1 |
diff -up e-smith-ldap-5.2.0/createlinks.unix-cleanup e-smith-ldap-5.2.0/createlinks |
2 |
--- e-smith-ldap-5.2.0/createlinks.unix-cleanup 2010-11-02 09:15:20.000000000 -0600 |
3 |
+++ e-smith-ldap-5.2.0/createlinks 2010-11-02 09:14:30.000000000 -0600 |
4 |
@@ -30,6 +30,7 @@ event_link("ldap-update", "ibay-modify", |
5 |
event_link("ldap-delete", "ibay-delete", "55"); |
6 |
|
7 |
event_link("ldap-update", "bootstrap-ldap-save", "25"); |
8 |
+event_link("cleanup-unix-user-group", "bootstrap-ldap-save", "98"); |
9 |
|
10 |
event_link("ldap-update", "machine-account-create", "95"); |
11 |
|
12 |
diff -up e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/cleanup-unix-user-group.unix-cleanup e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/cleanup-unix-user-group |
13 |
--- e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/cleanup-unix-user-group.unix-cleanup 2010-11-02 09:13:34.000000000 -0600 |
14 |
+++ e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/cleanup-unix-user-group 2010-11-02 09:13:20.000000000 -0600 |
15 |
@@ -0,0 +1,20 @@ |
16 |
+#!/bin/bash -e |
17 |
+ |
18 |
+ldapauth=$(/sbin/e-smith/config getprop ldap Authentication || echo disabled) |
19 |
+ |
20 |
+# Exit unless ldap auth is enabled |
21 |
+[ "$ldapauth" == "enabled" ] || exit 0 |
22 |
+ |
23 |
+# Users and group accounts are now stored in LDAP, so we need to delete them |
24 |
+# from the old passwd / group / shadow database |
25 |
+ |
26 |
+for USER in $(/usr/bin/getent passwd | sort | cut -d':' -f1 | uniq -d); do |
27 |
+ /usr/sbin/luserdel -G $USER |
28 |
+done |
29 |
+ |
30 |
+for GROUP in $(/usr/bin/getent group | sort | cut -d':' -f1 | uniq -d); do |
31 |
+ /usr/sbin/lgroupdel $GROUP |
32 |
+done |
33 |
+ |
34 |
+# And add the admin back in the root group, which is not in the LDAP database |
35 |
+/usr/bin/gpasswd -a admin root |