AbulÉdu

#!/bin/bash

#

# (c) Eric Seigne 2011-2017 <eric.seigne@ryxeo.com>

#

# script a l'origine pour la migration automatique de 9.08 en 11.08

# detourne pour detecter les collisions LDAP et corriger ce qu'il faut

#

LDAPPASS=`cat /etc/ldap.secret`

if [ -d /etc/abuledu ]; then

    LDAPDC="abuledu"

fi

if [ -d /etc/nouva ]; then

    LDAPDC="nouva"

fi

function add_line() {

  ABEUSER=$1

  ABETX=$2

  ABEUSERNAME=$3

  ABETXNAME=$4

  #echo "arg1 $1 :: $2 :: $3 :: $4 :: $0"

  if [ "${ABEUSER}" != "0" -a -n "${ABETX}" ]; then

      #grep -v ${ABETX} ${FICRES} > ${FICRES}.tmp

      #mv ${FICRES}.tmp ${FICRES}

      echo "${ABEUSERNAME} ($ABEUSER) -> ${ABETXNAME} (${ABETX})" >> ${FICRES}

  else

      if ! grep -w "${ABETX}" ${FICRES} >/dev/null; then

	  echo "Poste disponible (waiting) -> ${ABETXNAME} (${ABETX})" >> ${FICRES}

      fi

  fi

}

function next_uid() {

    uidarg=$1

    typeset -i uidcalcule

    typeset -i uidres

    typeset -i nbuid

    uidcalcule=${uidarg}+1

    nbuid=`ldapsearch -x -D "cn=admin,dc=${LDAPDC}" -w${LDAPPASS} -b "ou=utilisateurs,dc=${LDAPDC}" "uidnumber=${uidcalcule}" | grep "^dn:" | wc -l`

    if [ "${nbuid}" == "0" ]; then

	uidres=${uidcalcule}

    else

	uidres=$(next_uid $uidcalcule)

    fi

    echo "${uidres}"

}

function next_gid() {

    gidarg=$1

    if [ "${gidarg}" -lt "199" ]; then

	gidarg=200

    fi

    typeset -i gidcalcule

    typeset -i gidres

    typeset -i nbgid

    gidcalcule=${gidarg}+1

    nbgid=`ldapsearch -x -D "cn=admin,dc=${LDAPDC}" -w${LDAPPASS} -b "dc=${LDAPDC}" "gidnumber=${gidcalcule}" | grep "^dn:" | wc -l`

    if [ "${nbgid}" == "0" ]; then

	gidres=${gidcalcule}

    else

	gidres=$(next_gid $gidcalcule)

    fi

    echo "${gidres}"

}

echo "======================== Groupes ==============================="

#il ne faut pas avoir de GID identique entre /etc/group et l'annuaire LDAP ...

for SEARCHGID in `cat /etc/group | cut -d ":" -f3 | tr '\n' ' '`

do

    #rm -f /tmp/orig.ldiff

    NUMREP=`ldapsearch -x -D "cn=admin,dc=${LDAPDC}" -w${LDAPPASS} -b "ou=groupes,dc=${LDAPDC}" "gidnumber=${SEARCHGID}" | grep ^dn: | wc -l`

    if [ "${NUMREP}" -gt "0" ]; then

	echo ""

	echo "Il y a une collision pour GID ${SEARCHGID}"

	NEWGID=$(next_gid ${SEARCHGID})

	echo "Proposition de nouveau GID : ${NEWGID}"

	#echo "relancez le script pour le suivant ..."

	ldapsearch -x -D "cn=admin,dc=${LDAPDC}" -w${LDAPPASS} -b "ou=groupes,dc=${LDAPDC}" "gidnumber=${SEARCHGID}" > /tmp/avant.ldiff

	#exit

	#, on l'update en ${NEWGID}"

	GIDGRP=`grep ^dn /tmp/avant.ldiff | tail -n1`

	rm -f /tmp/modify.ldiff

	cat >> /tmp/modify.ldiff <<EOF

${GIDGRP}

changetype: modify

replace: gidNumber

gidNumber: ${NEWGID}

EOF

	ldapmodify -x -D "cn=admin,dc=${LDAPDC}" -w${LDAPPASS} -f /tmp/modify.ldiff

	rm -f /tmp/modify.ldiff /tmp/avant.ldiff

    else

	echo -n "."

    fi

done

echo "======================== Groupes doublons de GID ? ============="

# a tout hasard si on a des groupes LDAP qui ont le même guid ... pas bon !

ldapsearch -x -D "cn=admin,dc=${LDAPDC}" -w${LDAPPASS} -b "ou=groupes,dc=${LDAPDC}" "objectClass: posixGroup" "gidNumber" | grep gidNumber | cut -d ":" -f2 | tr -d " " | sort > /tmp/search_sort

cat /tmp/search_sort | sort -u > /tmp/search_sort_unique

for SEARCHGID in `seq 10 199`

do

    TESTCOLLISION=`grep -w "${SEARCHGID}" /tmp/search_sort_unique`

    if [ -n "${TESTCOLLISION}" ]; then

	echo "on a une collision (doublon) dans l'annuaire pour ${SEARCHGID} ..."

	NEWGID=$(next_gid ${SEARCHGID})

	echo "on propose de le remplacer par ${NEWGID} pour ${nomgroupe} ..."

	ldapsearch -x -D "cn=admin,dc=${LDAPDC}" -w${LDAPPASS} -b "ou=groupes,dc=${LDAPDC}" "gidnumber=${SEARCHGID}" > /tmp/avant.ldiff

	GIDGRP=`grep ^dn /tmp/avant.ldiff | tail -n1`

	rm -f /tmp/modify.ldiff

	cat >> /tmp/modify.ldiff <<EOF

${GIDGRP}

changetype: modify

replace: gidNumber

gidNumber: ${NEWGID}

EOF

    ldapmodify -x -D "cn=admin,dc=${LDAPDC}" -w${LDAPPASS} -f /tmp/modify.ldiff

    rm -f /tmp/modify.ldiff /tmp/avant.ldiff

    fi

done

exit

echo ""

echo ""

echo ""

echo "S'il y a eu des corrections de GID pensez a relancer un check group"

echo "commande: horizon-check group -a -b"

echo ""

echo ""

echo "======================== Utilisateurs ==============================="

for SEARCHUID in `get users -a | cut -d ":" -f3`

do

    #rm -f /tmp/orig.ldiff

    NUMREP=`ldapsearch -x -D "cn=admin,dc=${LDAPDC}" -w${LDAPPASS} -b "ou=utilisateurs,dc=${LDAPDC}" "uidnumber=${SEARCHUID}" | grep "^dn:" | wc -l`

    if [ "${NUMREP}" -gt "1" ]; then

	echo ""

	echo -n "Il y a une collision pour UID ${SEARCHUID}"

	#NEWUID=$(next_uid ${SEARCHUID})

	#echo "Il y a une collision pour ${SEARCHUID}, on l'update en ${NEWUID} :: "

	#ldapsearch -x -D "cn=admin,dc=${LDAPDC}" -w${LDAPPASS} -b "ou=utilisateurs,dc=${LDAPDC}" "uidnumber=${SEARCHUID}" > /tmp/orig.ldiff

	#UIDUSER=`grep ^dn /tmp/orig.ldiff`

	#rm -f /tmp/modify.ldiff

	#cat >> /tmp/modify.ldiff <<EOF

#${UIDUSER}

#changetype: modify

#replace: uidNumber

#uidNumber: $NEWUID

#EOF

	#ldapmodify -x -D "cn=admin,dc=${LDAPDC}" -w${LDAPPASS} -f /tmp/modify.ldiff

	#echo -n "propagating rights update due to LDAP collision (${SEARCHUID} -> ${NEWUID} ... "

    else

	echo -n "."

   fi

done

echo ""