kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 30 Pull Requests 3 Projects 2 Activity

Merge pull request 'Add shell script for creating LDAP user accounts' (#214) from feature/add_user_script into master

Browse Source 
Reviewed-on: #214
This commit is contained in:
Greg 2020-09-16 09:34:34 +00:00
commit 104090d34e
2 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/ldap.md
View File

@ -14,3 +14,9 @@ $ knife data bag show credentials dirsrv --secret-file .chef/encrypted_data_bag_
``` ```
$ ldapsearch -x -W -D 'cn=Directory Manager' -b "ou=users,dc=kosmos,dc=org" -H "ldaps://ldap.kosmos.org" -v $ ldapsearch -x -W -D 'cn=Directory Manager' -b "ou=users,dc=kosmos,dc=org" -H "ldaps://ldap.kosmos.org" -v
``` ```
## Shell scripts
Adding a new user account (requires username, email, password):
./scripts/ldap/add_user.sh username user@example.com changeme

17
scripts/ldap/add_user.sh Executable file
View File

@ -0,0 +1,17 @@
#!/bin/bash
set -xe;
password=$(ruby -r base64 -r digest -r securerandom -e "salt = SecureRandom.hex(32); password = '$3'; puts '{SSHA512}' + Base64.strict_encode64(Digest::SHA512.digest(password + salt) + salt)");
ldapadd -x -W -D 'cn=Directory Manager' -H "ldaps://ldap.kosmos.org" << EOF
dn: cn=$1,ou=kosmos.org,cn=users,dc=kosmos,dc=org
objectClass: top
objectClass: account
objectClass: person
objectClass: extensibleObject
cn: $1
sn: $1
uid: $1
mail: $2
userPassword: $password
EOF