martymac / ldapscripts Goto Github PK
View Code? Open in Web Editor NEWSimple shell scripts to handle POSIX entries in an LDAP directory
License: GNU General Public License v2.0
Simple shell scripts to handle POSIX entries in an LDAP directory
License: GNU General Public License v2.0
Empty suffixes in the /etc/ldapscripts/ldapscripts.conf lead to generation of illegal dns in the LDIF.
Dec 13 01:12:47 host2020 ldapscripts: ldapaddgroup(xxxxxxx): /usr/local/sbin/ldapaddgroup xxxxxx 1004
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
ldap_add: Invalid DN syntax (34)
additional info: invalid DN
-> Error adding group xxxxxx to LDAP
Hello, iv' got a problem since i upgrade my server to Debian stretch.
Debian GNU/Linux 9 (stretch)
Paquet : slapd
Version : 2.4.44+dfsg-5
Paquet : ldapscripts
Version : 2.0.7-2
No problem to create user with ldapadduser.
But each time i remove a user with ldapdeleteuser, i've got these error message :
ldap_modify: Server is unwilling to perform (53)
additional info: modify upon the root DSE not supported
Do you know what could be the problem ?
Thanks for your help.
Under some locales, extracting embedded templates from scripts fails. See the following interaction:
root@freedomboxvm1:~# ldapadduser testuser users
Error adding user testuser to LDAP
root@freedomboxvm1:~# tail /var/log/ldapscripts.log
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
ldapadd: invalid format (line 1) entry: ""
-> Error adding user testuser to LDAP
root@freedomboxvm1:~# LC_ALL=C ldapadduser testuser users
Successfully added user testuser to LDAP
Warning : got invalid password for user testuser (password not set)
root@freedomboxvm1:~#
Each file has a copyright message like this:
# Copyright (C) 2005 Ganaël LAPLANCHE - Linagora
# Copyright (C) 2006-2013 Ganaël LAPLANCHE
The special characters are causing grep
to detect that the file as binary under some locales. This causes it output something like Binary file /usr/share/ldapscripts/runtime matches
instead of extracting the embedded template required for adding users, groups etc. This results in failure. Adding -a
option to grep should fix the issue.
Currently, there is no way to set or change the password while using SASL authentication.
In FreedomBox, a very simplified UI manages everything including LDAP user accounts. The administrative interface has to take care of managing the user accounts. Since storing LDAP admin password on the system somewhere is not good, we are using SASL Auth EXTERNAL and connecting via ldapi:/// URL to manage the users. We have modified the permissions as necessary.
With this approach, we are unable to change a user's password or set it during user creation as ldapscripts
refuses to do so. The relevant code looks as follows:
if [ -n "$SASLAUTH" ]
then
# XXX Is there a reason to allow changing a userPassword attribute here ?
end_die "Please, change password in $SASLAUTH database"
I believe there is a have realistic use case and we should allow changing the password for the user using ldappasswd
command even when using SASL authentication.
ldapscripts currently does not support the groupOfMembers class, which unlike groupOfNames can be empty.
It would be useful to be able to send logs to syslog in addition to (or instead of) a local file.
It would be nice if ldapsetpasswd searched under $SUFFIX
instead of $USUFFIX,$SUFFIX
on line 33, so that it could modify machine accounts as well as users.
When using ldaprenameuser
, it doesn't take care of any groups the account is in. For example, if john
is a member of the staff
group, and the account is renamed to johnsmith
, the staff
group will still have john
as a member and not johnsmith
. I don't know if this is an intentional omission (maybe due to some LDAP implementations automatically fixing the problem) - if it wasn't intentional, would you take a pull request to fix it?
Would it be possible for ldapscripts to support multiple configuration files? For example, by allowing an alternate config file to be specified as a command line argument or environment variable.
it seems I can created two users wit the same uid/gid:
root@ubu1:~# ldapadduser user3 gardeners 9999
Successfully added user user3 to LDAP
Successfully set password for user user3
root@ubu1:~# ldapadduser user4 gardeners 9999
Successfully added user user4 to LDAP
Successfully set password for user user4
root@ubu1:~# lsldap -u
[..]
dn: uid=user3,ou=People,dc=foo,dc=example,dc=com
objectClass: account
objectClass: posixAccount
cn: user3
uid: user3
uidNumber: 9999
gidNumber: 5001
homeDirectory: /home/user3
loginShell: /bin/bash
gecos: user3
description: User account
userPassword:: e1NTSEF9MUhyLzFsdnpWSXNvL2tSSHZNUEdXdkJja3B4cDdONWo=
dn: uid=user4,ou=People,dc=foo,dc=example,dc=com
objectClass: account
objectClass: posixAccount
cn: user4
uid: user4
uidNumber: 9999
gidNumber: 5001
homeDirectory: /home/user4
loginShell: /bin/bash
gecos: user4
description: User account
userPassword:: e1NTSEF9UHpVMC90QklOamsyY21lT0M5a1JHcFBiVW84eEhoUnc=
is this the intended behavior?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.