|
1
|
#!/bin/bash
|
|
2
|
#gere et corrige les collisions entre LDAP et PASSWD
|
|
3
|
# (c) Eric Seigne 2011 <eric.seigne@ryxeo.com>
|
|
4
|
|
|
5
|
#on shoote a partir de 150, quasi impossible qu'on ait de nouveau des collisions
|
|
6
|
#sinon c'est qu'on a un probleme autrement plus serieux !!!
|
|
7
|
typeset -i MINNEWUID
|
|
8
|
MINNEWUID=150
|
|
9
|
LDAPSECRET=`cat /etc/ldap.secret`
|
|
10
|
|
|
11
|
function add_line() {
|
|
12
|
ABEUSER=$1
|
|
13
|
ABETX=$2
|
|
14
|
ABEUSERNAME=$3
|
|
15
|
ABETXNAME=$4
|
|
16
|
|
|
17
|
#echo "arg1 $1 :: $2 :: $3 :: $4 :: $0"
|
|
18
|
if [ "${ABEUSER}" != "0" -a -n "${ABETX}" ]; then
|
|
19
|
#grep -v ${ABETX} ${FICRES} > ${FICRES}.tmp
|
|
20
|
#mv ${FICRES}.tmp ${FICRES}
|
|
21
|
echo "${ABEUSERNAME} ($ABEUSER) -> ${ABETXNAME} (${ABETX})" >> ${FICRES}
|
|
22
|
else
|
|
23
|
if ! grep -w "${ABETX}" ${FICRES} >/dev/null; then
|
|
24
|
echo "Poste disponible (waiting) -> ${ABETXNAME} (${ABETX})" >> ${FICRES}
|
|
25
|
fi
|
|
26
|
fi
|
|
27
|
}
|
|
28
|
|
|
29
|
function next_uid() {
|
|
30
|
uidarg=$1
|
|
31
|
typeset -i uidcalcule
|
|
32
|
typeset -i uidres
|
|
33
|
typeset -i nbuid
|
|
34
|
uidcalcule=${uidarg}+1
|
|
35
|
nbuid=`ldapsearch -x -D "cn=admin,dc=abuledu" -w${LDAPSECRET} -b "ou=utilisateurs,dc=abuledu" "uidnumber=${uidcalcule}" | grep "^dn:" | wc -l`
|
|
36
|
if [ "${nbuid}" == "0" ]; then
|
|
37
|
uidres=${uidcalcule}
|
|
38
|
else
|
|
39
|
uidres=$(next_uid $uidcalcule)
|
|
40
|
fi
|
|
41
|
echo "${uidres}"
|
|
42
|
}
|
|
43
|
|
|
44
|
function next_gid() {
|
|
45
|
gidarg=$1
|
|
46
|
typeset -i gidcalcule
|
|
47
|
typeset -i gidres
|
|
48
|
typeset -i nbgid
|
|
49
|
gidcalcule=${gidarg}+1
|
|
50
|
nbgid=`ldapsearch -x -D "cn=admin,dc=abuledu" -w${LDAPSECRET} -b "dc=abuledu" "gidnumber=${gidcalcule}" | grep "^dn:" | wc -l`
|
|
51
|
if [ "${nbgid}" == "0" ]; then
|
|
52
|
gidres=${gidcalcule}
|
|
53
|
else
|
|
54
|
gidres=$(next_gid $gidcalcule)
|
|
55
|
fi
|
|
56
|
echo "${gidres}"
|
|
57
|
}
|
|
58
|
|
|
59
|
|
|
60
|
echo "======================== Groupes ==============================="
|
|
61
|
|
|
62
|
typeset -i MINNEWGID
|
|
63
|
MINNEWGID=150
|
|
64
|
|
|
65
|
for SEARCHGID in `seq 100 1000`
|
|
66
|
do
|
|
67
|
rm -f /tmp/orig.ldiff
|
|
68
|
NUMREP=`ldapsearch -x -D "cn=admin,dc=abuledu" -w${LDAPSECRET} -b "ou=groupes,dc=abuledu" "gidnumber=${SEARCHGID}" | grep ^dn: | wc -l`
|
|
69
|
if [ "${NUMREP}" -gt "1" ]; then
|
|
70
|
NEWGID=$(next_gid ${SEARCHGID})
|
|
71
|
echo "Il y a une collision pour GID ${SEARCHGID}, on l'update en ${NEWGID}"
|
|
72
|
echo "relancez le script pour le suivant ..."
|
|
73
|
ldapsearch -x -D "cn=admin,dc=abuledu" -w${LDAPSECRET} -b "ou=groupes,dc=abuledu" "gidnumber=${SEARCHGID}"
|
|
74
|
exit
|
|
75
|
#GIDGRP=`grep ^dn /tmp/orig.ldiff`
|
|
76
|
#rm -f /tmp/modify.ldiff
|
|
77
|
#cat >> /tmp/modify.ldiff <<EOF
|
|
78
|
#${GIDGRP}
|
|
79
|
#changetype: modify
|
|
80
|
#replace: gidNumber
|
|
81
|
#gidNumber: $MINNEWGID
|
|
82
|
#EOF
|
|
83
|
|
|
84
|
#ldapmodify -x -D "cn=admin,dc=abuledu" -w`cat /etc/ldap.secret` -f /tmp/modify.ldiff
|
|
85
|
#echo -n "propagating rights update due to LDAP collision (${SEARCHGID} -> ${MINNEWGID} ... "
|
|
86
|
#find /home -uid ${SEARCHUID} -exec chown ${MINNEWUID} {} \;
|
|
87
|
#echo -n "."
|
|
88
|
#find /etc/abuledu -uid ${SEARCHUID} -exec chown ${MINNEWUID} {} \;
|
|
89
|
#echo -n "."
|
|
90
|
#find /etc/bind -uid ${SEARCHUID} -exec chown ${MINNEWUID} {} \;
|
|
91
|
#echo -n "."
|
|
92
|
#find /etc/dhcp3 -uid ${SEARCHUID} -exec chown ${MINNEWUID} {} \;
|
|
93
|
#echo -n "."
|
|
94
|
#find /etc/cups -uid ${SEARCHUID} -exec chown ${MINNEWUID} {} \;
|
|
95
|
#echo -n "."
|
|
96
|
#find /var/lib/samba -uid ${SEARCHUID} -exec chown ${MINNEWUID} {} \;
|
|
97
|
#echo -n "."
|
|
98
|
#echo "[ok]"
|
|
99
|
#MINNEWGID=${MINNEWGID}+1
|
|
100
|
#update files
|
|
101
|
else
|
|
102
|
echo -n "."
|
|
103
|
fi
|
|
104
|
done
|
|
105
|
|
|
106
|
|
|
107
|
exit
|
|
108
|
|
|
109
|
for SEARCHUID in `seq 150 1000`
|
|
110
|
do
|
|
111
|
rm -f /tmp/orig.ldiff
|
|
112
|
NUMREP=`ldapsearch -x -D "cn=admin,dc=abuledu" -w${LDAPSECRET} -b "ou=utilisateurs,dc=abuledu" "uidnumber=${SEARCHUID}" | grep "^dn:" | wc -l`
|
|
113
|
if [ "${NUMREP}" -gt "1" ]; then
|
|
114
|
echo "NUMREP: ${NUMREP} pour ${SEARCHUID}"
|
|
115
|
NEWUID=$(next_uid ${SEARCHUID})
|
|
116
|
echo "Il y a une collision pour ${SEARCHUID}, on l'update en ${NEWUID} :: "
|
|
117
|
#ldapsearch -x -D "cn=admin,dc=abuledu" -w${LDAPSECRET} -b "ou=utilisateurs,dc=abuledu" "uidnumber=${SEARCHUID}" > /tmp/orig.ldiff
|
|
118
|
#UIDUSER=`grep ^dn /tmp/orig.ldiff`
|
|
119
|
#rm -f /tmp/modify.ldiff
|
|
120
|
#cat >> /tmp/modify.ldiff <<EOF
|
|
121
|
#${UIDUSER}
|
|
122
|
#changetype: modify
|
|
123
|
#replace: uidNumber
|
|
124
|
#uidNumber: $NEWUID
|
|
125
|
#EOF
|
|
126
|
#ldapmodify -x -D "cn=admin,dc=abuledu" -w`cat /etc/ldap.secret` -f /tmp/modify.ldiff
|
|
127
|
#echo -n "propagating rights update due to LDAP collision (${SEARCHUID} -> ${NEWUID} ... "
|
|
128
|
#find /home -uid ${SEARCHUID} -exec chown ${MINNEWUID} {} \;
|
|
129
|
#echo -n "."
|
|
130
|
#find /etc/abuledu -uid ${SEARCHUID} -exec chown ${MINNEWUID} {} \;
|
|
131
|
#echo -n "."
|
|
132
|
#find /etc/bind -uid ${SEARCHUID} -exec chown ${MINNEWUID} {} \;
|
|
133
|
#echo -n "."
|
|
134
|
#find /etc/dhcp3 -uid ${SEARCHUID} -exec chown ${MINNEWUID} {} \;
|
|
135
|
#echo -n "."
|
|
136
|
#find /etc/cups -uid ${SEARCHUID} -exec chown ${MINNEWUID} {} \;
|
|
137
|
#echo -n "."
|
|
138
|
#find /var/lib/samba -uid ${SEARCHUID} -exec chown ${MINNEWUID} {} \;
|
|
139
|
#echo -n "."
|
|
140
|
#echo "[ok]"
|
|
141
|
echo "relancez le script pour le suivant ..."
|
|
142
|
exit
|
|
143
|
#update files
|
|
144
|
else
|
|
145
|
echo -n "."
|
|
146
|
fi
|
|
147
|
done
|