group-utils
group-utils -c -g #### -n groupName [-m user1,user2,...,userN] [-Y|-N]
group-utils -d {-g #### | -n groupName} [-b fileName.ldif] [-Y|-N]
group-utils -a -m user1,user2,...,userN {-g #### | -n groupName} [-Y|-N]
group-utils -e -m user1,user2,...,userN {-g #### | -n groupName} [-Y|-N]
group-utils -s {-g #### | -n groupName}
group-utils provides a simple command-line tool for maintaining groups in an LDAP
environment.
group-utils was developed using
Debian GNU/Linux using
Perl
v5 and requires
Net::LDAP,
Net::LDAP::Search,
Net::LDAP::Entry,
and
Net::LDAP::LDIF.
group-utils has five distinct functions: create a new group, delete an
existing group, add a user to an existing group, expunge a user from an
existing group, and show the members of an existing group. The show function
will accept wild cards if searching for group names.
When group-utils is run either without any options or with unknown or
incorrect options, it displays usage/license information.
Read the Synopsis for proper usage information. The following options are
listed alphabetically.
-a
add one or more users to a group. List which users are to be added to the
group with the '-m' option. Use the '-g' option or the '-n' option (or
both) to specify to which group the users are to be added.
-b
create a backup ldif file. This is used with the '-d' option to make a
backup of a group before deleting the group from the LDAP tree. You should
use a full path with the file name to ensure it is created in the proper
place.
-c
create a new group containing 0 or more users. Use the '-g' and '-n'
options to specify the group number and name (both are required). If
desired list the users that should initially be members of the group with
the '-m' option.
-d
delete and existing group. Specify which group to delete using either the
'-g' or the '-n' option (or both). If you would like a backup ldif file
give the file name using the '-b' option.
-e
expunge one or more users from an existing group. List the users to be
removed from the group using the '-m' option. Specify which group to remove
users from using either the '-g' or the '-n' option (or both).
-g
specify a group number. This refers to the 'gidnumber', the number assigned
to the group. This number should be a UNIX standard group number, and
32-bit unsigned (positive) integer. (eg: 1,500,1000,2001).
-m
specify a list of group members. This can be one or more usernames. When
listing more than one user a comma separated list with no extra spaces
should be use. (eg: user1,user2,user3,...,userN). The application will not
check to make sure the username is valid - it will just add the username
the the list of group members.
-n
specify a group name. This refers to the 'cn' or 'common name' of the group
object. The simple way to describe this is the text name of the group. This
name cannot have any spaces, however '-' and '_' are appropriate. It is also
common in the UNIX world to keep this string 8 or less characters long
(like usernames). This is not required, but does make it easy to read when
reading permissions in a UNIX file system.
-N
assume 'No'. group-utils will ask for 'yes' or 'no' before doing any
modifications. '-N' will answer negatively to all questions asked.
-s
show the members of an existing group. Specify which group to remove users
from using either the '-g' or the '-n' option (or both).
-Y
assume 'Yes'. group-utils will ask for 'yes' or 'no' before doing any
modifications. '-Y' will answer positively to all questions asked.
group-utils minimally configurable, the following variables can be changed.
$base_dir
This is the path that group-utils is located in. This path should allow
writing as group-utils by default writes to the directory the script is
located in. This can be change by editing the $tmpLdif definition. Make
sure you end the path with '/';
$script_name
This is the name of the script, the program you are running. This is a
redundancy used to make the source easier to read. If the script needs to
call itself it uses $script_name. The default value for $script_name is:
$base_dir . "group-utils".
$ldap_server
This is the FQDN or IP address of your server.
$base_dn
This is the base distiguished name for your ldap server, in general.
$group_base_dn
This is the base distinguished name of the Group OU.
$root_dn
This is a distinguished name that allows read/write access to the LDAP
database.
$root_dn_passwd
This is the password required when binding to your LDAP server using the
root_dn. Make sure your set the permissions on this script so no user other
than root can read/write/execute group-utils.
If you find a bug please let me know email me at
thompson@cns.uni.edu.
Copyright (C) 2003 Aaron Thompson
thompson@cns.uni.edu
This program is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free Software
Foundation; either version 2 of the License, or (at your option) any later
version.
This program is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
details.
You should have received a copy of the GNU General Public License along with
this program; if not, write to the Free Software Foundation, Inc., 59 Temple
Place - Suite 330, Boston, MA 02111-1307, USA. or visit
http://www.gnu.org/copyleft/gpl.html
Click here to view the source code online
Click here to download the script
