
+
+ my $entry_dn =
"cn=$group,$config{ldap_rdn_groups},$config{ldap_basedn}";
+ my $add_data = [ ''memberuid'' => $user ];
+ $rv = $ds->modify($entry_dn, add => $add_data);
+
+ if ($rv->code)
+ {
+ print "Failed to add the group: ".$rv->error;
+ }
+
+ $ds->unbind();
+}
+
+sub adduser_ldap
+{
+ my ($name, $uid, $gid, $home, $shell, $gecos) = @_;
+
+ my $rv;
+
+ # Add a new entry in uid=$name,LDAP_RDN_USERS,LDAP_BASEDN of type
+ # posixAccount
+ $ds = bind_db();
+
+ if ($gecos ne '''')
+ {
+ my $cn = $gecos;
+ } else {
+ my $cn = $name;
+ }
+
+ my $entry_dn =
"uid=$name,$config{ldap_rdn_users},$config{ldap_basedn}";
+ my $add_data = [ ''objectclass'' => [
''top'', ''posixAccount'' ],
+ ''cn'' => $name,
+ ''uid'' => $name,
+ ''uidNumber'' => $uid,
+ ''gidNumber'' => $gid,
+ ''homeDirectory'' => $home,
+ ''loginShell'' => $shell
+ ];
+
+ if ($gecos ne '''')
+ {
+ $add_data{''gecos''} = $gecos;
+ }
+ $rv = $ds->add($entry_dn, attrs => $add_data);
+
+ if ($rv->code)
+ {
+ print "Failed to add the user: ".$rv->error."\n";
+ }
+
+ $ds->unbind();
+}
+
+# Private helper function to check simply if the attribute and value
+# (specified as attr=value) exists in the given OU of the LDAP database
+# (relative to LDAP_BASEDN).
+sub ldap_rdn_exists
+{
+ my ($attr, $ou) = @_;
+
+ my $ds = bind_db();
+ my $base = "$ou,".$config{''ldap_basedn''};
+
+ my $res = $ds->search(
+ ''base'' => $base,
+ ''filter'' => "($attr)");
+
+ if ($res->count == 0)
+ {
+ return undef;
+ }
+ else
+ {
+ if ($res->count > 1)
+ {
+ print "WARNING: Multiple matching entries for $attr in $base"
+ }
+ my $entry = $res->entry(0);
+ return $entry->dn();
+ }
+}
+
+sub deluser_ldap
+{
+ my $name = shift;
+
+ my $dn = ldap_rdn_exists("uid=$name",
$config{''ldap_rdn_users''});
+ if (!$dn)
+ {
+ deluser_file($name);
+ return;
+ }
+
+ # Remove the DN uid=$name,LDAP_RDN_USERS,LDAP_BASEDN from the system
+ my $ds = bind_db();
+
+ $ds->delete($dn);
+}
+
+sub delgroup_ldap
+{
+ my $name = shift;
+
+ my $dn = ldap_rdn_exists("cn=$name",
$config{''ldap_rdn_groups''});
+ if (!$dn)
+ {
+ delgroup_file($name);
+ return;
+ }
+
+ # Remove the DN cn=$name,LDAP_RDN_GROUPS,LDAP_BASEDN
+ my $ds = bind_db();
+
+ $ds->delete($dn);
+}
+
+sub deluserfromgroup_ldap
+{
+ my ($user, $group) = @_;
+
+ # Remove the entry memberuid=$user from
+ # cn=$group,LDAP_RDN_GROUPS,LDAP_BASEDN
+
+ my $dn =
"cn=$group,".$config{''ldap_rdn_groups''}.",".$config{''ldap_basedn''};
+ my $del_data = [ ''memberuid'' => $user ];
+
+ my $ds = bind_db();
+
+ $ds->modify($dn, delete => $del_data);
+}
+
+return 1;
Added: branches/adduser-ldap/README.LDAP
==================================================================---
branches/adduser-ldap/README.LDAP 2003-08-31 12:14:15 UTC (rev 102)
+++ branches/adduser-ldap/README.LDAP 2003-08-31 12:19:31 UTC (rev 103)
@@ -0,0 +1,69 @@
+Adduser now has in-built LDAP support! No more locally hacked adduser
+scripts, or going to other means of manipulating your users. Now you can
+screw with them, right from the command line, with the default tools!
+
+To do this, you will need to install the following packages (as suggested by
+adduser anyway):
+
+* libnet-ldap-perl (be warned, it''ll pull in 3MB of dependencies)
+* libpam-ldap
+* libnss-ldap
+
+If you''re already using LDAP, you''ll probably have these
already.
+
+It''s best if you use the LDAP-specific versions of chsh and chfn,
although
+it may break your non-LDAP users (anyone volunteering to rewrite these
+utils to support both files and LDAP?) so you have been warned.
+
+To install LDAP-specific versions of these tools, try this:
+
+dpkg-divert --add /usr/bin/chsh
+cp /usr/share/doc/libpam-ldap/examples/chsh /usr/bin
+chmod 0755 /usr/bin/chsh
+dpkg-divert --add /usr/bin/chfn
+cp /usr/share/doc/libpam-ldap/examples/chfn /usr/bin
+chmod 0755 /usr/bin/chfn
+
+They will require a minor bit of hacking to make them work, to set the
+config file location correctly.
+
+You''ll also need to have libpam-ldap and libnss-ldap working properly
before
+doing LDAP-enabled adduser stuff. There''s info out there, please use
it.
+People pestering me or Roland about how to set up nss_ldap or pam_ldap will
+be /dev/nulled (if you''re lucky). I''ll give you one hint,
though: use the
+crypt password changing mechanism. exop is cool, but it''ll set SSHA
+passwords which nothing else can understand.
+
+As for adduser config, wander into /etc/adduser.conf, and add the config
+fragment which is available from
+/usr/share/doc/adduser/examples/adduser_ldap.conf.
+The second option, SYSTEM_BACKEND, is available if you wanna go
+totally nuts and store all your system users (those not corresponding to
+real people, but rather to system services and such) in LDAP as well.
I''m
+not a real fan of that myself, but it''s your system!
+
+Once you''ve said "yes, computer, I want to use LDAP for my user
data storage
+needs", you need to tell adduser all about your LDAP configuration.
That''s
+in the options starting with LDAP_ (at the bottom of /etc/adduser.conf).
+Since storing auth credentials in a world-readable file is a really bad
+idea, adduser.conf should be readable and writable by root only. It''s
+recommended that you chmod 0600 /etc/adduser.conf. The bind DN, bind
+password, and base DN will all have to be modified to suit your needs, if
+you''ve got a bog standard setup you should be able to leave the RDN
entries
+as they are.
+
+I''ve been asked why /etc/ldap.secret isn''t used. I believe
that, as it
+stands, ldap.secret is a nasty hack, due mainly to the problem that the bind
+DN isn''t stored with the authentication credential, so if I (for
instance)
+said "I want to bind as foo" in libpam-ldap.conf, and "I want to
bind as
+bar" in adduser.conf, you''d be in for a whole world of trouble.
+
+If someone wants to extend the ldap.secret file to store both the bind DN
+and password, I''d be much happier supporting it. Defining what
precisely
+the structure of the file should be would also be a help.
+
+That''s pretty much it. Presently, there''s not a lot of bells
and whistles -
+suggestions are welcome, though. I know a lot of people out there are using
+LDAP to do extra stuff, like storing Samba account info. Feel free to let
+me know what you''d like to see in adduser''s LDAP support, and
I''ll see about
+putting it in.
Modified: branches/adduser-ldap/adduser
==================================================================---
branches/adduser-ldap/adduser 2003-08-31 12:14:15 UTC (rev 102)
+++ branches/adduser-ldap/adduser 2003-08-31 12:19:31 UTC (rev 103)
@@ -9,6 +9,7 @@
# Copyright (C) 1995 Ted Hajek <tedhajek@boombox.micro.umn.edu>
# Ian A. Murdock <imurdock@gnu.ai.mit.edu>
# Bugfixes and other improvements Roland Bauerschmidt <rb@debian.org>
+# LDAP support programmed by Matthew Palmer <mpalmer@debian.org>
# General scheme of the program adapted by the original debian
''adduser''
# program by Ian A. Murdock <imurdock@gnu.ai.mit.edu>.
#
@@ -96,6 +97,8 @@
$allow_badname = 0; # should we allow bad names?
$ask_passwd = 1; # ask for a passwd?
+$cleaning_up = 0;
+
$defaults = "/etc/adduser.conf";
$nogroup_id = getgrnam("nogroup") || 65534;
$0 =~ s+.*/++;
@@ -118,6 +121,18 @@
$config{"quotauser"} = "";
$config{"dir_mode"} = "0755";
$config{"setgid_home"} = "no";
+$config{"remove_home"} = 0;
+$config{"remove_all_files"} = 0;
+$config{"backup"} = 0;
+$config{"normal_backend"} = "file";
+$config{"system_backend"} = "file";
+$config{"ldap_server"} = "";
+$config{"ldap_port"} = "";
+$config{"ldap_binddn"} = "";
+$config{"ldap_bindpw"} = "";
+$config{"ldap_basedn"} = "";
+$config{"ldap_rdn_groups"} = "";
+$config{"ldap_rdn_users"} = "";
$action = $0 eq "addgroup" ? "addgroup" :
"adduser";
@@ -260,6 +275,26 @@
&checkname($new_name) if defined $new_name;
$SIG{''INT''} = $SIG{''QUIT''} =
$SIG{''HUP''} = ''handler'';
+if ($config{"normal_backend"} eq ''ldap'')
+{
+ $function_suffix = "ldap";
+ require Debian::AdduserLDAP;
+ if ($config{"system_backend"} eq ''yes'')
+ {
+ $sysfunction_suffix = "ldap";
+ }
+ else
+ {
+ $sysfunction_suffix = "file";
+ use Debian::AdduserFile;
+ }
+}
+else
+{
+ $function_suffix = "file";
+ $sysfunction_suffix = "file";
+}
+
#################
## addsysgroup ##
#################
@@ -283,7 +318,8 @@
printf (_("Adding group %s (%s)...\n"),$new_name,$new_gid) if
$verbose;
&invalidate_nscd("group");
- &systemcall(''/usr/sbin/groupadd'',
''-g'', $new_gid, $new_name);
+ $func = "addgroup_$sysfunction_suffix";
+ &$func($new_name, $new_gid);
&invalidate_nscd("group");
print _("Done.\n") if $verbose;
exit 0;
@@ -313,7 +349,8 @@
printf (_("Adding group %s (%s)...\n"),$new_name,$new_gid) if
$verbose;
&invalidate_nscd("group");
- &systemcall(''/usr/sbin/groupadd'',
''-g'', $new_gid, $new_name);
+ $func = "addgroup_$function_suffix";
+ &$func($new_name, $new_gid);
&invalidate_nscd("group");
print _("Done.\n") if $verbose;
exit 0;
@@ -337,14 +374,8 @@
printf _("Adding user %s to group
%s...\n"),$existing_user,$existing_group
if $verbose;
&invalidate_nscd();
- # FIXME - the next line has a race condition.
- #&systemcall(''usermod'', ''-G'',
- #join(",", get_users_groups($existing_user), $existing_group),
- #$existing_user);
- &systemcall(''/usr/bin/gpasswd'',
''-M'',
- join('','', get_group_members($existing_group),
$existing_user),
- $existing_group);
- #&systemcall(''gpasswd'',
''-a'',$existing_user,$existing_group);
+ $func = "addusertogroup_$function_suffix";
+ &$func($existing_user, $existing_group);
&invalidate_nscd();
print _("Done.\n") if $verbose;
exit 0;
@@ -407,7 +438,8 @@
if ($make_group_also) {
print _("Adding new group $new_name ($new_gid).\n") if $verbose;
$undogroup = $new_name;
- &systemcall(''/usr/sbin/groupadd'',
''-g'', $new_gid, $new_name);
+ $func = "addgroup_$sysfunction_suffix";
+ &$func($new_name, $new_gid);
&invalidate_nscd("group");
}
@@ -416,14 +448,12 @@
$home_dir = $special_home || &homedir($new_name, $ingroup_name);
$shell = $special_shell || ''/bin/false'';
$undouser = $new_name;
- &systemcall(''/usr/sbin/useradd'',
''-d'', $home_dir, ''-g'', $ingroup_name,
''-s'',
- $shell, ''-u'', $new_uid, $new_name);
+ @grinfo = getgrnam($ingroup_name);
+ $gid = $grinfo[2];
+ $func = "adduser_$sysfunction_suffix";
+ &$func($new_name, $new_uid, $gid, $home_dir, $shell, $new_gecos);
&invalidate_nscd();
- if(defined($new_gecos)) {
- &ch_gecos($new_gecos);
- }
-
if ($no_create_home) {
print _("Not creating home directory.\n") if $verbose;
} elsif (-e $home_dir) {
@@ -494,7 +524,8 @@
if ($make_group_also) {
printf _("Adding new group %s (%s).\n"),$new_name,$new_gid if
$verbose;
$undogroup = $new_name;
- &systemcall(''/usr/sbin/groupadd'',
''-g'', $new_gid, $new_name);
+ $func = "addgroup_$function_suffix";
+ &$func($new_name,$new_gid);
&invalidate_nscd();
}
@@ -503,8 +534,11 @@
$home_dir = $special_home || &homedir($new_name, $ingroup_name);
$shell = $special_shell || $config{"dshell"};
$undouser = $new_name;
- &systemcall(''/usr/sbin/useradd'',
''-d'', $home_dir, ''-g'', $ingroup_name,
''-s'',
- $shell, ''-u'', $new_uid, $new_name);
+ @grinfo = getgrnam($ingroup_name);
+ $gid = $grinfo[2];
+ print "Groupinfo returned @grinfo\n" if $debugging;
+ $func = "adduser_$function_suffix";
+ &$func($new_name, $new_uid, $gid, $home_dir, $shell, $new_gecos);
&invalidate_nscd();
if (-e $home_dir) {
@@ -544,13 +578,10 @@
}
}
- if (defined($new_gecos)) {
- &ch_gecos($new_gecos);
- }
- else {
+ if (!defined($new_gecos)) {
for (;;) {
&systemcall(''/usr/bin/chfn'', $new_name);
- print _("Is the information correct? [y/n] ");
+ print _("Is the information correct? [y/N] ");
chop ($answer=<STDIN>);
last if ($answer eq _("y"));
}
@@ -741,6 +772,11 @@
sub cleanup {
+ if ($cleaning_up)
+ {
+ die ("Really fatal error: recursive cleanup.\n");
+ }
+ $cleaning_up = 1;
print "@{_}Cleaning up.\n";
if ($undohome) {
printf _("Removing directory `%s''\n"),$undohome;
@@ -748,11 +784,13 @@
}
if ($undouser) {
printf _("Removing user `%s''.\n"),$undouser;
- system(''userdel'', $undouser);
+ $func = "deluser_$function_suffix";
+ &$func($undouser);
}
if ($undogroup) {
printf _("Removing group `%s''.\n"),$undogroup;
- system(''groupdel'', $undogroup);
+ $func = "delgroup_$function_suffix";
+ &$func($undogroup);
}
# do we need to invalidate the nscd cache here, too?
exit 1;
@@ -765,7 +803,7 @@
sub version {
- print "$0: add a user or group to the system. Version VERSION
+ print "$0: add a user or group to the system. Version 3.50
Copyright (C) 1997, 1998, 1999 Guy Maor <maor\@debian.org>
Copyright (C) 1995 Ian Murdock <imurdock\@gnu.ai.mit.edu>,
Ted Hajek <tedhajek\@boombox.micro.umn.edu>,
Modified: branches/adduser-ldap/adduser.conf
==================================================================---
branches/adduser-ldap/adduser.conf 2003-08-31 12:14:15 UTC (rev 102)
+++ branches/adduser-ldap/adduser.conf 2003-08-31 12:19:31 UTC (rev 103)
@@ -1,4 +1,3 @@
-
# /etc/adduser.conf: `adduser'' configuration.
# See adduser(8) and adduser.conf(5) for full documentation.
@@ -62,3 +61,50 @@
# no longer do this per default. If you want it nevertheless you can
# still set it here.
SETGID_HOME=no
+
+###################
+# DELUSER SETTINGS
+###################
+
+# Remove home directory and mail spool when user is removed
+REMOVE_HOME = 0
+
+# Remove all files on the system owned by the user to be removed
+REMOVE_ALL_FILES = 0
+
+# Backup files before removing them. This options has only an effect if
+# REMOVE_HOME or REMOVE_ALL_FILES is set.
+BACKUP = 0
+###################
+# LDAP SETTINGS
+###################
+
+# Use LDAP for storing real user and group accounts.
+USE_LDAP=no
+
+# Use LDAP for storing system users as well as ordinary users. Will only be
+# checked if USE_LDAP=yes above.
+USE_LDAP_SYSTEM=no
+
+# These are only exciting if you''ve specified USE_LDAP=yes above
+# Hostname of the LDAP server
+LDAP_SERVER=localhost
+
+# Port for the LDAP server (don''t change normally)
+LDAP_PORT=389
+
+# DN to bind as.
+LDAP_BINDDN=cn=ldapadmin,dc=domain,dc=com
+
+# Password for this DN
+LDAP_BINDPW=sekr1t
+
+# Base DN for the site
+LDAP_BASEDN=dc=domain,dc=com
+
+# Relative DN for groups
+LDAP_RDN_GROUPS=ou=group
+
+# RDN for users
+LDAP_RDN_USERS=ou=people
+
Modified: branches/adduser-ldap/debian/conffiles
==================================================================---
branches/adduser-ldap/debian/conffiles 2003-08-31 12:14:15 UTC (rev 102)
+++ branches/adduser-ldap/debian/conffiles 2003-08-31 12:19:31 UTC (rev 103)
@@ -1 +0,0 @@
-/etc/deluser.conf
Modified: branches/adduser-ldap/debian/control
==================================================================---
branches/adduser-ldap/debian/control 2003-08-31 12:14:15 UTC (rev 102)
+++ branches/adduser-ldap/debian/control 2003-08-31 12:19:31 UTC (rev 103)
@@ -8,7 +8,7 @@
Package: adduser
Architecture: all
Depends: perl-base (>=5.6.0), passwd (>=961025), debconf
-Suggests: liblocale-gettext-perl, perl-modules
+Suggests: liblocale-gettext-perl, perl-modules, libnet-ldap-perl, libpam-ldap,
libnss-ldap
Description: Add and remove users and groups
This package includes the adduser and deluser commands for creating
and removing users.
Modified: branches/adduser-ldap/debian/postinst
==================================================================---
branches/adduser-ldap/debian/postinst 2003-08-31 12:14:15 UTC (rev 102)
+++ branches/adduser-ldap/debian/postinst 2003-08-31 12:19:31 UTC (rev 103)
@@ -5,6 +5,20 @@
cp /usr/share/adduser/adduser.conf /etc/adduser.conf
fi
+# Check if we''ve got one of those old, shoddy systems which has a
separate
+# deluser.conf file, and integrate it with adduser.conf
+if [ -e /etc/deluser.conf ]; then
+ cat >> /etc/adduser.conf << EOF
+
+########################
+# OPTIONS FOR DELUSER
+########################
+EOF
+
+ cat /etc/deluser.conf >> /etc/adduser.conf
+ rm -f /etc/deluser.conf
+fi
+
# modify adduser.conf
if . /usr/share/debconf/confmodule
then
Modified: branches/adduser-ldap/debian/rules
==================================================================---
branches/adduser-ldap/debian/rules 2003-08-31 12:14:15 UTC (rev 102)
+++ branches/adduser-ldap/debian/rules 2003-08-31 12:19:31 UTC (rev 103)
@@ -33,6 +33,8 @@
sed -e s/VERSION/$(version)/g adduser > debian/tmp/usr/sbin/adduser
sed -e s/VERSION/$(version)/g deluser > debian/tmp/usr/sbin/deluser
sed -e s/VERSION/$(version)/g AdduserCommon.pm >
debian/tmp/usr/share/perl5/Debian/AdduserCommon.pm
+ sed -e s/VERSION/$(version)/g AdduserFile.pm >
debian/tmp/usr/share/perl5/Debian/AdduserFile.pm
+ sed -e s/VERSION/$(version)/g AdduserLDAP.pm >
debian/tmp/usr/share/perl5/Debian/AdduserLDAP.pm
chmod 755 debian/tmp/usr/sbin/*
ln -s adduser debian/tmp/usr/sbin/addgroup
ln -s deluser debian/tmp/usr/sbin/delgroup
@@ -40,9 +42,9 @@
./debian/scripts/install-manpages.pl $(version) doc/ debian/tmp/usr/share/man/
install -m644 TODO debian/tmp/usr/share/doc/adduser/
+ install -m644 README.LDAP debian/tmp/usr/share/doc/adduser/
install -m644 debian/changelog debian/tmp/usr/share/doc/adduser/
find debian/tmp/usr/share/doc -type f | xargs gzip -9f
- install -m644 deluser.conf debian/tmp/etc
install -m644 examples/* debian/tmp/usr/share/doc/adduser/examples
install -m644 adduser.conf debian/tmp/usr/share/adduser
install -m644 debian/copyright debian/tmp/usr/share/doc/adduser/
Modified: branches/adduser-ldap/deluser
==================================================================---
branches/adduser-ldap/deluser 2003-08-31 12:14:15 UTC (rev 102)
+++ branches/adduser-ldap/deluser 2003-08-31 12:19:31 UTC (rev 103)
@@ -51,7 +51,7 @@
# --quiet | -q don''t give process information to stdout
# --help | -h usage message
# --version | -v version number and copyright
-# --conf | -c FILE use FILE instead of /etc/deluser.conf
+# --conf | -c FILE use FILE instead of /etc/adduser.conf
$ENV{"PATH"} = "/sbin:/bin:/usr/sbin:/usr/bin";
@@ -86,12 +86,40 @@
textdomain("adduser");
$verbose = 1;
-$defaults = "/etc/deluser.conf";
+$defaults = "/etc/adduser.conf";
+$config{"dshell"} = "/bin/bash";
+$config{"first_system_uid"} = 100;
+$config{"last_system_uid"} = 999;
+$config{"first_uid"} = 1000;
+$config{"last_uid"} = 29999;
+$config{"first_system_gid"} = 100;
+$config{"last_system_gid"} = 999;
+$config{"first_gid"} = 1000;
+$config{"last_gid"} = 29999;
+$config{"dhome"} = "/home";
+$config{"skel"} = "/etc/skel";
+$config{"usergroups"} = "yes";
+$config{"users_gid"} = "100";
+$config{"grouphomes"} = "no";
+$config{"letterhomes"} = "no";
+$config{"quotauser"} = "";
+$config{"dir_mode"} = "0755";
+$config{"setgid_home"} = "no";
$config{"remove_home"} = 0;
$config{"remove_all_files"} = 0;
$config{"backup"} = 0;
+$config{"normal_backend"} = "file";
+$config{"system_backend"} = "file";
+$config{"ldap_server"} = "";
+$config{"ldap_port"} = "";
+$config{"ldap_binddn"} = "";
+$config{"ldap_bindpw"} = "";
+$config{"ldap_basedn"} = "";
+$config{"ldap_rdn_groups"} = "";
+$config{"ldap_rdn_users"} = "";
+
$action = $0 =~ /delgroup$/ ? "delgroup" : "deluser";
while($arg = shift(@ARGV))
@@ -135,6 +163,18 @@
$config{$_} = $pconfig{$_};
}
+if ($config{"normal_backend"} eq ''ldap'')
+{
+ $function_suffix = "ldap";
+ require Debian::AdduserLDAP;
+} else {
+ $function_suffix = "file";
+}
+
+# This isn''t conditionaled because AdduserLDAP might need the file
functions
+# if the item to remove is in the files instead of in LDAP
+use Debian::AdduserFile;
+
if (($config{remove_home} || $config{remove_all_files} || $config{backup})
&&
defined($NO_FILE_FIND)) {
die _("In order to use the --remove-home, --remove-all-files, and
--backup features,\nyou need to install the `perl-modules'' package. To
accomplish that, run\napt-get install perl-modules\n");
@@ -252,7 +292,10 @@
}
s_printf(_("Removing user %s...\n"),$user);
- systemcall("/usr/sbin/userdel", $user);
+
+ $func = "deluser_$function_suffix";
+ &$func($user);
+
&invalidate_nscd();
systemcall(''/usr/local/sbin/deluser.local'', $user,
$pw_uid,
@@ -270,7 +313,10 @@
}
s_printf(_("Removing group %s...\n"),$group);
- systemcall("/usr/sbin/groupdel",$group);
+
+ $func = "delgroup_$function_suffix";
+ &$func($group);
+
&invalidate_nscd();
s_print(_("done.\n"));
}
@@ -287,23 +333,11 @@
die "$0: ",_("You may not remove the user from his/her primary
group.\n");
}
- my @members = get_group_members($group);
- my $ismember = 0;
-
- for($i = 0; $i <= $#members; $i++) {
- if($members[$i] eq $user) {
- $ismember = 1;
- splice(@members,$i,1);
- }
- }
-
- unless($ismember) {
- dief(_("%s is not a member of group %s.\n"),$user,$group);
- }
-
s_printf(_("Removing user %s from group %s...\n"),$user,$group);
- #systemcall("usermod","-G",
join(",",@groups), $user );
- systemcall(''/usr/bin/gpasswd'',''-M'',
join('','',@members), $group);
+
+ $func = "deluserfromgroup_$function_suffix";
+ &$func($user, $group);
+
&invalidate_nscd();
s_print(_("done.\n"));
}
Added: branches/adduser-ldap/notes.LDAP
==================================================================---
branches/adduser-ldap/notes.LDAP 2003-08-31 12:14:15 UTC (rev 102)
+++ branches/adduser-ldap/notes.LDAP 2003-08-31 12:19:31 UTC (rev 103)
@@ -0,0 +1,44 @@
+Methods of calling adduser
+----------------------------
+
+Note that every one of these assumes that it is being told the right thing.
+It is the job of the caller to ensure that names, UIDs/GIDs, and other
+information is correct. These functions simply do the basic job of getting
+the info into the system databases.
+
+There are a couple of other means of calling adduser(8). They are
+functionally equivalent to the methods detailed below, except that they
+make different decisions about names, groups, and IDs. They will all call
+the same basic functions.
+
+adduser ($new_name, $uid, $gid, $home, $shell, $gecos)
+
+$new_name is, obviously, the username of the new user, while $uid is the
+numeric UID to give them. $gid is an existing numeric GID (possibly
+recently created by addgroup()) which will be the user''s primary
group.
+$home, $shell and $gecos are the user''s home directory, default shell,
and
+GECOS information, respectively.
+
+addgroup ($new_name, $new_gid)
+
+$new_name in this case is the name of the group to create, and $new_gid is
+the numeric ID of the created group.
+
+addusertogroup ($username, $groupname)
+
+add $username to $groupname. Easy.
+
+Methods of calling deluser
+----------------------------
+
+deluser ($name)
+
+Remove the user with the specified username from the system. Ouch.
+
+delgroup ($name)
+
+Remove the group with the specified group name from the system.
+
+deluserfromgroup ($user, $group)
+
+Remove the user with the specified name from the specified group.