Welcome to Aaron Thompson's Page Wednesday, July 09 2008 @ 11:01 CDT  
Personal
Contact Info
Family
Resume
 
Development
CGI
probability project
 
Perl Modules
Win32::AD::User (cpan)
 
Shell
backup_file (source)
chkconfig (source)
gen-autohome (source)
group-utils (source)
mail-deny (source)
mail-logs (source | archive)
mailman-qmail (source)
qmail vacation (source)
 
Links
Beast of Burden LLC
Central Iowa LUG
CedarLUG
CedarvalleyPM
ITS-IS Home
ITS Home
UNI Home
 
  
#!/usr/bin/perl -w
use strict;
use Net::LDAP;
use Net::LDAP::LDIF;
use Getopt::Std;
 ###################################
 # group-uitls
 # 
 # Copyright (C) 2001-2004 Aaron Thompson 
 #   thompson@cns.uni.edu
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # as published by the Free Software Foundation; either version 2
 # of the License, or (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details. 
 #
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 # or visit http://www.gnu.org/copyleft/gpl.html
 #
 # Written by Aaron Thompson to perform group administration within the 
 # CNS LDAP Authentication system.
 #
 #Options - via operation.
 # Creating a group.
 #   group-utils  -c -g #### -n groupName [-m user1,user2,...,userN] [-Y|-N]
 #
 # Deleting a group.
 #   group-utils -d {-g #### | -n groupName} [-b fileName.ldif] [-Y|-N]
 #
 # Adding user(s) to a group
 #   group-utils -a -m user1,user2,...,userN {-g #### | -n groupName} [-Y|-N]
 #
 # Removing user(s) from a group.
 #   group-utils -e -m user1,user2,...,userN {-g #### | -n groupName} [-Y|-N]
 #
 # Showing the users in a group.
 #   group-utils -s {-g #### | -n groupName}
 #
 ######################################################
 
 #Global Vars
  my $version = 3;

 #Script Stuph...
  my $base_dir    = "/usr/local/sbin";
  my $script_name = $base_dir . "group-utils";

 #LDAP stuph...
  my $ldap_server     = "goten.cns.uni.edu";
  my $base_dn         = "***BASEDN***";
  my $group_base_dn   = "ou=Group,$base_dn";
  my $root_dn		      = "cn=manager,$base_dn";
  my $root_dn_passwd  = "***PASSWD***";

  my $ldap_h = Net::LDAP->new("$ldap_server") or &display_and_die("Could not connect to $ldap_server.\n");
    $ldap_h->bind("$root_dn",password=>$root_dn_passwd);


 #getopts stuph...
  use vars qw($opt_a $opt_b $opt_c $opt_d $opt_e $opt_g $opt_m $opt_n $opt_s $opt_N $opt_Y );
  if ( ! getopts('cdaesg:m:YNn:b:')){ &display_usage_and_die;};

  if($opt_c || $opt_d || $opt_a || $opt_e || $opt_s){

    if($opt_Y && $opt_N){
      &display_and_die("Cannot use -Y & -N at the same time.\n");
    }#fi

    if ($opt_c){
      if($opt_g && $opt_n){
        &create_new_group;
      }
      elsif($opt_d || $opt_a || $opt_e || $opt_s || $opt_b){
        &display_usage_and_die;
      }
      else{
        &display_usage_and_die;
      }#fi
    }
    elsif($opt_d){
      if($opt_g||$opt_n){
        &delete_group;
      }
      elsif($opt_c || $opt_a || $opt_e || $opt_s || $opt_m){
        &display_usage_and_die;
      }
      else{
        &display_usage_and_die;
      }#fi
    }
    elsif($opt_a){
      if($opt_m && ($opt_g || $opt_n)){
        &add_user_to_group;
      }
      elsif($opt_c || $opt_d || $opt_e || $opt_s){
        &display_usage_and_die;
      }
      else{
        &display_usage_and_die;
      }#fi
    }
    elsif($opt_e){
      if($opt_m && ($opt_g || $opt_n)){
        &remove_from_group;
      }
      elsif($opt_c || $opt_d || $opt_a || $opt_s){
        &display_usage_and_die;
      }
      else{
        &display_usage_and_die;
      }#fi
    }
    elsif($opt_s){
      if($opt_g || $opt_n){
        &show_group_members;
      }
      elsif($opt_c || $opt_d || $opt_e || $opt_a || $opt_m){
        &display_usage_and_die;
      }
      else{
        &display_usage_and_die;
      }#fi
    }#fi
  }
  else{&display_usage_and_die;}#fi

  $ldap_h->unbind();
  exit(0);

############################################################################
sub remove_from_group{
  my ($result, $entry);
  if($opt_n){
    if(!(is_group_name_used($opt_n))){&display_and_die("Group $opt_n not in use.\n");}#fi
    $result = $ldap_h->search(base=>"$group_base_dn", filter=>"(&(cn=$opt_n))");
  }
  else{
    if(!(is_GID_used($opt_g))){&display_and_die("GID $opt_g not in use.\n");}#fi
    $result = $ldap_h->search(base=>"$group_base_dn", filter=>"(&(gidnumber=$opt_g))");
  }#fi

  if ($result->count() > 1){
    print $result->count(), " entries found, that is ",($result->count()-1)," too many\n";
    print "Check your group name or number.\n";
  }
  elsif($result->count() == 1){
    $entry = $result->entry(0);
    for my $user (split /,/, $opt_m){$entry->delete('memberuid'=>[$user]);}#rof

    print "\n dn: ",$entry->dn(),"\n";
    print "gid: ", $entry->get_value('gidnumber'), "\n------\n";
    if($entry->exists('memberuid')){
      for my $member (@{$entry->get_value('memberuid', asref=>1)}){print " $member\n";}#rof
    }#fi
    print "\n";

    if($opt_Y || $opt_N){if($opt_Y){$entry->update($ldap_h);}}
    else{if(yes_or_no("Update LDAP?")){$entry->update($ldap_h);}}#fi
  }#fi
}

############################################################################
sub show_group_members{
  my ($result,$entry);
  if($opt_n){
    if(!(is_group_name_used($opt_n))){&display_and_die("Group $opt_n not in use.\n");}
    $result = $ldap_h->search(base=>"$group_base_dn", filter=>"(&(cn=$opt_n))");
  }
  else{
    if(!(is_GID_used($opt_g))){&display_and_die("GID $opt_g not in use.\n");}
    $result = $ldap_h->search(base=>"$group_base_dn", filter=>"(&(gidnumber=$opt_g))");
  }#fi
  if ($result->count() == 1){
    $entry = $result->entry(0);
    print "\n dn: ",$entry->dn(),"\n";
    print "gid: ", $entry->get_value('gidnumber'), "\n------\n";
    if($entry->exists('memberuid')){
      for my $member (@{$entry->get_value('memberuid', asref=>1)}){
        print " $member\n";
      }#rof
    }#fi
    print "\n";
  }
  elsif($result->count() > 1){
    print "\n",$result->count(), " entries found:\n";
    for $entry ($result->entries()){
      print " dn: ",$entry->dn(),"\n";
    }#rof
    print "\n";
  }
  #print Dumper $result;
}

############################################################################
sub add_user_to_group{
  my($result,$entry);
  if($opt_n){
    if(!(is_group_name_used($opt_n))){&display_and_die("Group $opt_n not in use.\n");}#fi
    $result = $ldap_h->search(base=>"$group_base_dn", filter=>"(&(cn=$opt_n))");
  }
  else{
    if(!(is_GID_used($opt_g))){&display_and_die("GID $opt_g not in use.\n");}#fi
    $result = $ldap_h->search(base=>"$group_base_dn", filter=>"(&(gidnumber=$opt_g))");
  }#fi
  
  if ($result->count() > 1){
    print $result->count(), " entries found, that is ",($result->count()-1)," too many\n";
    print "Check your group name or number.\n";
  }
  elsif($result->count() == 1){
    $entry = $result->entry(0);
    for my $user (split /,/, $opt_m){$entry->add('memberuid',$user);}#rof

    print "\n dn: ",$entry->dn(),"\n";
    print "gid: ", $entry->get_value('gidnumber'), "\n------\n";
    if($entry->exists('memberuid')){
      for my $member (@{$entry->get_value('memberuid', asref=>1)}){print " $member\n";}#rof
    }#fi
    print "\n";
    
    if($opt_Y || $opt_N){if($opt_Y){$entry->update($ldap_h);}}
    else{if(yes_or_no("Update LDAP?")){$entry->update($ldap_h);}}#fi
  }#fi
  
}

############################################################################
sub delete_group{
  my ($result, $entry,$ldif);

  if($opt_n){
    if(!(is_group_name_used($opt_n))){&display_and_die("Group Name $opt_n not in use.\n");}
    $result = $ldap_h->search(base=>"$group_base_dn", filter=>"(&(cn=$opt_n))");
  }
  else{
    if(!(is_GID_used($opt_g))){&display_and_die("GID$opt_g not in use.\n");}
    $result = $ldap_h->search(base=>"$group_base_dn", filter=>"(&(gidnumber=$opt_g))");
  }#fi

  if ($result->count() > 1){
    print $result->count(), " entries found, that is ",($result->count()-1)," too many\n";
    print "Check your group name or number.\n";
  }
  elsif($result->count() == 1){
    $entry = $result->entry(0);
    $entry->delete();
    
    print "\n dn: ",$entry->dn(),"\n";
    print "gid: ", $entry->get_value('gidnumber'), "\n------\n";
    if($entry->exists('memberuid')){
      for my $member (@{$entry->get_value('memberuid', asref=>1)}){print " $member\n";}#rof
    }#fi
    print "\n";

    if($opt_Y || $opt_N){
      if ($opt_Y){
        if($opt_b){
          $ldif = Net::LDAP::LDIF->new($opt_b,'w',onerror=>'die');
          $ldif->write_entry($entry);
          $ldif->done();
        }#fi
        $entry->update($ldap_h);
      }#fi
    }
    else{
      if(yes_or_no("Remove from LDAP")){
        if($opt_b){
          $ldif = Net::LDAP::LDIF->new($opt_b,'w',onerror=>'die');
          $ldif->write_entry($entry);
          $ldif->done();
        }#fi
        $entry->update($ldap_h);
      }#fi
    }#fi
  }#fi
}

############################################################################
sub yes_or_no{
 #$_[0] = message w/out punc. or \n
 my $answer = "maybe"; 
 while (! (($answer eq "yes") || ($answer eq "no"))){
   print "$_[0] (yes/no)? ";chomp($answer = <STDIN>);
 }#elihw
 if($answer eq "yes"){return 1;}else{return 0;};
}

############################################################################
sub create_new_group{
  my ($entry);
  
  if(is_GID_used($opt_g)){&display_and_die("GroupID $opt_g is already in use.\n");}
  elsif(is_group_name_used($opt_n)){&display_and_die("Group name $opt_n is already in use.\n");}
  else{
    $entry = Net::LDAP::Entry->new();
    $entry->dn("cn=$opt_n,$group_base_dn");
    $entry->add('cn'=>$opt_n);
    $entry->add('objectClass'=>"posixGroup");
    $entry->add('objectClass'=>"top");
    $entry->add('gidNumber'=>$opt_g);
    if(defined $opt_m){for my $user (split /,/, $opt_m){$entry->add('memberUid',$user)}}#fi
  }#fi

  print "\n dn: ",$entry->dn(),"\n";
  print "gid: ", $entry->get_value('gidnumber'), "\n------\n";
  if($entry->exists('memberuid')){
    for my $member (@{$entry->get_value('memberuid', asref=>1)}){print " $member\n";}#rof
  }#fi
  print "\n";

  if($opt_Y || $opt_N){if($opt_Y){$entry->update($ldap_h);}}
  else{if(yes_or_no("Update LDAP")){$entry->update($ldap_h);}}#fi
}

############################################################################
sub is_group_name_used{
  my ($result);
  $result = $ldap_h->search(base=>"$group_base_dn", filter=>"(&(cn=$opt_n))");
$result->count();
}

############################################################################
sub is_GID_used{
  my ($result);
  $result = $ldap_h->search(base=>"$group_base_dn", filter=>"(&(gidnumber=$opt_g))");
$result->count();
}

############################################################################
sub display_and_die{
  my ($msg) = @_;
  $ldap_h->unbind();
  chomp($msg); die "$msg\n";
}

############################################################################
sub display_usage_and_die{

  $ldap_h->unbind();

  print << "  (END-USAGE)";
 group-uitls (v$version)
 
 Copyright (C) 2001-2004 Aaron Thompson 
   thompson\@cns.uni.edu

 This program is free software; you can redistribute it and/or
 modify it under the terms of the GNU General Public License
 as published by the Free Software Foundation; either version 2
 of the License, or (at your option) any later version.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details. 

 You should have received a copy of the GNU General Public License
 along with this program; if not, write to the Free Software
 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 or visit http://www.gnu.org/copyleft/gpl.html

 Written by Aaron Thompson to perform group administration within the 
 CNS LDAP Authentication system.

Usage:
 Creating a group.
   group-utils  -c -g #### -n groupName [-m user1,user2,...,userN] [-Y|-N]

 Deleting a group.
   group-utils -d {-g #### | -n groupName} [-b fileName.ldif] [-Y|-N]

 Adding user(s) to a group
   group-utils -a -m user1,user2,...,userN {-g #### | -n groupName} [-Y|-N]

 Removing user(s) from a group.
   group-utils -e -m user1,user2,...,userN {-g #### | -n groupName} [-Y|-N]

 Showing the users in a group.
   group-utils -s {-g #### | -n groupName}
  (END-USAGE)

 die "\n"; 
}
syntax highlighted by Code2HTML, v. 0.9.1
Return to group-utils page