From 409f7936e9adc94305e4c550cb8e761db63e38e8 Mon Sep 17 00:00:00 2001 From: juan jose lopez Date: Thu, 2 Apr 2020 12:26:02 +0200 Subject: [PATCH] change script for create user in domain LDAP/Kerberos for to create correctly the users --- inventory/local/group_vars/all/all.yml | 2 +- roles/kerberos/files/blksmanager | 14 +++++++++----- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/inventory/local/group_vars/all/all.yml b/inventory/local/group_vars/all/all.yml index 53e7cbd..8ade83f 100644 --- a/inventory/local/group_vars/all/all.yml +++ b/inventory/local/group_vars/all/all.yml @@ -4,7 +4,7 @@ ldap_setup: true kerberos_setup: true sssd_setup: true -domain: "linux.example.local" +domain: "linux.gstwdt.local" openldap_linux: '{{ domain.split(".")[0] | lower }}' openldap_org: '{{ domain.split(".")[1] | lower }}' diff --git a/roles/kerberos/files/blksmanager b/roles/kerberos/files/blksmanager index 4ebb2b4..da69acb 100755 --- a/roles/kerberos/files/blksmanager +++ b/roles/kerberos/files/blksmanager @@ -60,14 +60,15 @@ done echo $((${ldaparry[1]}+1)) return 0 else - return -1 + echo $(("2001")) + return 0 fi } function add_to_ldap () { ldapadd -h $HOST_IP -D "cn=$ADMIN, $ldapDN" -w $ADMIN_PASS << EOF -dn: uid=$USERNAME,ou=People,dc=$DC1,dc=$DC2 +dn: uid=$USERNAME,cn=sudobase,cn=Workers,ou=SUDOers,dc=$DC1,dc=$DC2,dc=$DC3 objectClass: top objectClass: posixAccount objectClass: inetOrgPerson @@ -98,7 +99,8 @@ kadmin.local -q "ktadd -norandkey -k $KEYTAB $USERNAME@$UPPER_DOMAIN" function del_ldap_kerberos () { -ldapdelete -h $HOST_IP -x -D "cn=$ADMIN,dc=$DC1,dc=$DC2" 'uid=$USERNAME,ou=People,dc=$DC1,dc=$DC2' -w $ADMIN_PASS +echo "ldapdelete -h $HOST_IP -x -D cn=$ADMIN,dc=$DC1,dc=$DC2,dc=$DC3 uid=$USERNAME,cn=sudobase,cn=Workers,ou=SUDOers,dc=$DC1,dc=$DC2,dc=$DC3 -w $ADMIN_PASS" +ldapdelete -h $HOST_IP -x -D "cn=$ADMIN,dc=$DC1,dc=$DC2,dc=$DC3" "uid=$USERNAME,cn=sudobase,cn=Workers,ou=SUDOers,dc=$DC1,dc=$DC2,dc=$DC3" -w $ADMIN_PASS kadmin.local -q "delete_principal $USERNAME@$UPPER_DOMAIN" kdestroy } @@ -145,8 +147,9 @@ then UPPER_DOMAIN=$(echo "$DOMAIN" | awk '{print toupper($0)}') DC1=$(echo "$DOMAIN" | cut -d"." -f1) DC2=$(echo "$DOMAIN" | cut -d"." -f2) + DC3=$(echo "$DOMAIN" | cut -d"." -f3) - ldapDN="dc=$DC1, dc=$DC2" + ldapDN="dc=$DC1, dc=$DC2, dc=$DC3" add_to_ldap add_kerberos @@ -164,10 +167,11 @@ then UPPER_DOMAIN=$(echo "$DOMAIN" | awk '{print toupper($0)}') DC1=$(echo "$DOMAIN" | cut -d"." -f1) DC2=$(echo "$DOMAIN" | cut -d"." -f2) + DC3=$(echo "$DOMAIN" | cut -d"." -f3) del_ldap_kerberos fi else error 2000 usage -fi \ No newline at end of file +fi