/[pdpsoft]/trunk/nl.nikhef.ndpf.tools/mkgroup-sshlpk/mkgroup-sshlpk
ViewVC logotype

Diff of /trunk/nl.nikhef.ndpf.tools/mkgroup-sshlpk/mkgroup-sshlpk

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 35 by davidg, Fri Dec 19 13:15:47 2008 UTC revision 36 by davidg, Fri Dec 19 13:57:48 2008 UTC
# Line 7  use Net::LDAP::Util qw(ldap_error_name Line 7  use Net::LDAP::Util qw(ldap_error_name
7                         ldap_error_text); # for error handling                         ldap_error_text); # for error handling
8    
9  my $verb=0;  my $verb=0;
10    my $force=0;
11  my $display_help;  my $display_help;
12  my $ldapurl="ldaps://teugel.nikhef.nl/";  my $ldapurl="ldaps://teugel.nikhef.nl/";
13  my $ldapbase="ou=DirectoryGroups,dc=farmnet,dc=nikhef,dc=nl";  my $ldapbase="ou=DirectoryGroups,dc=farmnet,dc=nikhef,dc=nl";
14    my $outputfile;
15    
16  &GetOptions(  &GetOptions(
17    "verbose|v+" => \$verb,    "verbose|v+" => \$verb,
18    "url|H=s" => \$ldapurl,    "url|H=s" => \$ldapurl,
19    "base|b=s" => \$ldapbase,    "base|b=s" => \$ldapbase,
20    "help|h" => \$display_help    "output|o=s" => \$outputfile,
21      "help|h" => \$display_help,
22      "force|f" => \$force
23  );  );
24    
25  if ( $display_help ) {  if ( $display_help ) {
# Line 24  if ( $display_help ) { Line 28  if ( $display_help ) {
28  Generate a list of all unique sshPublicKeys for all members of the  Generate a list of all unique sshPublicKeys for all members of the
29  directory groups specified on the command line.  directory groups specified on the command line.
30    
31  Usage: $0 [-h] [-H uri] [-b DITbase] [-v[v...]] group [group]  Usage: $0 [-h] [-H uri] [-b DITbase] [-o file] [-f] [-v[v]] groupRDN [groupRDN]
32    -h       Display this help text    -h       Display this help text
33    -H uri   Connect to LDAP server at <uri>    -H uri   Connect to LDAP server at <uri>
34               (default: $ldapurl)               (default: $ldapurl)
35    -b base  Search base DIT for groups    -b base  Search base DIT for groups
36               (default: $ldapbase)               (default: $ldapbase)
37      -o file  Writing list of sshPublicKeys to <file>
38               (only when at least one sshPublicKey is retrieved, unless
39               -f is also specified)
40      -f       Force writing even if the list of keys is empty
41    
42    groupRDN   name of groups to traverse for members (list)    groupRDN   name of groups to traverse for members (list)
   ($verb)  
43    
44  Example:  Example:
45    $0 systemAdministrators nDPFPrivilegedUsers    $0 systemAdministrators nDPFPrivilegedUsers
46    
47  Dependencies:  Dependencies:
48    perl-LDAP, and perl-IO-Socket-SSL & perl-Net-SSLeay for ldaps    perl-LDAP, and perl-IO-Socket-SSL & perl-Net-SSLeay for ldaps ($verb)
49    
50  EOF  EOF
51    exit (0);    exit (0);
# Line 61  foreach my $groupRDN ( @ARGV ) { Line 68  foreach my $groupRDN ( @ARGV ) {
68                  filter=>"(cn=$groupRDN)"                  filter=>"(cn=$groupRDN)"
69                  );                  );
70    
71    $groupresults->code and die "Group not found: ".$groupresults->error."\n";    $groupresults->code and die "Search failed: ".$groupresults->error."\n";
72      $groupresults->count() or die "No group found matching $groupRDN, exiting\n";
73    
74    # list of entries for all groups matching this groupRDN    # list of entries for all groups matching this groupRDN
75    my @grouplistentries=$groupresults->entries;    my @grouplistentries=$groupresults->entries;
# Line 69  foreach my $groupRDN ( @ARGV ) { Line 77  foreach my $groupRDN ( @ARGV ) {
77    foreach my $groupentry ( @grouplistentries ) {    foreach my $groupentry ( @grouplistentries ) {
78      my @groupmembers = $groupentry->get_value("uniqueMember");      my @groupmembers = $groupentry->get_value("uniqueMember");
79      foreach my $memberDN ( @groupmembers ) {      foreach my $memberDN ( @groupmembers ) {
80        my $uidresult =        my $uidresult;
81    
82          # sanity check: the uid must exist or the directory is inconsistent
83          # but it need not have an ldapPublicKey
84          $uidresult =
85            $ldap->search( base=>$memberDN, scope=>"sub",
86                           filter=>"(objectclass=*)" );
87          $uidresult->count() or
88            die "DN $memberDN not found, extracted from group ".
89                $groupentry->get_value("cn")."\n  Using directory: $ldapurl\n";
90    
91          # but does it have an ldapPublicKey?
92          $uidresult =
93          $ldap->search( base=>$memberDN, scope=>"sub",          $ldap->search( base=>$memberDN, scope=>"sub",
94                         filter=>"(objectclass=ldapPublicKey)" );                         filter=>"(objectclass=ldapPublicKey)" );
95    
# Line 83  foreach my $groupRDN ( @ARGV ) { Line 103  foreach my $groupRDN ( @ARGV ) {
103    }    }
104  }  }
105    
106    # when writing to file, there must be at least one key to indicate
107    # sanity, unless -f has been specified and you don't care
108    # otherwise, an LDAP search error or typo may accidentally wipe
109    # a authorized_keys file
110    
111    ( defined $outputfile ) and (@keys == 0) and
112      die "Empty key list will not be written to $outputfile (use \"-f\" to force)\n";
113    
114  # print each key only once  # print each key only once
115  my %uniqueKeys;  my %uniqueKeys;
116  foreach ( @keys ) { $uniqueKeys{$_}=1; }  foreach ( @keys ) { $uniqueKeys{$_}=2; }
117  foreach ( keys %uniqueKeys ) { print "$_\n"; }  
118    if ( defined $outputfile ) {
119      open OF,">$outputfile" or die "Cannot open $outputfile for writing: $!\n";
120      print OF "# Generated by $0 on ".gmtime(time())." UTC\n";
121      print OF "# from groups @ARGV\n";
122      foreach ( keys %uniqueKeys ) { print OF "$_\n"; }
123      close OF;
124    } else {
125      # just write to stdout
126      foreach ( keys %uniqueKeys ) { print "$_\n"; }
127    }

Legend:
Removed from v.35  
changed lines
  Added in v.36

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28