Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Create a User in UCS with RFC2307 (Unix Extensions in Samba) enabled
#!/bin/bash
# Collect information
echo "Enter first name"
read firstname
echo "Enter last name"
read lastname
echo "Enter username"
read username
gidnumber=""
domain="dc=my,dc=domain,dc=com"
# Collect and validate the group (groups would already have to be created)
while [[ "$gidnumber" == "" ]]; do
echo "Enter group"
read group
# Find whether the group exists in the directory
gidnumber=`udm groups/group list --filter cn=$group | grep gidNumber | awk '{print $2}'`
if [[ "$gidnumber" == "" ]]; then
echo "Invalid group name"
else
# Find the group DN
primarygroup=`udm groups/group list --filter "gidNumber=$gidnumber" | grep DN | awk '{print $2}'`
fi
done
# Collect and validate the homedirectory
homepath=""
while [[ "$homepath" == "" ]]; do
echo "Enter home directory"
read homedir
# In my instance I have multiple possible shares, you may have to edit this based on your structure
case $homedir in
homeshare1|homeshare2|homeshare3|homeshare4)
echo "Home directory: /$homedir/$username"
homepath="/$homedir/$username"
;;
*)
echo "Invalid homedirectory"
;;
esac
done
echo "Enter e-mail address"
read email
# Generate a random difficult password
password=`date +%s | sha256sum | base64 | head -c 16`
# You may have to edit this (somewhat) based on your attributes you need to set
udm users/user create --position "cn=users,$domain" --set password="$password" --set lastname="$lastname" --set firstname="$firstname" --set username="$username" --set displayName="$firstname $lastname" --set unixhome="$homepath" --set shell="/bin/bash" --set primaryGroup="$primarygroup" --set e-mail="$email" --set PasswordRecoveryEmail="$email" --set networkAccess=1
# Find the uidNumber of the UID you just created (for RFC2307 in Samba)
uidnumber=`udm users/user list --filter "uid=$username" | grep uidNumber | awk '{print $2}'`
cat > user.ldif <<EOF
dn: cn=$username,$domain
changetype: modify
add: objectClass
objectClass: posixAccount
-
add: uid
uid: $username
-
add: uidNumber
uidNumber: $uidnumber
-
add: gidNumber
gidNumber: $gidnumber
-
add: loginShell
loginShell: /bin/bash
EOF
mail -a 'From: "Password Service" <noreply@example.com>' -s "Account Created for Your Domain" "$email" <<EOF
Hi,
Your account for the domain has been created. This is an automated message, please do not respond.
Your username: $username
Your password: $password
Please go to https://your-sites/password-service now to change your password. For technical issues, contact Someone Else at my@organization.example.com.
Thank you.
EOF
echo "Waiting for sync"
sleep 20
ldapmodify -x -H ldap://master.your.example.com -Z -D 'cn=user-creator,cn=users,$domain' -w password -f user.ldif
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment