add_ldap_user script

Dockerfile

@@ -29,6 +29,7 @@ RUN apt-get update \
 	rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
 ADD setup /start.d
+ADD confd /etc/confd/
 
 EXPOSE 389
 

confd/conf.d/add_ldap_user.toml

@@ -0,0 +1,11 @@
+[template]
+src = "add_ldap_user.tmpl"
+prefix = "/ldap"
+dest = "/usr/local/bin/add_ldap_user"
+mode = "0755"
+keys = [
+"/admin/cn",
+"/admin/password",
+"/domain",
+"/domain/dn",
+]

confd/templates/add_ldap_user.tmpl

@@ -0,0 +1,94 @@
+#!/bin/bash
+assert(){ [[ $? -eq 0 ]] || { [[ -n ${1} ]] && echo ${@} ; exit 1 ; } }
+usage() {
+    cat <<EOF
+usage: docker exec [...] add_ldap_user [-c COMMON_NAME] [-s SURNAME] [-u UID] [-p PASSWORD] [-e EMAIL]
+  Unset options will be prompted interactively.
+EOF
+
+COMMON_NAME=
+USER_UID=
+USER_EMAIL=
+USER_PASS=
+SURNAME=
+while getopts "c: u: e: p:" OPCION
+do
+    case ${OPCION} in
+        "c")
+            COMMON_NAME=${OPTARG}
+            ;;
+        "s")
+            SURNAME=${OPTARG}
+            ;;
+        "u")
+            USER_UID=${OPTARG}
+            ;;
+        "e")
+            USER_EMAIL=${OPTARG}
+            ;;
+        "p")
+            USER_PASS=${OPTARG}
+            ;;
+        *)
+            usage
+            exit 2
+         ;;
+    esac
+done
+
+LDAP_ADMIN_CN="{{ getv "/admin/cn" }}"
+LDAP_ADMIN_PASSWORD="{{ getv "/admin/password" }}"
+LDAP_DOMAIN="{{ getv "/domain" }}"
+LDAP_DOMAIN_DN="{{ getv "/domain/dn" }}"
+
+[[ -n ${USER_UID} ]] || {
+    echo -n "Enter user UID (e.g. jdoe) > "
+    read USER_UID
+}
+
+# echo "Check if uid=${USER_UID},ou=People,${LDAP_DOMAIN_DN} exists"
+RES_DN=$(ldapsearch -LLL -H ldapi:/// -D cn=${LDAP_ADMIN_CN},${LDAP_DOMAIN_DN} \
+		    -w "${LDAP_ADMIN_PASSWORD}" -s base \
+		    -b "uid=${USER_UID},ou=People,${LDAP_DOMAIN_DN}" \
+		    "(objectClass=*)" \
+	     | egrep '^dn: ' | sed -e 's/^dn: //g')
+[[ -z ${RES_DN} ]]
+assert "User already present. Please choose a different UID."
+
+[[ -n ${COMMON_NAME} ]] || {
+    echo -n "Enter user CN (e.g. John Doe) > "
+    read COMMON_NAME
+}
+[[ -n ${SURNAME} ]] || {
+    echo -n "Enter user SN (e.g. Doe) > "
+    read SURNAME
+}
+[[ -n ${USER_PASS} ]] || {
+    echo -n "Enter user password (will not be echoed) > "
+    read -s USER_PASS
+}
+[[ -n ${USER_EMAIL} ]] || {
+    echo -n "Enter user email (leave blank for ${USER_UID}@${LDAP_DOMAIN}) > "
+    read USER_EMAIL
+}
+[[ -n ${USER_EMAIL} ]] || USER_EMAIL="${USER_UID}@${LDAP_DOMAIN}"
+
+
+PWHASH=$(slappasswd -h "{SSHA}" -s "${USER_PASS}")
+
+echo "Creating user uid=${USER_UID},ou=People,${LDAP_DOMAIN_DN}"
+ldapadd -H ldapi:/// -D cn=${LDAP_ADMIN_CN},${LDAP_DOMAIN_DN} \
+		-w "${LDAP_ADMIN_PASSWORD}" <<-EOF
+	dn: uid=${USER_UID},ou=People,${LDAP_DOMAIN_DN}
+	objectClass: inetOrgPerson
+	objectClass: organizationalPerson
+	objectClass: person
+	objectClass: top
+	cn: ${COMMON_NAME}
+	sn: ${SURNAME}
+        uid: ${USER_UID}
+        userPassword: ${PWHASH}
+        email: ${USER_EMAIL}
+
+	EOF
+assert "Error adding user!"