guruevi/create_user.sh

## create_user.sh
#!/bin/bash
# Collect information
echo "Enter first name"
read firstname
echo "Enter last name"
read lastname
echo "Enter username"
read username
gidnumber=""
domain="dc=my,dc=domain,dc=com"

# Collect and validate the group (groups would already have to be created)
while [[ "$gidnumber" == "" ]]; do
	echo "Enter group"
	read group
  # Find whether the group exists in the directory
	gidnumber=`udm groups/group list --filter cn=$group | grep gidNumber | awk '{print $2}'`
	if [[ "$gidnumber" == "" ]]; then
		echo "Invalid group name"
	else
    # Find the group DN
		primarygroup=`udm groups/group list --filter "gidNumber=$gidnumber" | grep DN | awk '{print $2}'`
	fi
done

# Collect and validate the homedirectory
homepath=""
while [[ "$homepath" == "" ]]; do
	echo "Enter home directory"
	read homedir
  # In my instance I have multiple possible shares, you may have to edit this based on your structure
	case $homedir in
    		homeshare1|homeshare2|homeshare3|homeshare4)
			echo "Home directory: /$homedir/$username"
			homepath="/$homedir/$username"
		;;
    		*)
        		echo "Invalid homedirectory"
		;;
	esac
done
echo "Enter e-mail address"
read email

# Generate a random difficult password
password=`date +%s | sha256sum | base64 | head -c 16`

# You may have to edit this (somewhat) based on your attributes you need to set
udm users/user create --position "cn=users,$domain" --set password="$password" --set lastname="$lastname" --set firstname="$firstname" --set username="$username" --set displayName="$firstname $lastname" --set unixhome="$homepath" --set shell="/bin/bash" --set primaryGroup="$primarygroup" --set e-mail="$email" --set PasswordRecoveryEmail="$email" --set networkAccess=1

# Find the uidNumber of the UID you just created (for RFC2307 in Samba)
uidnumber=`udm users/user list --filter "uid=$username" | grep uidNumber | awk '{print $2}'`

cat > user.ldif <<EOF
dn: cn=$username,$domain
changetype: modify
add: objectClass
objectClass: posixAccount
-
add: uid
uid: $username
-
add: uidNumber
uidNumber: $uidnumber
-
add: gidNumber
gidNumber: $gidnumber
-
add: loginShell
loginShell: /bin/bash
EOF

mail -a 'From: "Password Service" <noreply@example.com>' -s "Account Created for Your Domain" "$email" <<EOF
Hi,

Your account for the domain has been created. This is an automated message, please do not respond.

Your username: $username
Your password: $password

Please go to https://your-sites/password-service now to change your password. For technical issues, contact Someone Else at my@organization.example.com.

Thank you.
EOF

echo "Waiting for sync"
sleep 20
ldapmodify -x -H ldap://master.your.example.com -Z -D 'cn=user-creator,cn=users,$domain' -w password -f user.ldif
	#!/bin/bash
	# Collect information
	echo "Enter first name"
	read firstname
	echo "Enter last name"
	read lastname
	echo "Enter username"
	read username
	gidnumber=""
	domain="dc=my,dc=domain,dc=com"

	# Collect and validate the group (groups would already have to be created)
	while [[ "$gidnumber" == "" ]]; do
	echo "Enter group"
	read group
	# Find whether the group exists in the directory
	gidnumber=`udm groups/group list --filter cn=$group \| grep gidNumber \| awk '{print $2}'`
	if [[ "$gidnumber" == "" ]]; then
	echo "Invalid group name"
	else
	# Find the group DN
	primarygroup=`udm groups/group list --filter "gidNumber=$gidnumber" \| grep DN \| awk '{print $2}'`
	fi
	done

	# Collect and validate the homedirectory
	homepath=""
	while [[ "$homepath" == "" ]]; do
	echo "Enter home directory"
	read homedir
	# In my instance I have multiple possible shares, you may have to edit this based on your structure
	case $homedir in
	homeshare1\|homeshare2\|homeshare3\|homeshare4)
	echo "Home directory: /$homedir/$username"
	homepath="/$homedir/$username"
	;;
	*)
	echo "Invalid homedirectory"
	;;
	esac
	done
	echo "Enter e-mail address"
	read email

	# Generate a random difficult password
	password=`date +%s \| sha256sum \| base64 \| head -c 16`

	# You may have to edit this (somewhat) based on your attributes you need to set
	udm users/user create --position "cn=users,$domain" --set password="$password" --set lastname="$lastname" --set firstname="$firstname" --set username="$username" --set displayName="$firstname $lastname" --set unixhome="$homepath" --set shell="/bin/bash" --set primaryGroup="$primarygroup" --set e-mail="$email" --set PasswordRecoveryEmail="$email" --set networkAccess=1

	# Find the uidNumber of the UID you just created (for RFC2307 in Samba)
	uidnumber=`udm users/user list --filter "uid=$username" \| grep uidNumber \| awk '{print $2}'`

	cat > user.ldif <<EOF
	dn: cn=$username,$domain
	changetype: modify
	add: objectClass
	objectClass: posixAccount
	-
	add: uid
	uid: $username
	-
	add: uidNumber
	uidNumber: $uidnumber
	-
	add: gidNumber
	gidNumber: $gidnumber
	-
	add: loginShell
	loginShell: /bin/bash
	EOF

	mail -a 'From: "Password Service" <noreply@example.com>' -s "Account Created for Your Domain" "$email" <<EOF
	Hi,

	Your account for the domain has been created. This is an automated message, please do not respond.

	Your username: $username
	Your password: $password

	Please go to https://your-sites/password-service now to change your password. For technical issues, contact Someone Else at my@organization.example.com.

	Thank you.
	EOF

	echo "Waiting for sync"
	sleep 20
	ldapmodify -x -H ldap://master.your.example.com -Z -D 'cn=user-creator,cn=users,$domain' -w password -f user.ldif