diff options
| -rw-r--r-- | debian/itzks-systems-mainserver.install | 1 | ||||
| -rwxr-xr-x | sbin/itzks-check-ldap-group-not-in-correct-ou | 57 |
2 files changed, 58 insertions, 0 deletions
diff --git a/debian/itzks-systems-mainserver.install b/debian/itzks-systems-mainserver.install index d8efe24..654bef2 100644 --- a/debian/itzks-systems-mainserver.install +++ b/debian/itzks-systems-mainserver.install @@ -9,6 +9,7 @@ sbin/itzks-transfer-create usr/sbin/ sbin/itzks-transfer-cleaner usr/sbin/ sbin/itzks-reset-userprofile usr/sbin/ sbin/itzks-puppet-autosign-new-host-certificates usr/sbin/ +sbin/itzks-check-ldap-group-not-in-correct-ou usr/sbin/ usr-lib-nagios-plugins/check_puppetmaster* usr/lib/nagios/plugins/ usr-lib-nagios-plugins/check_squid usr/lib/nagios/plugins/ share/debian-edu-config/tools/gosa-*-itzks usr/share/debian-edu-config/tools/ diff --git a/sbin/itzks-check-ldap-group-not-in-correct-ou b/sbin/itzks-check-ldap-group-not-in-correct-ou new file mode 100755 index 0000000..5a1057f --- /dev/null +++ b/sbin/itzks-check-ldap-group-not-in-correct-ou @@ -0,0 +1,57 @@ +#!/bin/sh + +# Copyright (C) 2023 by Mike Gabriel <mike.gabriel@it-zukunft-schule.de> + +# This script is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This script is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the +# Free Software Foundation, Inc., +# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + +OUTPUT_CMD=${OUTPUT_CMD:-cat} + +set -e + +ldapsearch -xLLL "(&(uid=*)(objectClass=posixAccount)(!(objectClass=gosaUserTemplate)))" \ + dn uid 2>/dev/null | perl -p0e 's/\n //g' | \ +while read KEY VALUE ; do + case "$KEY" in + dn:) UID=; USERDN="$VALUE" ;; + dn::) UID=; USERDN="$(echo $VALUE | base64 -d)" ;; + uid:) UID="$VALUE" ;; + "") + ldapsearch -xLLL "(&(cn=$UID)(objectClass=posixGroup))" \ + dn 2>/dev/null | perl -p0e 's/\n //g' | \ + while read G_KEY G_VALUE ; do + case "$G_KEY" in + dn:) GROUPDN="$G_VALUE" ;; + dn::) GROUPDN="$(echo $G_VALUE | base64 -d)" ;; + "") + U_BASEDN=$(echo $USERDN | cut -d"," -f3-) + G_BASEDN=$(echo $GROUPDN | cut -d"," -f3-) + + if [ "${U_BASEDN}" != "${G_BASEDN}" ]; then + ( + echo "${USERDN}"; \ + echo "${GROUPDN} -> ${U_BASEDN}"; \ + echo; ) | ${OUTPUT_CMD} + + fi + + ;; + esac + done + ;; + esac +done + +exit 0 |