RubyGems - open_directory_utils - Versions diffs - 0.1.1 → 0.1.2 - Mend

open_directory_utils 0.1.1 → 0.1.2

Files changed (16) hide show

checksums.yaml +4 -4
data/.gitignore +3 -0
data/Gemfile.lock +1 -1
data/README.md +14 -6
data/examples/connection-sample.yml +6 -0
data/examples/create_od_users.rb +45 -0
data/examples/users-sample.yml +17 -0
data/lib/open_directory_utils/clean_check.rb +10 -0
data/lib/open_directory_utils/commands_base.rb +125 -0
data/lib/open_directory_utils/commands_group.rb +53 -162
data/lib/open_directory_utils/commands_user_attribs_ldap.rb +23 -79
data/lib/open_directory_utils/commands_user_attribs_od.rb +188 -100
data/lib/open_directory_utils/connection.rb +76 -33
data/lib/open_directory_utils/dscl.rb +1 -1
data/lib/open_directory_utils/version.rb +1 -1
metadata +6 -2

data/lib/open_directory_utils/commands_user_attribs_ldap.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 require "open_directory_utils/dscl"
 require "open_directory_utils/clean_check"
+require "open_directory_utils/commands_base"
 module OpenDirectoryUtils
@@ -9,10 +10,11 @@ module OpenDirectoryUtils
   # * https://superuser.com/questions/592921/mac-osx-users-vs-dscl-command-to-list-user/621055?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa
   module CommandsUserAttribsLdap
-    include OpenDirectoryUtils::Dscl
+    # include OpenDirectoryUtils::Dscl
     include OpenDirectoryUtils::CleanCheck
+    include OpenDirectoryUtils::CommandsBase
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$USER cn "$NAME"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$USER cn "$NAME"
     def user_set_common_name(attribs, dir_info)
       attribs = user_record_name_alternatives(attribs)
@@ -34,7 +36,7 @@ module OpenDirectoryUtils
     end
     alias_method :user_set_cn, :user_set_common_name
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$shortname_USERNAME givenName "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME givenName "$VALUE"
     def user_set_given_name(attribs, dir_info)
       attribs = user_record_name_alternatives(attribs)
@@ -51,7 +53,7 @@ module OpenDirectoryUtils
       dscl( user_attrs, dir_info )
     end
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$shortname_USERNAME sn "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME sn "$VALUE"
     def user_set_surname(attribs, dir_info)
       attribs = user_record_name_alternatives(attribs)
@@ -107,7 +109,7 @@ module OpenDirectoryUtils
       dscl( user_attrs, dir_info )
     end
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$shortname_USERNAME homedirectory "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME homedirectory "$VALUE"
     def user_set_home_directory(attribs, dir_info)
       attribs = user_record_name_alternatives(attribs)
@@ -125,7 +127,7 @@ module OpenDirectoryUtils
       dscl( user_attrs, dir_info )
     end
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$shortname_USERNAME loginShell "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME loginShell "$VALUE"
     def user_set_login_shell(attribs, dir_info)
       attribs = user_record_name_alternatives(attribs)
@@ -146,9 +148,9 @@ module OpenDirectoryUtils
     # OTHER FIELDS
     #####################
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$shortname_USERNAME mail "$VALUE"
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$shortname_USERNAME email "$VALUE"
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$shortname_USERNAME apple-user-mailattribute "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME mail "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME email "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME apple-user-mailattribute "$VALUE"
     def user_set_first_email(attribs, dir_info)
       attribs = user_record_name_alternatives(attribs)
@@ -218,117 +220,59 @@ module OpenDirectoryUtils
       dscl( user_attrs, dir_info )
     end
-    # https://images.apple.com/server/docs/Command_Line.pdf
-    # https://serverfault.com/questions/20702/how-do-i-create-user-accounts-from-the-terminal-in-mac-os-x-10-5?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa
-    # https://superuser.com/questions/1154564/how-to-create-a-user-from-the-macos-command-line
-    def user_create_min(attribs, dir_info)
-      attribs = user_record_name_alternatives(attribs)
-      check_critical_attribute( attribs, :record_name )
-      attribs    = tidy_attribs(attribs)
-      command    = {action: 'create', scope: 'Users', value: nil, attribute: nil}
-      user_attrs = attribs.merge(command)
-      dscl( user_attrs, dir_info )
-      answer          = []
-      attribs[:value] = nil
-      answer         << dscl( user_attrs, dir_info )
-      attribs[:value] = nil
-      answer         << user_set_password(attribs, dir_info)
-      attribs[:value] = nil
-      answer         << user_set_real_name(attribs, dir_info)
-      return answer
-    end
-    # https://images.apple.com/server/docs/Command_Line.pdf
-    # https://serverfault.com/questions/20702/how-do-i-create-user-accounts-from-the-terminal-in-mac-os-x-10-5?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa
-    # https://superuser.com/questions/1154564/how-to-create-a-user-from-the-macos-command-line
-    def user_create_full(attribs, dir_info)
-      attribs = user_record_name_alternatives(attribs)
-      check_critical_attribute( attribs, :record_name )
-      attribs    = tidy_attribs(attribs).dup
-      answer          = []
-      attribs[:value] = nil
-      answer         << user_create_min(attribs, dir_info)
-      attribs[:value] = nil
-      answer         << user_set_shell(attribs, dir_info)
-      attribs[:value] = nil
-      answer         << user_set_first_name(attribs, dir_info)
-      attribs[:value] = nil
-      answer         << user_set_last_name(attribs, dir_info)
-      attribs[:value] = nil
-      answer         << user_set_unique_id(attribs, dir_info)
-      attribs[:value] = nil
-      answer         << user_set_primary_group_id(attribs, dir_info)
-      attribs[:value] = nil
-      answer         << user_set_nfs_home_directory(attribs, dir_info)
-      # skip email if non-sent
-      unless attribs[:email].nil? and attribs[:mail].nil? and attribs[:apple_user_mailattribute].nil?
-        attribs[:value] = nil
-        answer         << user_set_email(attribs, dir_info)
-      end
-      return answer.flatten
-    end
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$shortname_USERNAME mobile "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME mobile "$VALUE"
     def user_set_mobile_phone
     end
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$shortname_USERNAME telephoneNumber "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME telephoneNumber "$VALUE"
     def user_set_work_phone
     end
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$shortname_USERNAME homePhone "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME homePhone "$VALUE"
     def user_set_home_phone
     end
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$shortname_USERNAME title "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME title "$VALUE"
     def user_set_title
     end
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$shortname_USERNAME departmentNumber "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME departmentNumber "$VALUE"
     def user_set_department
     end
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$shortname_USERNAME street "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME street "$VALUE"
     def user_set_street
     end
     alias_method :las_set_dorm, :user_set_street
     alias_method :las_set_housing, :user_set_street
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$shortname l "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname l "$VALUE"
     def user_set_city
     end
     alias_method :las_, :user_set_city
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$shortname_USERNAME st "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME st "$VALUE"
     def user_set_state
     end
     alias_method :las_cultural_trip, :user_set_state
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$shortname_USERNAME postalCode "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME postalCode "$VALUE"
     def user_set_postcode
     end
     alias_method :las_faculty_family, :user_set_postcode
-    #  /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$USER c "$VALUE"
+    #  /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$USER c "$VALUE"
     def user_set_country
     end
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$shortname_USERNAME labeledURI "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME labeledURI "$VALUE"
     def user_set_homepage
     end
     alias_method :user_set_webpage, :user_set_homepage
     alias_method :las_enrollment_date, :user_set_homepage
     alias_method :las_begin_date, :user_set_homepage
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$USER description "$NAME"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$USER description "$NAME"
     def user_set_comments
     end
     alias_method :user_set_description, :user_set_comments

data/lib/open_directory_utils/commands_user_attribs_od.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 require "open_directory_utils/dscl"
 require "open_directory_utils/clean_check"
+require "open_directory_utils/commands_base"
 module OpenDirectoryUtils
@@ -9,8 +10,9 @@ module OpenDirectoryUtils
   # * https://superuser.com/questions/592921/mac-osx-users-vs-dscl-command-to-list-user/621055?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa
   module CommandsUserAttribsOd
-    include OpenDirectoryUtils::Dscl
+    # include OpenDirectoryUtils::Dscl
     include OpenDirectoryUtils::CleanCheck
+    include OpenDirectoryUtils::CommandsBase
     # GET INFO
     ##########
@@ -39,16 +41,17 @@ module OpenDirectoryUtils
     # CHANGE OD
     ###########
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$USER RealName "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$USER RealName "$VALUE"
     def user_set_real_name(attribs, dir_info)
       attribs = user_record_name_alternatives(attribs)
+      attribs[:value] = attribs[:value] || attribs[:common_name]
       attribs[:value] = attribs[:value] || attribs[:cn]
       attribs[:value] = attribs[:value] || attribs[:realname]
       attribs[:value] = attribs[:value] || attribs[:real_name]
       attribs[:value] = attribs[:value] || attribs[:fullname]
       attribs[:value] = attribs[:value] || attribs[:full_name]
-      if attribs[:last_name]
+      if attribs[:last_name] or attribs[:first_name]
         attribs[:value] = attribs[:value] || "#{attribs[:first_name]} #{attribs[:last_name]}"
       end
       attribs[:value] = attribs[:value] || attribs[:record_name]
@@ -63,12 +66,14 @@ module OpenDirectoryUtils
       dscl( user_attrs, dir_info )
     end
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$shortname_USERNAME FirstName "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME FirstName "$VALUE"
     def user_set_first_name(attribs, dir_info)
       attribs = user_record_name_alternatives(attribs)
       attribs[:value] = attribs[:value] || attribs[:given_name]
+      attribs[:value] = attribs[:value] || attribs[:givenname]
       attribs[:value] = attribs[:value] || attribs[:first_name]
+      attribs[:value] = attribs[:value] || attribs[:firstname]
       check_critical_attribute( attribs, :record_name )
       check_critical_attribute( attribs, :value, :first_name )
@@ -80,12 +85,13 @@ module OpenDirectoryUtils
       dscl( user_attrs, dir_info )
     end
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$shortname_USERNAME LastName "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME LastName "$VALUE"
     def user_set_last_name(attribs, dir_info)
       attribs = user_record_name_alternatives(attribs)
       attribs[:value] = attribs[:value] || attribs[:sn]
       attribs[:value] = attribs[:value] || attribs[:surname]
+      attribs[:value] = attribs[:value] || attribs[:lastname]
       attribs[:value] = attribs[:value] || attribs[:last_name]
       check_critical_attribute( attribs, :record_name )
@@ -98,10 +104,10 @@ module OpenDirectoryUtils
       dscl( user_attrs, dir_info )
     end
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$shortname_USERNAME NameSuffix "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME NameSuffix "$VALUE"
     def user_set_name_suffix
     end
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$shortname_USERNAME apple-namesuffix "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME apple-namesuffix "$VALUE"
     def user_set_apple_name_suffix
     end
@@ -125,27 +131,7 @@ module OpenDirectoryUtils
       dscl( user_attrs, dir_info )
     end
-    # sudo dscl . -create /Users/someuser PrimaryGroupID 80
-    def user_set_primary_group_id(attribs, dir_info)
-      attribs = user_record_name_alternatives(attribs)
-      attribs[:value] = attribs[:value] || attribs[:group_id]
-      attribs[:value] = attribs[:value] || attribs[:gidnumber]
-      attribs[:value] = attribs[:value] || attribs[:groupnumber]
-      attribs[:value] = attribs[:value] || attribs[:group_number]
-      attribs[:value] = attribs[:value] || attribs[:primary_group_id]
-      check_critical_attribute( attribs, :record_name )
-      check_critical_attribute( attribs, :value, :group_id )
-      attribs    = tidy_attribs(attribs)
-      command    = {action: 'create', scope: 'Users', attribute: 'PrimaryGroupID'}
-      user_attrs = attribs.merge(command)
-      dscl( user_attrs, dir_info )
-    end
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/someuser NFSHomeDirectory /Users/someuser
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/someuser NFSHomeDirectory /Users/someuser
     def user_set_nfs_home_directory(attribs, dir_info)
       attribs = user_record_name_alternatives(attribs)
@@ -163,41 +149,6 @@ module OpenDirectoryUtils
       dscl( user_attrs, dir_info )
     end
-    # /usr/bin/pwpolicy -a diradmin -p "TopSecret" -u username -setpassword "AnotherSecret"
-    # /usr/bin/dscl -plist -u diradmin -P #{adminpw} /LDAPv3/127.0.0.1/ -passwd /Users/#{shortname} "#{passwd}"
-    def user_set_password(attribs, dir_info)
-      attribs = user_record_name_alternatives(attribs)
-      attribs[:value] = attribs[:value] || attribs[:password]
-      attribs[:value] = attribs[:value] || attribs[:passwd]
-      attribs[:value] = attribs[:value] || '*'
-      check_critical_attribute( attribs, :record_name )
-      check_critical_attribute( attribs, :value, :password )
-      attribs    = tidy_attribs(attribs)
-      command    = {action: 'passwd', scope: 'Users'}
-      user_attrs = attribs.merge(command)
-      dscl( user_attrs, dir_info )
-    end
-    # /usr/bin/dscl /LDAPv3/127.0.0.1 -auth #{shortname} "#{passwd}"
-    def user_verify_password(attribs, dir_info)
-      attribs = user_record_name_alternatives(attribs)
-      attribs[:value] = attribs[:value] || attribs[:password]
-      attribs[:value] = attribs[:value] || attribs[:passwd]
-      check_critical_attribute( attribs, :record_name )
-      check_critical_attribute( attribs, :value, :password )
-      attribs    = tidy_attribs(attribs)
-      command    = {action: 'auth', scope: 'Users'}
-      user_attrs = attribs.merge(command)
-      dscl( user_attrs, dir_info )
-    end
     # sudo dscl . -create /Users/someuser UserShell /bin/bash
     def user_set_shell(attribs, dir_info)
       attribs = user_record_name_alternatives(attribs)
@@ -216,9 +167,9 @@ module OpenDirectoryUtils
       dscl( user_attrs, dir_info )
     end
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$shortname_USERNAME mail "$VALUE"
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$shortname_USERNAME email "$VALUE"
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$shortname_USERNAME apple-user-mailattribute "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME mail "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME email "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME apple-user-mailattribute "$VALUE"
     def user_set_first_email(attribs, dir_info)
       attribs = user_record_name_alternatives(attribs)
@@ -274,19 +225,120 @@ module OpenDirectoryUtils
       return answer
     end
-    # dscl . -delete /Users/yourUserName
-    # https://tutorialforlinux.com/2011/09/15/delete-users-and-groups-from-terminal/
-    def user_delete(attribs, dir_info)
+    # sudo dscl . -create /Users/someuser PrimaryGroupID 80
+    def user_set_primary_group_id(attribs, dir_info)
       attribs = user_record_name_alternatives(attribs)
+      attribs[:value] = attribs[:value] || attribs[:groupid]
+      attribs[:value] = attribs[:value] || attribs[:group_id]
+      attribs[:value] = attribs[:value] || attribs[:gidnumber]
+      attribs[:value] = attribs[:value] || attribs[:groupnumber]
+      attribs[:value] = attribs[:value] || attribs[:group_number]
+      attribs[:value] = attribs[:value] || attribs[:primarygroupid]
+      attribs[:value] = attribs[:value] || attribs[:primary_group_id]
       check_critical_attribute( attribs, :record_name )
+      check_critical_attribute( attribs, :value, :group_id )
       attribs    = tidy_attribs(attribs)
-      command    = {action: 'delete', scope: 'Users', value: nil, attribute: nil}
+      command    = {action: 'create', scope: 'Users', attribute: 'PrimaryGroupID'}
+      user_attrs = attribs.merge(command)
+      dscl( user_attrs, dir_info )
+    end
+    # /usr/bin/pwpolicy -a diradmin -p "TopSecret" -u username -setpassword "AnotherSecret"
+    # /usr/bin/dscl -plist -u diradmin -P #{adminpw} /LDAPv3/127.0.0.1 -passwd /Users/#{shortname} "#{passwd}"
+    def user_set_password(attribs, dir_info)
+      attribs = user_record_name_alternatives(attribs)
+      attribs[:value] = attribs[:value] || attribs[:password]
+      attribs[:value] = attribs[:value] || attribs[:passwd]
+      attribs[:value] = attribs[:value] || '*'
+      check_critical_attribute( attribs, :record_name )
+      check_critical_attribute( attribs, :value, :password )
+      attribs    = tidy_attribs(attribs)
+      command    = {action: 'passwd', scope: 'Users'}
+      user_attrs = attribs.merge(command)
+      dscl( user_attrs, dir_info )
+    end
+    # /usr/bin/dscl /LDAPv3/127.0.0.1 -auth #{shortname} "#{passwd}"
+    def user_password_verified?(attribs, dir_info)
+      attribs = user_record_name_alternatives(attribs)
+      attribs[:value] = attribs[:value] || attribs[:password]
+      attribs[:value] = attribs[:value] || attribs[:passwd]
+      check_critical_attribute( attribs, :record_name )
+      check_critical_attribute( attribs, :value, :password )
+      attribs    = tidy_attribs(attribs)
+      command    = {action: 'auth', scope: 'Users'}
       user_attrs = attribs.merge(command)
       dscl( user_attrs, dir_info )
     end
+    alias_method :user_password_ok?, :user_password_verified?
+    # /usr/bin/pwpolicy -a diradmin -p A-B1g-S3cret -u $shortname_USERNAME -setpolicy "isDisabled=0"
+    def user_enable_login(attribs, dir_info)
+      attribs = user_record_name_alternatives(attribs)
+      check_critical_attribute( attribs, :record_name )
+      attribs    = tidy_attribs(attribs)
+      command = {attribute: 'enableuser', value: nil}
+      params  = command.merge(attribs)
+      pwpolicy(params, dir_info)
+    end
+    # /usr/bin/pwpolicy -a diradmin -p A-B1g-S3cret -u $shortname_USERNAME -setpolicy "isDisabled=1"
+    def user_disable_login(attribs, dir_info)
+      attribs = user_record_name_alternatives(attribs)
+      check_critical_attribute( attribs, :record_name )
+      attribs    = tidy_attribs(attribs)
+      command = {attribute: 'disableuser', value: nil}
+      params  = command.merge(attribs)
+      pwpolicy(params, dir_info)
+    end
+    def user_add_to_group(attribs, dir_info)
+      attribs = user_record_name_alternatives(attribs)
+      attribs[:value] = attribs[:group_membership]
+      attribs[:value] = attribs[:value] || attribs[:groupmembership]
+      attribs[:value] = attribs[:value] || attribs[:group_name]
+      attribs[:value] = attribs[:value] || attribs[:groupname]
+      attribs[:value] = attribs[:value] || attribs[:gid]
+      check_critical_attribute( attribs, :record_name, :username )
+      check_critical_attribute( attribs, :value, :groupname )
+      attribs    = tidy_attribs(attribs)
+      command    = { operation: 'edit', action: 'add', type: 'user'}
+      user_attrs  = attribs.merge(command)
+      dseditgroup( user_attrs, dir_info )
+    end
+    # module_function :user_add_to_group
+    # alias_method :user_set_group_memebership, :user_add_to_group
+    # /usr/bin/pwpolicy -a diradmin -p A-B1g-S3cret -u $shortname_USERNAME -getpolicy
+    def user_get_policy(attribs, dir_info)
+      attribs = user_record_name_alternatives(attribs)
+      check_critical_attribute( attribs, :record_name )
+      attribs    = tidy_attribs(attribs)
+      command = {attribute: 'getpolicy', value: nil}
+      params  = command.merge(attribs)
+      pwpolicy(params, dir_info)
+    end
+    alias_method :user_login_enabled?,  :user_get_policy
     # https://images.apple.com/server/docs/Command_Line.pdf
     # https://serverfault.com/questions/20702/how-do-i-create-user-accounts-from-the-terminal-in-mac-os-x-10-5?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa
@@ -308,6 +360,11 @@ module OpenDirectoryUtils
       attribs[:value] = nil
       answer         << user_set_password(attribs, dir_info)
       attribs[:value] = nil
+      answer         << user_enable_login(attribs, dir_info)      if
+                        attribs[:enable]&.eql? 'true' or attribs[:enable]&.eql? true
+      answer         << user_disable_login(attribs, dir_info) unless
+                        attribs[:enable]&.eql? 'true' or attribs[:enable]&.eql? true
+      attribs[:value] = nil
       answer         << user_set_real_name(attribs, dir_info)
       return answer
@@ -320,51 +377,82 @@ module OpenDirectoryUtils
       attribs = user_record_name_alternatives(attribs)
       check_critical_attribute( attribs, :record_name )
-      attribs    = tidy_attribs(attribs).dup
-      answer          = []
-      attribs[:value] = nil
-      answer         << user_create_min(attribs, dir_info)
-      attribs[:value] = nil
-      answer         << user_set_shell(attribs, dir_info)
-      attribs[:value] = nil
-      answer         << user_set_first_name(attribs, dir_info)
-      attribs[:value] = nil
-      answer         << user_set_last_name(attribs, dir_info)
-      attribs[:value] = nil
-      answer         << user_set_unique_id(attribs, dir_info)
-      attribs[:value] = nil
-      answer         << user_set_primary_group_id(attribs, dir_info)
-      attribs[:value] = nil
-      answer         << user_set_nfs_home_directory(attribs, dir_info)
+      # attribs           = tidy_attribs(attribs).dup
+      attribs           = tidy_attribs(attribs)
+      answer            = []
+      attribs[:value]   = nil
+      answer           << user_create_min(attribs, dir_info)
+      attribs[:value]   = nil
+      answer           << user_set_shell(attribs, dir_info)
+      if attribs[:first_name] or attribs[:firstname] or attribs[:given_name] or
+                          attribs[:givenname]
+        attribs[:value] = nil
+        answer         << user_set_first_name(attribs, dir_info)
+      end
+      if attribs[:last_name] or attribs[:lastname] or attribs[:sn] or
+                          attribs[:surname]
+        attribs[:value] = nil
+        answer         << user_set_last_name(attribs, dir_info)
+      end
+      attribs[:value]   = nil
+      answer           << user_set_unique_id(attribs, dir_info)
+      attribs[:value]   = nil
+      answer           << user_set_primary_group_id(attribs, dir_info)
+      attribs[:value]   = nil
+      answer           << user_set_nfs_home_directory(attribs, dir_info)
       # skip email if non-sent
-      unless attribs[:email].nil? and attribs[:mail].nil? and attribs[:apple_user_mailattribute].nil?
+      if attribs[:email] or attribs[:mail] or attribs[:apple_user_mailattribute]
         attribs[:value] = nil
         answer         << user_set_email(attribs, dir_info)
       end
+      # TODO add to groups without error - if group present
+      # "<main> attribute status: eDSSchemaError\n" +
+      # "<dscl_cmd> DS Error: -14142 (eDSSchemaError)"]
+      # # enroll in a group membership if info present
+      if attribs[:group_name] or attribs[:groupname] or attribs[:gid] or
+                        attribs[:group_membership] or attribs[:groupmembership]
+        attribs[:value] = nil
+        answer         << user_add_to_group(attribs, dir_info)
+      end
       return answer.flatten
     end
+    alias_method :user_create, :user_create_full
+    # dscl . -delete /Users/yourUserName
+    # https://tutorialforlinux.com/2011/09/15/delete-users-and-groups-from-terminal/
+    def user_delete(attribs, dir_info)
+      attribs = user_record_name_alternatives(attribs)
+      check_critical_attribute( attribs, :record_name )
+      attribs    = tidy_attribs(attribs)
+      command    = {action: 'delete', scope: 'Users', value: nil, attribute: nil}
+      user_attrs = attribs.merge(command)
+      dscl( user_attrs, dir_info )
+    end
-    # 1st keyword    -- /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$shortname_USERNAME apple-keyword "$VALUE"
-    # other keywords --  /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -append /Users/$shortname_USERNAME apple-keyword "$VALUE"
+    # 1st keyword    -- /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME apple-keyword "$VALUE"
+    # other keywords --  /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -append /Users/$shortname_USERNAME apple-keyword "$VALUE"
     def user_set_first_keyword
     end
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -append /Users/$shortname_USERNAME apple-keyword "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -append /Users/$shortname_USERNAME apple-keyword "$VALUE"
     def user_append_keyword
     end
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$shortname_USERNAME apple-company "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME apple-company "$VALUE"
     def user_set_company
     end
     alias_method :las_program_info, :user_set_company
-    # first  - /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$USER apple-imhandle "$VALUE"
-    # others - /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -append /Users/$USER apple-imhandle "$VALUE"
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$USER apple-imhandle "AIM:created: $CREATE"
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -append /Users/$USER apple-imhandle "ICQ:start: $START"
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -append /Users/$USER apple-imhandle "MSN:end: $END"
+    # first  - /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$USER apple-imhandle "$VALUE"
+    # others - /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -append /Users/$USER apple-imhandle "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$USER apple-imhandle "AIM:created: $CREATE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -append /Users/$USER apple-imhandle "ICQ:start: $START"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -append /Users/$USER apple-imhandle "MSN:end: $END"
     def user_set_chat
     end
     alias_method :user_set_chat_channels, :user_set_chat
@@ -372,19 +460,19 @@ module OpenDirectoryUtils
     alias_method :las_start_date, :user_set_chat
     alias_method :las_end_date, :user_set_chat
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$shortname_USERNAME apple-webloguri "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME apple-webloguri "$VALUE"
     def user_set_blog
     end
     alias_method :user_set_weblog, :user_set_blog
     alias_method :las_sync_date, :user_set_blog
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$shortname_USERNAME apple-organizationinfo "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME apple-organizationinfo "$VALUE"
     def user_set_org_info
     end
     alias_method :las_set_organizational_info, :user_set_org_info
     alias_method :las_link_student_to_parent, :user_set_org_info
-    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$shortname_USERNAME apple-relationships "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1 -create /Users/$shortname_USERNAME apple-relationships "$VALUE"
     def user_set_relationships
     end
     alias_method :las_link_parent_to_student, :user_set_relationships