kosmos/chef
kosmos
/
chef
8
3
Fork 0
Code Issues 34 Pull Requests 1 Projects 1 Activity

Add shell script for creating LDAP user accounts

This commit is contained in:
Basti 2020-09-15 13:04:54 +02:00
parent be4d1ca7f4
commit 41319fc5bc
Signed by untrusted user: basti
GPG Key ID: 9F88009D31D99C72
2 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
doc/ldap.md
View File

@ -14,3 +14,9 @@ $ knife data bag show credentials dirsrv --secret-file .chef/encrypted_data_bag_
```
$ ldapsearch -x -W -D 'cn=Directory Manager' -b "ou=users,dc=kosmos,dc=org" -H "ldaps://ldap.kosmos.org" -v
```
## Shell scripts
Adding a new user account (requires username, email, password):
./scripts/ldap/add_user.sh username user@example.com changeme

17
scripts/ldap/add_user.sh Executable file
View File

@ -0,0 +1,17 @@
#!/bin/bash
set -xe;
password=$(ruby -r base64 -r digest -r securerandom -e "salt = SecureRandom.hex(32); password = '$3'; puts '{SSHA512}' + Base64.strict_encode64(Digest::SHA512.digest(password + salt) + salt)");
ldapadd -x -W -D 'cn=Directory Manager' -H "ldaps://ldap.kosmos.org" << EOF
dn: cn=$1,ou=kosmos.org,cn=users,dc=kosmos,dc=org
objectClass: top
objectClass: account
objectClass: person
objectClass: extensibleObject
cn: $1
sn: $1
uid: $1
mail: $2
userPassword: $password
EOF