Relocate ldapscripts to stx-integ/ldap/ldapscripts

Move content from stx-gplv2 into stx-integ Packages will be relocated to stx-integ: base/ bash cgcs-users cluster-resource-agents dpkg haproxy libfdt netpbm rpm database/ mariadb filesystem/ iscsi-initiator-utils filesystem/drbd/ drbd-tools kernel/kernel-modules/ drbd integrity intel-e1000e intel-i40e intel-i40evf intel-ixgbe intel-ixgbevf qat17 tpmdd ldap/ ldapscripts networking/ iptables net-tools Change-Id: I4d0aa1d13de96cf498523b084137d76cb4720cfc Story: 2002801 Task: 22687 Signed-off-by: Scott Little <scott.little@windriver.com>
author: Scott Little <scott.little@windriver.com> 2018-08-01 14:22:27 -0400
committer: Scott Little <scott.little@windriver.com> 2018-08-01 14:22:29 -0400
commit: 50808566f9229bec9ed019722d2227e42106c7dd (patch)
tree: 222676b0be558cb69e6f239503101c0c87d3ac65
parent: 51f969296b3d7a2dc4277d57f4f97a563b8c0550 (diff)
18 files changed, 0 insertions, 1435 deletions
diff --git a/centos_pkg_dirs b/centos_pkg_dirs
index d04671c..9d28c78 100644
--- a/centos_pkg_dirs
+++ b/centos_pkg_dirs
@@ -1,5 +1,4 @@
 iptables
-ldapscripts
 net-tools
 drbd-tools
 mariadb
diff --git a/ldapscripts/PKG-INFO b/ldapscripts/PKG-INFO
deleted file mode 100644
index a5f4eb3..0000000
--- a/ldapscripts/PKG-INFO
+++ /dev/null
@@ -1,14 +0,0 @@
-Metadata-Version: 1.1
-Name: ldapscripts
-Version: 2.0.8
-Summary: ldapscripts
-Home-page: 
-Author:
-Author-email:
-License: GPLv2
-Description:
-Shell scripts that allow to manage POSIX accounts (users, groups, machines) in an LDAP directory.
-        
-Platform: UNKNOWN
diff --git a/ldapscripts/centos/build_srpm.data b/ldapscripts/centos/build_srpm.data
deleted file mode 100644
index 5327613..0000000
--- a/ldapscripts/centos/build_srpm.data
+++ /dev/null
@@ -1,3 +0,0 @@
-COPY_LIST="files/* \
-           $CGCS_BASE/downloads/ldapscripts-2.0.8.tgz"
-TIS_PATCH_VER=2
diff --git a/ldapscripts/centos/ldapscripts.spec b/ldapscripts/centos/ldapscripts.spec
deleted file mode 100644
index 263e38d..0000000
--- a/ldapscripts/centos/ldapscripts.spec
+++ /dev/null
@@ -1,75 +0,0 @@
-Name: ldapscripts
-Version: 2.0.8
-Release: 0%{?_tis_dist}.%{tis_patch_ver}
-Summary: ldapscripts
-Group: base
-License: GPLv2
-URL: unknown
-Source0: %{name}-%{version}.tgz
-Source1: ldapscripts.conf.cgcs
-Source2: ldapadduser.template.cgcs
-Source3: ldapaddgroup.template.cgcs
-Source4: ldapmoduser.template.cgcs
-Source5: ldapaddsudo.template.cgcs
-Source6: ldapmodsudo.template.cgcs
-Source7: ldapscripts.passwd
-Patch0: sudo-support.patch
-Patch1: sudo-delete-support.patch
-Patch2: log_timestamp.patch
-Patch3: ldap-user-setup-support.patch
-Patch4: ldap-user-setup-support-input-validation.patch
-Patch5: ldap-user-setup-noninteractive-mode-fix.patch
-Patch6: allow-anonymous-bind-for-ldap-search.patch
-%define debug_package %{nil}
-# BuildRequires:        
-# Requires:     
-%description
-Shell scripts that allow to manage POSIX accounts (users, groups, machines) in an LDAP directory.
-%prep
-%setup -q
-%patch0 -p1
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
-%build
-%install
-make install DESTDIR=%{buildroot}
-rm -Rf %{buildroot}/usr/local/man
-rm -f %{buildroot}/usr/local/sbin/*machine*
-rm -f %{buildroot}/usr/local/etc/ldapscripts/ldapaddmachine.template.sample
-install -d ldroot}}/usr/local/etc/
-install -m 644 %{SOURCE1} %{buildroot}/usr/local/etc/ldapscripts/ldapscripts.conf
-install -m 644 %{SOURCE2} %{buildroot}/usr/local/etc/ldapscripts/ldapadduser.template.cgcs
-install -m 644 %{SOURCE3} %{buildroot}/usr/local/etc/ldapscripts/ldapaddgroup.template.cgcs
-install -m 644 %{SOURCE4} %{buildroot}/usr/local/etc/ldapscripts/ldapmoduser.template.cgcs
-install -m 644 %{SOURCE5} %{buildroot}/usr/local/etc/ldapscripts/ldapaddsudo.template.cgcs
-install -m 644 %{SOURCE6} %{buildroot}/usr/local/etc/ldapscripts/ldapmodsudo.template.cgcs
-install -m 600 %{SOURCE7} %{buildroot}/usr/local/etc/ldapscripts/ldapscripts.passwd
-%files
-%defattr(-,root,root,-)
-%dir /usr/local/etc/ldapscripts/
-%dir /usr/local/lib/ldapscripts/
-/usr/local/sbin/*
-%config(noreplace) /usr/local/etc/ldapscripts/ldapscripts.passwd
-/usr/local/etc/ldapscripts/*
-/usr/local/lib/ldapscripts/*
-%changelog
diff --git a/ldapscripts/files/allow-anonymous-bind-for-ldap-search.patch b/ldapscripts/files/allow-anonymous-bind-for-ldap-search.patch
deleted file mode 100644
index e2e0129..0000000
--- a/ldapscripts/files/allow-anonymous-bind-for-ldap-search.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From bee43b9f75ee7a2cee0391319528264014d775f7 Mon Sep 17 00:00:00 2001
-From: Kam Nasim <kam.nasim@windriver.com>
-Date: Mon, 16 Apr 2018 14:58:03 -0400
-Subject: [PATCH] ldapscripts - allow anonymous bind for ldap search
---
- lib/runtime | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-diff --git a/lib/runtime b/lib/runtime
-index 012ac95..18acf3f 100644
--- a/lib/runtime
-+++ b/lib/runtime
-@@ -197,8 +197,11 @@ _ldapsearch () {
-   elif [ -n "$BINDPWDFILE" ]
-   then
-     $LDAPSEARCHBIN $LDAPBINOPTS $LDAPSEARCHOPTS -y "$BINDPWDFILE" -D "$BINDDN" -b "${1:-$SUFFIX}" -xH "$SERVER" -s sub -LLL "${2:-(objectclass=*)}" "${3:-*}" 2>>"$LOGFILE" 
-  else
-+  elif [ -n "$BINDPWD" ]
-+  then
-     $LDAPSEARCHBIN $LDAPBINOPTS $LDAPSEARCHOPTS -w "$BINDPWD" -D "$BINDDN" -b "${1:-$SUFFIX}" -xH "$SERVER" -s sub -LLL "${2:-(objectclass=*)}" "${3:-*}" 2>>"$LOGFILE" 
-+  else
-+    $LDAPSEARCHBIN $LDAPBINOPTS $LDAPSEARCHOPTS -D "$BINDDN" -b "${1:-$SUFFIX}" -xH "$SERVER" -s sub -LLL "${2:-(objectclass=*)}" "${3:-*}" 2>>"$LOGFILE" 
-   fi
- }
- 
-@@ -785,7 +788,7 @@ then
-     then
-       warn_log "Warning : using command-line passwords, ldapscripts may not be safe"
-     else
-      end_die "Unable to read password file $BINDPWDFILE, exiting..."
-+      warn_log "Warning: Unable to read password file $BINDPWDFILE, binding anonymously..."
-     fi
-   fi
- fi
-- 
-1.8.3.1
diff --git a/ldapscripts/files/ldap-user-setup-noninteractive-mode-fix.patch b/ldapscripts/files/ldap-user-setup-noninteractive-mode-fix.patch
deleted file mode 100644
index da3b20f..0000000
--- a/ldapscripts/files/ldap-user-setup-noninteractive-mode-fix.patch
+++ /dev/null
@@ -1,15 +0,0 @@
---
- sbin/ldapusersetup |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
--- a/sbin/ldapusersetup
-+++ b/sbin/ldapusersetup
-@@ -105,7 +105,7 @@ LdapAddLoginShell () {
-         ;;
-     esac
-   else
-    shellopn=${$2,,}
-+    shellopn=${2,,}
-     case $shellopn in
-       "bash") _SHELL="/bin/sh";;
-       "lshell") _SHELL="$_DEFAULTLSHELL";;
diff --git a/ldapscripts/files/ldap-user-setup-support-input-validation.patch b/ldapscripts/files/ldap-user-setup-support-input-validation.patch
deleted file mode 100644
index 91caf1a..0000000
--- a/ldapscripts/files/ldap-user-setup-support-input-validation.patch
+++ /dev/null
@@ -1,87 +0,0 @@
---
- sbin/ldapusersetup |   45 ++++++++++++++++++++++++++++++++++-----------
- 1 file changed, 34 insertions(+), 11 deletions(-)
--- a/sbin/ldapusersetup
-+++ b/sbin/ldapusersetup
-@@ -44,6 +44,29 @@ _SHELL=""
- 
- ### Helper functions ###
- 
-+# Gets input from user and validates it.
-+# Will only return if input meets validation
-+# criteria otherwise will just sit there.
-+#
-+# Input : input string ($1), valid output options ($2)
-+# Output: the validated input
-+# Note  : the validation list must be an array
-+LdapUserInput () {
-+declare -a optionAry=("${!2}")
-+while true; do
-+    read -p "$1" _output
-+    # convert to lower case
-+    _output2=${_output,,}
-+    # check if output is a valid option
-+    if [[ "${optionAry[@]}" =~ "$_output2" ]]; then
-+       break
-+    else
-+       echo "Invalid input \"$_output\". Allowed options: ${optionAry[@]}" >&2
-+   fi
-+done
-+   echo "$_output2"
-+}
-+
- # Delete an ldap user if it exists
- # and exit with error
- # Input : username ($1), exit msg ($2)
-@@ -67,10 +90,12 @@ LdapAddUser() {
- LdapAddLoginShell () {
-   if [ -z "$2" ]; then
-     # Ask the user for the login shell
-    echo "Select Login Shell option # [2]: 
-+    shellInput="Select Login Shell option # [2]: 
- 1) Bash
-2) Lshell"
-    read opn
-+2) Lshell
-+"
-+    options=( 1, 2 )
-+    opn=`LdapUserInput "$shellInput" options[@]`
-     case $opn in
-       1) _SHELL="/bin/sh";;
-       2) _SHELL="$_DEFAULTLSHELL";;
-@@ -139,7 +164,6 @@ LdapUpdateShadowWarning () {
-   echo "Updating password expiry to $_newWarning days"
- }
- 
-
- # Since this setup script is meant to be a
- # wrapper on top of existing ldap scripts,
- # it share invoke those... we could have achieved
-@@ -170,10 +194,9 @@ if [ "$#" -eq 0 ]; then
-   # prompt for sudo permissions
-   if [ "$_SHELL" != "$_DEFAULTLSHELL" ]; then
-     # Should sudo be activated for this user
-    echo -n "Add $_username to sudoer list? (yes/NO): "
-    read CONFIRM
-    CONFIRM=${CONFIRM,,}
-
-+    shellInput="Add $_username to sudoer list? (yes/NO): "
-+    options=( "yes", "no" )
-+    CONFIRM=`LdapUserInput "$shellInput" options[@]`
-     if is_yes $CONFIRM
-     then
-       LdapAddSudo "$_username"
-@@ -181,9 +204,9 @@ if [ "$#" -eq 0 ]; then
-   fi
- 
-   # Add to secondary user group
-  echo -n "Add $_username to secondary user group? (yes/NO): "
-  read CONFIRM
-  CONFIRM=${CONFIRM,,}
-+  shellInput="Add $_username to secondary user group? (yes/NO): "
-+  options=( "yes", "no" )
-+  CONFIRM=`LdapUserInput "$shellInput" options[@]`
-   if is_yes $CONFIRM
-   then
-     echo -n "Secondary group to add user to? [$_DEFAULTGRP2]: "
diff --git a/ldapscripts/files/ldap-user-setup-support.patch b/ldapscripts/files/ldap-user-setup-support.patch
deleted file mode 100644
index c24576f..0000000
--- a/ldapscripts/files/ldap-user-setup-support.patch
+++ /dev/null
@@ -1,354 +0,0 @@
---
- Makefile                 |    5 
- man/man1/ldapusersetup.1 |   61 ++++++++++
- sbin/ldapusersetup       |  263 +++++++++++++++++++++++++++++++++++++++++++++++
- 3 files changed, 327 insertions(+), 2 deletions(-)
--- /dev/null
-+++ b/sbin/ldapusersetup
-@@ -0,0 +1,263 @@
-+#!/bin/sh
-+
-+#  ldapusersetup : interactive setup for adding users to LDAP
-+
-+#  Copyright (c) 2015 Wind River Systems, Inc.
-+#
-+#  This program is free software; you can redistribute it and/or
-+#  modify it under the terms of the GNU General Public License
-+#  as published by the Free Software Foundation; either version 2
-+#  of the License, or (at your option) any later version.
-+#
-+#  This program is distributed in the hope that it will be useful,
-+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+#  GNU General Public License for more details.
-+#
-+#  You should have received a copy of the GNU General Public License
-+#  along with this program; if not, write to the Free Software
-+#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-+#  USA.
-+
-+if [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$#" -eq 1 ]
-+then
-+  echo "Usage : $0 [-u <username | uid> <field> <value>]
-+where accepted field(s) are as follows:
-+--sudo                        : whether to add this user to sudoer list
-+--shell <\"bash\"|\"lshell\"> : choose the shell for this user (default is lshell)
-+--secondgroup <grp>           : the secondary group to add this user to
-+--passmax     <value>         : the shadowMax value for this user
-+--passwarning <value>         : the shadowWarning value for this user"
-+  exit 1
-+fi
-+
-+# Source runtime file
-+_RUNTIMEFILE="/usr/lib/ldapscripts/runtime"
-+. "$_RUNTIMEFILE"
-+
-+# runtime defaults
-+_DEFAULTGRP2="wrs_protected"
-+_DEFAULTLSHELL="/usr/local/bin/cgcs_cli"
-+_DEFAULTSHADOWMAX="90"
-+_DEFAULTSHADOWWARNING="2"
-+_SHELL=""
-+
-+### Helper functions ###
-+
-+# Delete an ldap user if it exists
-+# and exit with error
-+# Input : username ($1), exit msg ($2)
-+# Output : none
-+LdapRollback() {
-+  ldapdeleteuser "$1"
-+  end_die "$2"
-+}
-+
-+# Add an ldap user and exit on failure
-+# Input : username ($1)
-+# Output : none
-+LdapAddUser() {
-+  ldapadduser "$1" users
-+  [ $? -eq 0 ] || end_die "Critical setup error: cannot add user"
-+}
-+
-+# Replace Login Shell and call Rollback on failure
-+# Input : username ($1), shell to set ($2)
-+# Output : none
-+LdapAddLoginShell () {
-+  if [ -z "$2" ]; then
-+    # Ask the user for the login shell
-+    echo "Select Login Shell option # [2]: 
-+1) Bash
-+2) Lshell"
-+    read opn
-+    case $opn in
-+      1) _SHELL="/bin/sh";;
-+      2) _SHELL="$_DEFAULTLSHELL";;
-+      *)
-+        [ ! -z "$opn" ] && echo "Invalid option. Selecting Lshell"
-+         _SHELL="$_DEFAULTLSHELL"
-+        ;;
-+    esac
-+  else
-+    shellopn=${$2,,}
-+    case $shellopn in
-+      "bash") _SHELL="/bin/sh";;
-+      "lshell") _SHELL="$_DEFAULTLSHELL";;
-+      *)
-+         echo "Invalid option($2). Selecting Lshell"; _SHELL="$_DEFAULTLSHELL"
-+        ;;
-+    esac
-+  fi
-+  # Replace the login shell
-+  ldapmodifyuser $1 replace loginShell $_SHELL &> /dev/null
-+  [ $? -eq 0 ] || LdapRollback $1 "Critical setup error: cannot set login shell"
-+}
-+
-+# Add user to sudoer list
-+# Input : username ($1)
-+# Output : true or false
-+LdapAddSudo() {
-+  ldapaddsudo "$1" 2> /dev/null
-+  [ $? -eq 0 ] || \
-+   echo_log "Non critical setup error: cannot add to sudoer list"
-+}
-+
-+# Add user to a secondary user group
-+# Input : username ($1), user group ($2)
-+# Output : true or false
-+LdapSecondaryGroup () {
-+  _newGrp="$2"
-+  [ -z "$2" ] && _newGrp=$_DEFAULTGRP2
-+
-+  ldapaddusertogroup $1 $_newGrp
-+  [ $? -eq 0 ] || \
-+   echo_log "Non critical setup error: cannot add $1 to $_newGrp"
-+}
-+
-+# Update shadowMax for user
-+# Input : username ($1), shadow Max value ($2)
-+# Output : none
-+LdapUpdateShadowMax () {
-+  _newShadow="$2"
-+  ! [[ "$2" =~ ^[0-9]+$ ]] || [ -z "$2" ] \
-+   && _newShadow=$_DEFAULTSHADOWMAX
-+
-+  ldapmodifyuser $1 replace shadowMax $_newShadow
-+  echo "Updating password expiry to $_newShadow days"
-+}
-+
-+# Update shadowWarning for user
-+# Input : username ($1), shadow Warning value ($2)
-+# Output : none
-+LdapUpdateShadowWarning () {
-+  _newWarning="$2"
-+  ! [[ "$2" =~ ^[0-9]+$ ]] || [ -z "$2" ] \
-+   && _newWarning=$_DEFAULTSHADOWWARNING
-+
-+  ldapmodifyuser $1 replace shadowWarning $_newWarning
-+  echo "Updating password expiry to $_newWarning days"
-+}
-+
-+
-+# Since this setup script is meant to be a
-+# wrapper on top of existing ldap scripts,
-+# it share invoke those... we could have achieved
-+# loose coupling by not relying on helpers but
-+# at the expense of massively redundant code
-+# duplication.
-+declare -a helper_scripts=("ldapadduser" "ldapaddsudo" "ldapmodifyuser" "ldapaddusertogroup" "$_DEFAULTLSHELL")
-+
-+# Do some quick sanity tests to make sure
-+# helper scripts are present
-+for src in "${helper_scripts[@]}"; do
-+  if ! type "$src" &>/dev/null; then
-+    end_die "Cannot locate $src. Update your PATH variable"
-+  fi
-+done
-+
-+if [ "$#" -eq 0 ]; then
-+  # This setup collects all attributes
-+  # interactively during runtime
-+  echo -n "Enter username to add to LDAP: "
-+  read _username
-+  LdapAddUser "$_username"
-+
-+  # Replace the login shell. We will prompt the user for this
-+  LdapAddLoginShell "$_username"
-+
-+  # If login shell is NOT the default limited shell then
-+  # prompt for sudo permissions
-+  if [ "$_SHELL" != "$_DEFAULTLSHELL" ]; then
-+    # Should sudo be activated for this user
-+    echo -n "Add $_username to sudoer list? (yes/NO): "
-+    read CONFIRM
-+    CONFIRM=${CONFIRM,,}
-+
-+    if is_yes $CONFIRM
-+    then
-+      LdapAddSudo "$_username"
-+    fi
-+  fi
-+
-+  # Add to secondary user group
-+  echo -n "Add $_username to secondary user group? (yes/NO): "
-+  read CONFIRM
-+  CONFIRM=${CONFIRM,,}
-+  if is_yes $CONFIRM
-+  then
-+    echo -n "Secondary group to add user to? [$_DEFAULTGRP2]: "
-+    read _grp2
-+    LdapSecondaryGroup $_username $_grp2
-+  fi
-+
-+  # Set password expiry
-+  echo -n "Enter days after which user password must \
-+be changed [$_DEFAULTSHADOWMAX]: "
-+  read _shadowMax
-+  LdapUpdateShadowMax $_username $_shadowMax
-+
-+  # Set password warning
-+  echo -n "Enter days before password is to expire that \
-+user is warned [$_DEFAULTSHADOWWARNING]: "
-+  read _shadowWarning
-+  LdapUpdateShadowWarning $_username $_shadowWarning
-+
-+else
-+  # we have to read command line option
-+  while [[ $# > 1 ]]
-+  do
-+    key="$1"
-+
-+    case $key in
-+       -u|--user) # compulsory
-+       _username="$2"
-+       shift
-+       ;;
-+       --sudo)      # optional
-+       _sudo="yes"
-+       ;;
-+       --shell)     # optional
-+        _loginshell="$2"
-+       shift
-+       ;;
-+       --passmax) # optional
-+       _shadowMax="$2"
-+       shift
-+       ;;
-+       --passwarning) # optional
-+       _shadowWarning="$2"
-+       shift
-+       ;;
-+       --secondgroup) # optional
-+        _grpConfirm="1"
-+       _grp2="$2"
-+       shift
-+       ;;
-+       *)
-+
-+       ;;
-+    esac
-+    shift
-+  done
-+
-+  # Add LDAP user
-+  [ -z "$_username" ] && end_die "No username argument specified"
-+  LdapAddUser $_username
-+
-+  # Change Login Shell
-+  LdapAddLoginShell $_username "$_loginshell"
-+
-+  # Add sudo if required
-+  if is_yes $_sudo
-+  then
-+    LdapAddSudo "$_username"
-+  fi
-+
-+  # Add secondary group if required
-+  [ -z "$_grpConfirm" ] || LdapSecondaryGroup $_username $_grp2
-+
-+  # Password modifications
-+  LdapUpdateShadowMax $_username $_shadowMax
-+  LdapUpdateShadowWarning $_username $_shadowWarning
-+fi
--- a/Makefile
-+++ b/Makefile
-@@ -41,12 +41,13 @@ SBINFILES = ldapdeletemachine ldapmodify
-                        ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \
-                        ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \
-                        ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \
-                       ldaprenameuser ldapmodifysudo ldapdeletesudo
-+                       ldaprenameuser ldapmodifysudo ldapdeletesudo ldapusersetup
- MAN1FILES =    ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \
-                        ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \
-                        ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \
-                        ldapdeletegroup.1 ldapsetprimarygroup.1 ldapmodifygroup.1 ldaprenamegroup.1 \
-                       ldapaddmachine.1 ldapdeleteuser.1 ldapaddsudo.1 ldapmodifysudo.1 ldapdeletesudo.1
-+                       ldapaddmachine.1 ldapdeleteuser.1 ldapaddsudo.1 ldapmodifysudo.1 \
-+                       ldapdeletesudo.1 ldapusersetup.1
- MAN5FILES = ldapscripts.5
- TMPLFILES = ldapaddgroup.template.sample ldapaddmachine.template.sample \
-                        ldapadduser.template.sample
--- /dev/null
-+++ b/man/man1/ldapusersetup.1
-@@ -0,0 +1,61 @@
-+.\" Copyright (c) 2015 Wind River Systems, Inc.
-+.\"
-+.\" This program is free software; you can redistribute it and/or
-+.\" modify it under the terms of the GNU General Public License
-+.\" as published by the Free Software Foundation; either version 2
-+.\" of the License, or (at your option) any later version.
-+.\"
-+.\" This program is distributed in the hope that it will be useful,
-+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
-+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+.\" GNU General Public License for more details.
-+.\"
-+.\" You should have received a copy of the GNU General Public License
-+.\" along with this program; if not, write to the Free Software
-+.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-+.\" USA.
-+.\"
-+.\" Kam Nasim
-+.\" knasim@windriver.com
-+.\"
-+.TH ldapusersetup 1 "December 16, 2015"
-+
-+.SH NAME
-+ldapusersetup \- wizard for adding an LDAP user to CGCS.
-+
-+.SH SYNOPSIS
-+.B ldapusersetup
-+
-+.SH DESCRIPTION
-+ldapusersetup interactively walks through the process of creating an LDAP user
-+for access to CGCS services. The user is prompted for:
-+- username
-+- if a sudoEntry needs to be created
-+- if a secondary user group needs to be added
-+- user password expiry and warning configuration
-+Alternatively, the user may provide these parameters as command line actions.
-+Look at the OPTIONS section for more information.
-+
-+To delete the user and all its group associations, simply use ldapdeleteuser(1)
-+
-+.SH OPTIONS
-+.TP
-+.B [-u <username | uid> <field> <value>]
-+The name or uid of the user to modify.
-+The following fields are available as long format options:
-+--sudo                  : whether to add this user to sudoer list
-+--shell <bash | lshell> : which login shell to use (default is lshell)
-+--secondgroup <grp>     : the secondary group to add this user to
-+--passmax     <value>   : the shadowMax value for this user
-+--passwarning <value>   : the shadowWarning value for this user"
-+
-+.SH "SEE ALSO"
-+ldapdeleteuser(1), ldapaddgroup(1), ldapaddusertogroup(1), ldapmodifyuser(1), ldapscripts(5).
-+
-+.SH AVAILABILITY
-+The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
-+The latest version of the ldapscripts is available on :
-+.B http://contribs.martymac.org
-+
-+.SH BUGS
-+No bug known.
diff --git a/ldapscripts/files/ldapaddgroup.template.cgcs b/ldapscripts/files/ldapaddgroup.template.cgcs
deleted file mode 100755
index b34c105..0000000
--- a/ldapscripts/files/ldapaddgroup.template.cgcs
+++ /dev/null
@@ -1,5 +0,0 @@
-dn: cn=<group>,<gsuffix>,<suffix>
-objectClass: posixGroup
-cn: <group>
-gidNumber: <gid>
-description: Group account
diff --git a/ldapscripts/files/ldapaddsudo.template.cgcs b/ldapscripts/files/ldapaddsudo.template.cgcs
deleted file mode 100755
index f93170d..0000000
--- a/ldapscripts/files/ldapaddsudo.template.cgcs
+++ /dev/null
@@ -1,10 +0,0 @@
-dn: cn=<user>,ou=SUDOers,<suffix>
-objectClass: top
-objectClass: sudoRole
-cn: <user>
-sudoUser: <user>
-sudoHost: ALL
-sudoRunAsUser: ALL
-sudoCommand: ALL
-#sudoOrder: <default: 0, if multiple entries match, this entry with the highest sudoOrder is used>
-#sudoOption: <specify other sudo specific attributes here>
diff --git a/ldapscripts/files/ldapadduser.template.cgcs b/ldapscripts/files/ldapadduser.template.cgcs
deleted file mode 100755
index 29f3ccc..0000000
--- a/ldapscripts/files/ldapadduser.template.cgcs
+++ /dev/null
@@ -1,16 +0,0 @@
-dn: uid=<user>,<usuffix>,<suffix>
-objectClass: account
-objectClass: posixAccount
-objectClass: shadowAccount
-objectClass: top
-cn: <user>
-uid: <user>
-uidNumber: <uid>
-gidNumber: <gid>
-shadowMax: 99999
-shadowWarning: 7
-shadowLastChange: 0
-homeDirectory: <home>
-loginShell: <shell>
-gecos: <user>
-description: User account
diff --git a/ldapscripts/files/ldapmodsudo.template.cgcs b/ldapscripts/files/ldapmodsudo.template.cgcs
deleted file mode 100755
index c79705f..0000000
--- a/ldapscripts/files/ldapmodsudo.template.cgcs
+++ /dev/null
@@ -1,4 +0,0 @@
-dn: cn=<user>,ou=SUDOers,<suffix>
-changeType: modify
-<action>: <field>
-<field>: <value>
diff --git a/ldapscripts/files/ldapmoduser.template.cgcs b/ldapscripts/files/ldapmoduser.template.cgcs
deleted file mode 100755
index f192024..0000000
--- a/ldapscripts/files/ldapmoduser.template.cgcs
+++ /dev/null
@@ -1,4 +0,0 @@
-dn: uid=<user>,<usuffix>,<suffix>
-changeType: modify
-<action>: <field>
-<field>: <value>
diff --git a/ldapscripts/files/ldapscripts.conf.cgcs b/ldapscripts/files/ldapscripts.conf.cgcs
deleted file mode 100755
index 9350dd3..0000000
--- a/ldapscripts/files/ldapscripts.conf.cgcs
+++ /dev/null
@@ -1,152 +0,0 @@
-#  Copyright (C) 2005 Gana�l LAPLANCHE - Linagora
-#  Copyright (C) 2006-2013 Gana�l LAPLANCHE
-#
-#  This program is free software; you can redistribute it and/or
-#  modify it under the terms of the GNU General Public License
-#  as published by the Free Software Foundation; either version 2
-#  of the License, or (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-#  USA.
-# LDAP server
-SERVER="ldap://controller"
-# Suffixes
-SUFFIX="dc=cgcs,dc=local" # Global suffix
-GSUFFIX="ou=Group"        # Groups ou (just under $SUFFIX)
-USUFFIX="ou=People"       # Users ou (just under $SUFFIX)
-MSUFFIX="ou=Machines"     # Machines ou (just under $SUFFIX)
-# Authentication type
-# If empty, use simple authentication
-# Else, use the value as an SASL authentication mechanism
-SASLAUTH=""
-#SASLAUTH="GSSAPI"
-# Simple authentication parameters
-# The following BIND* parameters are ignored if SASLAUTH is set
-BINDDN="cn=ldapadmin,dc=cgcs,dc=local"
-# The following file contains the raw password of the BINDDN
-# Create it with something like : echo -n 'secret' > $BINDPWDFILE
-# WARNING !!!! Be careful not to make this file world-readable
-BINDPWDFILE="/usr/local/etc/ldapscripts/ldapscripts.passwd"
-# For older versions of OpenLDAP, it is still possible to use
-# unsecure command-line passwords by defining the following option
-# AND commenting the previous one (BINDPWDFILE takes precedence)
-#BINDPWD="secret"
-# Start with these IDs *if no entry found in LDAP*
-GIDSTART="10000" # Group ID
-UIDSTART="10000" # User ID
-MIDSTART="20000" # Machine ID
-# Group membership management
-# ObjectCLass used for groups
-# Possible values : posixGroup, groupOfNames, groupOfUniqueNames (case-sensitive !)
-# Warning : when using groupOf*, be sure to be compliant with RFC 2307bis (AUXILIARY posixGroup).
-# Also, do not mix posixGroup and groupOf* entries up in you directory as, within RFC 2307bis,
-# the former is a subset of the latter. The ldapscripts wouldn't cope well with this configuration.
-GCLASS="posixGroup"   # Leave "posixGroup" here if not sure !
-# When using  groupOfNames or groupOfUniqueNames, creating a group requires an initial
-# member. Specify it below, you will be able to remove it once groups are populated.
-#GDUMMYMEMBER="uid=dummy,$USUFFIX,$SUFFIX"
-# User properties
-USHELL="/bin/sh"
-UHOMES="/home/%u"     # You may use %u for username here
-CREATEHOMES="no"      # Create home directories and set rights ?
-HOMESKEL="/etc/skel"  # Directory where the skeleton files are located. Ignored if undefined or nonexistant.
-HOMEPERMS="700"       # Default permissions for home directories
-# User passwords generation
-# Command-line used to generate a password for added users.
-# You may use %u for username here ; special value "<ask>" will ask for a password interactively
-# WARNING    !!!! This is evaluated, everything specified here will be run !
-# WARNING(2) !!!! Some systems (Linux) use a blocking /dev/random (waiting for enough entropy).
-#                 In this case, consider using /dev/urandom instead.
-#PASSWORDGEN="cat /dev/random | LC_ALL=C tr -dc 'a-zA-Z0-9' | head -c8"
-#PASSWORDGEN="pwgen"
-#PASSWORDGEN="echo changeme"
-PASSWORDGEN="echo %u"
-#PASSWORDGEN="<ask>"
-# User passwords recording
-# you can keep trace of generated passwords setting PASSWORDFILE and RECORDPASSWORDS
-# (useful when performing a massive creation / net rpc vampire)
-# WARNING !!!! DO NOT FORGET TO DELETE THE GENERATED FILE WHEN DONE !
-# WARNING !!!! DO NOT FORGET TO TURN OFF RECORDING WHEN DONE !
-RECORDPASSWORDS="no"
-PASSWORDFILE="/var/log/ldapscripts_passwd.log"
-# Where to log
-LOGFILE="/var/log/ldapscripts.log"
-# Temporary folder
-TMPDIR="/tmp"
-# Various binaries used within the scripts
-# Warning : they also use uuencode, date, grep, sed, cut, which... 
-# Please check they are installed before using these scripts
-# Note that many of them should come with your OS
-# OpenLDAP client commands
-LDAPSEARCHBIN="/usr/bin/ldapsearch"
-LDAPADDBIN="/usr/bin/ldapadd"
-LDAPDELETEBIN="/usr/bin/ldapdelete"
-LDAPMODIFYBIN="/usr/bin/ldapmodify"
-LDAPMODRDNBIN="/usr/bin/ldapmodrdn"
-LDAPPASSWDBIN="/usr/bin/ldappasswd"
-# OpenLDAP client common additional options
-# This allows for adding more configuration options to the OpenLDAP clients, e.g. '-ZZ' to enforce TLS
-#LDAPBINOPTS="-ZZ"
-# OpenLDAP ldapsearch-specific additional options
-# The following option disables long-line wrapping (which makes the scripts bug
-# when handling long lines). The option was introduced in OpenLDAP 2.4.24, so
-# comment it if you are using OpenLDAP < 2.4.24.
-LDAPSEARCHOPTS="-o ldif-wrap=no"
-# And here is an example to activate paged results
-#LDAPSEARCHOPTS="-E pr=500/noprompt"
-# Character set conversion : $ICONVCHAR <-> UTF-8
-# Comment ICONVBIN to disable UTF-8 conversion
-# ICONVBIN="/usr/bin/iconv"
-# ICONVCHAR=""
-# Base64 decoding
-# Comment UUDECODEBIN to disable Base64 decoding
-#UUDECODEBIN="/usr/bin/uudecode"
-# Getent command to use - choose the ones used
-# on your system. Leave blank or comment for auto-guess.
-# GNU/Linux
-GETENTPWCMD="getent passwd"
-GETENTGRCMD="getent group"
-# FreeBSD
-#GETENTPWCMD="pw usershow"
-#GETENTGRCMD="pw groupshow"
-# Auto
-#GETENTPWCMD=""
-#GETENTGRCMD=""
-# You can specify custom LDIF templates here
-# Leave empty to use default templates
-# See *.template.sample for default templates
-#GTEMPLATE="/path/to/ldapaddgroup.template"
-#UTEMPLATE="/path/to/ldapadduser.template"
-#MTEMPLATE="/path/to/ldapaddmachine.template"
-GTEMPLATE="/usr/local/etc/ldapscripts/ldapaddgroup.template.cgcs"
-UTEMPLATE="/usr/local/etc/ldapscripts/ldapadduser.template.cgcs"
-UMTEMPLATE="/usr/local/etc/ldapscripts/ldapmoduser.template.cgcs"
-STEMPLATE="/usr/local/etc/ldapscripts/ldapaddsudo.template.cgcs"
-SMTEMPLATE="/usr/local/etc/ldapscripts/ldapmodsudo.template.cgcs"
-MTEMPLATE=""
diff --git a/ldapscripts/files/ldapscripts.passwd b/ldapscripts/files/ldapscripts.passwd
deleted file mode 100644
index 385336f..0000000
--- a/ldapscripts/files/ldapscripts.passwd
+++ /dev/null
@@ -1 +0,0 @@
-_LDAPADMIN_PW_
diff --git a/ldapscripts/files/log_timestamp.patch b/ldapscripts/files/log_timestamp.patch
deleted file mode 100644
index a521d0e..0000000
--- a/ldapscripts/files/log_timestamp.patch
+++ /dev/null
@@ -1,15 +0,0 @@
---
- lib/runtime |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
--- a/lib/runtime
-+++ b/lib/runtime
-@@ -863,7 +863,7 @@ fi
- # Log command
- if [ "$LOGTOFILE" = "yes" ]
- then
-  log_to_file "$(date '+%b %d %H:%M:%S') $(uname -n | sed 's|\..*$||') ldapscripts: $(basename "$0")($USER): $0 $*"
-+  log_to_file "$(date '+%FT%T') $(uname -n | sed 's|\..*$||') ldapscripts: $(basename "$0")($USER): $0 $*"
- fi
- if [ "$LOGTOSYSLOG" = "yes" ]
- then
diff --git a/ldapscripts/files/sudo-delete-support.patch b/ldapscripts/files/sudo-delete-support.patch
deleted file mode 100644
index ed0d48e..0000000
--- a/ldapscripts/files/sudo-delete-support.patch
+++ /dev/null
@@ -1,352 +0,0 @@
---
- Makefile                  |    4 +--
- lib/runtime               |   15 ++++++++++++
- man/man1/ldapaddsudo.1    |   54 +++++++++++++++++++++++++++++++++++++++++++
- man/man1/ldapdeletesudo.1 |   46 +++++++++++++++++++++++++++++++++++++
- man/man1/ldapdeleteuser.1 |    5 ++--
- man/man1/ldapmodifysudo.1 |   57 ++++++++++++++++++++++++++++++++++++++++++++++
- man/man1/ldapmodifyuser.1 |   15 ++++++++---
- sbin/ldapdeletesudo       |   38 ++++++++++++++++++++++++++++++
- sbin/ldapdeleteuser       |    5 ++++
- sbin/ldapmodifysudo       |    2 -
- 10 files changed, 232 insertions(+), 9 deletions(-)
--- a/sbin/ldapdeleteuser
-+++ b/sbin/ldapdeleteuser
-@@ -46,6 +46,11 @@ _UDN="$_ENTRY"
- # Delete entry
- _ldapdelete "$_UDN" || end_die "Error deleting user $_UDN from LDAP"
-+
-+# Optionally, delete the sudoer entry if it exists
-+_ldapdeletesudo $1
-+[ $? -eq 2 ] && end_die "Found sudoEntry for user $_UDN but unable to delete"
-+
- # Finally, delete this user from all his secondary groups
- case $GCLASS in
-   posixGroup)
--- a/sbin/ldapmodifysudo
-+++ b/sbin/ldapmodifysudo
-@@ -1,6 +1,6 @@
- #!/bin/sh
- 
-#  ldapmodifyuser : modifies a sudo entry in an LDAP directory
-+#  ldapmodifysudo : modifies a sudo entry in an LDAP directory
- 
- #  Copyright (C) 2007-2013 Gana�l LAPLANCHE
- #  Copyright (C) 2014 Stephen Crooks
--- /dev/null
-+++ b/sbin/ldapdeletesudo
-@@ -0,0 +1,38 @@
-+#!/bin/sh
-+
-+#  ldapdeletesudo : deletes a sudoRole from LDAP
-+
-+#  Copyright (C) 2005 Gana�l LAPLANCHE - Linagora
-+#  Copyright (C) 2006-2013 Gana�l LAPLANCHE
-+#  Copyright (c) 2015 Wind River Systems, Inc.
-+#
-+#  This program is free software; you can redistribute it and/or
-+#  modify it under the terms of the GNU General Public License
-+#  as published by the Free Software Foundation; either version 2
-+#  of the License, or (at your option) any later version.
-+#
-+#  This program is distributed in the hope that it will be useful,
-+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+#  GNU General Public License for more details.
-+#
-+#  You should have received a copy of the GNU General Public License
-+#  along with this program; if not, write to the Free Software
-+#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-+#  USA.
-+
-+if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]
-+then
-+  echo "Usage : $0 <username>"
-+  exit 1
-+fi
-+
-+# Source runtime file
-+_RUNTIMEFILE="/usr/lib/ldapscripts/runtime"
-+. "$_RUNTIMEFILE"
-+
-+# Username = first argument
-+_ldapdeletesudo "$1"
-+[ $? -eq 0 ] || end_die "Unable to locate or delete sudoUser entry for $1"
-+
-+end_ok "Successfully deleted sudoUser entry for $1 from LDAP"
--- a/man/man1/ldapmodifyuser.1
-+++ b/man/man1/ldapmodifyuser.1
-@@ -1,4 +1,5 @@
- .\" Copyright (C) 2007-2017 Gana�l LAPLANCHE
-+.\" Copyright (c) 2015 Wind River Systems, Inc.
- .\"
- .\" This program is free software; you can redistribute it and/or
- .\" modify it under the terms of the GNU General Public License
-@@ -19,14 +20,14 @@
- .\" ganael.laplanche@martymac.org
- .\" http://contribs.martymac.org
- .\"
-.TH ldapmodifyuser 1 "August 22, 2007"
-+.TH ldapmodifyuser 1 "December 8, 2015"
- 
- .SH NAME
- ldapmodifyuser \- modifies a POSIX user account in LDAP interactively
- 
- .SH SYNOPSIS
- .B ldapmodifyuser
-.RB <username | uid>
-+.RB <username | uid> [<add | replace | delete> <field> <value>]
-  
- .SH DESCRIPTION
- ldapmodifyuser first looks for the right entry to modify. Once found, the entry is presented and you
-@@ -34,13 +35,18 @@ are prompted to enter LDIF data to modif
- The DN of the entry being modified is already specified : just begin with a changeType attribute or any
- other one(s) of your choice (in this case, the defaut changeType is 'modify').
- 
-+Alternatively, if an optional "action" argument <add | replace | delete> is given, followed by a
-+field - value pair then user will not be interactively prompted.
-+
- .SH OPTIONS
- .TP
-.B <username | uid>
-+.B <username | uid> [<add | replace | delete> <field> <value>]
- The name or uid of the user to modify.
-+The optional "action" pertaining to this user entry.
-+The field - value pair on which the action needs to be undertaken.
- 
- .SH "SEE ALSO"
-ldapmodifygroup(1), ldapmodifymachine(1), ldapscripts(5).
-+ldapmodifygroup(1), ldapmodifymachine(1), ldapmodifysudo(1), ldapscripts(5).
- 
- .SH AVAILABILITY
- The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
--- a/man/man1/ldapdeleteuser.1
-+++ b/man/man1/ldapdeleteuser.1
-@@ -1,4 +1,5 @@
- .\" Copyright (C) 2006-2017 Gana�l LAPLANCHE
-+.\" Copyright (c) 2015 Wind River Systems, Inc.
- .\"
- .\" This program is free software; you can redistribute it and/or
- .\" modify it under the terms of the GNU General Public License
-@@ -19,10 +20,10 @@
- .\" ganael.laplanche@martymac.org
- .\" http://contribs.martymac.org
- .\"
-.TH ldapdeleteuser 1 "January 1, 2006"
-+.TH ldapdeleteuser 1 "December 8, 2015"
- 
- .SH NAME
-ldapdeleteuser \- deletes a POSIX user account from LDAP.
-+ldapdeleteuser \- deletes a POSIX user account, and its sudo entry, from LDAP.
- 
- .SH SYNOPSIS
- .B ldapdeleteuser
--- /dev/null
-+++ b/man/man1/ldapaddsudo.1
-@@ -0,0 +1,54 @@
-+.\" Copyright (C) 2006-2013 Gana�l LAPLANCHE
-+.\" Copyright (c) 2015 Wind River Systems, Inc.
-+.\"
-+.\" This program is free software; you can redistribute it and/or
-+.\" modify it under the terms of the GNU General Public License
-+.\" as published by the Free Software Foundation; either version 2
-+.\" of the License, or (at your option) any later version.
-+.\"
-+.\" This program is distributed in the hope that it will be useful,
-+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
-+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+.\" GNU General Public License for more details.
-+.\"
-+.\" You should have received a copy of the GNU General Public License
-+.\" along with this program; if not, write to the Free Software
-+.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-+.\" USA.
-+.\"
-+.\" Ganael Laplanche
-+.\" ganael.laplanche@martymac.org
-+.\" http://contribs.martymac.org
-+.\"
-+.TH ldapaddsudo 1 "December 8, 2015"
-+
-+.SH NAME
-+ldapaddsudo \- adds a POSIX user account to the sudoer list in LDAP.
-+
-+.SH SYNOPSIS
-+.B ldapaddsudo
-+.RB <username>
-+.RB <groupname | gid>
-+.RB [uid]
-+ 
-+.SH OPTIONS
-+.TP
-+.B <username>
-+The name of the user to add.
-+.TP
-+.B <groupname | gid>
-+The group name or the gid of the user to add.
-+.TP
-+.B [uid]
-+The uid of the user to add. Automatically computed if not specified.
-+
-+.SH "SEE ALSO"
-+ldapadduser(1), ldapaddgroup(1), ldapaddmachine(1), ldapscripts(5).
-+
-+.SH AVAILABILITY
-+The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
-+The latest version of the ldapscripts is available on :
-+.B http://contribs.martymac.org
-+
-+.SH BUGS
-+No bug known.
--- /dev/null
-+++ b/man/man1/ldapmodifysudo.1
-@@ -0,0 +1,57 @@
-+.\" Copyright (C) 2007-2013 Gana�l LAPLANCHE
-+.\" Copyright (c) 2015 Wind River Systems, Inc.
-+.\"
-+.\" This program is free software; you can redistribute it and/or
-+.\" modify it under the terms of the GNU General Public License
-+.\" as published by the Free Software Foundation; either version 2
-+.\" of the License, or (at your option) any later version.
-+.\"
-+.\" This program is distributed in the hope that it will be useful,
-+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
-+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+.\" GNU General Public License for more details.
-+.\"
-+.\" You should have received a copy of the GNU General Public License
-+.\" along with this program; if not, write to the Free Software
-+.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-+.\" USA.
-+.\"
-+.\" Ganael Laplanche
-+.\" ganael.laplanche@martymac.org
-+.\" http://contribs.martymac.org
-+.\"
-+.TH ldapmodifysudo 1 "December 8, 2015"
-+
-+.SH NAME
-+ldapmodifysudo \- modifies the sudo entry of a POSIX user account in LDAP interactively
-+
-+.SH SYNOPSIS
-+.B ldapmodifysudo
-+.RB <username | uid> [<add | replace | delete> <field> <value>]
-+ 
-+.SH DESCRIPTION
-+ldapmodifysudo first looks for the right entry to modify. Once found, the entry is presented and you
-+are prompted to enter LDIF data to modify it as you would do using a standard LDIF file and ldapmodify(1).
-+The DN of the entry being modified is already specified : just begin with a changeType attribute or any
-+other one(s) of your choice (in this case, the defaut changeType is 'modify').
-+
-+Alternatively, if an optional "action" argument <add | replace | delete> is given, followed by a
-+field - value pair then user will not be interactively prompted.
-+
-+.SH OPTIONS
-+.TP
-+.B <username | uid> [<add | replace | delete> <field> <value>]
-+The name or uid of the user to modify.
-+The optional "action" pertaining to this user entry.
-+The field - value pair on which the action needs to be undertaken.
-+
-+.SH "SEE ALSO"
-+ldapmodifygroup(1), ldapmodifymachine(1), ldapmodifyuser(1), ldapscripts(5).
-+
-+.SH AVAILABILITY
-+The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
-+The latest version of the ldapscripts is available on :
-+.B http://contribs.martymac.org
-+
-+.SH BUGS
-+No bug known.
--- /dev/null
-+++ b/man/man1/ldapdeletesudo.1
-@@ -0,0 +1,46 @@
-+.\" Copyright (C) 2006-2013 Gana�l LAPLANCHE
-+.\" Copyright (c) 2015 Wind River Systems, Inc.
-+.\"
-+.\" This program is free software; you can redistribute it and/or
-+.\" modify it under the terms of the GNU General Public License
-+.\" as published by the Free Software Foundation; either version 2
-+.\" of the License, or (at your option) any later version.
-+.\"
-+.\" This program is distributed in the hope that it will be useful,
-+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
-+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+.\" GNU General Public License for more details.
-+.\"
-+.\" You should have received a copy of the GNU General Public License
-+.\" along with this program; if not, write to the Free Software
-+.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-+.\" USA.
-+.\"
-+.\" Ganael Laplanche
-+.\" ganael.laplanche@martymac.org
-+.\" http://contribs.martymac.org
-+.\"
-+.TH ldapdeletesudo 1 "December 8, 2015"
-+
-+.SH NAME
-+ldapdeletesudo \- deletes a sudo entry, for a POSIX user account, in LDAP
-+
-+.SH SYNOPSIS
-+.B ldapdeletesudo
-+.RB <username | uid>
-+ 
-+.SH OPTIONS
-+.TP
-+.B <username | uid>
-+The name or uid of the user to delete.
-+
-+.SH "SEE ALSO"
-+ldapdeletegroup(1), ldapdeletemachine(1), ldapdeleteuser(1), ldapscripts(5).
-+
-+.SH AVAILABILITY
-+The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
-+The latest version of the ldapscripts is available on :
-+.B http://contribs.martymac.org
-+
-+.SH BUGS
-+No bug known.
--- a/Makefile
-+++ b/Makefile
-@@ -41,12 +41,12 @@ SBINFILES = ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser |
-                        ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \
-                        ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \
-                        ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \
-                       ldaprenameuser ldapmodifysudo
-+                       ldaprenameuser ldapmodifysudo ldapdeletesudo
- MAN1FILES =    ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \
-                        ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \
-                        ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \
-                        ldapdeletegroup.1 ldapsetprimarygroup.1 ldapmodifygroup.1 ldaprenamegroup.1 \
-                       ldapaddmachine.1 ldapdeleteuser.1
-+                       ldapaddmachine.1 ldapdeleteuser.1 ldapaddsudo.1 ldapmodifysudo.1 ldapdeletesudo.1
- MAN5FILES = ldapscripts.5
- TMPLFILES = ldapaddgroup.template.sample ldapaddmachine.template.sample \
-                        ldapadduser.template.sample
--- a/lib/runtime
-+++ b/lib/runtime
-@@ -294,6 +294,21 @@ _ldapdelete () {
-   fi
- }
- 
-+# Deletes a sudoUser entry in the LDAP directory
-+# Input : POSIX username whose sudo entry to delete ($1)
-+# Output: 0 on successful delete
-+#         1 on being unable to find sudoUser
-+#         2 on being unable to delete found sudoUser entry
-+_ldapdeletesudo () {
-+  [ -z "$1" ] && end_die "_ldapdeletesudo : missing argument"
-+  # Find the entry
-+  _findentry "$SUFFIX" "(&(objectClass=sudoRole)(|(cn=$1)(sudoUser=$1)))"
-+  [ -z "$_ENTRY" ] && return 1
-+
-+  # Now delete that entry
-+  _ldapdelete "$_ENTRY" || return 2
-+}
-+
- # Extracts LDIF information from $0 (the current script itself)
- # selecting lines beginning with $1 occurrences of '#'
- # Input : depth ($1)
diff --git a/ldapscripts/files/sudo-support.patch b/ldapscripts/files/sudo-support.patch
deleted file mode 100644
index 76fff94..0000000
--- a/ldapscripts/files/sudo-support.patch
+++ /dev/null
@@ -1,289 +0,0 @@
-Index: ldapscripts-2.0.8/sbin/ldapaddsudo
-===================================================================
--- /dev/null
-+++ ldapscripts-2.0.8/sbin/ldapaddsudo
-@@ -0,0 +1,63 @@
-+#!/bin/sh
-+
-+#  ldapaddsudo : adds a sudoRole to LDAP
-+
-+#  Copyright (C) 2005 Gana�l LAPLANCHE - Linagora
-+#  Copyright (C) 2006-2013 Gana�l LAPLANCHE
-+#  Copyright (c) 2014 Wind River Systems, Inc.
-+#
-+#  This program is free software; you can redistribute it and/or
-+#  modify it under the terms of the GNU General Public License
-+#  as published by the Free Software Foundation; either version 2
-+#  of the License, or (at your option) any later version.
-+#
-+#  This program is distributed in the hope that it will be useful,
-+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+#  GNU General Public License for more details.
-+#
-+#  You should have received a copy of the GNU General Public License
-+#  along with this program; if not, write to the Free Software
-+#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-+#  USA.
-+
-+if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]
-+then
-+  echo "Usage : $0 <username>"
-+  exit 1
-+fi
-+
-+# Source runtime file
-+_RUNTIMEFILE="/usr/lib/ldapscripts/runtime"
-+. "$_RUNTIMEFILE"
-+
-+# Username = first argument
-+_USER="$1"
-+
-+# Use template if necessary
-+if [ -n "$STEMPLATE" ] && [ -r "$STEMPLATE" ]
-+then
-+  _getldif="cat $STEMPLATE"
-+else
-+  _getldif="_extractldif 2"
-+fi
-+
-+# Add sudo entry to LDAP
-+$_getldif | _filterldif | _askattrs | _utf8encode | _ldapadd
-+
-+[ $? -eq 0 ] || end_die "Error adding user $_USER to LDAP"
-+echo_log "Successfully added sudo access for user $_USER to LDAP"
-+
-+end_ok
-+
-+# Ldif template ##################################
-+##dn: cn=<user>,ou=SUDOers,<usuffix>,<suffix>
-+##objectClass: top
-+##objectClass: sudoRole
-+##cn: <user>
-+##sudoUser: <user>
-+##sudoHost: ALL
-+##sudoRunAsUser: ALL
-+##sudoCommand: ALL
-+###sudoOrder: <default: 0, if multiple entries match, this entry with the highest sudoOrder is used>
-+###sudoOption: <specify other sudo specific attributes here>
-Index: ldapscripts-2.0.8/sbin/ldapmodifyuser
-===================================================================
--- ldapscripts-2.0.8.orig/sbin/ldapmodifyuser
-+++ ldapscripts-2.0.8/sbin/ldapmodifyuser
-@@ -19,9 +19,11 @@
- #  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
- #  USA.
- 
-if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]
-+if [ "$1" = "-h" ] || [ "$1" = "--help" ] || \
-+   [[ "$2" != "add" && "$2" != "replace" && "$2" != "delete" ]] || \
-+   [ "$#" -ne 4 ]
- then
-  echo "Usage : $0 <username | uid>"
-+  echo "Usage : $0 <username | uid> [<add | replace | delete> <field> <value>]"
-   exit 1
- fi
- 
-@@ -33,21 +35,48 @@ _RUNTIMEFILE="/usr/lib/ldapscripts/runti
- _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))"
- [ -z "$_ENTRY" ] && end_die "User $1 not found in LDAP"
- 
-# Allocate and create temp file
-mktempf
-echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
-
-# Display entry
-echo "# About to modify the following entry :"
-_ldapsearch "$_ENTRY"
-
-# Edit entry
-echo "# Enter your modifications here, end with CTRL-D."
-echo "dn: $_ENTRY"
-cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
-+# Username = first argument
-+_USER="$1"
-+
-+if [ "$#" -eq 1 ]
-+then
-+  # Allocate and create temp file
-+  mktempf
-+  echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
-+
-+  # Display entry
-+  echo "# About to modify the following entry :"
-+  _ldapsearch "$_ENTRY"
-+
-+  # Edit entry
-+  echo "# Enter your modifications here, end with CTRL-D."
-+  echo "dn: $_ENTRY"
-+  cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
-+
-+  # Send modifications
-+  cat "$_TMPFILE" | _utf8encode | _ldapmodify
-+else
-+  # Action = second argument
-+  _ACTION="$2"
-+
-+  # Field = third argument
-+  _FIELD="$3"
-+
-+  # Value = fourth argument
-+  _VALUE="$4"
-+
-+  # Use template if necessary
-+  if [ -n "$UMTEMPLATE" ] && [ -r "$UMTEMPLATE" ]
-+  then
-+    _getldif="cat $UMTEMPLATE"
-+  else
-+    _getldif="_extractldif 2"
-+  fi
-+
-+  # Modify user in LDAP
-+  $_getldif | _filterldif | _utf8encode | _ldapmodify
-+fi
- 
-# Send modifications
-cat "$_TMPFILE" | _utf8encode | _ldapmodify
- if [ $? -ne 0 ]
- then
-   reltempf
-@@ -55,3 +84,9 @@ then
- fi
- reltempf
- end_ok "Successfully modified user entry $_ENTRY in LDAP"
-+
-+# Ldif template ##################################
-+##dn: uid=<user>,<usuffix>,<suffix>
-+##changeType: modify
-+##<action>: <field>
-+##<field>: <value>
-Index: ldapscripts-2.0.8/lib/runtime
-===================================================================
--- ldapscripts-2.0.8.orig/lib/runtime
-+++ ldapscripts-2.0.8/lib/runtime
-@@ -344,6 +344,9 @@ s|<msuffix>|$MSUFFIX|g
- s|<_msuffix>|$_MSUFFIX|g
- s|<gsuffix>|$GSUFFIX|g
- s|<_gsuffix>|$_GSUFFIX|g
-+s|<action>|$_ACTION|g
-+s|<field>|$_FIELD|g
-+s|<value>|$_VALUE|g
- EOF
- 
-   # Use it
-Index: ldapscripts-2.0.8/Makefile
-===================================================================
--- ldapscripts-2.0.8.orig/Makefile
-+++ ldapscripts-2.0.8/Makefile
-@@ -37,11 +37,11 @@ LIBDIR = $(PREFIX)/lib/$(NAME)
- RUNFILE = runtime
- ETCFILE = ldapscripts.conf
- PWDFILE = ldapscripts.passwd
-SBINFILES =    ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser \
-+SBINFILES =    ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser ldapaddsudo \
-                        ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \
-                        ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \
-                        ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \
-                       ldaprenameuser
-+                       ldaprenameuser ldapmodifysudo
- MAN1FILES =    ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \
-                        ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \
-                        ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \
-Index: ldapscripts-2.0.8/sbin/ldapmodifysudo
-===================================================================
--- /dev/null
-+++ ldapscripts-2.0.8/sbin/ldapmodifysudo
-@@ -0,0 +1,93 @@
-+#!/bin/sh
-+
-+#  ldapmodifyuser : modifies a sudo entry in an LDAP directory
-+
-+#  Copyright (C) 2007-2013 Gana�l LAPLANCHE
-+#  Copyright (C) 2014 Stephen Crooks
-+#
-+#  This program is free software; you can redistribute it and/or
-+#  modify it under the terms of the GNU General Public License
-+#  as published by the Free Software Foundation; either version 2
-+#  of the License, or (at your option) any later version.
-+#
-+#  This program is distributed in the hope that it will be useful,
-+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+#  GNU General Public License for more details.
-+#
-+#  You should have received a copy of the GNU General Public License
-+#  along with this program; if not, write to the Free Software
-+#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-+#  USA.
-+
-+if [ "$1" = "-h" ] || [ "$1" = "--help" ] || \
-+   [[ "$2" != "add" && "$2" != "replace" && "$2" != "delete" ]] || \
-+   [ "$#" -ne 4 ]
-+then
-+  echo "Usage : $0 <username | uid> [<add | replace | delete> <field> <value>]"
-+  exit 1
-+fi
-+
-+# Source runtime file
-+_RUNTIMEFILE="/usr/lib/ldapscripts/runtime"
-+. "$_RUNTIMEFILE"
-+
-+# Find username : $1 must exist in LDAP !
-+_findentry "$SUFFIX" "(&(objectClass=sudoRole)(|(cn=$1)(sudoUser=$1)))"
-+[ -z "$_ENTRY" ] && end_die "Sudo user $1 not found in LDAP"
-+
-+# Username = first argument
-+_USER="$1"
-+
-+if [ "$#" -eq 1 ]
-+then
-+  # Allocate and create temp file
-+  mktempf
-+  echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
-+
-+  # Display entry
-+  echo "# About to modify the following entry :"
-+  _ldapsearch "$_ENTRY"
-+
-+  # Edit entry
-+  echo "# Enter your modifications here, end with CTRL-D."
-+  echo "dn: $_ENTRY"
-+  cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
-+
-+  # Send modifications
-+  cat "$_TMPFILE" | _utf8encode | _ldapmodify
-+else
-+  # Action = second argument
-+  _ACTION="$2"
-+
-+  # Field = third argument
-+  _FIELD="$3"
-+
-+  # Value = fourth argument
-+  _VALUE="$4"
-+
-+  # Use template if necessary
-+  if [ -n "$SMTEMPLATE" ] && [ -r "$SMTEMPLATE" ]
-+  then
-+    _getldif="cat $SMTEMPLATE"
-+  else
-+    _getldif="_extractldif 2"
-+  fi
-+
-+  # Modify user in LDAP
-+  $_getldif | _filterldif | _utf8encode | _ldapmodify
-+fi
-+
-+if [ $? -ne 0 ]
-+then
-+  reltempf
-+  end_die "Error modifying sudo entry $_ENTRY in LDAP"
-+fi
-+reltempf
-+end_ok "Successfully modified sudo entry $_ENTRY in LDAP"
-+
-+# Ldif template ##################################
-+##dn: cn=<user>,ou=SUDOers,<suffix>
-+##changeType: modify
-+##<action>: <field>
-+##<field>: <value>
author	Scott Little <scott.little@windriver.com>	2018-08-01 14:22:27 -0400
committer	Scott Little <scott.little@windriver.com>	2018-08-01 14:22:29 -0400
commit	50808566f9229bec9ed019722d2227e42106c7dd (patch)
tree	222676b0be558cb69e6f239503101c0c87d3ac65
parent	51f969296b3d7a2dc4277d57f4f97a563b8c0550 (diff)