| 1 |
#! /usr/bin/perl -w |
| 2 |
# |
| 3 |
# @(#)$Id$ |
| 4 |
# |
| 5 |
use strict; |
| 6 |
|
| 7 |
use POSIX; |
| 8 |
use Getopt::Long qw(:config no_ignore_case bundling); |
| 9 |
use Net::LDAP; |
| 10 |
use Net::LDAP::Util qw(ldap_error_name |
| 11 |
ldap_error_text); # for error handling |
| 12 |
|
| 13 |
my $verb=0; |
| 14 |
my $ldapurl="ldaps://teugel.nikhef.nl/"; |
| 15 |
my $ldapbase="ou=LocalUsers,dc=farmnet,dc=nikhef,dc=nl"; |
| 16 |
my $def_uidldapfilter = '(&(authorizedService=sshd)(sshPublicKey=*))'; |
| 17 |
|
| 18 |
my $ldap = Net::LDAP->new( $ldapurl, timeout=>20 ); |
| 19 |
$ldap or die "Cannot contact remote server at $ldapurl: $!\n". |
| 20 |
" LDAP status: ".$ldap->error."\n"; |
| 21 |
|
| 22 |
|
| 23 |
my $results=$ldap->search( |
| 24 |
base=>$ldapbase, |
| 25 |
scope=>"sub", |
| 26 |
filter=>$def_uidldapfilter |
| 27 |
); |
| 28 |
$results->code and die "Search failed: ".$results->error."\n"; |
| 29 |
$results->count() or die "No matching entries found, exiting\n"; |
| 30 |
|
| 31 |
my @listentries=$results->entries; |
| 32 |
|
| 33 |
foreach my $entry ( @listentries ) { |
| 34 |
my $uid = $entry->get_value("uid"); |
| 35 |
my $homeDirectory = $entry->get_value("homeDirectory"); |
| 36 |
|
| 37 |
# only write down the ssh keys if the homedir and user exist |
| 38 |
-d $homeDirectory or next; |
| 39 |
(my $uidNumber = (getpwnam($uid))[2]) or next; |
| 40 |
|
| 41 |
-d "${homeDirectory}/.ssh" or mkdir "${homeDirectory}/.ssh", 0755; |
| 42 |
-f "${homeDirectory}/.ssh/authorized_keys" or do { |
| 43 |
my $FH; |
| 44 |
sysopen($FH, "${homeDirectory}/.ssh/authorized_keys", O_RDWR|O_CREAT|O_EXCL,0644) or |
| 45 |
die "Cannot create authorized_keys file for uid $uid: $_\n"; |
| 46 |
close($FH); |
| 47 |
chown $uidNumber, 0, "${homeDirectory}/.ssh/authorized_keys"; |
| 48 |
print "Created ssh authorized keys file for $uid\n"; |
| 49 |
}; |
| 50 |
|
| 51 |
system("mkgroup-sshlpk -o '${homeDirectory}/.ssh/authorized_keys' --uid '$uid'"); |
| 52 |
} |
| 53 |
|
Parent Directory
| 
Revision Log