e-smith-base/sme8/e-smith-base-5.2.0-enable-cpu.patch

diff -up e-smith-base-5.2.0/root/etc/e-smith/events/actions/group-create-unix.enable-cpu e-smith-base-5.2.0/root/etc/e-smith/events/actions/group-create-unix
--- e-smith-base-5.2.0/root/etc/e-smith/events/actions/group-create-unix.enable-cpu     2005-11-20 21:28:05.000000000 -0700
+++ e-smith-base-5.2.0/root/etc/e-smith/events/actions/group-create-unix        2010-11-01 09:34:11.000000000 -0600
@@ -33,6 +33,8 @@ my $conf = esmith::ConfigDB->open_ro
 my $accounts = esmith::AccountsDB->open
     or die "Could not open accounts DB";
 
+my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
+
 my $event = $ARGV [0];
 my $groupName = $ARGV [1];
 
@@ -66,27 +68,50 @@ unless ($gid = $group->prop('Gid'))
 my $uid = $group->prop('Uid');
 my $description = $group->prop('Description') || '';
 
-# Create the user's unique group first
-
-system(
-       "/usr/sbin/groupadd",
-       "-g", $gid,
-       $groupName
-    ) == 0 or die "Failed to create group $groupName.\n";
-
-# Now create the dummy user account
-
-system(
-       "/usr/sbin/useradd",
-       "-u", $uid,
-       "-g", $gid,
-       "-c", $description,
-       "-d",
-       "/home/e-smith",
-       "-s",
-       "/bin/false",
-       "$groupName"
-    ) == 0 or die "Failed to create user $groupName.\n";
+if ($ldapauth eq 'enabled')
+{
+    # Create the user's unique group first
+    system(
+            "/usr/sbin/cpu", "groupadd",
+            "-g", $gid,
+            $groupName
+        ) == 0 or die "Failed to create group $groupName.\n";
+
+    # Now create the dummy user account
+    system(
+            "/usr/sbin/cpu", "-C/etc/cpu-system.conf", "useradd",
+            "-u", $uid,
+            "-g", $gid,
+            "-c", $description,
+            "-d",
+            "/home/e-smith",
+            "-s",
+            "/bin/false",
+            "$groupName"
+        ) == 0 or die "Failed to create user $groupName.\n";
+}
+else
+{
+    # Create the user's unique group first
+    system(
+            "/usr/sbin/groupadd",
+            "-g", $gid,
+            $groupName
+        ) == 0 or die "Failed to create group $groupName.\n";
+
+    # Now create the dummy user account
+    system(
+            "/usr/sbin/useradd",
+            "-u", $uid,
+            "-g", $gid,
+            "-c", $description,
+            "-d",
+            "/home/e-smith",
+            "-s",
+            "/bin/false",
+            "$groupName"
+        ) == 0 or die "Failed to create user $groupName.\n";
+}
 
 # Release lock if we have one
 $lock && esmith::lockfile::UnlockFile($lock);
@@ -122,12 +147,27 @@ foreach $member (@groupMembers)
 
     my @groupList = split (/\s+/, $groups);
     @groupList = grep (!/^$member$/, @groupList);
+
+    # root user/group isn't in ldap
+    if ($ldapauth eq 'enabled')
+    {
+        @groupList = grep (!/^root$/, @groupList);
+    }
+
     push @groupList, $groupName;
 
     $groups = join (',', sort (@groupList));
 
-    system("/usr/sbin/usermod", "-G", "$groups", "$member") == 0
-       or die "Failed to modify supplementary group list for $member.\n";
+    if ($ldapauth eq 'enabled')
+    {
+        system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod", "-G", "$groups", "$member") == 0
+            or die "Failed to modify supplementary group list for $member.\n";
+    }
+    else
+    {
+        system("/usr/sbin/usermod", "-G", "$groups", "$member") == 0
+            or die "Failed to modify supplementary group list for $member.\n";
+    }
 }
 
 exit (0);
diff -up e-smith-base-5.2.0/root/etc/e-smith/events/actions/group-delete-unix.enable-cpu e-smith-base-5.2.0/root/etc/e-smith/events/actions/group-delete-unix
--- e-smith-base-5.2.0/root/etc/e-smith/events/actions/group-delete-unix.enable-cpu     2005-11-20 21:28:05.000000000 -0700
+++ e-smith-base-5.2.0/root/etc/e-smith/events/actions/group-delete-unix        2010-11-01 08:49:37.000000000 -0600
@@ -25,14 +25,31 @@ package esmith;
 
 use strict;
 use Errno;
+use esmith::ConfigDB;
+
+my $conf = esmith::ConfigDB->open_ro
+    or die "Could not open Config DB";
+
+my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
 
 my $event = $ARGV [0];
 my $groupName = $ARGV [1] or die "Groupname argument missing.";
 
-system("/usr/sbin/userdel", "$groupName") == 0
-    or die "Failed to delete dummy user for group $groupName.\n";
+if ($ldapauth eq 'enabled')
+{
+    system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "userdel", "$groupName") == 0
+        or die "Failed to delete dummy user for group $groupName.\n";
+
+    system("/usr/sbin/cpu", "groupdel", "$groupName") == 0
+        or die "Failed to delete group $groupName.\n";
+}
+else
+{
+    system("/usr/sbin/userdel", "$groupName") == 0
+        or die "Failed to delete dummy user for group $groupName.\n";
 
-system("/usr/sbin/groupdel", "$groupName") == 0
-    or die "Failed to delete group $groupName.\n";
+    system("/usr/sbin/groupdel", "$groupName") == 0
+        or die "Failed to delete group $groupName.\n";
+}
 
 exit (0);
diff -up e-smith-base-5.2.0/root/etc/e-smith/events/actions/group-modify-unix.enable-cpu e-smith-base-5.2.0/root/etc/e-smith/events/actions/group-modify-unix
--- e-smith-base-5.2.0/root/etc/e-smith/events/actions/group-modify-unix.enable-cpu     2010-11-01 08:45:10.000000000 -0600
+++ e-smith-base-5.2.0/root/etc/e-smith/events/actions/group-modify-unix        2010-11-01 08:54:28.000000000 -0600
@@ -31,6 +31,8 @@ use esmith::AccountsDB;
 my $c = esmith::ConfigDB->open_ro || die "Couldn't open config db\n";
 my $a = esmith::AccountsDB->open_ro || die "Couldn't open accounts db\n";
 
+my $ldapauth = $c->get('ldap')->prop('Authentication') || 'disabled';
+
 my $event = shift || die "Event name arg missing\n";;
 my @groups;
 
@@ -64,8 +66,16 @@ foreach my $group (@groups)
     my $groupDesc = $properties{'Description'}
        if (defined $properties{'Description'});
 
-    system("/usr/sbin/usermod", "-c", "$groupDesc", "$groupName") == 0
-       or die "Failed to modify group description for $groupName.\n";
+    if ($ldapauth eq 'enabled')
+    {
+        system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod", "-c", "$groupDesc", "$groupName") == 0
+            or die "Failed to modify group description for $groupName.\n";
+    }
+    else
+    {
+        system("/usr/sbin/usermod", "-c", "$groupDesc", "$groupName") == 0
+            or die "Failed to modify group description for $groupName.\n";
+    }
 
     my ($name, $passwd, $gid, $members) = getgrnam ($groupName);
     my @oldMembers = split (/\s+/, $members);
@@ -111,6 +121,12 @@ foreach my $group (@groups)
        my @groupList = split (/\s+/, $groups);
        @groupList = grep (!/^$member$/, @groupList);
 
+        # root user/group isn't in ldap
+        if ($ldapauth eq 'enabled')
+        {
+            @groupList = grep (!/^root$/, @groupList);
+        }
+
        if ($oldMembers{$member})
        {
            @groupList = grep (!/^$groupName$/, @groupList);
@@ -121,8 +137,16 @@ foreach my $group (@groups)
        }
        $groups = join (',', sort (@groupList));
 
-       system("/usr/sbin/usermod", "-G", "$groups", "$member") == 0
-           or die "Failed to modify supplementary group list for $member.\n";
+        if ($ldapauth eq 'enabled')
+        {
+            system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "usermod", "-G", "$groups", "$member") == 0
+                or die "Failed to modify supplementary group list for $member.\n";
+        }
+        else
+        {
+            system("/usr/sbin/usermod", "-G", "$groups", "$member") == 0
+                or die "Failed to modify supplementary group list for $member.\n";
+        }
     }
 }
 
diff -up e-smith-base-5.2.0/root/etc/e-smith/events/actions/init-accounts.enable-cpu e-smith-base-5.2.0/root/etc/e-smith/events/actions/init-accounts
--- e-smith-base-5.2.0/root/etc/e-smith/events/actions/init-accounts.enable-cpu 2005-11-20 21:28:05.000000000 -0700
+++ e-smith-base-5.2.0/root/etc/e-smith/events/actions/init-accounts    2010-11-01 09:58:36.000000000 -0600
@@ -25,9 +25,22 @@ package esmith;
 use strict;
 use Errno;
 use esmith::util;
+use esmith::ConfigDB;
+
+my $conf = esmith::ConfigDB->open_ro
+    or die "Could not open Config DB";
+
+my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
 
 # create group "shared" if not already present
-system(qw(/usr/sbin/groupadd -r shared)) unless getgrnam("shared");
+if ($ldapauth eq 'enabled')
+{
+    system(qw(/usr/sbin/cpu groupadd shared)) unless getgrnam("shared");
+}
+else
+{
+    system(qw(/usr/sbin/groupadd -r shared)) unless getgrnam("shared");
+}
 
 # Create other required groups and users
 system(qw(/usr/sbin/groupadd -g 21 -r -f slocate))
@@ -39,7 +52,15 @@ system(qw(/usr/sbin/useradd -u 38 -s /sb
 # create user "admin" if not already present;
 if ( !getpwnam("admin") )
 {
-    `/usr/sbin/useradd -c 'e-smith administrator' -d /home/e-smith -G root,shared -M -s /sbin/e-smith/console admin`;
+    if ($ldapauth eq 'enabled')
+    {
+        `/usr/sbin/cpu useradd -c 'e-smith administrator' -d /home/e-smith -G shared -M -s /sbin/e-smith/console admin`;
+        `/usr/sbin/gpasswd -a admin root`;
+    }
+    else
+    {
+        `/usr/sbin/useradd -c 'e-smith administrator' -d /home/e-smith -G root,shared -M -s /sbin/e-smith/console admin`;
+    }
 }
 else
 {
@@ -70,27 +91,37 @@ else
     @groupList = grep (!/^shared$/, @groupList);
     @groupList = grep (!/^www$/, @groupList);
 
-    push @groupList, 'root', 'shared', 'www';
+    push @groupList, 'shared', 'www';
+
+    # Only push root if not using ldap (root not in ldap)
+    push @groupList, 'root' if ($ldapauth ne 'enabled');
 
     #--------------------------------------------------
     # Run usermod command to update group list for admin.
     #--------------------------------------------------
 
     $groups = join (',', sort (@groupList));
-    $cmd = "/usr/sbin/usermod -c 'e-smith administrator' -d /home/e-smith -G '$groups' -s /sbin/e-smith/console admin";
+    if ($ldapauth eq 'enabled')
+    {
+        $cmd = "/usr/sbin/cpu usermod -c 'e-smith administrator' -d /home/e-smith -G '$groups' -s /sbin/e-smith/console admin";
+    }
+    else
+    {
+        $cmd = "/usr/sbin/usermod -c 'e-smith administrator' -d /home/e-smith -G '$groups' -s /sbin/e-smith/console admin";
+    }
     `$cmd`;
     if ($? != 0)
     {
        die "Failed to change shell and modify supplementary group list for admin.\n";
     }
+    `/usr/sbin/gpasswd -a admin root` if ($ldapauth eq 'enabled');
 }
 
 #--------------------------------------------------
 # create user "public" if not already present
 #--------------------------------------------------
 
-`/bin/grep '^public:' /etc/passwd`;
-if ($? != 0)
+if ( !getpwnam("public") )
 {
     `/usr/sbin/useradd  -c 'e-smith guest' -d /home/e-smith -G shared -M -s /bin/false public`;
 }
@@ -100,10 +131,16 @@ if ($? != 0)
 # "e-smith private web server" (used to just say "e-smith web server")
 #--------------------------------------------------
 
-`/bin/grep '^www:' /etc/passwd`;
-if ($? != 0)
+if ( !getpwnam("www") )
 {
-    `/usr/sbin/useradd -c 'e-smith web server' -d /home/e-smith -G shared -M -s /bin/false www`;
+    if ($ldapauth eq 'enabled')
+    {
+        `/usr/sbin/cpu useradd -c 'e-smith web server' -d /home/e-smith -G shared -M -s /bin/false www`;
+    }
+    else
+    {
+        `/usr/sbin/useradd -c 'e-smith web server' -d /home/e-smith -G shared -M -s /bin/false www`;
+    }
 }
 else
 {
@@ -137,7 +174,14 @@ else
     #--------------------------------------------------
 
     $groups = join (',', sort (@groupList));
-    `/usr/sbin/usermod -c 'e-smith web server' -d /home/e-smith -G '$groups' -s /bin/false www`;
+    if ($ldapauth eq 'enabled')
+    {
+        `/usr/sbin/cpu usermod -c 'e-smith web server' -d /home/e-smith -G '$groups' -s /bin/false www`;
+    }
+    else
+    {
+        `/usr/sbin/usermod -c 'e-smith web server' -d /home/e-smith -G '$groups' -s /bin/false www`;
+    }
     if ($? != 0)
     {
        die "Failed to modify supplementary group list for www.\n";
diff -up e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-create-unix.enable-cpu e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-create-unix
--- e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-create-unix.enable-cpu      2005-11-20 21:28:05.000000000 -0700
+++ e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-create-unix 2010-11-01 09:44:52.000000000 -0600
@@ -31,6 +31,8 @@ use esmith::AccountsDB;
 my $conf = esmith::ConfigDB->open_ro;
 my $accounts = esmith::AccountsDB->open;
 
+my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
+
 my $event = $ARGV [0];
 my $userName = $ARGV [1];
 
@@ -61,29 +63,58 @@ my $first = $acct->prop('FirstName') || 
 my $last = $acct->prop('LastName') || '';
 my $shell = $acct->prop('Shell') || '/usr/bin/rssh';
 
-# Create the user's unique group first
 
-system(
-       "/usr/sbin/groupadd",
-       "-g",
-       $gid,
-       $userName
-    ) == 0 or die "Failed to create group $userName.\n";
-
-# Now create the user account
-
-system(
-       "/usr/sbin/useradd",
-       "-u", $uid,
-       "-g", $uid,
-       "-c", "$first $last",
-       "-d", "/home/e-smith/files/users/$userName",
-       "-G", "shared",
-       "-m",
-       "-k", "/etc/e-smith/skel/user",
-       "-s", "$shell",
-       $userName
-    ) == 0 or die "Failed to create account $userName.\n";
+if ($ldapauth eq 'enabled')
+{
+    # Create the user's unique group first
+    system(
+            "/usr/sbin/cpu", "-C/etc/cpu-system.conf", "groupadd",
+            "-g",
+            $gid,
+            $userName
+        ) == 0 or die "Failed to create group $userName.\n";
+
+    # Now create the user account
+    system(
+            "/usr/sbin/cpu", "useradd",
+            "-u", $uid,
+            "-g", $uid,
+            "-c", "$first $last",
+            "-f", "$first",
+            "-E", "$last",
+            "-d", "/home/e-smith/files/users/$userName",
+            "-G", "shared",
+            "-m",
+            "-k/etc/e-smith/skel/user",
+            "-s", "$shell",
+            $userName
+        ) == 0 or die "Failed to create account $userName.\n";
+}
+else
+{
+    # Create the user's unique group first
+    system(
+            "/usr/sbin/groupadd",
+            "-g",
+            $gid,
+            $userName
+        ) == 0 or die "Failed to create group $userName.\n";
+
+    # Now create the user account
+    system(
+            "/usr/sbin/useradd",
+            "-u", $uid,
+            "-g", $uid,
+            "-c", "$first $last",
+            "-d", "/home/e-smith/files/users/$userName",
+            "-G", "shared",
+            "-m",
+            "-k", "/etc/e-smith/skel/user",
+            "-s", "$shell",
+            $userName
+        ) == 0 or die "Failed to create account $userName.\n";
+}
+
 
 # Release lock if we have one
 $lock && esmith::lockfile::UnlockFile($lock);
@@ -92,8 +123,16 @@ $lock && esmith::lockfile::UnlockFile($l
 
 chmod 0700, "/home/e-smith/files/users/$userName";
 
-system("/usr/bin/passwd", "-l", "$userName")
-    and warn("Could not lock password for $userName\n");
+if ($ldapauth eq 'enabled')
+{
+    system("/usr/sbin/cpu", "usermod", "-L", "$userName")
+        and warn("Could not lock password for $userName\n");
+}
+else
+{
+    system("/usr/bin/passwd", "-l", "$userName")
+        and warn("Could not lock password for $userName\n");
+}
 system("/usr/bin/smbpasswd", "-a", "-d", "$userName")
     and warn("Could not lock smb password for $userName\n");;
 
diff -up e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-delete-unix.enable-cpu e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-delete-unix
--- e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-delete-unix.enable-cpu      2005-11-20 21:28:05.000000000 -0700
+++ e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-delete-unix 2010-11-01 09:42:24.000000000 -0600
@@ -26,6 +26,12 @@ package esmith;
 use strict;
 use Errno;
 use esmith::util;
+use esmith::ConfigDB;
+
+my $conf = esmith::ConfigDB->open_ro
+    or die "Could not open Config DB";
+
+my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
 
 my $event = $ARGV [0];
 my $userName = $ARGV [1];
@@ -36,12 +42,23 @@ my $userName = $ARGV [1];
 
 die "Username argument missing." unless defined ($userName);
 
-esmith::util::cancelUserPassword ($userName);
+if ($ldapauth eq 'enabled')
+{
+    system("/usr/sbin/cpu", "userdel", "-r", $userName) == 0
+        or die "Failed to delete account $userName.\n";
 
-my $discard = `/usr/sbin/userdel -r '$userName'`;
-if ($? != 0)
+    system("/usr/sbin/cpu", "-C/etc/cpu-system.conf", "groupdel", $userName) == 0
+        or die "Failed to delete group account $userName.\n";
+}
+else
 {
-    die "Failed to delete account $userName.\n";
+    esmith::util::cancelUserPassword ($userName);
+
+    my $discard = `/usr/sbin/userdel -r '$userName'`;
+    if ($? != 0)
+    {
+        die "Failed to delete account $userName.\n";
+    }
 }
 
 exit (0);
diff -up e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-lock-passwd.enable-cpu e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-lock-passwd
--- e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-lock-passwd.enable-cpu      2007-01-19 14:33:22.000000000 -0700
+++ e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-lock-passwd 2010-11-01 09:30:06.000000000 -0600
@@ -24,12 +24,13 @@ use strict;
 use Errno;
 use esmith::AccountsDB;
 use esmith::ConfigDB;
-use IO::File;
 use English;
 
 my $a = esmith::AccountsDB->open or die "Could not open accounts db";
 my $conf = esmith::ConfigDB->open or die "Could not open configuration db";
 
+my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
+
 my $event = $ARGV [0];
 
 my @users_to_lock = bad_password_users();
@@ -52,8 +53,16 @@ sub lock_user
 
     my $u = $a->get($userName) or die "No account record for user $userName";
 
-    system("/usr/bin/passwd", "-l", $userName) == 0
-        or die "Error running /usr/bin/passwd command to lock account $userName";
+    if ($ldapauth eq 'enabled')
+    {
+        system("/usr/sbin/cpu", "usermod", "-L", $userName) == 0
+            or die "Error running /usr/sbin/cpu usermod -L command to lock account $userName";
+    }
+    else
+    {
+        system("/usr/bin/passwd", "-l", $userName) == 0
+            or die "Error running /usr/bin/passwd command to lock account $userName";
+    }
     system("/usr/bin/smbpasswd", "-d", $userName) == 0
         or die "Error running /usr/bin/smbpasswd command to lock account $userName";
     $u->set_prop('PasswordSet', 'no');
@@ -66,13 +75,13 @@ sub lock_user
 
 sub bad_password_users
 {
-    my $smbpasswd = IO::File->new("/etc/samba/smbpasswd", '<')
-        or die "Can't open smbpasswd: $OS_ERROR\n";
+    my @smbpasswd = `/usr/bin/pdbedit -wL`
+        or die "Error listing smb passwords\n";
 
     my @users;
 
     SMBPASSWD:
-    while (my $smb_entry = <$smbpasswd>)
+    foreach my $smb_entry (@smbpasswd)
     {
         my ($user, $uid, $lanman_hash, $nt_hash, @rest) 
             = split /:/, $smb_entry;
@@ -86,6 +95,5 @@
         }
     }
 
-    $smbpasswd->close;
     return @users;
 }
diff -up e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-modify-unix.enable-cpu e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-modify-unix
--- e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-modify-unix.enable-cpu      2006-03-14 09:20:43.000000000 -0700
+++ e-smith-base-5.2.0/root/etc/e-smith/events/actions/user-modify-unix 2010-11-01 09:36:20.000000000 -0600
@@ -21,6 +21,11 @@ package esmith;
 use strict;
 use Errno;
 use esmith::AccountsDB;
+use esmith::ConfigDB;
+
+my $conf = esmith::ConfigDB->open or die "Could not open configuration db";
+
+my $ldapauth = $conf->get('ldap')->prop('Authentication') || 'disabled';
 
 my $event = $ARGV [0];
 my $userName = $ARGV [1];
@@ -51,6 +56,29 @@ foreach my $u (@users)
     die "Account $userName is not a user account; modify user failed.\n"
        unless ( ($userName eq 'admin') or ($type eq 'user') );
 
+    # cpu usermod called without "-G list,of,supplementary,groups" causes user
+    # to be removed from all it's supplementary groups. Thus, to be able to call
+    # cpu usermod properly we need to know user supplementary groups.
+
+    my $cmd = "/usr/bin/id -G -n '$userName'";
+    my $groups = `$cmd 2>/dev/null`;
+    if ($? != 0)
+    {
+        die "Failed to get supplementary group list for $userName.\n";
+    }
+    chomp ($groups);
+
+    my @groupList = split (/\s+/, $groups);
+    @groupList = grep (!/^$userName$/, @groupList);
+
+    # root user/group isn't in ldap
+    if ($ldapauth eq 'enabled')
+    {
+        @groupList = grep (!/^root$/, @groupList);
+    }
+
+    $groups = join (',', sort (@groupList));
+
     setpwent;
     my ($comment, $shell) = (getpwnam($userName))[5,8];
     endpwent;
@@ -64,8 +92,16 @@ foreach my $u (@users)
     #------------------------------------------------------------
     unless ($shell eq $new_shell)
     {
-       system("/usr/sbin/usermod", '-s', "$new_shell", $userName) == 0
-           or die "Failed to modify shell of account $userName.\n";
+        if ($ldapauth eq 'enabled')
+        {
+            system("/usr/sbin/cpu", "usermod", '-s', "$new_shell", "-G", "$groups", $userName) == 0
+                or die "Failed to modify shell of account $userName.\n";
+        }
+        else
+        {
+            system("/usr/sbin/usermod", '-s', "$new_shell", $userName) == 0
+                or die "Failed to modify shell of account $userName.\n";
+        }
     }
 
     #------------------------------------------------------------
@@ -78,8 +114,16 @@ foreach my $u (@users)
 
     unless ($comment eq $new_comment)
     {
-       system("/usr/sbin/usermod", "-c", "$first $last", $userName) == 0
-           or die "Failed to modify comment of account $userName.\n";
+        if ($ldapauth eq 'enabled')
+        {
+            system("/usr/sbin/cpu", "usermod", "-c", "$first $last", "-G", "$groups", $userName) == 0
+                or die "Failed to modify comment of account $userName.\n";
+        }
+        else
+        {
+            system("/usr/sbin/usermod", "-c", "$first $last", $userName) == 0
+                or die "Failed to modify comment of account $userName.\n";
+        }
     }
 }
 