Skip to content

Commit

Permalink
change script for create user in domain LDAP/Kerberos for to create c…
Browse files Browse the repository at this point in the history 
…orrectly the users
  • Loading branch information
@juanjoselopezroldan
juanjoselopezroldan committed Apr 2, 2020
1 parent 962649b commit 409f793
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 6 deletions.
2 changes: 1 addition & 1 deletion inventory/local/group_vars/all/all.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ ldap_setup: true
kerberos_setup: true
sssd_setup: true

domain: "linux.example.local"
domain: "linux.gstwdt.local"

openldap_linux: '{{ domain.split(".")[0] | lower }}'
openldap_org: '{{ domain.split(".")[1] | lower }}'
Expand Down
14 changes: 9 additions & 5 deletions roles/kerberos/files/blksmanager
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,14 +60,15 @@ done
echo $((${ldaparry[1]}+1))
return 0
else
return -1
echo $(("2001"))
return 0
fi
}

function add_to_ldap ()
{
ldapadd -h $HOST_IP -D "cn=$ADMIN, $ldapDN" -w $ADMIN_PASS << EOF
dn: uid=$USERNAME,ou=People,dc=$DC1,dc=$DC2
dn: uid=$USERNAME,cn=sudobase,cn=Workers,ou=SUDOers,dc=$DC1,dc=$DC2,dc=$DC3
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
Expand Down Expand Up @@ -98,7 +99,8 @@ kadmin.local -q "ktadd -norandkey -k $KEYTAB $USERNAME@$UPPER_DOMAIN"

function del_ldap_kerberos ()
{
ldapdelete -h $HOST_IP -x -D "cn=$ADMIN,dc=$DC1,dc=$DC2" 'uid=$USERNAME,ou=People,dc=$DC1,dc=$DC2' -w $ADMIN_PASS
echo "ldapdelete -h $HOST_IP -x -D cn=$ADMIN,dc=$DC1,dc=$DC2,dc=$DC3 uid=$USERNAME,cn=sudobase,cn=Workers,ou=SUDOers,dc=$DC1,dc=$DC2,dc=$DC3 -w $ADMIN_PASS"
ldapdelete -h $HOST_IP -x -D "cn=$ADMIN,dc=$DC1,dc=$DC2,dc=$DC3" "uid=$USERNAME,cn=sudobase,cn=Workers,ou=SUDOers,dc=$DC1,dc=$DC2,dc=$DC3" -w $ADMIN_PASS
kadmin.local -q "delete_principal $USERNAME@$UPPER_DOMAIN"
kdestroy
}
Expand Down Expand Up @@ -145,8 +147,9 @@ then
UPPER_DOMAIN=$(echo "$DOMAIN" | awk '{print toupper($0)}')
DC1=$(echo "$DOMAIN" | cut -d"." -f1)
DC2=$(echo "$DOMAIN" | cut -d"." -f2)
DC3=$(echo "$DOMAIN" | cut -d"." -f3)

ldapDN="dc=$DC1, dc=$DC2"
ldapDN="dc=$DC1, dc=$DC2, dc=$DC3"

add_to_ldap
add_kerberos
Expand All @@ -164,10 +167,11 @@ then
UPPER_DOMAIN=$(echo "$DOMAIN" | awk '{print toupper($0)}')
DC1=$(echo "$DOMAIN" | cut -d"." -f1)
DC2=$(echo "$DOMAIN" | cut -d"." -f2)
DC3=$(echo "$DOMAIN" | cut -d"." -f3)

del_ldap_kerberos
fi
else
error 2000
usage
fi
fi

0 comments on commit 409f793

Please sign in to comment.