open_directory_utils 0.1.1 → 0.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b950bf65b00895fca60d3f9e35cbc4777bc55760785bcfb2714762c4569e2126
-  data.tar.gz: 0302a96465860e72fd203f96c50d63fd675db9b49488e28e91fc2706105e5e98
+  metadata.gz: fbeb4cb66c90f18b5383f6f5cc872187e27d259ca54bcb32eecb9fc1b36fe473
+  data.tar.gz: c7b72cf17d3dd3b8d1e47fc22c138951efaecce65d19a47cb56f7936fd2e7a85
 SHA512:
-  metadata.gz: 68c287fc687f3b4353c47b1805de579ed72670cec2c0b51ce25e8f3ad8625b86614a4f64bf1ca0312607d3db1a24c58dc7f108c3bbf9e5f37584368ac10c1649
-  data.tar.gz: 86e1a2d6dd44960e89ca2c5ebd3a8eababec75b575fc7c63cd4a4062bd976f4a33ef11b2cfdcf22753364aaff4bb5ecc461188d0596527c9f2273602d74f1f35
+  metadata.gz: 11995f4d723e3c57334db8eb29838fe6867c94ca259f74628acc758e1768745a0b30cc97a47b8372aa95fa8e1cd4e19e8955dc9ad6e283b20fdd3750e14c1e75
+  data.tar.gz: 75a8982397a6c7931d6d4c9a553864d5992ffe177576506c76069ad41cc907870d704de46121cec14eb1146293a933ef9b97e11c0e9835a0f46244cb572e2de7

data/.gitignore

@@ -13,3 +13,6 @@
 .rbenv-vars
 
 *.gem
+
+/examples/connection.yml
+/examples/users.yml

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    open_directory_utils (0.1.0)
+    open_directory_utils (0.1.2)
       net-ssh (~> 4.2)
 
 GEM

data/README.md

@@ -7,21 +7,27 @@ One can also build custom DSCL commands and send them to the server as needed to
 
 ## Change Log
 
+* **v0.1.2** - 2018-06-10
+- user creation will add user to a group if group_name present
+- new accounts disabled by default (w/ option to enable on creation)
+- now repo includes example code (to create accounts)
+* **v0.1.1** - 2018-06-06
+- refactored to separate OD attribute from LDAP attribute commands (shortened methods and better organization and shorter tests)
 * **v0.1.0** - 2018-06-06
   - can adjust and delete OD attributes for users and groups (pre-built ldap attributes comming soon)
-* **v0.1.1** - 2018-06-07
-  - refactored to separate OD attribute from LDAP attribute commands (shortened methods and better organization and shorter tests)
 
 ## ToDo
 
-* LDAP attributes
+* ADD Lock and unlock account authentication (& TEST) - sync and create
+* Do not return dir admin password with command on errors
+* LDAP attributes (so las can sync accounts easily)
+* ADD EXAMPLE CODE
 * Verify setting Password
 * Verify testing Password
 * Refactor Process Results
 * Test dscl direct commands
 * Check Connection Unit Tests
-* Learn dscl property names from LDAP
-* Lock and unlock account authentication
+* Learn dscl OD property names from LDAP
 * verify which email address is LDAP (& seen in GUI)
 
 ## Installation
@@ -42,6 +48,8 @@ Or install it yourself as:
 
 ## Usage
 
+Also see examples to see an example of multiple account creation
+
 ```ruby
 require 'open_directory_utils'
 
@@ -52,7 +60,7 @@ require 'open_directory_utils'
 # dir_password: ENV['DIR_ADMIN_PASS'],
 
 # Instantiating using params
-od = OpenDirectoryUtils.new(
+od = OpenDirectoryUtils::Connection.new(
         { srv_host_name: 'od_hostname', srv_user_name: 'od_ssh_username',
           dir_user_name: 'directory_admin_username',
           dir_password: 'directory_admin_password'

data/examples/connection-sample.yml

@@ -0,0 +1,6 @@
+---
+# prefer keybased ssh connection over password
+:srv_hostname: od_hostname
+:srv_username: od_ssh_username
+:dir_username: directory_admin_username
+:dir_password: directory_admin_password

data/examples/create_od_users.rb

@@ -0,0 +1,45 @@
+#!/usr/bin/env ruby -w
+
+require 'yaml'
+require 'open_directory_utils'
+
+# setup server connection
+srv_info = {}
+begin
+  srv_info = YAML.load_file( File.open('connection.yml') )
+rescue Errno::ENOENT, LoadError, Psych::Error, Psych::SyntaxError
+  srv_info = {srv_hostname: 'od.example.com', srv_username: 'odsshlogin',
+              dir_username: 'diradmin', dir_password: 'T0p-S3cret' }
+end
+
+od = OpenDirectoryUtils::Connection.new( srv_info )
+puts "\nSERVER SETTINGS:"
+pp od
+
+
+# get users
+users = []
+begin
+  users  = YAML.load( File.open('users.yml') )
+rescue Errno::ENOENT, LoadError, Psych::SyntaxError, YAML::Error
+  users = [{username: 'odtest', usernumber: '87654321', primary_group_id: 1031}]
+ensure
+  puts "\nUSERS:"
+  pp users
+end
+
+make   = false
+puts "Review the user data \nEnter 'Y' to create od accounts\n  (otherwise you see a dry run)"
+answer = gets.chomp.downcase
+if answer.eql? 'y'
+  make = true
+end
+
+# create accounts
+puts "\nCreating OD Accounts:"
+Array(users).each do |person|
+  # show commands
+  pp od.send(:user_create, person, od.dir_info)
+  # Make Account
+  # pp od.run(command: :user_create, params: person )  if make
+end

data/examples/users-sample.yml

@@ -0,0 +1,17 @@
+---
+# preferred with first name, last name, email and group membership
+# by default account is disabled unless enabled: true is present
+- :user_name: odusertest
+  :user_number: 98765432
+  :primary_group_id: 1031
+  :first_name: OD User
+  :last_name: TEST
+  :email: user@example.com
+  :passsword: Top-Secret
+  :enable: true
+  :group_membership: test
+# for minimal data use user_create_min instead of user_create
+# acceptable minimal attributes (password is set to * - no login) & real_name = username
+- :username: odtest
+  :usernumber: 87654321
+  :primary_group_id: 1031

data/lib/open_directory_utils/clean_check.rb

@@ -36,5 +36,15 @@ module OpenDirectoryUtils
       return attribs
     end
 
+    def group_record_name_alternatives(attribs)
+      attribs[:record_name] = nil
+      attribs[:record_name] = attribs[:group_membership]
+      attribs[:record_name] = attribs[:record_name] || attribs[:groupmembership]
+      attribs[:record_name] = attribs[:record_name] || attribs[:group_name]
+      attribs[:record_name] = attribs[:record_name] || attribs[:groupname]
+      attribs[:record_name] = attribs[:record_name] || attribs[:gid]
+      return attribs
+    end
+
   end
 end

data/lib/open_directory_utils/commands_base.rb

@@ -0,0 +1,125 @@
+require "open_directory_utils/clean_check"
+
+module OpenDirectoryUtils
+
+  # https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man1/dscl.1.html
+  # https://superuser.com/questions/592921/mac-osx-users-vs-dscl-command-to-list-user/621055?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa
+  module CommandsBase
+
+    include OpenDirectoryUtils::CleanCheck
+
+    # builds the pwpolicy commands (after checking parameters)
+    # @attribs [Hash] - required - :record_name (the resource/user/group to affect), attribute: (resource attribute to change), value: (value to add to attribute)
+    # @dir_info [Hash] - usually configured in the connection initializer and then passed to pwpolicy to build command correctly
+    def pwpolicy(params, dir_info)
+      check_critical_attribute( params, :record_name )
+      cmd_params = tidy_attribs(params)
+
+      build_pwpolicy_command( cmd_params, dir_info )
+    end
+
+    # builds the dscl command (after checking parameters)
+    # @attribs [Hash] - required - :record_name (the resource to affect), :action (create, append, delete, passwd, etc), attribute: (resource attribute to change), value: (value to add to attribute)
+    # @dir_info [Hash] - usually configured in the connection initializer and then passed to dscl to build command correctly
+    def dscl(attribs, dir_info)
+      check_critical_attribute( attribs, :record_name )
+      check_critical_attribute( attribs, :action )
+      check_critical_attribute( attribs, :scope )
+      tidy_attribs = tidy_attribs(attribs)
+      build_dscl_command( tidy_attribs, dir_info )
+    end
+
+    def dseditgroup(attribs, dir_info)
+      check_critical_attribute( attribs, :value )
+      check_critical_attribute( attribs, :operation )
+      if attribs[:operation].eql?('checkmember')
+        check_critical_attribute( attribs, :record_name )
+      end
+      if attribs[:operation].eql?('edit')
+        check_critical_attribute( attribs, :record_name )
+        check_critical_attribute( attribs, :action )
+        check_critical_attribute( attribs, :type )
+      end
+      tidy_attribs = tidy_attribs(attribs)
+      build_dseditgroup_command( tidy_attribs, dir_info )
+    end
+
+    # /usr/bin/pwpolicy -a diradmin -p "BigSecret" -u username -setpolicy "isDisabled=0"
+    def build_pwpolicy_command(params, dir_info)
+      ans  = %Q[#{dir_info[:pwpol]}]
+      ans += %Q[ -a #{dir_info[:username]}]    unless dir_info[:username].nil? or
+                                                      dir_info[:username].empty?
+      ans += %Q[ -p "#{dir_info[:password]}"]  unless dir_info[:password].nil? or
+                                                      dir_info[:password].empty?
+      ans += %Q[ -n #{dir_info[:data_path]}]
+      ans += %Q[ -u #{params[:record_name]}]
+      ans += %Q[ -#{params[:attribute]}]
+      ans += %Q[ "#{params[:value]}"]          unless params[:value].nil? or
+                                                      params[:value].empty?
+      return ans
+    end
+
+    # TODO: switch to template pattern
+    def build_dscl_command(attribs, dir_info)
+      # allow :recordname to be passed-in if using dscl directly
+      attribs[:record_name] = attribs[:record_name] || attribs[:recordname]
+      # /usr/bin/dscl -u diradmin -P "BigSecret" /LDAPv3/127.0.0.1 -append /Users/$UID_USERNAME apple-keyword "$VALUE"
+      # "/usr/bin/dscl -plist -u #{od_username} -P #{od_password} #{od_dsclpath} -#{command} #{resource} #{params}"
+      ans  = %Q[#{dir_info[:dscl]}]
+      unless attribs[:format].nil?
+        ans += ' -plist'                           if attribs[:format].eql? 'plist' or
+                                                      attribs[:format].eql? 'xml'
+      end
+      ans += %Q[ -u #{dir_info[:username]}]    unless dir_info[:username].nil? or
+                                                      dir_info[:username].empty? or
+                                                      attribs[:action].eql? 'auth'
+      ans += %Q[ -P "#{dir_info[:password]}"]  unless dir_info[:password].nil? or
+                                                      dir_info[:password].empty? or
+                                                      attribs[:action].eql? 'auth'
+      ans += " #{dir_info[:data_path]}"
+
+      ans += %Q[ -#{attribs[:action]}]
+      ans += %Q[ #{attribs[:record_name]}]         if attribs[:action].eql? 'auth'
+      ans += %Q[ /#{attribs[:scope]}/#{attribs[:record_name]}] unless
+                                                      attribs[:action].eql? 'auth'
+      ans += %Q[ #{attribs[:attribute]}]       unless attribs[:attribute].nil? or
+                                                      attribs[:attribute].empty?
+      ans += %Q[ "#{attribs[:value]}"]         unless attribs[:value].nil? or
+                                                      attribs[:value].empty?
+      return ans
+    end
+
+    # http://www.manpagez.com/man/8/dseditgroup/
+    # make a new group:
+    # dseditgroup -o create -n /LDAPv3/ldap.company.com -u dir_admin_user -P dir_admin_passwd \
+    #           -r "Real Group Name" -c "a comment" -k "keyword" groupname
+    # delete a new group:
+    # dseditgroup -o delete -n /LDAPv3/ldap.company.com -u dir_admin_user -P dir_admin_passwd groupname
+    # add a user to a group
+    # dseditgroup -o edit -n /LDAPv3/ldap.company.com -u dir_admin_user -P dir_admin_passwd -a username -t user groupname
+    # remove a user from a group
+    # dseditgroup -o edit -n /LDAPv3/ldap.company.com -u dir_admin_user -P dir_admin_passwd -d username -t user groupname
+    def build_dseditgroup_command( params, dir_info )
+      ans  = %Q[#{dir_info[:dsedit]}]
+      ans += %Q[ -o #{params[:operation]}]
+      ans += %Q[ -u #{dir_info[:username]}]    unless dir_info[:username].nil? or
+                                                      dir_info[:username].empty?
+      ans += %Q[ -P "#{dir_info[:password]}"]  unless dir_info[:password].nil? or
+                                                      dir_info[:password].empty?
+      ans += %Q[ -n #{dir_info[:data_path]}]
+      if params[:operation].eql?('create')
+        ans += %Q[ -r "#{params[:value]}"]         if params[:real_name].to_s.eql?('')
+        ans += %Q[ -r "#{params[:real_name]}"] unless params[:real_name].to_s.eql?('')
+        ans += %Q[ -k #{params[:keyword]}]     unless params[:keyword].to_s.eql?('')
+      end
+      ans += %Q[ -m #{params[:record_name]}]       if params[:operation].to_s.eql?('checkmember')
+      if params[:operation].eql?('edit')
+        ans += %Q[ -a #{params[:record_name]}]     if params[:action].to_s.eql?('add')
+        ans += %Q[ -d #{params[:record_name]}]     if params[:action].to_s.eql?('delete')
+        ans += %Q[ -t #{params[:type]}]            # type can be user or group
+      end
+      ans += %Q[ #{params[:value]}]   # the group to be manipulated
+    end
+
+  end
+end

data/lib/open_directory_utils/commands_group.rb

@@ -1,5 +1,6 @@
 require "open_directory_utils/dscl"
 require "open_directory_utils/clean_check"
+require "open_directory_utils/commands_base"
 
 module OpenDirectoryUtils
 
@@ -9,17 +10,11 @@ module OpenDirectoryUtils
   # * https://apple.stackexchange.com/questions/307173/creating-a-group-via-users-groups-in-command-line?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa
   module CommandsGroup
 
-    include OpenDirectoryUtils::Dscl
+    # include OpenDirectoryUtils::Dscl
     include OpenDirectoryUtils::CleanCheck
+    include OpenDirectoryUtils::CommandsBase
 
-    def group_record_name_alternatives(attribs)
-      attribs[:record_name] = nil
-      attribs[:record_name] = attribs[:group_name]
-      attribs[:record_name] = attribs[:record_name] || attribs[:groupname]
-      attribs[:record_name] = attribs[:record_name] || attribs[:gid]
-      attribs[:record_name] = attribs[:record_name] || attribs[:cn]
-      return attribs
-    end
+    require "open_directory_utils/commands_group"
 
     # dscl . read /Groups/ladmins
     def group_get_info(attribs, dir_info)
@@ -38,156 +33,52 @@ module OpenDirectoryUtils
       group_get_info(attribs, dir_info)
     end
 
-    # add 1st user   -- dscl . -read /Groups/ladmins
+    # dscl . -read /Groups/ladmins
+    # TODO: switch to dseditgroup -o checkmember -m username groupname
+    # dseditgroup -o checkmember -m btihen employee
+    #   yes btihen is a member of employee
+    # dseditgroup -o checkmember -m btihen student
+    #   no btihen is NOT a member of student
     def user_in_group?(attribs, dir_info)
-      attribs = group_record_name_alternatives(attribs)
-      # attribs[:record_name] = attribs[:record_name] || attribs[:group_name]
-      # attribs[:record_name] = attribs[:record_name] || attribs[:groupname]
-      # attribs[:record_name] = attribs[:record_name] || attribs[:gid]
-
-      check_critical_attribute( attribs, :record_name, :groupname )
-      attribs    = tidy_attribs(attribs)
-
-      command    = {action: 'read', scope: 'Groups', attribute: nil, value: nil}
-      user_attrs  = attribs.merge(command)
-
-      dscl( user_attrs, dir_info )
-    end
+      temp       = user_record_name_alternatives(attribs)
+      username   = temp[:record_name]
+      # pp username
+      # pp attribs
 
-    # http://krypted.com/mac-os-x/create-groups-using-dscl/
-    # https://superuser.com/questions/214004/how-to-add-user-to-a-group-from-mac-os-x-command-line?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa
-    # sudo dseditgroup -o edit -a $username_to_add -t user admin
-    # sudo dseditgroup -o edit -a $username_to_add -t user wheel
-    # http://osxdaily.com/2007/10/29/how-to-add-a-user-from-the-os-x-command-line-works-with-leopard/
-    #
-    # add 1st user   -- dscl . -create /Groups/ladmins GroupMembership localadmin
-    # add more users -- dscl . -append /Groups/ladmins GroupMembership 2ndlocaladmin
-    def user_first_in_group(attribs, dir_info)
-      attribs = group_record_name_alternatives(attribs)
-      # attribs[:record_name] = attribs[:record_name] || attribs[:group_name]
-      # attribs[:record_name] = attribs[:record_name] || attribs[:groupname]
-      # attribs[:record_name] = attribs[:record_name] || attribs[:gid]
-
-      attribs[:value]       = attribs[:value]       || attribs[:user_name]
-      attribs[:value]       = attribs[:value]       || attribs[:username]
-      attribs[:value]       = attribs[:value]       || attribs[:uid]
+      attribs    = group_record_name_alternatives(attribs)
+      groupname  = attribs[:record_name]
+      attribs[:value] = username
+      # pp attribs
 
-      check_critical_attribute( attribs, :record_name, :groupname )
       check_critical_attribute( attribs, :value, :username )
-      attribs    = tidy_attribs(attribs)
-
-      command    = {action: 'create', scope: 'Groups', attribute: 'GroupMembership'}
-      user_attrs  = attribs.merge(command)
-
-      dscl( user_attrs, dir_info )
-    end
-    def user_append_to_group(attribs, dir_info)
-      attribs = group_record_name_alternatives(attribs)
-      # attribs[:record_name] = attribs[:record_name] || attribs[:group_name]
-      # attribs[:record_name] = attribs[:record_name] || attribs[:groupname]
-      # attribs[:record_name] = attribs[:record_name] || attribs[:gid]
-
-      attribs[:value]       = attribs[:value]       || attribs[:user_name]
-      attribs[:value]       = attribs[:value]       || attribs[:username]
-      attribs[:value]       = attribs[:value]       || attribs[:uid]
-
       check_critical_attribute( attribs, :record_name, :groupname )
-      check_critical_attribute( attribs, :value, :username )
       attribs    = tidy_attribs(attribs)
 
-      command    = {action: 'append', scope: 'Groups', attribute: 'GroupMembership'}
-      user_attrs  = attribs.merge(command)
+      command    = {action: 'read', scope: 'Groups', attribute: nil, value: nil}
+      cmd_attribs = attribs.merge(command)
 
-      dscl( user_attrs, dir_info )
+      dscl( cmd_attribs, dir_info )
     end
-    alias_method :user_add_to_group, :user_append_to_group
 
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -delete /Groups/$VALUE GroupMembership $shortname_USERNAME
     def user_remove_from_group(attribs, dir_info)
-      attribs = group_record_name_alternatives(attribs)
-      # attribs[:record_name] = attribs[:record_name] || attribs[:group_name]
-      # attribs[:record_name] = attribs[:record_name] || attribs[:groupname]
-      # attribs[:record_name] = attribs[:record_name] || attribs[:gid]
+      attribs = user_record_name_alternatives(attribs)
 
-      attribs[:value]       = attribs[:value]       || attribs[:user_name]
-      attribs[:value]       = attribs[:value]       || attribs[:username]
-      attribs[:value]       = attribs[:value]       || attribs[:uid]
+      attribs[:value] = attribs[:group_membership]
+      attribs[:value] = attribs[:value] || attribs[:groupmembership]
+      attribs[:value] = attribs[:value] || attribs[:group_name]
+      attribs[:value] = attribs[:value] || attribs[:groupname]
+      attribs[:value] = attribs[:value] || attribs[:gid]
 
-      check_critical_attribute( attribs, :record_name, :groupname )
-      check_critical_attribute( attribs, :value, :username )
+      check_critical_attribute( attribs, :record_name, :username )
+      check_critical_attribute( attribs, :value, :groupname )
       attribs    = tidy_attribs(attribs)
-
-      command    = {action: 'delete', scope: 'Groups', attribute: 'GroupMembership'}
+      command    = { operation: 'edit', action: 'delete', type: 'user'}
       user_attrs  = attribs.merge(command)
 
-      dscl( user_attrs, dir_info )
-    end
-
-    # add 1st user   -- dscl . create /Groups/ladmins GroupMembership localadmin
-    # add more users -- dscl . append /Groups/ladmins GroupMembership 2ndlocaladmin
-    def group_add_first_user(attribs, dir_info)
-      attribs = group_record_name_alternatives(attribs)
-
-      # value = username
-      attribs[:value]     = attribs[:value] || attribs[:user_name]
-      attribs[:value]     = attribs[:value] || attribs[:username]
-      attribs[:value]     = attribs[:value] || attribs[:uid]
-
-      check_critical_attribute( attribs, :record_name )
-      check_critical_attribute( attribs, :value, :username )
-
-      # Will assume we are not adding the first user!
-      command = { action: 'create', scope: 'Groups',
-                  attribute: 'GroupMembership'}
-      user_attrs = attribs.merge(command)
-
-      dscl( user_attrs, dir_info )
-    end
-
-    def group_has_user?(attribs, dir_info)
-      group_get_info(attribs, dir_info)
-    end
-
-    # add 1st user   -- dscl . create /Groups/ladmins GroupMembership localadmin
-    # add more users -- dscl . append /Groups/ladmins GroupMembership 2ndlocaladmin
-    def group_add_user(attribs, dir_info)
-      attribs = group_record_name_alternatives(attribs)
-
-      # value = username
-      attribs[:value]     = attribs[:value] || attribs[:user_name]
-      attribs[:value]     = attribs[:value] || attribs[:username]
-      attribs[:value]     = attribs[:value] || attribs[:uid]
-
-      check_critical_attribute( attribs, :record_name )
-      check_critical_attribute( attribs, :value, :username )
-
-      # Will assume we are not adding the first user!
-      command = { action: 'append', scope: 'Groups',
-                  attribute: 'GroupMembership'}
-      user_attrs = attribs.merge(command)
-
-      dscl( user_attrs, dir_info )
-    end
-
-    # # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -delete /Groups/$SHORTNAME GroupMembership $VALUE
-    # # dseditgroup -o edit -d $Username -t user $GroupName
-    def group_remove_user(attribs, dir_info)
-      attribs = group_record_name_alternatives(attribs)
-
-      # value <- is username
-      attribs[:value]     = attribs[:value] || attribs[:user_name]
-      attribs[:value]     = attribs[:value] || attribs[:username]
-      attribs[:value]     = attribs[:value] || attribs[:uid]
-
-      check_critical_attribute( attribs, :record_name )
-      check_critical_attribute( attribs, :value, :username )
-
-      command = { action: 'delete', scope: 'Groups',
-                  attribute: 'GroupMembership'}
-      user_attrs = attribs.merge(command)
-
-      dscl( user_attrs, dir_info )
+      dseditgroup( user_attrs, dir_info )
     end
+    # module_function :user_remove_from_group
+    # alias_method :user_remove_group_memebership, :user_remove_from_group
 
     # dscl . -delete /Groups/yourGroupName
     # https://tutorialforlinux.com/2011/09/15/delete-users-and-groups-from-terminal/
@@ -254,26 +145,26 @@ module OpenDirectoryUtils
       dscl( user_attrs, dir_info )
     end
 
-    # probably can't create password for group?
-    # /usr/bin/dscl -u diradmin -P liaP-meD-Aj-pHi-hOb-en-c /LDAPv3/127.0.0.1/ -create /Groups/odgrouptest passwd "*"
-    #  "<main> attribute status: eDSNoStdMappingAvailable\n" +
-    #  "<dscl_cmd> DS Error: -14140 (eDSNoStdMappingAvailable)"]
-    def group_set_passwd(attribs, dir_info)
-      attribs = group_record_name_alternatives(attribs)
-
-      attribs[:value] = attribs[:value] || attribs[:password]
-      attribs[:value] = attribs[:value] || attribs[:passwd]
-      attribs[:value] = attribs[:value] || '*'
-
-      check_critical_attribute( attribs, :record_name )
-      check_critical_attribute( attribs, :value, :password )
-
-      command = {action: 'passwd', scope: 'Groups', attribute: nil}
-      user_attrs = attribs.merge(command)
-
-      dscl( user_attrs, dir_info )
-    end
-    alias_method :group_set_password, :group_set_passwd
+    # # probably can't create password for group?
+    # # /usr/bin/dscl -u diradmin -P liaP-meD-Aj-pHi-hOb-en-c /LDAPv3/127.0.0.1 -create /Groups/odgrouptest passwd "*"
+    # #  "<main> attribute status: eDSNoStdMappingAvailable\n" +
+    # #  "<dscl_cmd> DS Error: -14140 (eDSNoStdMappingAvailable)"]
+    # def group_set_passwd(attribs, dir_info)
+    #   attribs = group_record_name_alternatives(attribs)
+    #
+    #   attribs[:value] = attribs[:value] || attribs[:password]
+    #   attribs[:value] = attribs[:value] || attribs[:passwd]
+    #   attribs[:value] = attribs[:value] || '*'
+    #
+    #   check_critical_attribute( attribs, :record_name )
+    #   check_critical_attribute( attribs, :value, :password )
+    #
+    #   command = {action: 'passwd', scope: 'Groups', attribute: nil}
+    #   user_attrs = attribs.merge(command)
+    #
+    #   dscl( user_attrs, dir_info )
+    # end
+    # alias_method :group_set_password, :group_set_passwd
 
     # create group     -- dscl . -create /Groups/ladmins
     # add group passwd -- dscl . -create /Groups/ladmins passwd “*”