Created
January 29, 2017 04:25
-
-
Save guruevi/6173b5858bc986d0610de22eae3e6537 to your computer and use it in GitHub Desktop.
Create a User in UCS with RFC2307 (Unix Extensions in Samba) enabled
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Collect information | |
| echo "Enter first name" | |
| read firstname | |
| echo "Enter last name" | |
| read lastname | |
| echo "Enter username" | |
| read username | |
| gidnumber="" | |
| domain="dc=my,dc=domain,dc=com" | |
| # Collect and validate the group (groups would already have to be created) | |
| while [[ "$gidnumber" == "" ]]; do | |
| echo "Enter group" | |
| read group | |
| # Find whether the group exists in the directory | |
| gidnumber=`udm groups/group list --filter cn=$group | grep gidNumber | awk '{print $2}'` | |
| if [[ "$gidnumber" == "" ]]; then | |
| echo "Invalid group name" | |
| else | |
| # Find the group DN | |
| primarygroup=`udm groups/group list --filter "gidNumber=$gidnumber" | grep DN | awk '{print $2}'` | |
| fi | |
| done | |
| # Collect and validate the homedirectory | |
| homepath="" | |
| while [[ "$homepath" == "" ]]; do | |
| echo "Enter home directory" | |
| read homedir | |
| # In my instance I have multiple possible shares, you may have to edit this based on your structure | |
| case $homedir in | |
| homeshare1|homeshare2|homeshare3|homeshare4) | |
| echo "Home directory: /$homedir/$username" | |
| homepath="/$homedir/$username" | |
| ;; | |
| *) | |
| echo "Invalid homedirectory" | |
| ;; | |
| esac | |
| done | |
| echo "Enter e-mail address" | |
| read email | |
| # Generate a random difficult password | |
| password=`date +%s | sha256sum | base64 | head -c 16` | |
| # You may have to edit this (somewhat) based on your attributes you need to set | |
| udm users/user create --position "cn=users,$domain" --set password="$password" --set lastname="$lastname" --set firstname="$firstname" --set username="$username" --set displayName="$firstname $lastname" --set unixhome="$homepath" --set shell="/bin/bash" --set primaryGroup="$primarygroup" --set e-mail="$email" --set PasswordRecoveryEmail="$email" --set networkAccess=1 | |
| # Find the uidNumber of the UID you just created (for RFC2307 in Samba) | |
| uidnumber=`udm users/user list --filter "uid=$username" | grep uidNumber | awk '{print $2}'` | |
| cat > user.ldif <<EOF | |
| dn: cn=$username,$domain | |
| changetype: modify | |
| add: objectClass | |
| objectClass: posixAccount | |
| - | |
| add: uid | |
| uid: $username | |
| - | |
| add: uidNumber | |
| uidNumber: $uidnumber | |
| - | |
| add: gidNumber | |
| gidNumber: $gidnumber | |
| - | |
| add: loginShell | |
| loginShell: /bin/bash | |
| EOF | |
| mail -a 'From: "Password Service" <noreply@example.com>' -s "Account Created for Your Domain" "$email" <<EOF | |
| Hi, | |
| Your account for the domain has been created. This is an automated message, please do not respond. | |
| Your username: $username | |
| Your password: $password | |
| Please go to https://your-sites/password-service now to change your password. For technical issues, contact Someone Else at my@organization.example.com. | |
| Thank you. | |
| EOF | |
| echo "Waiting for sync" | |
| sleep 20 | |
| ldapmodify -x -H ldap://master.your.example.com -Z -D 'cn=user-creator,cn=users,$domain' -w password -f user.ldif |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment