Relocate ldapscripts to stx-integ/ldap/ldapscripts

Move content from stx-gplv2 into stx-integ

Packages will be relocated to

stx-integ:
    base/
        bash
        cgcs-users
        cluster-resource-agents
        dpkg
        haproxy
        libfdt
        netpbm
        rpm

    database/
        mariadb

    filesystem/
        iscsi-initiator-utils

    filesystem/drbd/
        drbd-tools

    kernel/kernel-modules/
        drbd
        integrity
        intel-e1000e
        intel-i40e
        intel-i40evf
        intel-ixgbe
        intel-ixgbevf
        qat17
        tpmdd

    ldap/
        ldapscripts

    networking/
        iptables
        net-tools

Change-Id: I688cd576de5e8fb9fbe7ad727b9e5321ad4b0e45
Story: 2002801
Task: 22687
Signed-off-by: Scott Little <scott.little@windriver.com>

centos_pkg_dirs

@@ -134,3 +134,4 @@ base/bash
 base/haproxy
 base/netpbm
 filesystem/iscsi-initiator-utils
+ldap/ldapscripts

ldap/ldapscripts/PKG-INFO

@@ -0,0 +1,14 @@
+Metadata-Version: 1.1
+Name: ldapscripts
+Version: 2.0.8
+Summary: ldapscripts
+Home-page: 
+Author:
+Author-email:
+License: GPLv2
+
+Description:
+Shell scripts that allow to manage POSIX accounts (users, groups, machines) in an LDAP directory.
+
+        
+Platform: UNKNOWN

ldap/ldapscripts/centos/build_srpm.data

@@ -0,0 +1,3 @@
+COPY_LIST="files/* \
+           $CGCS_BASE/downloads/ldapscripts-2.0.8.tgz"
+TIS_PATCH_VER=1

ldap/ldapscripts/centos/ldapscripts.spec

@@ -0,0 +1,73 @@
+Name: ldapscripts
+Version: 2.0.8
+Release: 0%{?_tis_dist}.%{tis_patch_ver}
+Summary: ldapscripts
+
+Group: base
+License: GPLv2
+URL: unknown
+Source0: %{name}-%{version}.tgz
+Source1: ldapscripts.conf.cgcs
+Source2: ldapadduser.template.cgcs
+Source3: ldapaddgroup.template.cgcs
+Source4: ldapmoduser.template.cgcs
+Source5: ldapaddsudo.template.cgcs
+Source6: ldapmodsudo.template.cgcs
+Source7: ldapscripts.passwd
+
+Patch0: sudo-support.patch
+Patch1: sudo-delete-support.patch
+Patch2: log_timestamp.patch
+Patch3: ldap-user-setup-support.patch
+Patch4: ldap-user-setup-support-input-validation.patch
+Patch5: ldap-user-setup-noninteractive-mode-fix.patch
+
+%define debug_package %{nil}
+
+# BuildRequires:	
+# Requires:	
+
+%description
+Shell scripts that allow to manage POSIX accounts (users, groups, machines) in an LDAP directory.
+
+
+%prep
+%setup -q
+%patch0 -p1
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+
+
+%build
+
+
+%install
+make install DESTDIR=%{buildroot}
+
+rm -Rf %{buildroot}/usr/local/man
+rm -f %{buildroot}/usr/local/sbin/*machine*
+rm -f %{buildroot}/usr/local/etc/ldapscripts/ldapaddmachine.template.sample
+install -d ldroot}}/usr/local/etc/
+install -m 644 %{SOURCE1} %{buildroot}/usr/local/etc/ldapscripts/ldapscripts.conf
+install -m 644 %{SOURCE2} %{buildroot}/usr/local/etc/ldapscripts/ldapadduser.template.cgcs
+install -m 644 %{SOURCE3} %{buildroot}/usr/local/etc/ldapscripts/ldapaddgroup.template.cgcs
+install -m 644 %{SOURCE4} %{buildroot}/usr/local/etc/ldapscripts/ldapmoduser.template.cgcs
+install -m 644 %{SOURCE5} %{buildroot}/usr/local/etc/ldapscripts/ldapaddsudo.template.cgcs
+install -m 644 %{SOURCE6} %{buildroot}/usr/local/etc/ldapscripts/ldapmodsudo.template.cgcs
+install -m 600 %{SOURCE7} %{buildroot}/usr/local/etc/ldapscripts/ldapscripts.passwd
+
+%files
+%defattr(-,root,root,-)
+%dir /usr/local/etc/ldapscripts/
+%dir /usr/local/lib/ldapscripts/
+/usr/local/sbin/*
+%config(noreplace) /usr/local/etc/ldapscripts/ldapscripts.passwd
+/usr/local/etc/ldapscripts/*
+/usr/local/lib/ldapscripts/*
+
+
+%changelog
+

ldap/ldapscripts/files/ldap-user-setup-noninteractive-mode-fix.patch

@@ -0,0 +1,15 @@
+---
+ sbin/ldapusersetup |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/sbin/ldapusersetup
++++ b/sbin/ldapusersetup
+@@ -105,7 +105,7 @@ LdapAddLoginShell () {
+ 	 ;;
+     esac
+   else
+-    shellopn=${$2,,}
++    shellopn=${2,,}
+     case $shellopn in
+       "bash") _SHELL="/bin/sh";;
+       "lshell") _SHELL="$_DEFAULTLSHELL";;

ldap/ldapscripts/files/ldap-user-setup-support-input-validation.patch

@@ -0,0 +1,87 @@
+---
+ sbin/ldapusersetup |   45 ++++++++++++++++++++++++++++++++++-----------
+ 1 file changed, 34 insertions(+), 11 deletions(-)
+
+--- a/sbin/ldapusersetup
++++ b/sbin/ldapusersetup
+@@ -44,6 +44,29 @@ _SHELL=""
+ 
+ ### Helper functions ###
+ 
++# Gets input from user and validates it.
++# Will only return if input meets validation
++# criteria otherwise will just sit there.
++#
++# Input : input string ($1), valid output options ($2)
++# Output: the validated input
++# Note  : the validation list must be an array
++LdapUserInput () {
++declare -a optionAry=("${!2}")
++while true; do
++    read -p "$1" _output
++    # convert to lower case
++    _output2=${_output,,}
++    # check if output is a valid option
++    if [[ "${optionAry[@]}" =~ "$_output2" ]]; then
++	break
++    else
++       echo "Invalid input \"$_output\". Allowed options: ${optionAry[@]}" >&2
++   fi
++done
++   echo "$_output2"
++}
++
+ # Delete an ldap user if it exists
+ # and exit with error
+ # Input : username ($1), exit msg ($2)
+@@ -67,10 +90,12 @@ LdapAddUser() {
+ LdapAddLoginShell () {
+   if [ -z "$2" ]; then
+     # Ask the user for the login shell
+-    echo "Select Login Shell option # [2]: 
++    shellInput="Select Login Shell option # [2]: 
+ 1) Bash
+-2) Lshell"
+-    read opn
++2) Lshell
++"
++    options=( 1, 2 )
++    opn=`LdapUserInput "$shellInput" options[@]`
+     case $opn in
+       1) _SHELL="/bin/sh";;
+       2) _SHELL="$_DEFAULTLSHELL";;
+@@ -139,7 +164,6 @@ LdapUpdateShadowWarning () {
+   echo "Updating password expiry to $_newWarning days"
+ }
+ 
+-
+ # Since this setup script is meant to be a
+ # wrapper on top of existing ldap scripts,
+ # it share invoke those... we could have achieved
+@@ -170,10 +194,9 @@ if [ "$#" -eq 0 ]; then
+   # prompt for sudo permissions
+   if [ "$_SHELL" != "$_DEFAULTLSHELL" ]; then
+     # Should sudo be activated for this user
+-    echo -n "Add $_username to sudoer list? (yes/NO): "
+-    read CONFIRM
+-    CONFIRM=${CONFIRM,,}
+-
++    shellInput="Add $_username to sudoer list? (yes/NO): "
++    options=( "yes", "no" )
++    CONFIRM=`LdapUserInput "$shellInput" options[@]`
+     if is_yes $CONFIRM
+     then
+       LdapAddSudo "$_username"
+@@ -181,9 +204,9 @@ if [ "$#" -eq 0 ]; then
+   fi
+ 
+   # Add to secondary user group
+-  echo -n "Add $_username to secondary user group? (yes/NO): "
+-  read CONFIRM
+-  CONFIRM=${CONFIRM,,}
++  shellInput="Add $_username to secondary user group? (yes/NO): "
++  options=( "yes", "no" )
++  CONFIRM=`LdapUserInput "$shellInput" options[@]`
+   if is_yes $CONFIRM
+   then
+     echo -n "Secondary group to add user to? [$_DEFAULTGRP2]: "

ldap/ldapscripts/files/ldap-user-setup-support.patch

@@ -0,0 +1,354 @@
+---
+ Makefile                 |    5 
+ man/man1/ldapusersetup.1 |   61 ++++++++++
+ sbin/ldapusersetup       |  263 +++++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 327 insertions(+), 2 deletions(-)
+
+--- /dev/null
++++ b/sbin/ldapusersetup
+@@ -0,0 +1,263 @@
++#!/bin/sh
++
++#  ldapusersetup : interactive setup for adding users to LDAP
++
++#  Copyright (c) 2015 Wind River Systems, Inc.
++#
++#  This program is free software; you can redistribute it and/or
++#  modify it under the terms of the GNU General Public License
++#  as published by the Free Software Foundation; either version 2
++#  of the License, or (at your option) any later version.
++#
++#  This program is distributed in the hope that it will be useful,
++#  but WITHOUT ANY WARRANTY; without even the implied warranty of
++#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++#  GNU General Public License for more details.
++#
++#  You should have received a copy of the GNU General Public License
++#  along with this program; if not, write to the Free Software
++#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
++#  USA.
++
++if [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$#" -eq 1 ]
++then
++  echo "Usage : $0 [-u <username | uid> <field> <value>]
++where accepted field(s) are as follows:
++--sudo                        : whether to add this user to sudoer list
++--shell <\"bash\"|\"lshell\"> : choose the shell for this user (default is lshell)
++--secondgroup <grp>           : the secondary group to add this user to
++--passmax     <value>         : the shadowMax value for this user
++--passwarning <value>         : the shadowWarning value for this user"
++  exit 1
++fi
++
++# Source runtime file
++_RUNTIMEFILE="/usr/lib/ldapscripts/runtime"
++. "$_RUNTIMEFILE"
++
++# runtime defaults
++_DEFAULTGRP2="wrs_protected"
++_DEFAULTLSHELL="/usr/local/bin/cgcs_cli"
++_DEFAULTSHADOWMAX="90"
++_DEFAULTSHADOWWARNING="2"
++_SHELL=""
++
++### Helper functions ###
++
++# Delete an ldap user if it exists
++# and exit with error
++# Input : username ($1), exit msg ($2)
++# Output : none
++LdapRollback() {
++  ldapdeleteuser "$1"
++  end_die "$2"
++}
++
++# Add an ldap user and exit on failure
++# Input : username ($1)
++# Output : none
++LdapAddUser() {
++  ldapadduser "$1" users
++  [ $? -eq 0 ] || end_die "Critical setup error: cannot add user"
++}
++
++# Replace Login Shell and call Rollback on failure
++# Input : username ($1), shell to set ($2)
++# Output : none
++LdapAddLoginShell () {
++  if [ -z "$2" ]; then
++    # Ask the user for the login shell
++    echo "Select Login Shell option # [2]: 
++1) Bash
++2) Lshell"
++    read opn
++    case $opn in
++      1) _SHELL="/bin/sh";;
++      2) _SHELL="$_DEFAULTLSHELL";;
++      *)
++	 [ ! -z "$opn" ] && echo "Invalid option. Selecting Lshell"
++         _SHELL="$_DEFAULTLSHELL"
++	 ;;
++    esac
++  else
++    shellopn=${$2,,}
++    case $shellopn in
++      "bash") _SHELL="/bin/sh";;
++      "lshell") _SHELL="$_DEFAULTLSHELL";;
++      *)
++         echo "Invalid option($2). Selecting Lshell"; _SHELL="$_DEFAULTLSHELL"
++	 ;;
++    esac
++  fi
++  # Replace the login shell
++  ldapmodifyuser $1 replace loginShell $_SHELL &> /dev/null
++  [ $? -eq 0 ] || LdapRollback $1 "Critical setup error: cannot set login shell"
++}
++
++# Add user to sudoer list
++# Input : username ($1)
++# Output : true or false
++LdapAddSudo() {
++  ldapaddsudo "$1" 2> /dev/null
++  [ $? -eq 0 ] || \
++   echo_log "Non critical setup error: cannot add to sudoer list"
++}
++
++# Add user to a secondary user group
++# Input : username ($1), user group ($2)
++# Output : true or false
++LdapSecondaryGroup () {
++  _newGrp="$2"
++  [ -z "$2" ] && _newGrp=$_DEFAULTGRP2
++
++  ldapaddusertogroup $1 $_newGrp
++  [ $? -eq 0 ] || \
++   echo_log "Non critical setup error: cannot add $1 to $_newGrp"
++}
++
++# Update shadowMax for user
++# Input : username ($1), shadow Max value ($2)
++# Output : none
++LdapUpdateShadowMax () {
++  _newShadow="$2"
++  ! [[ "$2" =~ ^[0-9]+$ ]] || [ -z "$2" ] \
++   && _newShadow=$_DEFAULTSHADOWMAX
++
++  ldapmodifyuser $1 replace shadowMax $_newShadow
++  echo "Updating password expiry to $_newShadow days"
++}
++
++# Update shadowWarning for user
++# Input : username ($1), shadow Warning value ($2)
++# Output : none
++LdapUpdateShadowWarning () {
++  _newWarning="$2"
++  ! [[ "$2" =~ ^[0-9]+$ ]] || [ -z "$2" ] \
++   && _newWarning=$_DEFAULTSHADOWWARNING
++
++  ldapmodifyuser $1 replace shadowWarning $_newWarning
++  echo "Updating password expiry to $_newWarning days"
++}
++
++
++# Since this setup script is meant to be a
++# wrapper on top of existing ldap scripts,
++# it share invoke those... we could have achieved
++# loose coupling by not relying on helpers but
++# at the expense of massively redundant code
++# duplication.
++declare -a helper_scripts=("ldapadduser" "ldapaddsudo" "ldapmodifyuser" "ldapaddusertogroup" "$_DEFAULTLSHELL")
++
++# Do some quick sanity tests to make sure
++# helper scripts are present
++for src in "${helper_scripts[@]}"; do
++  if ! type "$src" &>/dev/null; then
++    end_die "Cannot locate $src. Update your PATH variable"
++  fi
++done
++
++if [ "$#" -eq 0 ]; then
++  # This setup collects all attributes
++  # interactively during runtime
++  echo -n "Enter username to add to LDAP: "
++  read _username
++  LdapAddUser "$_username"
++
++  # Replace the login shell. We will prompt the user for this
++  LdapAddLoginShell "$_username"
++
++  # If login shell is NOT the default limited shell then
++  # prompt for sudo permissions
++  if [ "$_SHELL" != "$_DEFAULTLSHELL" ]; then
++    # Should sudo be activated for this user
++    echo -n "Add $_username to sudoer list? (yes/NO): "
++    read CONFIRM
++    CONFIRM=${CONFIRM,,}
++
++    if is_yes $CONFIRM
++    then
++      LdapAddSudo "$_username"
++    fi
++  fi
++
++  # Add to secondary user group
++  echo -n "Add $_username to secondary user group? (yes/NO): "
++  read CONFIRM
++  CONFIRM=${CONFIRM,,}
++  if is_yes $CONFIRM
++  then
++    echo -n "Secondary group to add user to? [$_DEFAULTGRP2]: "
++    read _grp2
++    LdapSecondaryGroup $_username $_grp2
++  fi
++
++  # Set password expiry
++  echo -n "Enter days after which user password must \
++be changed [$_DEFAULTSHADOWMAX]: "
++  read _shadowMax
++  LdapUpdateShadowMax $_username $_shadowMax
++
++  # Set password warning
++  echo -n "Enter days before password is to expire that \
++user is warned [$_DEFAULTSHADOWWARNING]: "
++  read _shadowWarning
++  LdapUpdateShadowWarning $_username $_shadowWarning
++
++else
++  # we have to read command line option
++  while [[ $# > 1 ]]
++  do
++    key="$1"
++
++    case $key in
++    	-u|--user) # compulsory
++	_username="$2"
++	shift
++	;;
++	--sudo)      # optional
++	_sudo="yes"
++	;;
++	--shell)     # optional
++        _loginshell="$2"
++	shift
++	;;
++  	--passmax) # optional
++	_shadowMax="$2"
++	shift
++	;;
++	--passwarning) # optional
++	_shadowWarning="$2"
++	shift
++	;;
++	--secondgroup) # optional
++        _grpConfirm="1"
++	_grp2="$2"
++	shift
++	;;
++	*)
++
++	;;
++    esac
++    shift
++  done
++
++  # Add LDAP user
++  [ -z "$_username" ] && end_die "No username argument specified"
++  LdapAddUser $_username
++
++  # Change Login Shell
++  LdapAddLoginShell $_username "$_loginshell"
++
++  # Add sudo if required
++  if is_yes $_sudo
++  then
++    LdapAddSudo "$_username"
++  fi
++
++  # Add secondary group if required
++  [ -z "$_grpConfirm" ] || LdapSecondaryGroup $_username $_grp2
++
++  # Password modifications
++  LdapUpdateShadowMax $_username $_shadowMax
++  LdapUpdateShadowWarning $_username $_shadowWarning
++fi
+--- a/Makefile
++++ b/Makefile
+@@ -41,12 +41,13 @@ SBINFILES =	ldapdeletemachine ldapmodify
+ 			ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \
+ 			ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \
+ 			ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \
+-			ldaprenameuser ldapmodifysudo ldapdeletesudo
++			ldaprenameuser ldapmodifysudo ldapdeletesudo ldapusersetup
+ MAN1FILES =	ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \
+ 			ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \
+ 			ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \
+ 			ldapdeletegroup.1 ldapsetprimarygroup.1 ldapmodifygroup.1 ldaprenamegroup.1 \
+-			ldapaddmachine.1 ldapdeleteuser.1 ldapaddsudo.1 ldapmodifysudo.1 ldapdeletesudo.1
++			ldapaddmachine.1 ldapdeleteuser.1 ldapaddsudo.1 ldapmodifysudo.1 \
++			ldapdeletesudo.1 ldapusersetup.1
+ MAN5FILES = ldapscripts.5
+ TMPLFILES = ldapaddgroup.template.sample ldapaddmachine.template.sample \
+ 			ldapadduser.template.sample
+--- /dev/null
++++ b/man/man1/ldapusersetup.1
+@@ -0,0 +1,61 @@
++.\" Copyright (c) 2015 Wind River Systems, Inc.
++.\"
++.\" This program is free software; you can redistribute it and/or
++.\" modify it under the terms of the GNU General Public License
++.\" as published by the Free Software Foundation; either version 2
++.\" of the License, or (at your option) any later version.
++.\"
++.\" This program is distributed in the hope that it will be useful,
++.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
++.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++.\" GNU General Public License for more details.
++.\"
++.\" You should have received a copy of the GNU General Public License
++.\" along with this program; if not, write to the Free Software
++.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
++.\" USA.
++.\"
++.\" Kam Nasim
++.\" knasim@windriver.com
++.\"
++.TH ldapusersetup 1 "December 16, 2015"
++
++.SH NAME
++ldapusersetup \- wizard for adding an LDAP user to CGCS.
++
++.SH SYNOPSIS
++.B ldapusersetup
++
++.SH DESCRIPTION
++ldapusersetup interactively walks through the process of creating an LDAP user
++for access to CGCS services. The user is prompted for:
++- username
++- if a sudoEntry needs to be created
++- if a secondary user group needs to be added
++- user password expiry and warning configuration
++Alternatively, the user may provide these parameters as command line actions.
++Look at the OPTIONS section for more information.
++
++To delete the user and all its group associations, simply use ldapdeleteuser(1)
++
++.SH OPTIONS
++.TP
++.B [-u <username | uid> <field> <value>]
++The name or uid of the user to modify.
++The following fields are available as long format options:
++--sudo                  : whether to add this user to sudoer list
++--shell <bash | lshell> : which login shell to use (default is lshell)
++--secondgroup <grp>     : the secondary group to add this user to
++--passmax     <value>   : the shadowMax value for this user
++--passwarning <value>   : the shadowWarning value for this user"
++
++.SH "SEE ALSO"
++ldapdeleteuser(1), ldapaddgroup(1), ldapaddusertogroup(1), ldapmodifyuser(1), ldapscripts(5).
++
++.SH AVAILABILITY
++The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
++The latest version of the ldapscripts is available on :
++.B http://contribs.martymac.org
++
++.SH BUGS
++No bug known.

ldap/ldapscripts/files/ldapaddgroup.template.cgcs

@@ -0,0 +1,5 @@
+dn: cn=<group>,<gsuffix>,<suffix>
+objectClass: posixGroup
+cn: <group>
+gidNumber: <gid>
+description: Group account

ldap/ldapscripts/files/ldapaddsudo.template.cgcs

@@ -0,0 +1,10 @@
+dn: cn=<user>,ou=SUDOers,<suffix>
+objectClass: top
+objectClass: sudoRole
+cn: <user>
+sudoUser: <user>
+sudoHost: ALL
+sudoRunAsUser: ALL
+sudoCommand: ALL
+#sudoOrder: <default: 0, if multiple entries match, this entry with the highest sudoOrder is used>
+#sudoOption: <specify other sudo specific attributes here>

ldap/ldapscripts/files/ldapadduser.template.cgcs

@@ -0,0 +1,16 @@
+dn: uid=<user>,<usuffix>,<suffix>
+objectClass: account
+objectClass: posixAccount
+objectClass: shadowAccount
+objectClass: top
+cn: <user>
+uid: <user>
+uidNumber: <uid>
+gidNumber: <gid>
+shadowMax: 99999
+shadowWarning: 7
+shadowLastChange: 0
+homeDirectory: <home>
+loginShell: <shell>
+gecos: <user>
+description: User account

ldap/ldapscripts/files/ldapmodsudo.template.cgcs

@@ -0,0 +1,4 @@
+dn: cn=<user>,ou=SUDOers,<suffix>
+changeType: modify
+<action>: <field>
+<field>: <value>

ldap/ldapscripts/files/ldapmoduser.template.cgcs

@@ -0,0 +1,4 @@
+dn: uid=<user>,<usuffix>,<suffix>
+changeType: modify
+<action>: <field>
+<field>: <value>

ldap/ldapscripts/files/ldapscripts.conf.cgcs

@@ -0,0 +1,152 @@
+#  Copyright (C) 2005 Ganaël LAPLANCHE - Linagora
+#  Copyright (C) 2006-2013 Ganaël LAPLANCHE
+#
+#  This program is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU General Public License
+#  as published by the Free Software Foundation; either version 2
+#  of the License, or (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+#  USA.
+
+# LDAP server
+SERVER="ldap://controller"
+
+# Suffixes
+SUFFIX="dc=cgcs,dc=local" # Global suffix
+GSUFFIX="ou=Group"        # Groups ou (just under $SUFFIX)
+USUFFIX="ou=People"       # Users ou (just under $SUFFIX)
+MSUFFIX="ou=Machines"     # Machines ou (just under $SUFFIX)
+
+# Authentication type
+# If empty, use simple authentication
+# Else, use the value as an SASL authentication mechanism
+SASLAUTH=""
+#SASLAUTH="GSSAPI"
+
+# Simple authentication parameters
+# The following BIND* parameters are ignored if SASLAUTH is set
+BINDDN="cn=ldapadmin,dc=cgcs,dc=local"
+# The following file contains the raw password of the BINDDN
+# Create it with something like : echo -n 'secret' > $BINDPWDFILE
+# WARNING !!!! Be careful not to make this file world-readable
+BINDPWDFILE="/usr/local/etc/ldapscripts/ldapscripts.passwd"
+# For older versions of OpenLDAP, it is still possible to use
+# unsecure command-line passwords by defining the following option
+# AND commenting the previous one (BINDPWDFILE takes precedence)
+#BINDPWD="secret"
+
+# Start with these IDs *if no entry found in LDAP*
+GIDSTART="10000" # Group ID
+UIDSTART="10000" # User ID
+MIDSTART="20000" # Machine ID
+
+# Group membership management
+# ObjectCLass used for groups
+# Possible values : posixGroup, groupOfNames, groupOfUniqueNames (case-sensitive !)
+# Warning : when using groupOf*, be sure to be compliant with RFC 2307bis (AUXILIARY posixGroup).
+# Also, do not mix posixGroup and groupOf* entries up in you directory as, within RFC 2307bis,
+# the former is a subset of the latter. The ldapscripts wouldn't cope well with this configuration.
+GCLASS="posixGroup"   # Leave "posixGroup" here if not sure !
+# When using  groupOfNames or groupOfUniqueNames, creating a group requires an initial
+# member. Specify it below, you will be able to remove it once groups are populated.
+#GDUMMYMEMBER="uid=dummy,$USUFFIX,$SUFFIX"
+
+# User properties
+USHELL="/bin/sh"
+UHOMES="/home/%u"     # You may use %u for username here
+CREATEHOMES="no"      # Create home directories and set rights ?
+HOMESKEL="/etc/skel"  # Directory where the skeleton files are located. Ignored if undefined or nonexistant.
+HOMEPERMS="700"       # Default permissions for home directories
+
+# User passwords generation
+# Command-line used to generate a password for added users.
+# You may use %u for username here ; special value "<ask>" will ask for a password interactively
+# WARNING    !!!! This is evaluated, everything specified here will be run !
+# WARNING(2) !!!! Some systems (Linux) use a blocking /dev/random (waiting for enough entropy).
+#                 In this case, consider using /dev/urandom instead.
+#PASSWORDGEN="cat /dev/random | LC_ALL=C tr -dc 'a-zA-Z0-9' | head -c8"
+#PASSWORDGEN="pwgen"
+#PASSWORDGEN="echo changeme"
+PASSWORDGEN="echo %u"
+#PASSWORDGEN="<ask>"
+
+# User passwords recording
+# you can keep trace of generated passwords setting PASSWORDFILE and RECORDPASSWORDS
+# (useful when performing a massive creation / net rpc vampire)
+# WARNING !!!! DO NOT FORGET TO DELETE THE GENERATED FILE WHEN DONE !
+# WARNING !!!! DO NOT FORGET TO TURN OFF RECORDING WHEN DONE !
+RECORDPASSWORDS="no"
+PASSWORDFILE="/var/log/ldapscripts_passwd.log"
+
+# Where to log
+LOGFILE="/var/log/ldapscripts.log"
+
+# Temporary folder
+TMPDIR="/tmp"
+
+# Various binaries used within the scripts
+# Warning : they also use uuencode, date, grep, sed, cut, which... 
+# Please check they are installed before using these scripts
+# Note that many of them should come with your OS
+
+# OpenLDAP client commands
+LDAPSEARCHBIN="/usr/bin/ldapsearch"
+LDAPADDBIN="/usr/bin/ldapadd"
+LDAPDELETEBIN="/usr/bin/ldapdelete"
+LDAPMODIFYBIN="/usr/bin/ldapmodify"
+LDAPMODRDNBIN="/usr/bin/ldapmodrdn"
+LDAPPASSWDBIN="/usr/bin/ldappasswd"
+
+# OpenLDAP client common additional options
+# This allows for adding more configuration options to the OpenLDAP clients, e.g. '-ZZ' to enforce TLS
+#LDAPBINOPTS="-ZZ"
+
+# OpenLDAP ldapsearch-specific additional options
+# The following option disables long-line wrapping (which makes the scripts bug
+# when handling long lines). The option was introduced in OpenLDAP 2.4.24, so
+# comment it if you are using OpenLDAP < 2.4.24.
+LDAPSEARCHOPTS="-o ldif-wrap=no"
+# And here is an example to activate paged results
+#LDAPSEARCHOPTS="-E pr=500/noprompt"
+
+# Character set conversion : $ICONVCHAR <-> UTF-8
+# Comment ICONVBIN to disable UTF-8 conversion
+# ICONVBIN="/usr/bin/iconv"
+# ICONVCHAR=""
+
+# Base64 decoding
+# Comment UUDECODEBIN to disable Base64 decoding
+#UUDECODEBIN="/usr/bin/uudecode"
+
+# Getent command to use - choose the ones used
+# on your system. Leave blank or comment for auto-guess.
+# GNU/Linux
+GETENTPWCMD="getent passwd"
+GETENTGRCMD="getent group"
+# FreeBSD
+#GETENTPWCMD="pw usershow"
+#GETENTGRCMD="pw groupshow"
+# Auto
+#GETENTPWCMD=""
+#GETENTGRCMD=""
+
+# You can specify custom LDIF templates here
+# Leave empty to use default templates
+# See *.template.sample for default templates
+#GTEMPLATE="/path/to/ldapaddgroup.template"
+#UTEMPLATE="/path/to/ldapadduser.template"
+#MTEMPLATE="/path/to/ldapaddmachine.template"
+GTEMPLATE="/usr/local/etc/ldapscripts/ldapaddgroup.template.cgcs"
+UTEMPLATE="/usr/local/etc/ldapscripts/ldapadduser.template.cgcs"
+UMTEMPLATE="/usr/local/etc/ldapscripts/ldapmoduser.template.cgcs"
+STEMPLATE="/usr/local/etc/ldapscripts/ldapaddsudo.template.cgcs"
+SMTEMPLATE="/usr/local/etc/ldapscripts/ldapmodsudo.template.cgcs"
+MTEMPLATE=""

ldap/ldapscripts/files/ldapscripts.passwd

@@ -0,0 +1 @@
+_LDAPADMIN_PW_

ldap/ldapscripts/files/log_timestamp.patch

@@ -0,0 +1,15 @@
+---
+ lib/runtime |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/lib/runtime
++++ b/lib/runtime
+@@ -863,7 +863,7 @@ fi
+ # Log command
+ if [ "$LOGTOFILE" = "yes" ]
+ then
+-  log_to_file "$(date '+%b %d %H:%M:%S') $(uname -n | sed 's|\..*$||') ldapscripts: $(basename "$0")($USER): $0 $*"
++  log_to_file "$(date '+%FT%T') $(uname -n | sed 's|\..*$||') ldapscripts: $(basename "$0")($USER): $0 $*"
+ fi
+ if [ "$LOGTOSYSLOG" = "yes" ]
+ then

ldap/ldapscripts/files/sudo-delete-support.patch

@@ -0,0 +1,352 @@
+---
+ Makefile                  |    4 +--
+ lib/runtime               |   15 ++++++++++++
+ man/man1/ldapaddsudo.1    |   54 +++++++++++++++++++++++++++++++++++++++++++
+ man/man1/ldapdeletesudo.1 |   46 +++++++++++++++++++++++++++++++++++++
+ man/man1/ldapdeleteuser.1 |    5 ++--
+ man/man1/ldapmodifysudo.1 |   57 ++++++++++++++++++++++++++++++++++++++++++++++
+ man/man1/ldapmodifyuser.1 |   15 ++++++++---
+ sbin/ldapdeletesudo       |   38 ++++++++++++++++++++++++++++++
+ sbin/ldapdeleteuser       |    5 ++++
+ sbin/ldapmodifysudo       |    2 -
+ 10 files changed, 232 insertions(+), 9 deletions(-)
+
+--- a/sbin/ldapdeleteuser
++++ b/sbin/ldapdeleteuser
+@@ -46,6 +46,11 @@ _UDN="$_ENTRY"
+ # Delete entry
+ _ldapdelete "$_UDN" || end_die "Error deleting user $_UDN from LDAP"
+
++
++# Optionally, delete the sudoer entry if it exists
++_ldapdeletesudo $1
++[ $? -eq 2 ] && end_die "Found sudoEntry for user $_UDN but unable to delete"
++
+ # Finally, delete this user from all his secondary groups
+ case $GCLASS in
+   posixGroup)
+--- a/sbin/ldapmodifysudo
++++ b/sbin/ldapmodifysudo
+@@ -1,6 +1,6 @@
+ #!/bin/sh
+ 
+-#  ldapmodifyuser : modifies a sudo entry in an LDAP directory
++#  ldapmodifysudo : modifies a sudo entry in an LDAP directory
+ 
+ #  Copyright (C) 2007-2013 Ganaël LAPLANCHE
+ #  Copyright (C) 2014 Stephen Crooks
+--- /dev/null
++++ b/sbin/ldapdeletesudo
+@@ -0,0 +1,38 @@
++#!/bin/sh
++
++#  ldapdeletesudo : deletes a sudoRole from LDAP
++
++#  Copyright (C) 2005 Ganaël LAPLANCHE - Linagora
++#  Copyright (C) 2006-2013 Ganaël LAPLANCHE
++#  Copyright (c) 2015 Wind River Systems, Inc.
++#
++#  This program is free software; you can redistribute it and/or
++#  modify it under the terms of the GNU General Public License
++#  as published by the Free Software Foundation; either version 2
++#  of the License, or (at your option) any later version.
++#
++#  This program is distributed in the hope that it will be useful,
++#  but WITHOUT ANY WARRANTY; without even the implied warranty of
++#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++#  GNU General Public License for more details.
++#
++#  You should have received a copy of the GNU General Public License
++#  along with this program; if not, write to the Free Software
++#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
++#  USA.
++
++if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]
++then
++  echo "Usage : $0 <username>"
++  exit 1
++fi
++
++# Source runtime file
++_RUNTIMEFILE="/usr/lib/ldapscripts/runtime"
++. "$_RUNTIMEFILE"
++
++# Username = first argument
++_ldapdeletesudo "$1"
++[ $? -eq 0 ] || end_die "Unable to locate or delete sudoUser entry for $1"
++
++end_ok "Successfully deleted sudoUser entry for $1 from LDAP"
+--- a/man/man1/ldapmodifyuser.1
++++ b/man/man1/ldapmodifyuser.1
+@@ -1,4 +1,5 @@
+ .\" Copyright (C) 2007-2017 Ganaël LAPLANCHE
++.\" Copyright (c) 2015 Wind River Systems, Inc.
+ .\"
+ .\" This program is free software; you can redistribute it and/or
+ .\" modify it under the terms of the GNU General Public License
+@@ -19,14 +20,14 @@
+ .\" ganael.laplanche@martymac.org
+ .\" http://contribs.martymac.org
+ .\"
+-.TH ldapmodifyuser 1 "August 22, 2007"
++.TH ldapmodifyuser 1 "December 8, 2015"
+ 
+ .SH NAME
+ ldapmodifyuser \- modifies a POSIX user account in LDAP interactively
+ 
+ .SH SYNOPSIS
+ .B ldapmodifyuser
+-.RB <username | uid>
++.RB <username | uid> [<add | replace | delete> <field> <value>]
+  
+ .SH DESCRIPTION
+ ldapmodifyuser first looks for the right entry to modify. Once found, the entry is presented and you
+@@ -34,13 +35,18 @@ are prompted to enter LDIF data to modif
+ The DN of the entry being modified is already specified : just begin with a changeType attribute or any
+ other one(s) of your choice (in this case, the defaut changeType is 'modify').
+ 
++Alternatively, if an optional "action" argument <add | replace | delete> is given, followed by a
++field - value pair then user will not be interactively prompted.
++
+ .SH OPTIONS
+ .TP
+-.B <username | uid>
++.B <username | uid> [<add | replace | delete> <field> <value>]
+ The name or uid of the user to modify.
++The optional "action" pertaining to this user entry.
++The field - value pair on which the action needs to be undertaken.
+ 
+ .SH "SEE ALSO"
+-ldapmodifygroup(1), ldapmodifymachine(1), ldapscripts(5).
++ldapmodifygroup(1), ldapmodifymachine(1), ldapmodifysudo(1), ldapscripts(5).
+ 
+ .SH AVAILABILITY
+ The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
+--- a/man/man1/ldapdeleteuser.1
++++ b/man/man1/ldapdeleteuser.1
+@@ -1,4 +1,5 @@
+ .\" Copyright (C) 2006-2017 Ganaël LAPLANCHE
++.\" Copyright (c) 2015 Wind River Systems, Inc.
+ .\"
+ .\" This program is free software; you can redistribute it and/or
+ .\" modify it under the terms of the GNU General Public License
+@@ -19,10 +20,10 @@
+ .\" ganael.laplanche@martymac.org
+ .\" http://contribs.martymac.org
+ .\"
+-.TH ldapdeleteuser 1 "January 1, 2006"
++.TH ldapdeleteuser 1 "December 8, 2015"
+ 
+ .SH NAME
+-ldapdeleteuser \- deletes a POSIX user account from LDAP.
++ldapdeleteuser \- deletes a POSIX user account, and its sudo entry, from LDAP.
+ 
+ .SH SYNOPSIS
+ .B ldapdeleteuser
+--- /dev/null
++++ b/man/man1/ldapaddsudo.1
+@@ -0,0 +1,54 @@
++.\" Copyright (C) 2006-2013 Ganaël LAPLANCHE
++.\" Copyright (c) 2015 Wind River Systems, Inc.
++.\"
++.\" This program is free software; you can redistribute it and/or
++.\" modify it under the terms of the GNU General Public License
++.\" as published by the Free Software Foundation; either version 2
++.\" of the License, or (at your option) any later version.
++.\"
++.\" This program is distributed in the hope that it will be useful,
++.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
++.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++.\" GNU General Public License for more details.
++.\"
++.\" You should have received a copy of the GNU General Public License
++.\" along with this program; if not, write to the Free Software
++.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
++.\" USA.
++.\"
++.\" Ganael Laplanche
++.\" ganael.laplanche@martymac.org
++.\" http://contribs.martymac.org
++.\"
++.TH ldapaddsudo 1 "December 8, 2015"
++
++.SH NAME
++ldapaddsudo \- adds a POSIX user account to the sudoer list in LDAP.
++
++.SH SYNOPSIS
++.B ldapaddsudo
++.RB <username>
++.RB <groupname | gid>
++.RB [uid]
++ 
++.SH OPTIONS
++.TP
++.B <username>
++The name of the user to add.
++.TP
++.B <groupname | gid>
++The group name or the gid of the user to add.
++.TP
++.B [uid]
++The uid of the user to add. Automatically computed if not specified.
++
++.SH "SEE ALSO"
++ldapadduser(1), ldapaddgroup(1), ldapaddmachine(1), ldapscripts(5).
++
++.SH AVAILABILITY
++The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
++The latest version of the ldapscripts is available on :
++.B http://contribs.martymac.org
++
++.SH BUGS
++No bug known.
+--- /dev/null
++++ b/man/man1/ldapmodifysudo.1
+@@ -0,0 +1,57 @@
++.\" Copyright (C) 2007-2013 Ganaël LAPLANCHE
++.\" Copyright (c) 2015 Wind River Systems, Inc.
++.\"
++.\" This program is free software; you can redistribute it and/or
++.\" modify it under the terms of the GNU General Public License
++.\" as published by the Free Software Foundation; either version 2
++.\" of the License, or (at your option) any later version.
++.\"
++.\" This program is distributed in the hope that it will be useful,
++.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
++.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++.\" GNU General Public License for more details.
++.\"
++.\" You should have received a copy of the GNU General Public License
++.\" along with this program; if not, write to the Free Software
++.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
++.\" USA.
++.\"
++.\" Ganael Laplanche
++.\" ganael.laplanche@martymac.org
++.\" http://contribs.martymac.org
++.\"
++.TH ldapmodifysudo 1 "December 8, 2015"
++
++.SH NAME
++ldapmodifysudo \- modifies the sudo entry of a POSIX user account in LDAP interactively
++
++.SH SYNOPSIS
++.B ldapmodifysudo
++.RB <username | uid> [<add | replace | delete> <field> <value>]
++ 
++.SH DESCRIPTION
++ldapmodifysudo first looks for the right entry to modify. Once found, the entry is presented and you
++are prompted to enter LDIF data to modify it as you would do using a standard LDIF file and ldapmodify(1).
++The DN of the entry being modified is already specified : just begin with a changeType attribute or any
++other one(s) of your choice (in this case, the defaut changeType is 'modify').
++
++Alternatively, if an optional "action" argument <add | replace | delete> is given, followed by a
++field - value pair then user will not be interactively prompted.
++
++.SH OPTIONS
++.TP
++.B <username | uid> [<add | replace | delete> <field> <value>]
++The name or uid of the user to modify.
++The optional "action" pertaining to this user entry.
++The field - value pair on which the action needs to be undertaken.
++
++.SH "SEE ALSO"
++ldapmodifygroup(1), ldapmodifymachine(1), ldapmodifyuser(1), ldapscripts(5).
++
++.SH AVAILABILITY
++The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
++The latest version of the ldapscripts is available on :
++.B http://contribs.martymac.org
++
++.SH BUGS
++No bug known.
+--- /dev/null
++++ b/man/man1/ldapdeletesudo.1
+@@ -0,0 +1,46 @@
++.\" Copyright (C) 2006-2013 Ganaël LAPLANCHE
++.\" Copyright (c) 2015 Wind River Systems, Inc.
++.\"
++.\" This program is free software; you can redistribute it and/or
++.\" modify it under the terms of the GNU General Public License
++.\" as published by the Free Software Foundation; either version 2
++.\" of the License, or (at your option) any later version.
++.\"
++.\" This program is distributed in the hope that it will be useful,
++.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
++.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++.\" GNU General Public License for more details.
++.\"
++.\" You should have received a copy of the GNU General Public License
++.\" along with this program; if not, write to the Free Software
++.\" Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
++.\" USA.
++.\"
++.\" Ganael Laplanche
++.\" ganael.laplanche@martymac.org
++.\" http://contribs.martymac.org
++.\"
++.TH ldapdeletesudo 1 "December 8, 2015"
++
++.SH NAME
++ldapdeletesudo \- deletes a sudo entry, for a POSIX user account, in LDAP
++
++.SH SYNOPSIS
++.B ldapdeletesudo
++.RB <username | uid>
++ 
++.SH OPTIONS
++.TP
++.B <username | uid>
++The name or uid of the user to delete.
++
++.SH "SEE ALSO"
++ldapdeletegroup(1), ldapdeletemachine(1), ldapdeleteuser(1), ldapscripts(5).
++
++.SH AVAILABILITY
++The ldapscripts are provided under the GNU General Public License v2 (see COPYING for more details).
++The latest version of the ldapscripts is available on :
++.B http://contribs.martymac.org
++
++.SH BUGS
++No bug known.
+--- a/Makefile
++++ b/Makefile
+@@ -41,12 +41,12 @@ SBINFILES =	ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser |
+ 			ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \
+ 			ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \
+ 			ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \
+-			ldaprenameuser ldapmodifysudo
++			ldaprenameuser ldapmodifysudo ldapdeletesudo
+ MAN1FILES =	ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \
+ 			ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \
+ 			ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \
+ 			ldapdeletegroup.1 ldapsetprimarygroup.1 ldapmodifygroup.1 ldaprenamegroup.1 \
+-			ldapaddmachine.1 ldapdeleteuser.1
++			ldapaddmachine.1 ldapdeleteuser.1 ldapaddsudo.1 ldapmodifysudo.1 ldapdeletesudo.1
+ MAN5FILES = ldapscripts.5
+ TMPLFILES = ldapaddgroup.template.sample ldapaddmachine.template.sample \
+ 			ldapadduser.template.sample
+--- a/lib/runtime
++++ b/lib/runtime
+@@ -294,6 +294,21 @@ _ldapdelete () {
+   fi
+ }
+ 
++# Deletes a sudoUser entry in the LDAP directory
++# Input : POSIX username whose sudo entry to delete ($1)
++# Output: 0 on successful delete
++#         1 on being unable to find sudoUser
++#         2 on being unable to delete found sudoUser entry
++_ldapdeletesudo () {
++  [ -z "$1" ] && end_die "_ldapdeletesudo : missing argument"
++  # Find the entry
++  _findentry "$SUFFIX" "(&(objectClass=sudoRole)(|(cn=$1)(sudoUser=$1)))"
++  [ -z "$_ENTRY" ] && return 1
++
++  # Now delete that entry
++  _ldapdelete "$_ENTRY" || return 2
++}
++
+ # Extracts LDIF information from $0 (the current script itself)
+ # selecting lines beginning with $1 occurrences of '#'
+ # Input : depth ($1)

ldap/ldapscripts/files/sudo-support.patch

@@ -0,0 +1,289 @@
+Index: ldapscripts-2.0.8/sbin/ldapaddsudo
+===================================================================
+--- /dev/null
++++ ldapscripts-2.0.8/sbin/ldapaddsudo
+@@ -0,0 +1,63 @@
++#!/bin/sh
++
++#  ldapaddsudo : adds a sudoRole to LDAP
++
++#  Copyright (C) 2005 Ganaël LAPLANCHE - Linagora
++#  Copyright (C) 2006-2013 Ganaël LAPLANCHE
++#  Copyright (c) 2014 Wind River Systems, Inc.
++#
++#  This program is free software; you can redistribute it and/or
++#  modify it under the terms of the GNU General Public License
++#  as published by the Free Software Foundation; either version 2
++#  of the License, or (at your option) any later version.
++#
++#  This program is distributed in the hope that it will be useful,
++#  but WITHOUT ANY WARRANTY; without even the implied warranty of
++#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++#  GNU General Public License for more details.
++#
++#  You should have received a copy of the GNU General Public License
++#  along with this program; if not, write to the Free Software
++#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
++#  USA.
++
++if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]
++then
++  echo "Usage : $0 <username>"
++  exit 1
++fi
++
++# Source runtime file
++_RUNTIMEFILE="/usr/lib/ldapscripts/runtime"
++. "$_RUNTIMEFILE"
++
++# Username = first argument
++_USER="$1"
++
++# Use template if necessary
++if [ -n "$STEMPLATE" ] && [ -r "$STEMPLATE" ]
++then
++  _getldif="cat $STEMPLATE"
++else
++  _getldif="_extractldif 2"
++fi
++
++# Add sudo entry to LDAP
++$_getldif | _filterldif | _askattrs | _utf8encode | _ldapadd
++
++[ $? -eq 0 ] || end_die "Error adding user $_USER to LDAP"
++echo_log "Successfully added sudo access for user $_USER to LDAP"
++
++end_ok
++
++# Ldif template ##################################
++##dn: cn=<user>,ou=SUDOers,<usuffix>,<suffix>
++##objectClass: top
++##objectClass: sudoRole
++##cn: <user>
++##sudoUser: <user>
++##sudoHost: ALL
++##sudoRunAsUser: ALL
++##sudoCommand: ALL
++###sudoOrder: <default: 0, if multiple entries match, this entry with the highest sudoOrder is used>
++###sudoOption: <specify other sudo specific attributes here>
+Index: ldapscripts-2.0.8/sbin/ldapmodifyuser
+===================================================================
+--- ldapscripts-2.0.8.orig/sbin/ldapmodifyuser
++++ ldapscripts-2.0.8/sbin/ldapmodifyuser
+@@ -19,9 +19,11 @@
+ #  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+ #  USA.
+ 
+-if [ -z "$1" ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]
++if [ "$1" = "-h" ] || [ "$1" = "--help" ] || \
++   [[ "$2" != "add" && "$2" != "replace" && "$2" != "delete" ]] || \
++   [ "$#" -ne 4 ]
+ then
+-  echo "Usage : $0 <username | uid>"
++  echo "Usage : $0 <username | uid> [<add | replace | delete> <field> <value>]"
+   exit 1
+ fi
+ 
+@@ -33,21 +35,48 @@ _RUNTIMEFILE="/usr/lib/ldapscripts/runti
+ _findentry "$USUFFIX,$SUFFIX" "(&(objectClass=posixAccount)(|(uid=$1)(uidNumber=$1)))"
+ [ -z "$_ENTRY" ] && end_die "User $1 not found in LDAP"
+ 
+-# Allocate and create temp file
+-mktempf
+-echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
+-
+-# Display entry
+-echo "# About to modify the following entry :"
+-_ldapsearch "$_ENTRY"
+-
+-# Edit entry
+-echo "# Enter your modifications here, end with CTRL-D."
+-echo "dn: $_ENTRY"
+-cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
++# Username = first argument
++_USER="$1"
++
++if [ "$#" -eq 1 ]
++then
++  # Allocate and create temp file
++  mktempf
++  echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
++
++  # Display entry
++  echo "# About to modify the following entry :"
++  _ldapsearch "$_ENTRY"
++
++  # Edit entry
++  echo "# Enter your modifications here, end with CTRL-D."
++  echo "dn: $_ENTRY"
++  cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
++
++  # Send modifications
++  cat "$_TMPFILE" | _utf8encode | _ldapmodify
++else
++  # Action = second argument
++  _ACTION="$2"
++
++  # Field = third argument
++  _FIELD="$3"
++
++  # Value = fourth argument
++  _VALUE="$4"
++
++  # Use template if necessary
++  if [ -n "$UMTEMPLATE" ] && [ -r "$UMTEMPLATE" ]
++  then
++    _getldif="cat $UMTEMPLATE"
++  else
++    _getldif="_extractldif 2"
++  fi
++
++  # Modify user in LDAP
++  $_getldif | _filterldif | _utf8encode | _ldapmodify
++fi
+ 
+-# Send modifications
+-cat "$_TMPFILE" | _utf8encode | _ldapmodify
+ if [ $? -ne 0 ]
+ then
+   reltempf
+@@ -55,3 +84,9 @@ then
+ fi
+ reltempf
+ end_ok "Successfully modified user entry $_ENTRY in LDAP"
++
++# Ldif template ##################################
++##dn: uid=<user>,<usuffix>,<suffix>
++##changeType: modify
++##<action>: <field>
++##<field>: <value>
+Index: ldapscripts-2.0.8/lib/runtime
+===================================================================
+--- ldapscripts-2.0.8.orig/lib/runtime
++++ ldapscripts-2.0.8/lib/runtime
+@@ -344,6 +344,9 @@ s|<msuffix>|$MSUFFIX|g
+ s|<_msuffix>|$_MSUFFIX|g
+ s|<gsuffix>|$GSUFFIX|g
+ s|<_gsuffix>|$_GSUFFIX|g
++s|<action>|$_ACTION|g
++s|<field>|$_FIELD|g
++s|<value>|$_VALUE|g
+ EOF
+ 
+   # Use it
+Index: ldapscripts-2.0.8/Makefile
+===================================================================
+--- ldapscripts-2.0.8.orig/Makefile
++++ ldapscripts-2.0.8/Makefile
+@@ -37,11 +37,11 @@ LIBDIR = $(PREFIX)/lib/$(NAME)
+ RUNFILE = runtime
+ ETCFILE = ldapscripts.conf
+ PWDFILE = ldapscripts.passwd
+-SBINFILES =	ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser \
++SBINFILES =	ldapdeletemachine ldapmodifygroup ldapsetpasswd lsldap ldapadduser ldapaddsudo \
+ 			ldapdeleteuser ldapsetprimarygroup ldapfinger ldapid ldapgid ldapmodifymachine \
+ 			ldaprenamegroup ldapaddgroup ldapaddusertogroup ldapdeleteuserfromgroup \
+ 			ldapinit ldapmodifyuser ldaprenamemachine ldapaddmachine ldapdeletegroup \
+-			ldaprenameuser
++			ldaprenameuser ldapmodifysudo
+ MAN1FILES =	ldapdeletemachine.1 ldapmodifymachine.1 ldaprenamemachine.1 ldapadduser.1 \
+ 			ldapdeleteuserfromgroup.1 ldapfinger.1 ldapid.1 ldapgid.1 ldapmodifyuser.1 lsldap.1 \
+ 			ldapaddusertogroup.1 ldaprenameuser.1 ldapinit.1 ldapsetpasswd.1 ldapaddgroup.1 \
+Index: ldapscripts-2.0.8/sbin/ldapmodifysudo
+===================================================================
+--- /dev/null
++++ ldapscripts-2.0.8/sbin/ldapmodifysudo
+@@ -0,0 +1,93 @@
++#!/bin/sh
++
++#  ldapmodifyuser : modifies a sudo entry in an LDAP directory
++
++#  Copyright (C) 2007-2013 Ganaël LAPLANCHE
++#  Copyright (C) 2014 Stephen Crooks
++#
++#  This program is free software; you can redistribute it and/or
++#  modify it under the terms of the GNU General Public License
++#  as published by the Free Software Foundation; either version 2
++#  of the License, or (at your option) any later version.
++#
++#  This program is distributed in the hope that it will be useful,
++#  but WITHOUT ANY WARRANTY; without even the implied warranty of
++#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++#  GNU General Public License for more details.
++#
++#  You should have received a copy of the GNU General Public License
++#  along with this program; if not, write to the Free Software
++#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
++#  USA.
++
++if [ "$1" = "-h" ] || [ "$1" = "--help" ] || \
++   [[ "$2" != "add" && "$2" != "replace" && "$2" != "delete" ]] || \
++   [ "$#" -ne 4 ]
++then
++  echo "Usage : $0 <username | uid> [<add | replace | delete> <field> <value>]"
++  exit 1
++fi
++
++# Source runtime file
++_RUNTIMEFILE="/usr/lib/ldapscripts/runtime"
++. "$_RUNTIMEFILE"
++
++# Find username : $1 must exist in LDAP !
++_findentry "$SUFFIX" "(&(objectClass=sudoRole)(|(cn=$1)(sudoUser=$1)))"
++[ -z "$_ENTRY" ] && end_die "Sudo user $1 not found in LDAP"
++
++# Username = first argument
++_USER="$1"
++
++if [ "$#" -eq 1 ]
++then
++  # Allocate and create temp file
++  mktempf
++  echo "dn: $_ENTRY" > "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
++
++  # Display entry
++  echo "# About to modify the following entry :"
++  _ldapsearch "$_ENTRY"
++
++  # Edit entry
++  echo "# Enter your modifications here, end with CTRL-D."
++  echo "dn: $_ENTRY"
++  cat >> "$_TMPFILE" || end_die "Error writing to temporary file $_TMPFILE"
++
++  # Send modifications
++  cat "$_TMPFILE" | _utf8encode | _ldapmodify
++else
++  # Action = second argument
++  _ACTION="$2"
++
++  # Field = third argument
++  _FIELD="$3"
++
++  # Value = fourth argument
++  _VALUE="$4"
++
++  # Use template if necessary
++  if [ -n "$SMTEMPLATE" ] && [ -r "$SMTEMPLATE" ]
++  then
++    _getldif="cat $SMTEMPLATE"
++  else
++    _getldif="_extractldif 2"
++  fi
++
++  # Modify user in LDAP
++  $_getldif | _filterldif | _utf8encode | _ldapmodify
++fi
++
++if [ $? -ne 0 ]
++then
++  reltempf
++  end_die "Error modifying sudo entry $_ENTRY in LDAP"
++fi
++reltempf
++end_ok "Successfully modified sudo entry $_ENTRY in LDAP"
++
++# Ldif template ##################################
++##dn: cn=<user>,ou=SUDOers,<suffix>
++##changeType: modify
++##<action>: <field>
++##<field>: <value>