open_directory_utils 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +3 -0
- data/Gemfile.lock +1 -1
- data/README.md +14 -6
- data/examples/connection-sample.yml +6 -0
- data/examples/create_od_users.rb +45 -0
- data/examples/users-sample.yml +17 -0
- data/lib/open_directory_utils/clean_check.rb +10 -0
- data/lib/open_directory_utils/commands_base.rb +125 -0
- data/lib/open_directory_utils/commands_group.rb +53 -162
- data/lib/open_directory_utils/commands_user_attribs_ldap.rb +23 -79
- data/lib/open_directory_utils/commands_user_attribs_od.rb +188 -100
- data/lib/open_directory_utils/connection.rb +76 -33
- data/lib/open_directory_utils/dscl.rb +1 -1
- data/lib/open_directory_utils/version.rb +1 -1
- metadata +6 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fbeb4cb66c90f18b5383f6f5cc872187e27d259ca54bcb32eecb9fc1b36fe473
|
4
|
+
data.tar.gz: c7b72cf17d3dd3b8d1e47fc22c138951efaecce65d19a47cb56f7936fd2e7a85
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 11995f4d723e3c57334db8eb29838fe6867c94ca259f74628acc758e1768745a0b30cc97a47b8372aa95fa8e1cd4e19e8955dc9ad6e283b20fdd3750e14c1e75
|
7
|
+
data.tar.gz: 75a8982397a6c7931d6d4c9a553864d5992ffe177576506c76069ad41cc907870d704de46121cec14eb1146293a933ef9b97e11c0e9835a0f46244cb572e2de7
|
data/.gitignore
CHANGED
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -7,21 +7,27 @@ One can also build custom DSCL commands and send them to the server as needed to
|
|
7
7
|
|
8
8
|
## Change Log
|
9
9
|
|
10
|
+
* **v0.1.2** - 2018-06-10
|
11
|
+
- user creation will add user to a group if group_name present
|
12
|
+
- new accounts disabled by default (w/ option to enable on creation)
|
13
|
+
- now repo includes example code (to create accounts)
|
14
|
+
* **v0.1.1** - 2018-06-06
|
15
|
+
- refactored to separate OD attribute from LDAP attribute commands (shortened methods and better organization and shorter tests)
|
10
16
|
* **v0.1.0** - 2018-06-06
|
11
17
|
- can adjust and delete OD attributes for users and groups (pre-built ldap attributes comming soon)
|
12
|
-
* **v0.1.1** - 2018-06-07
|
13
|
-
- refactored to separate OD attribute from LDAP attribute commands (shortened methods and better organization and shorter tests)
|
14
18
|
|
15
19
|
## ToDo
|
16
20
|
|
17
|
-
*
|
21
|
+
* ADD Lock and unlock account authentication (& TEST) - sync and create
|
22
|
+
* Do not return dir admin password with command on errors
|
23
|
+
* LDAP attributes (so las can sync accounts easily)
|
24
|
+
* ADD EXAMPLE CODE
|
18
25
|
* Verify setting Password
|
19
26
|
* Verify testing Password
|
20
27
|
* Refactor Process Results
|
21
28
|
* Test dscl direct commands
|
22
29
|
* Check Connection Unit Tests
|
23
|
-
* Learn dscl property names from LDAP
|
24
|
-
* Lock and unlock account authentication
|
30
|
+
* Learn dscl OD property names from LDAP
|
25
31
|
* verify which email address is LDAP (& seen in GUI)
|
26
32
|
|
27
33
|
## Installation
|
@@ -42,6 +48,8 @@ Or install it yourself as:
|
|
42
48
|
|
43
49
|
## Usage
|
44
50
|
|
51
|
+
Also see examples to see an example of multiple account creation
|
52
|
+
|
45
53
|
```ruby
|
46
54
|
require 'open_directory_utils'
|
47
55
|
|
@@ -52,7 +60,7 @@ require 'open_directory_utils'
|
|
52
60
|
# dir_password: ENV['DIR_ADMIN_PASS'],
|
53
61
|
|
54
62
|
# Instantiating using params
|
55
|
-
od = OpenDirectoryUtils.new(
|
63
|
+
od = OpenDirectoryUtils::Connection.new(
|
56
64
|
{ srv_host_name: 'od_hostname', srv_user_name: 'od_ssh_username',
|
57
65
|
dir_user_name: 'directory_admin_username',
|
58
66
|
dir_password: 'directory_admin_password'
|
@@ -0,0 +1,45 @@
|
|
1
|
+
#!/usr/bin/env ruby -w
|
2
|
+
|
3
|
+
require 'yaml'
|
4
|
+
require 'open_directory_utils'
|
5
|
+
|
6
|
+
# setup server connection
|
7
|
+
srv_info = {}
|
8
|
+
begin
|
9
|
+
srv_info = YAML.load_file( File.open('connection.yml') )
|
10
|
+
rescue Errno::ENOENT, LoadError, Psych::Error, Psych::SyntaxError
|
11
|
+
srv_info = {srv_hostname: 'od.example.com', srv_username: 'odsshlogin',
|
12
|
+
dir_username: 'diradmin', dir_password: 'T0p-S3cret' }
|
13
|
+
end
|
14
|
+
|
15
|
+
od = OpenDirectoryUtils::Connection.new( srv_info )
|
16
|
+
puts "\nSERVER SETTINGS:"
|
17
|
+
pp od
|
18
|
+
|
19
|
+
|
20
|
+
# get users
|
21
|
+
users = []
|
22
|
+
begin
|
23
|
+
users = YAML.load( File.open('users.yml') )
|
24
|
+
rescue Errno::ENOENT, LoadError, Psych::SyntaxError, YAML::Error
|
25
|
+
users = [{username: 'odtest', usernumber: '87654321', primary_group_id: 1031}]
|
26
|
+
ensure
|
27
|
+
puts "\nUSERS:"
|
28
|
+
pp users
|
29
|
+
end
|
30
|
+
|
31
|
+
make = false
|
32
|
+
puts "Review the user data \nEnter 'Y' to create od accounts\n (otherwise you see a dry run)"
|
33
|
+
answer = gets.chomp.downcase
|
34
|
+
if answer.eql? 'y'
|
35
|
+
make = true
|
36
|
+
end
|
37
|
+
|
38
|
+
# create accounts
|
39
|
+
puts "\nCreating OD Accounts:"
|
40
|
+
Array(users).each do |person|
|
41
|
+
# show commands
|
42
|
+
pp od.send(:user_create, person, od.dir_info)
|
43
|
+
# Make Account
|
44
|
+
# pp od.run(command: :user_create, params: person ) if make
|
45
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
---
|
2
|
+
# preferred with first name, last name, email and group membership
|
3
|
+
# by default account is disabled unless enabled: true is present
|
4
|
+
- :user_name: odusertest
|
5
|
+
:user_number: 98765432
|
6
|
+
:primary_group_id: 1031
|
7
|
+
:first_name: OD User
|
8
|
+
:last_name: TEST
|
9
|
+
:email: user@example.com
|
10
|
+
:passsword: Top-Secret
|
11
|
+
:enable: true
|
12
|
+
:group_membership: test
|
13
|
+
# for minimal data use user_create_min instead of user_create
|
14
|
+
# acceptable minimal attributes (password is set to * - no login) & real_name = username
|
15
|
+
- :username: odtest
|
16
|
+
:usernumber: 87654321
|
17
|
+
:primary_group_id: 1031
|
@@ -36,5 +36,15 @@ module OpenDirectoryUtils
|
|
36
36
|
return attribs
|
37
37
|
end
|
38
38
|
|
39
|
+
def group_record_name_alternatives(attribs)
|
40
|
+
attribs[:record_name] = nil
|
41
|
+
attribs[:record_name] = attribs[:group_membership]
|
42
|
+
attribs[:record_name] = attribs[:record_name] || attribs[:groupmembership]
|
43
|
+
attribs[:record_name] = attribs[:record_name] || attribs[:group_name]
|
44
|
+
attribs[:record_name] = attribs[:record_name] || attribs[:groupname]
|
45
|
+
attribs[:record_name] = attribs[:record_name] || attribs[:gid]
|
46
|
+
return attribs
|
47
|
+
end
|
48
|
+
|
39
49
|
end
|
40
50
|
end
|
@@ -0,0 +1,125 @@
|
|
1
|
+
require "open_directory_utils/clean_check"
|
2
|
+
|
3
|
+
module OpenDirectoryUtils
|
4
|
+
|
5
|
+
# https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man1/dscl.1.html
|
6
|
+
# https://superuser.com/questions/592921/mac-osx-users-vs-dscl-command-to-list-user/621055?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa
|
7
|
+
module CommandsBase
|
8
|
+
|
9
|
+
include OpenDirectoryUtils::CleanCheck
|
10
|
+
|
11
|
+
# builds the pwpolicy commands (after checking parameters)
|
12
|
+
# @attribs [Hash] - required - :record_name (the resource/user/group to affect), attribute: (resource attribute to change), value: (value to add to attribute)
|
13
|
+
# @dir_info [Hash] - usually configured in the connection initializer and then passed to pwpolicy to build command correctly
|
14
|
+
def pwpolicy(params, dir_info)
|
15
|
+
check_critical_attribute( params, :record_name )
|
16
|
+
cmd_params = tidy_attribs(params)
|
17
|
+
|
18
|
+
build_pwpolicy_command( cmd_params, dir_info )
|
19
|
+
end
|
20
|
+
|
21
|
+
# builds the dscl command (after checking parameters)
|
22
|
+
# @attribs [Hash] - required - :record_name (the resource to affect), :action (create, append, delete, passwd, etc), attribute: (resource attribute to change), value: (value to add to attribute)
|
23
|
+
# @dir_info [Hash] - usually configured in the connection initializer and then passed to dscl to build command correctly
|
24
|
+
def dscl(attribs, dir_info)
|
25
|
+
check_critical_attribute( attribs, :record_name )
|
26
|
+
check_critical_attribute( attribs, :action )
|
27
|
+
check_critical_attribute( attribs, :scope )
|
28
|
+
tidy_attribs = tidy_attribs(attribs)
|
29
|
+
build_dscl_command( tidy_attribs, dir_info )
|
30
|
+
end
|
31
|
+
|
32
|
+
def dseditgroup(attribs, dir_info)
|
33
|
+
check_critical_attribute( attribs, :value )
|
34
|
+
check_critical_attribute( attribs, :operation )
|
35
|
+
if attribs[:operation].eql?('checkmember')
|
36
|
+
check_critical_attribute( attribs, :record_name )
|
37
|
+
end
|
38
|
+
if attribs[:operation].eql?('edit')
|
39
|
+
check_critical_attribute( attribs, :record_name )
|
40
|
+
check_critical_attribute( attribs, :action )
|
41
|
+
check_critical_attribute( attribs, :type )
|
42
|
+
end
|
43
|
+
tidy_attribs = tidy_attribs(attribs)
|
44
|
+
build_dseditgroup_command( tidy_attribs, dir_info )
|
45
|
+
end
|
46
|
+
|
47
|
+
# /usr/bin/pwpolicy -a diradmin -p "BigSecret" -u username -setpolicy "isDisabled=0"
|
48
|
+
def build_pwpolicy_command(params, dir_info)
|
49
|
+
ans = %Q[#{dir_info[:pwpol]}]
|
50
|
+
ans += %Q[ -a #{dir_info[:username]}] unless dir_info[:username].nil? or
|
51
|
+
dir_info[:username].empty?
|
52
|
+
ans += %Q[ -p "#{dir_info[:password]}"] unless dir_info[:password].nil? or
|
53
|
+
dir_info[:password].empty?
|
54
|
+
ans += %Q[ -n #{dir_info[:data_path]}]
|
55
|
+
ans += %Q[ -u #{params[:record_name]}]
|
56
|
+
ans += %Q[ -#{params[:attribute]}]
|
57
|
+
ans += %Q[ "#{params[:value]}"] unless params[:value].nil? or
|
58
|
+
params[:value].empty?
|
59
|
+
return ans
|
60
|
+
end
|
61
|
+
|
62
|
+
# TODO: switch to template pattern
|
63
|
+
def build_dscl_command(attribs, dir_info)
|
64
|
+
# allow :recordname to be passed-in if using dscl directly
|
65
|
+
attribs[:record_name] = attribs[:record_name] || attribs[:recordname]
|
66
|
+
# /usr/bin/dscl -u diradmin -P "BigSecret" /LDAPv3/127.0.0.1 -append /Users/$UID_USERNAME apple-keyword "$VALUE"
|
67
|
+
# "/usr/bin/dscl -plist -u #{od_username} -P #{od_password} #{od_dsclpath} -#{command} #{resource} #{params}"
|
68
|
+
ans = %Q[#{dir_info[:dscl]}]
|
69
|
+
unless attribs[:format].nil?
|
70
|
+
ans += ' -plist' if attribs[:format].eql? 'plist' or
|
71
|
+
attribs[:format].eql? 'xml'
|
72
|
+
end
|
73
|
+
ans += %Q[ -u #{dir_info[:username]}] unless dir_info[:username].nil? or
|
74
|
+
dir_info[:username].empty? or
|
75
|
+
attribs[:action].eql? 'auth'
|
76
|
+
ans += %Q[ -P "#{dir_info[:password]}"] unless dir_info[:password].nil? or
|
77
|
+
dir_info[:password].empty? or
|
78
|
+
attribs[:action].eql? 'auth'
|
79
|
+
ans += " #{dir_info[:data_path]}"
|
80
|
+
|
81
|
+
ans += %Q[ -#{attribs[:action]}]
|
82
|
+
ans += %Q[ #{attribs[:record_name]}] if attribs[:action].eql? 'auth'
|
83
|
+
ans += %Q[ /#{attribs[:scope]}/#{attribs[:record_name]}] unless
|
84
|
+
attribs[:action].eql? 'auth'
|
85
|
+
ans += %Q[ #{attribs[:attribute]}] unless attribs[:attribute].nil? or
|
86
|
+
attribs[:attribute].empty?
|
87
|
+
ans += %Q[ "#{attribs[:value]}"] unless attribs[:value].nil? or
|
88
|
+
attribs[:value].empty?
|
89
|
+
return ans
|
90
|
+
end
|
91
|
+
|
92
|
+
# http://www.manpagez.com/man/8/dseditgroup/
|
93
|
+
# make a new group:
|
94
|
+
# dseditgroup -o create -n /LDAPv3/ldap.company.com -u dir_admin_user -P dir_admin_passwd \
|
95
|
+
# -r "Real Group Name" -c "a comment" -k "keyword" groupname
|
96
|
+
# delete a new group:
|
97
|
+
# dseditgroup -o delete -n /LDAPv3/ldap.company.com -u dir_admin_user -P dir_admin_passwd groupname
|
98
|
+
# add a user to a group
|
99
|
+
# dseditgroup -o edit -n /LDAPv3/ldap.company.com -u dir_admin_user -P dir_admin_passwd -a username -t user groupname
|
100
|
+
# remove a user from a group
|
101
|
+
# dseditgroup -o edit -n /LDAPv3/ldap.company.com -u dir_admin_user -P dir_admin_passwd -d username -t user groupname
|
102
|
+
def build_dseditgroup_command( params, dir_info )
|
103
|
+
ans = %Q[#{dir_info[:dsedit]}]
|
104
|
+
ans += %Q[ -o #{params[:operation]}]
|
105
|
+
ans += %Q[ -u #{dir_info[:username]}] unless dir_info[:username].nil? or
|
106
|
+
dir_info[:username].empty?
|
107
|
+
ans += %Q[ -P "#{dir_info[:password]}"] unless dir_info[:password].nil? or
|
108
|
+
dir_info[:password].empty?
|
109
|
+
ans += %Q[ -n #{dir_info[:data_path]}]
|
110
|
+
if params[:operation].eql?('create')
|
111
|
+
ans += %Q[ -r "#{params[:value]}"] if params[:real_name].to_s.eql?('')
|
112
|
+
ans += %Q[ -r "#{params[:real_name]}"] unless params[:real_name].to_s.eql?('')
|
113
|
+
ans += %Q[ -k #{params[:keyword]}] unless params[:keyword].to_s.eql?('')
|
114
|
+
end
|
115
|
+
ans += %Q[ -m #{params[:record_name]}] if params[:operation].to_s.eql?('checkmember')
|
116
|
+
if params[:operation].eql?('edit')
|
117
|
+
ans += %Q[ -a #{params[:record_name]}] if params[:action].to_s.eql?('add')
|
118
|
+
ans += %Q[ -d #{params[:record_name]}] if params[:action].to_s.eql?('delete')
|
119
|
+
ans += %Q[ -t #{params[:type]}] # type can be user or group
|
120
|
+
end
|
121
|
+
ans += %Q[ #{params[:value]}] # the group to be manipulated
|
122
|
+
end
|
123
|
+
|
124
|
+
end
|
125
|
+
end
|
@@ -1,5 +1,6 @@
|
|
1
1
|
require "open_directory_utils/dscl"
|
2
2
|
require "open_directory_utils/clean_check"
|
3
|
+
require "open_directory_utils/commands_base"
|
3
4
|
|
4
5
|
module OpenDirectoryUtils
|
5
6
|
|
@@ -9,17 +10,11 @@ module OpenDirectoryUtils
|
|
9
10
|
# * https://apple.stackexchange.com/questions/307173/creating-a-group-via-users-groups-in-command-line?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa
|
10
11
|
module CommandsGroup
|
11
12
|
|
12
|
-
include OpenDirectoryUtils::Dscl
|
13
|
+
# include OpenDirectoryUtils::Dscl
|
13
14
|
include OpenDirectoryUtils::CleanCheck
|
15
|
+
include OpenDirectoryUtils::CommandsBase
|
14
16
|
|
15
|
-
|
16
|
-
attribs[:record_name] = nil
|
17
|
-
attribs[:record_name] = attribs[:group_name]
|
18
|
-
attribs[:record_name] = attribs[:record_name] || attribs[:groupname]
|
19
|
-
attribs[:record_name] = attribs[:record_name] || attribs[:gid]
|
20
|
-
attribs[:record_name] = attribs[:record_name] || attribs[:cn]
|
21
|
-
return attribs
|
22
|
-
end
|
17
|
+
require "open_directory_utils/commands_group"
|
23
18
|
|
24
19
|
# dscl . read /Groups/ladmins
|
25
20
|
def group_get_info(attribs, dir_info)
|
@@ -38,156 +33,52 @@ module OpenDirectoryUtils
|
|
38
33
|
group_get_info(attribs, dir_info)
|
39
34
|
end
|
40
35
|
|
41
|
-
#
|
36
|
+
# dscl . -read /Groups/ladmins
|
37
|
+
# TODO: switch to dseditgroup -o checkmember -m username groupname
|
38
|
+
# dseditgroup -o checkmember -m btihen employee
|
39
|
+
# yes btihen is a member of employee
|
40
|
+
# dseditgroup -o checkmember -m btihen student
|
41
|
+
# no btihen is NOT a member of student
|
42
42
|
def user_in_group?(attribs, dir_info)
|
43
|
-
|
44
|
-
|
45
|
-
#
|
46
|
-
#
|
47
|
-
|
48
|
-
check_critical_attribute( attribs, :record_name, :groupname )
|
49
|
-
attribs = tidy_attribs(attribs)
|
50
|
-
|
51
|
-
command = {action: 'read', scope: 'Groups', attribute: nil, value: nil}
|
52
|
-
user_attrs = attribs.merge(command)
|
53
|
-
|
54
|
-
dscl( user_attrs, dir_info )
|
55
|
-
end
|
43
|
+
temp = user_record_name_alternatives(attribs)
|
44
|
+
username = temp[:record_name]
|
45
|
+
# pp username
|
46
|
+
# pp attribs
|
56
47
|
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
# http://osxdaily.com/2007/10/29/how-to-add-a-user-from-the-os-x-command-line-works-with-leopard/
|
62
|
-
#
|
63
|
-
# add 1st user -- dscl . -create /Groups/ladmins GroupMembership localadmin
|
64
|
-
# add more users -- dscl . -append /Groups/ladmins GroupMembership 2ndlocaladmin
|
65
|
-
def user_first_in_group(attribs, dir_info)
|
66
|
-
attribs = group_record_name_alternatives(attribs)
|
67
|
-
# attribs[:record_name] = attribs[:record_name] || attribs[:group_name]
|
68
|
-
# attribs[:record_name] = attribs[:record_name] || attribs[:groupname]
|
69
|
-
# attribs[:record_name] = attribs[:record_name] || attribs[:gid]
|
70
|
-
|
71
|
-
attribs[:value] = attribs[:value] || attribs[:user_name]
|
72
|
-
attribs[:value] = attribs[:value] || attribs[:username]
|
73
|
-
attribs[:value] = attribs[:value] || attribs[:uid]
|
48
|
+
attribs = group_record_name_alternatives(attribs)
|
49
|
+
groupname = attribs[:record_name]
|
50
|
+
attribs[:value] = username
|
51
|
+
# pp attribs
|
74
52
|
|
75
|
-
check_critical_attribute( attribs, :record_name, :groupname )
|
76
53
|
check_critical_attribute( attribs, :value, :username )
|
77
|
-
attribs = tidy_attribs(attribs)
|
78
|
-
|
79
|
-
command = {action: 'create', scope: 'Groups', attribute: 'GroupMembership'}
|
80
|
-
user_attrs = attribs.merge(command)
|
81
|
-
|
82
|
-
dscl( user_attrs, dir_info )
|
83
|
-
end
|
84
|
-
def user_append_to_group(attribs, dir_info)
|
85
|
-
attribs = group_record_name_alternatives(attribs)
|
86
|
-
# attribs[:record_name] = attribs[:record_name] || attribs[:group_name]
|
87
|
-
# attribs[:record_name] = attribs[:record_name] || attribs[:groupname]
|
88
|
-
# attribs[:record_name] = attribs[:record_name] || attribs[:gid]
|
89
|
-
|
90
|
-
attribs[:value] = attribs[:value] || attribs[:user_name]
|
91
|
-
attribs[:value] = attribs[:value] || attribs[:username]
|
92
|
-
attribs[:value] = attribs[:value] || attribs[:uid]
|
93
|
-
|
94
54
|
check_critical_attribute( attribs, :record_name, :groupname )
|
95
|
-
check_critical_attribute( attribs, :value, :username )
|
96
55
|
attribs = tidy_attribs(attribs)
|
97
56
|
|
98
|
-
command = {action: '
|
99
|
-
|
57
|
+
command = {action: 'read', scope: 'Groups', attribute: nil, value: nil}
|
58
|
+
cmd_attribs = attribs.merge(command)
|
100
59
|
|
101
|
-
dscl(
|
60
|
+
dscl( cmd_attribs, dir_info )
|
102
61
|
end
|
103
|
-
alias_method :user_add_to_group, :user_append_to_group
|
104
62
|
|
105
|
-
# /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -delete /Groups/$VALUE GroupMembership $shortname_USERNAME
|
106
63
|
def user_remove_from_group(attribs, dir_info)
|
107
|
-
attribs =
|
108
|
-
# attribs[:record_name] = attribs[:record_name] || attribs[:group_name]
|
109
|
-
# attribs[:record_name] = attribs[:record_name] || attribs[:groupname]
|
110
|
-
# attribs[:record_name] = attribs[:record_name] || attribs[:gid]
|
64
|
+
attribs = user_record_name_alternatives(attribs)
|
111
65
|
|
112
|
-
attribs[:value]
|
113
|
-
attribs[:value]
|
114
|
-
attribs[:value]
|
66
|
+
attribs[:value] = attribs[:group_membership]
|
67
|
+
attribs[:value] = attribs[:value] || attribs[:groupmembership]
|
68
|
+
attribs[:value] = attribs[:value] || attribs[:group_name]
|
69
|
+
attribs[:value] = attribs[:value] || attribs[:groupname]
|
70
|
+
attribs[:value] = attribs[:value] || attribs[:gid]
|
115
71
|
|
116
|
-
check_critical_attribute( attribs, :record_name, :
|
117
|
-
check_critical_attribute( attribs, :value, :
|
72
|
+
check_critical_attribute( attribs, :record_name, :username )
|
73
|
+
check_critical_attribute( attribs, :value, :groupname )
|
118
74
|
attribs = tidy_attribs(attribs)
|
119
|
-
|
120
|
-
command = {action: 'delete', scope: 'Groups', attribute: 'GroupMembership'}
|
75
|
+
command = { operation: 'edit', action: 'delete', type: 'user'}
|
121
76
|
user_attrs = attribs.merge(command)
|
122
77
|
|
123
|
-
|
124
|
-
end
|
125
|
-
|
126
|
-
# add 1st user -- dscl . create /Groups/ladmins GroupMembership localadmin
|
127
|
-
# add more users -- dscl . append /Groups/ladmins GroupMembership 2ndlocaladmin
|
128
|
-
def group_add_first_user(attribs, dir_info)
|
129
|
-
attribs = group_record_name_alternatives(attribs)
|
130
|
-
|
131
|
-
# value = username
|
132
|
-
attribs[:value] = attribs[:value] || attribs[:user_name]
|
133
|
-
attribs[:value] = attribs[:value] || attribs[:username]
|
134
|
-
attribs[:value] = attribs[:value] || attribs[:uid]
|
135
|
-
|
136
|
-
check_critical_attribute( attribs, :record_name )
|
137
|
-
check_critical_attribute( attribs, :value, :username )
|
138
|
-
|
139
|
-
# Will assume we are not adding the first user!
|
140
|
-
command = { action: 'create', scope: 'Groups',
|
141
|
-
attribute: 'GroupMembership'}
|
142
|
-
user_attrs = attribs.merge(command)
|
143
|
-
|
144
|
-
dscl( user_attrs, dir_info )
|
145
|
-
end
|
146
|
-
|
147
|
-
def group_has_user?(attribs, dir_info)
|
148
|
-
group_get_info(attribs, dir_info)
|
149
|
-
end
|
150
|
-
|
151
|
-
# add 1st user -- dscl . create /Groups/ladmins GroupMembership localadmin
|
152
|
-
# add more users -- dscl . append /Groups/ladmins GroupMembership 2ndlocaladmin
|
153
|
-
def group_add_user(attribs, dir_info)
|
154
|
-
attribs = group_record_name_alternatives(attribs)
|
155
|
-
|
156
|
-
# value = username
|
157
|
-
attribs[:value] = attribs[:value] || attribs[:user_name]
|
158
|
-
attribs[:value] = attribs[:value] || attribs[:username]
|
159
|
-
attribs[:value] = attribs[:value] || attribs[:uid]
|
160
|
-
|
161
|
-
check_critical_attribute( attribs, :record_name )
|
162
|
-
check_critical_attribute( attribs, :value, :username )
|
163
|
-
|
164
|
-
# Will assume we are not adding the first user!
|
165
|
-
command = { action: 'append', scope: 'Groups',
|
166
|
-
attribute: 'GroupMembership'}
|
167
|
-
user_attrs = attribs.merge(command)
|
168
|
-
|
169
|
-
dscl( user_attrs, dir_info )
|
170
|
-
end
|
171
|
-
|
172
|
-
# # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -delete /Groups/$SHORTNAME GroupMembership $VALUE
|
173
|
-
# # dseditgroup -o edit -d $Username -t user $GroupName
|
174
|
-
def group_remove_user(attribs, dir_info)
|
175
|
-
attribs = group_record_name_alternatives(attribs)
|
176
|
-
|
177
|
-
# value <- is username
|
178
|
-
attribs[:value] = attribs[:value] || attribs[:user_name]
|
179
|
-
attribs[:value] = attribs[:value] || attribs[:username]
|
180
|
-
attribs[:value] = attribs[:value] || attribs[:uid]
|
181
|
-
|
182
|
-
check_critical_attribute( attribs, :record_name )
|
183
|
-
check_critical_attribute( attribs, :value, :username )
|
184
|
-
|
185
|
-
command = { action: 'delete', scope: 'Groups',
|
186
|
-
attribute: 'GroupMembership'}
|
187
|
-
user_attrs = attribs.merge(command)
|
188
|
-
|
189
|
-
dscl( user_attrs, dir_info )
|
78
|
+
dseditgroup( user_attrs, dir_info )
|
190
79
|
end
|
80
|
+
# module_function :user_remove_from_group
|
81
|
+
# alias_method :user_remove_group_memebership, :user_remove_from_group
|
191
82
|
|
192
83
|
# dscl . -delete /Groups/yourGroupName
|
193
84
|
# https://tutorialforlinux.com/2011/09/15/delete-users-and-groups-from-terminal/
|
@@ -254,26 +145,26 @@ module OpenDirectoryUtils
|
|
254
145
|
dscl( user_attrs, dir_info )
|
255
146
|
end
|
256
147
|
|
257
|
-
# probably can't create password for group?
|
258
|
-
# /usr/bin/dscl -u diradmin -P liaP-meD-Aj-pHi-hOb-en-c /LDAPv3/127.0.0.1
|
259
|
-
# "<main> attribute status: eDSNoStdMappingAvailable\n" +
|
260
|
-
# "<dscl_cmd> DS Error: -14140 (eDSNoStdMappingAvailable)"]
|
261
|
-
def group_set_passwd(attribs, dir_info)
|
262
|
-
|
263
|
-
|
264
|
-
|
265
|
-
|
266
|
-
|
267
|
-
|
268
|
-
|
269
|
-
|
270
|
-
|
271
|
-
|
272
|
-
|
273
|
-
|
274
|
-
|
275
|
-
end
|
276
|
-
alias_method :group_set_password, :group_set_passwd
|
148
|
+
# # probably can't create password for group?
|
149
|
+
# # /usr/bin/dscl -u diradmin -P liaP-meD-Aj-pHi-hOb-en-c /LDAPv3/127.0.0.1 -create /Groups/odgrouptest passwd "*"
|
150
|
+
# # "<main> attribute status: eDSNoStdMappingAvailable\n" +
|
151
|
+
# # "<dscl_cmd> DS Error: -14140 (eDSNoStdMappingAvailable)"]
|
152
|
+
# def group_set_passwd(attribs, dir_info)
|
153
|
+
# attribs = group_record_name_alternatives(attribs)
|
154
|
+
#
|
155
|
+
# attribs[:value] = attribs[:value] || attribs[:password]
|
156
|
+
# attribs[:value] = attribs[:value] || attribs[:passwd]
|
157
|
+
# attribs[:value] = attribs[:value] || '*'
|
158
|
+
#
|
159
|
+
# check_critical_attribute( attribs, :record_name )
|
160
|
+
# check_critical_attribute( attribs, :value, :password )
|
161
|
+
#
|
162
|
+
# command = {action: 'passwd', scope: 'Groups', attribute: nil}
|
163
|
+
# user_attrs = attribs.merge(command)
|
164
|
+
#
|
165
|
+
# dscl( user_attrs, dir_info )
|
166
|
+
# end
|
167
|
+
# alias_method :group_set_password, :group_set_passwd
|
277
168
|
|
278
169
|
# create group -- dscl . -create /Groups/ladmins
|
279
170
|
# add group passwd -- dscl . -create /Groups/ladmins passwd “*”
|