Merge pull request 'Add shell script for creating LDAP user accounts' (#214) from feature/add_user_script into master

Reviewed-on: #214
2020-09-16 09:34:34 +00:00 · 2020-09-16 09:34:34 +00:00 · 104090d34e
commit 104090d34e
parent be4d1ca7f4 41319fc5bc
2 changed files with 23 additions and 0 deletions
--- a/doc/ldap.md
+++ b/doc/ldap.md
@ -14,3 +14,9 @@ $ knife data bag show credentials dirsrv --secret-file .chef/encrypted_data_bag_
 ```
 $ ldapsearch -x -W -D 'cn=Directory Manager' -b "ou=users,dc=kosmos,dc=org" -H "ldaps://ldap.kosmos.org" -v
 ```
+
+## Shell scripts
+
+Adding a new user account (requires username, email, password):
+
+    ./scripts/ldap/add_user.sh username user@example.com changeme
--- a/scripts/ldap/add_user.sh
+++ b/scripts/ldap/add_user.sh
@ -0,0 +1,17 @@
+#!/bin/bash
+set -xe;
+
+password=$(ruby -r base64 -r digest -r securerandom -e "salt = SecureRandom.hex(32); password = '$3'; puts '{SSHA512}' + Base64.strict_encode64(Digest::SHA512.digest(password + salt) + salt)");
+
+ldapadd -x -W -D 'cn=Directory Manager' -H "ldaps://ldap.kosmos.org" << EOF
+dn: cn=$1,ou=kosmos.org,cn=users,dc=kosmos,dc=org
+objectClass: top
+objectClass: account
+objectClass: person
+objectClass: extensibleObject
+cn: $1
+sn: $1
+uid: $1
+mail: $2
+userPassword: $password
+EOF