From 068362d8d9da18d28e5b1653313af5751c60e248 Mon Sep 17 00:00:00 2001
From: vernada <none@none>
Date: Wed, 16 Mar 2016 11:27:16 +0100
Subject: [PATCH] deprecated stuff
---
ldap_NS_adduser.pl | 648 ---------------------------------------------
1 file changed, 648 deletions(-)
delete mode 100755 ldap_NS_adduser.pl
diff --git a/ldap_NS_adduser.pl b/ldap_NS_adduser.pl
deleted file mode 100755
index 05ba1d8..0000000
--- a/ldap_NS_adduser.pl
+++ /dev/null
@@ -1,648 +0,0 @@
-#!/usr/bin/perl
-
-#
-use strict;
-use warnings;
-
-#
-use Data::Dumper;
-use CGI qw/:standard start_ol/;
-use Config::IniFiles;
-use File::Basename;
-
-use Net::LDAP;
-use Data::Dumper;
-
-# unbuffered output:
-$| = 1;
-
-BEGIN {
- my $iniFile = new Config::IniFiles( -file => "/opt/etc/ini/global.ini" );
- push( @INC, $iniFile->val( 'APPLICATION', 'LIBRARY' ) );
-}
-use SNET::access;
-use SNET::common;
-use SNET::html;
-use SNET::ActiveDirectory;
-
-use vars qw($verbose $debug $help $env $script $cli_mode $action $IM $username $belongs_iss3 $belongs_network $belongs_security $belongs_admin $migration $ldap_admin $ldap_passwd);
-$debug = 0;
-$verbose = 0;
-( $script ) = split( /\./, basename( $0 ) );
-
-my $title = "LDAP Add User";
-my $function = $title;
-$function =~ s/\s/_/g;
-my $href = "";
-my $header = "";
-my $html_msg = "";
-
-my $global_iniFile = new Config::IniFiles( -file => "/opt/etc/ini/global.ini" );
-
-$env = "test"; # "prod";
-( $html_msg ) = Access_snet_script_head( $script, $global_iniFile, $ENV, $env );
-
-# Get current user
-my $run_user = '';
-if ( defined( $ENV{"HTTP_AUTHUSER"} ) ) {
- $run_user = $ENV{"HTTP_AUTHUSER"};
-}
-if ( $cli_mode && ( $run_user eq '' ) ) {
- $run_user = $ENV{"USERNAME"};
-}
-
-if ( defined( $run_user ) ) {
- $run_user =~ s/uid=//;
- $run_user =~ s/,.*$//g;
-}
-
-=head1 print_prompt - HTML Form
-
- Display the HTML Form parameters.
-
- Arguments:
- - Login name:
- - Text field to write the new login name to be created. The username should already exist in Net1.
- - IM:
- - Text field to write the SMT IM associated with the request.
- - Options:
- - iss3,network,security: select only one where the user belong to.
- - verbose: active the verbose output.
- - debug: active the debug output.
-
-=cut
-
-sub print_prompt ($$$$)
-{
- my ( $ldap_admin, $ldap_passwd, $username, $IM ) = @_;
-
- print start_form( -enctype => &CGI::MULTIPART );
-
- print "<em>Administrator uid (or full dn): </em>";
- print textfield(
- -name => 'ldap_admin',
- -default => (
- $ldap_admin
- ? $ldap_admin
- : 'cn=administrator,ou=people,ou=management,dc=ec,dc=europa,dc=eu'
- ),
- -size => 50,
- -maxlength => 80
- );
- print nl();
-
- print nl();
- print "<em>Administrator password: </em>";
- print password_field(
- -name => 'ldap_passwd',
- -default => ( $ldap_passwd ? $ldap_passwd : '' ),
- -size => 50,
- -maxlength => 100
- );
- print nl();
-
- print nl();
- print "<em>Login name (same as net1): </em>";
- print textfield(
- -name => 'username',
- -default => ( $username ? $username : '' ),
- -size => 50,
- -maxlength => 80
- );
- print nl();
-
- print nl();
- print "<em>IM (Full SMT ticket number): </em>";
- print textfield(
- -name => 'IM',
- -default => ( $IM ? $IM : '' ),
- -override => 1,
- -size => 50,
- -maxlength => 100
- );
- print nl();
-
- print nl();
- print "<em>Options: </em>" . nl();
- print checkbox_group(
- -name => 'belongs',
- -values => [ 'administrator', 'iss3', 'network', 'security', 'migration', 'verbose', 'debug' ],
- -linebreak => 'true'
- );
- print nl();
-
- print "<p>", submit( 'action', 'Submit' ), reset;
- print end_form();
-
-}
-
-=head1 do_work - HTML Parameters
-
- display the parameters passed to the web interface.
-
- Arguments: None
-
-=cut
-
-sub do_work ()
-{
- my ( @values, $key );
-
- return if ( !param );
- print "<h2>Here are the current settings used for the $title processor</h2>";
-
- foreach $key ( param ) {
- next if ( $key =~ /passw/i );
- print "<strong>$key</strong> -> ";
- @values = param( $key );
- print join( ", ", @values ) . nl();
- }
- print nl() . nl();
-}
-
-$action = '';
-
-my $old_people_tree = "ou=People,dc=snmc,dc=cec,dc=eu,dc=int";
-my $new_people_tree = "ou=people,ou=SNet,ou=2,ou=C,o=DIGIT,dc=ec,dc=europa,dc=eu";
-my $new_dead_people_tree = "ou=expired,ou=SNet,ou=2,ou=C,o=DIGIT,dc=ec,dc=europa,dc=eu";
-
-$IM = param( 'IM' ) if ( defined( param( 'IM' ) ) && ( param( 'IM' ) !~ /^$/ ) && ( param( 'IM' ) =~ /^IM\d+$/ ) );
-$action = param( 'action' ) if ( defined( param( 'action' ) ) && ( param( 'action' ) !~ /^$/ ) && ( param( 'action' ) =~ /^\w+$/ ) );
-$username = param( 'username' ) if ( defined( param( 'username' ) ) && ( param( 'username' ) !~ /^$/ ) && ( param( 'username' ) =~ /^[\w-]+$/ ) );
-if ( defined( param( 'ldap_admin' ) ) && ( param( 'ldap_admin' ) !~ /^$/ ) && ( param( 'ldap_admin' ) =~ /^[\w=,-]+$/ ) ) {
- $ldap_admin = param( 'ldap_admin' );
- if ( $ldap_admin !~ /,/ ) {
- $ldap_admin = 'uid=' . $ldap_admin . ',' . $new_people_tree;
- }
-}
-$ldap_passwd = param( 'ldap_passwd' ) if ( defined( param( 'ldap_passwd' ) ) && ( param( 'ldap_passwd' ) !~ /^$/ ) );
-
-$belongs_admin = 0;
-$belongs_iss3 = 0;
-$belongs_network = 0;
-$belongs_security = 0;
-$migration = 0;
-my $pcount = 0;
-
-if ( ( defined( param( 'belongs' ) ) && ( param( 'belongs' ) !~ /^$/ ) ) ) {
- my @values = param( 'belongs' );
- my $belongs = join( ", ", @values );
- $belongs =~ s/\n//;
- $belongs =~ s/\r//;
- $belongs =~ s/\s+//;
- if ( $belongs =~ /administrator/ ) {
- $belongs_admin = 1;
- }
- if ( $belongs =~ /iss3/ ) {
- $belongs_iss3 = 1;
- $pcount++;
- }
- if ( $belongs =~ /network/ ) {
- $belongs_network = 1;
- $pcount++;
- }
- if ( $belongs =~ /security/ ) {
- $belongs_security = 1;
- $pcount++;
- }
-
- $verbose = 1 if ( $belongs =~ /verbose/ );
- $debug = 1 if ( $belongs =~ /debug/ );
- $migration = 1 if ( $belongs =~ /migration/ );
-}
-
-print header( -charset => 'UTF-8', );
-
-dg_header_html( $title, 1, 0, $href, $header );
-print $html_msg . nl();
-
-# TODO add only one belongs_* stuff
-#$belongs_iss3 = 0;
-#$belongs_network = 0;
-#$belongs_security = 0;
-
-if ( defined( $username )
- && ( $username !~ /^$/ )
- && ( $username =~ /^[\w-]+$/ )
- && defined( $IM )
- && ( $IM !~ /^$/ )
- && ( $IM =~ /^IM\d{10}$/ )
- && ( defined( $action ) )
- && ( $action eq "Submit" )
- && ( $pcount <= 1 ) ) {
-
- do_work();
-
- my $AiniFile = new Config::IniFiles( -file => $global_iniFile->val( 'INI', 'AD' ) );
- my $adserver = $AiniFile->val( 'AD_NET1', 'SERVER' );
- print "error value of adserver is undefined" if ( !defined( $adserver ) );
- my $aduser = $AiniFile->val( 'AD_NET1', 'USER' );
- print "error value of aduser is undefined" if ( !defined( $aduser ) );
- my $adpasswd = $AiniFile->val( 'AD_NET1', 'PASSWORD' );
- print "error value of adpasswd is undefined" if ( !defined( $adpasswd ) );
-
- my $attrs = [ 'displayName', 'mail' ];
-
- my ( $mail, $name ) = ( '', '' );
- print "Searching Net1 for userlogin : '$username'" . nl();
-
- my $ad = Net::LDAP->new( $adserver )
- or die "Could not connect to AD: $adserver!";
-
- $ad->bind( $aduser, password => $adpasswd );
-
- #my $searchbase = 'OU=Users_ITIC,OU=DIGIT,OU=DGs,DC=net1,DC=cec,DC=eu,DC=int';
- my $searchbase = 'OU=DIGIT,OU=DGs,DC=net1,DC=cec,DC=eu,DC=int';
- my $filter = "sAMAccountName=$username";
-
- my $results = $ad->search( base => $searchbase, filter => $filter, attrs => $attrs );
- if ( ( $results->code ) && ( $results->code != 32 ) ) {
- print "Code:" . $results->code . " '" . $results->error . "'" . nl();
- $ad->unbind;
- exit 1;
- }
- my $count = $results->count;
-
- if ( $count != 1 ) {
- print "More than 1 entries fetched from the AD Net1. Do not know what to do. One and only one entry should be found." . nl();
- $ad->unbind;
- exit;
- } else {
- print "'$count' record fetched from Net1." . nl();
- }
-
- my $entry = $results->entry( 0 );
-
- $mail = $entry->get_value( 'mail' );
- $name = $entry->get_value( 'displayName' );
- $name =~ s/\s\(.*$//;
- $mail = lc( $mail );
-
- $ad->unbind;
- undef $results;
-
- print "Pursuing the addition of user '$username' with parameters:" . nl();
- print " - Realname: '$name'" . nl();
- print " - Email: '$mail'" . nl();
- print br;
-
- # Check if username already exist
- my $ldap_server = 'ldap.snmc.cec.eu.int';
- my $homeserver = "home.snmc.cec.eu.int";
- my $ldap_min_uid = 2000;
- my $ldap_max_uid = 10000;
- print "Connecting to $ldap_server..." . nl();
-
- my $ldap = Net::LDAP->new( $ldap_server, onerror => sub { print "oups! " . $_[0]->error() . nl(); return undef; }, ) or die "$@";
-
- $ldap->start_tls( verify => 'require',
- cafile => '/usr/share/ca-certificates/cec.eu.int/cec.eu.int_CA.crt', );
- $ldap->bind( $ldap_admin, password => $ldap_passwd );
-
- print "Searching directory for existing uid: $username" . nl();
-
- $results = $ldap->search( base => $new_people_tree, filter => "(uid=$username)", attrs => [ "cn", "uidNumber" ] );
-
- if ( defined( $results ) ) {
- $results->code && die $results->error;
- $count = $results->count;
-
- if ( $count != 0 ) {
- print "Account already exist ('$count') in SNet LDAP. stopping process." . nl();
- $entry = $results->entry( 0 );
- print "cn: " . $entry->get_value( 'cn' ) . " uid " . $entry->get_value( 'uidNumber' ) . nl();
- $ldap->unbind;
- exit;
- }
- undef $results;
-
- } else {
- print "Did not found any existing entry in the LDAP SNet directory." . nl();
- }
-
- $results = $ldap->search( base => $new_dead_people_tree, filter => "(uid=$username)", attrs => [ "cn", "uidNumber" ] );
-
- if ( defined( $results ) ) {
-
- # TODO: branch does not yet exist...
- if ( ( $results->code ) && ( $results->code != 32 ) ) {
- print "Code:" . $results->code . " '" . $results->error . "'" . nl();
- $ldap->unbind;
- exit 1;
- }
- $count = $results->count;
-
- if ( $count != 0 ) {
- print "Account already exist in SNet LDAP for the old members! stopping process." . nl();
- $ldap->unbind;
- exit;
- } else {
- print "Did not found any existing entry in the LDAP SNet old members directory." . nl();
- }
- }
-
- undef $results;
-
- my $old_ldap;
- my $old_ldap_server = 'snmc-ldapns.snmc.cec.eu.int';
- my $old_admin = 'cn=Directory Manager';
- my $old_passwd = 'DirectoryM!';
-
- my $old_password;
- my $old_uidnumber;
- my @old_description;
- my $old_result = 0;
-
- my $next_free_uidnumber;
-
- if ( $migration ) {
-
- print "Checking if this is a migration from old directory..." . nl();
-
- eval {
-
- $old_ldap = Net::LDAP->new( $old_ldap_server, onerror => sub { print "oupsi! " . $_[0]->error() . nl(); return undef; }, )
- or die "Could not connect to $old_ldap_server!";
- $old_ldap->bind( $old_admin, password => $old_passwd );
-
- $results = $old_ldap->search( base => $old_people_tree, filter => "(uid=$username)", attrs => [ "userPassword", "uidNumber", "description" ] );
- if ( defined( $results ) && ( $results->count == 1 ) ) {
- $old_password = $results->entry->get_value( 'userPassword' );
- $old_uidnumber = $results->entry->get_value( 'uidNumber' );
- @old_description = $results->entry->get_value( 'description' );
- print "Found an uid matching with uidnumber : $old_uidnumber" . nl();
- if ( defined( $old_uidnumber ) ) {
- undef $results;
- $results = $ldap->search( base => $new_people_tree, filter => "(uidNumber=$old_uidnumber)", attrs => ["cn"] );
- if ( $results->count != 0 ) {
- undef $old_uidnumber;
- } else {
- $next_free_uidnumber = $old_uidnumber;
- }
- undef $results;
- }
- $old_result = 1;
- } else {
- print "seems to be a new user" . nl();
- }
- $old_ldap->unbind;
-
- };
- if ( $@ ) {
- print "oupsi! $@" . nl();
- $old_ldap->unbind;
- }
- }
- undef $results;
-
- if ( !( defined( $old_uidnumber ) ) ) {
-
- print "Allocating a new uidNumber..." . nl();
-
- # fetching all the uid, to find the next available uid
-
- # first tree... the living one...
- $results = $ldap->search( base => $new_people_tree, filter => "(&(objectClass=posixAccount)(uid=*))", attrs => [ "cn", "uidNumber" ] );
-
- exit 1 unless defined( $results );
- if ( ( $results->code ) && ( $results->code != 32 ) ) {
- print "Code:" . $results->code . " '" . $results->error . "'" . nl();
- $ldap->unbind;
- exit 1;
- }
-
- $count = $results->count;
- if ( $count != 0 ) {
- print "found $count already used uid(s)" . nl();
- }
-
- my %blah;
- foreach my $entry ( $results->entries ) {
-
- # $entry->dump;
- my $uid = $entry->get_value( 'cn' );
- my $uidnumber = $entry->get_value( 'uidNumber' );
-
- if ( defined( $blah{$uidnumber} ) ) {
- $blah{$uidnumber} = $blah{$uidnumber} + 1;
- } else {
- if ( ( $uidnumber >= $ldap_min_uid ) && ( $uidnumber < 10000 ) ) {
- $blah{$uidnumber} = 1;
- }
- }
- }
-
- undef $results;
-
- # searching the dead one...
- $results = $ldap->search( base => $new_dead_people_tree, filter => "(uid=*)", attrs => [ "cn", "uidNumber" ] );
- if ( defined( $results ) ) {
- if ( ( $results->code ) && ( $results->code != 32 ) ) {
- print "Code:" . $results->code . " '" . $results->error . "'" . nl();
- $ldap->unbind;
- exit 1;
- }
-
- foreach my $entry ( $results->entries ) {
-
- # $entry->dump;
- my $uid = $entry->get_value( 'cn' );
- my $uidnumber = $entry->get_value( 'uidNumber' );
-
- if ( defined( $blah{$uidnumber} ) ) {
- $blah{$uidnumber} = $blah{$uidnumber} + 1;
- } else {
- if ( ( $uidnumber >= $ldap_min_uid ) && ( $uidnumber < $ldap_max_uid ) ) {
- $blah{$uidnumber} = 1;
- }
- }
- }
-
- undef $results;
- }
-
- foreach my $key ( sort { $a <=> $b } ( keys( %blah ) ) ) {
- if ( $blah{$key} > 1 ) {
- print "WARNING : uid number $key is used several time!" . nl();
- }
- }
-
- for ( $next_free_uidnumber = $ldap_min_uid ; $next_free_uidnumber <= $ldap_max_uid ; $next_free_uidnumber++ ) {
- if ( !defined( $blah{$next_free_uidnumber} ) ) {
- last;
- }
- }
-
- }
-
- if ( $next_free_uidnumber < $ldap_max_uid ) {
- print "next free uid number : $next_free_uidnumber" . nl();
- } else {
- print "No more uid number available!" . nl();
- exit 1;
- }
-
- my $uidn = $next_free_uidnumber;
- my $gidn = 3500; # gid is snmc...
-
- my $description = ();
- my $folder = '';
- if ( $belongs_admin ) {
- $belongs_admin = 'cn=admin,ou=groups,ou=SNet,ou=2,ou=C,o=DIGIT,dc=ec,dc=europa,dc=eu';
- }
- if ( $belongs_network ) {
- if ( $old_result ) {
- push( @$description, @old_description );
- } else {
- push( @$description, 'RPRO' );
- push( @$description, 'PSRO' );
- push( @$description, 'CWRW' );
- }
- $folder = 'cn=network,ou=groups,ou=SNet,ou=2,ou=C,o=DIGIT,dc=ec,dc=europa,dc=eu';
- } elsif ( $belongs_security ) {
- if ( $old_result ) {
- push( @$description, @old_description );
- } else {
- push( @$description, 'RPRW' );
- push( @$description, 'PSRW' );
- push( @$description, 'CWRO' );
- }
- $folder = 'cn=security,ou=groups,ou=SNet,ou=2,ou=C,o=DIGIT,dc=ec,dc=europa,dc=eu';
- } elsif ( $belongs_iss3 ) {
- if ( $old_result ) {
- push( @$description, @old_description );
- } else {
- push( @$description, 'RPRW' );
- push( @$description, 'PSRW' );
- push( @$description, 'CWRA' );
- }
- $folder = 'cn=iss3,ou=groups,ou=SNet,ou=2,ou=C,o=DIGIT,dc=ec,dc=europa,dc=eu';
- } else {
- print "ignoring old attributes as no group membership was specified" . nl();
-
- #if ($old_result) {
- # push( @$description, @old_description );
- #}
- #else {
- push( @$description, 'RPRO' );
- push( @$description, 'PSRO' );
- push( @$description, 'CWRO' );
-
- #}
- }
-
- #my $uid_dn = "uid=${username},ou=${folder},".$new_people_tree;
- my $uid_dn = "uid=${username}," . $new_people_tree;
-
- print "Creating user '$username' using the following parameters:" . nl();
- print " - Realname: '$name'" . nl();
- print " - Email: '$mail'" . nl();
- print " - UID number: '$uidn'" . nl();
- print " - GID number: '$gidn'" . nl();
- print " - description: " . Dumper( $description ) . nl();
- print " - uid_dn: '$uid_dn'" . nl();
- print " - AUDIT: '$IM;$run_user;A;" . time . "'" . nl();
- print br;
-
- # Need to SSH to home.snmc.cec.eu.int
- # if ( ! -d "/opt/home/$username" ) {
- # print "Creation directory";
- # system "mkdir /opt/home/$username";
- # system "chown $next_free_uidnumber:3500 /opt/home/$username";
- # }
-
- my $attr = [
- 'cn' => $username,
- 'sn' => $username,
- 'uid' => $username,
- 'uidNumber' => $uidn,
- 'gidNumber' => $gidn,
- 'description' => $description,
- 'mail' => $mail,
- 'gecos' => $name,
- 'homeDirectory' => "/home/$username",
- 'loginShell' => '/bin/ksh',
- 'shadowLastChange' => '11640',
- 'shadowFlag' => '0',
- 'auditInformation' => "$IM;$run_user;A;" . time,
- 'objectClass' => [ 'inetOrgPerson', 'organizationalPerson', 'person', 'posixAccount', 'shadowAccount', 'simpleSecurityObject', 'Audit', 'top' ],
- ];
-
- my $pass;
- if ( $old_result && defined( $old_password ) ) {
- $pass = $old_password;
- my $ppolicy = "cn=migration,ou=policies,ou=SNet,ou=2,ou=C,o=DIGIT,dc=ec,dc=europa,dc=eu";
- unshift( @{$attr}, 'pwdConstraintSubentry' => $ppolicy, 'pwdPolicySubentry' => $ppolicy );
- } else {
- $pass = '{CLEARTEXT}P@ssword01';
- }
- unshift( @{$attr}, 'userPassword' => $pass );
-
- print "adding to the SNet LDAP server '$ldap_server'" . nl();
-
- $results = $ldap->add( $uid_dn, attr => $attr, );
- if ( ( $results->code ) && ( $results->code != 32 ) ) {
- print "Code:" . $results->code . " '" . $results->error . "'" . nl();
- $ldap->unbind;
- exit 1;
- }
-
- $results->code && warn "failed to add entry: ", $results->error;
-
- undef $results;
-
- # $result = $ldap->modify( "cn=snmc,ou=group,dc=snmc,dc=cec,dc=eu,dc=int", add => { memberUid => $username } );
- # $result->code && warn "failed to modify group snmc: ", $result->error ;
- # $result = $ldap->modify( "cn=NS,ou=group,dc=snmc,dc=cec,dc=eu,dc=int", add => { memberUid => $username } );
- # $result->code && warn "failed to modify group: ", $result->error ;
-
- print "User '$username' created." . nl();
-
- if ( $belongs_admin ) {
- $results = $ldap->modify( $belongs_admin, add => { member => [$uid_dn] } );
- if ( defined( $results ) ) {
- print "user added to admin group" . nl();
- undef $results;
- } else {
- print "fail to add user to admin group" . nl();
- }
- }
- if ( $belongs_network || $belongs_security || $belongs_iss3 ) {
- $results = $ldap->modify( $folder, add => { memberUid => [$username] } );
- $folder =~ s/^cn=//;
- $folder =~ s/,.*//;
- if ( defined( $results ) ) {
- print "user added to $folder group" . nl();
- undef $results;
- } else {
- print "fail to add user to $folder group" . nl();
- }
- } else {
- print "user was added without group membership" . nl();
- }
-
-} else {
-
- if ( ( defined( $action ) ) && ( $action eq "Submit" ) ) {
-
- if ( $pcount > 1 ) {
- print "ERROR: only 1 base group is valid" . nl();
- }
- if ( defined( $username ) && ( $username !~ /^$/ ) && ( $username !~ /^[\w-]+$/ ) ) {
- print "ERROR: username contains some unsupported characters." . nl();
- }
- if ( defined( $IM ) && ( $IM !~ /^$/ ) && ( $IM !~ /^IM\d{10}$/ ) ) {
- print "ERROR: IM is not a valid IM number." . nl();
- }
- if ( defined( $ldap_admin ) && ( $ldap_admin !~ /^$/ ) && ( $ldap_admin !~ /^[\w=,-]+$/ ) ) {
- print "ERROR: admin dn contains some unsupported characters." . nl();
- }
- }
- print_prompt( $ldap_admin, $ldap_passwd, $username, $IM );
-}
-print '</div>';
-print "<hr> <address>Snet NS Team</address><br> <a href=\"\">Home Page</a>";
-print end_html;
-
-exit 1;
-
--
GitLab