[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: bash script for adding computers

No I don't. The point of this endeavor was to come up with a properly writen script that could properly add a user or a machine to an ldap server using only bash. The reason is that bash is something that a larger number of unix administrators should be familar with. Before you ask, I don't really know php either although I am trying to develop a similar script in php in paralell with this one. Problem I am having with that script is that the system (I'm not sure if it is client or server side) doesn't want to cough up the uidNumber.

Aaron wrote:

Do you know perl? I would try
open(LDAPADD,"|$ldapadd") || die "Didn't work: $!";
then you can print to LDAPADD.

Otherwise, I don't know what to do.

Sorry I can't be more helpful.


--- Jim C <jcllings@tsunamicomm.net> wrote:

I've already given this a try. Either the bash
"here" document isn't working as described or I've got the syntax wrong
(always a possibility) or ldapadd is not set up for it... Something makes
me think that ldapadd might just be a wrapper for ldapmodify. If this
were true then perhaps the correct route might be to go straight to
ldapmodify and not use ldapadd at all. This also might help explain why
previous attempts to write bash scripts for this purpose have not gone so

Another idea might be that we can create (or
borrow?) a file descriptor (without createing a file?) and thus fake the
existance of a file. If we can do this and then store the ldif portion of
the script in it, we might then be able to pass it to ldapadd. This is
essentially what the here document does but I am implying that there
might be another way to do it, i.e. that the here documents functionality
might be composed of other functionalities that exist outside of the here

Yet another idea is to create the ldif file in
memory instead of on disk, if that were possible.

Lastly, I would like to mention that the script
below could be re-enginered as an addendum to the /etc/init.d/ldap
startup script such that the value of the next available user id could
be maintained in a shell variable. Something to think about, although
I am not sure how desireable it would be. There might be security
issues (i.e. Do users have write access to root's shell varialbes?) or
perhaps locking issues if things get dicey.

Jim C.

Aaron wrote:

It reads from standart input. Try:
ldapadd -x -D $binddn -w $pw4binddn << EOF
#stuff you want to do here


--- Jim C <jcllings@tsunamicomm.net> wrote:

OK, I've gotten this far on the bash script I was
writing to add a
machine.  It searches the base for uidNumbers, it
sorts the numbers from
largest to smallest, takes the first one and adds
one to it.  No sweat

Here is the kicker,how do you get the data to
ldapadd without creating
an ldif file? I've tried an assortment of
redirection techniques and I've also tried the bash "here" document. In
theory, this should be possible but I am having a really tough time
figureing out the syntax.



store=`ldapsearch -LLL -D $binddn -H $ldaphost
-b$base -x "(cn=*)"
uidNumber | \
grep uidNumber | \
sed -e 's/^uidNumber:
//' | sort -nr | head -n 1`

#It is best not to start at 0 or 1 as these could



if [ "$store" = "" ]
        store=`expr $store + 1`

#ldapadd -x -D $binddn -w $pw4binddn
line2="objectClass: top\n"
line3="objectClass: account\n"
line4="objectClass: posixAccount\n"
line5="uidNumber: $store\n"
line6="uid: $1\n"
line7="cn: $1\n"
line8="gidNumber: $groupnum\n"
line9="homeDirectory: /dev/null\n"
line10="loginShell: /bin/false\n"
line11="gecos: Machine Account\n"
line12="description: Machine Account\n"

cat $line1 $line2 $line3 $line4 $line5 $line6


$line8 $line9
$line10 $line11 $line12 > ldapadd -x -D $binddn -w

echo -e


__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up



Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.