Re: LDAP adduser/deluser
On Tue, 27 May 2003, Zed Pobre wrote:
> > > > Could you elaborate on what ways yours works better than the original
> > > > adduser? I'm sure Roland would love to hear about functionality
> > > > improvements, and I'd certainly be keen for any improvements to the
> > > > LDAP-specific code...
> > >
> > > My version will iterate through a list of users, has a "quiet"
> > > mode that fills in only minimal information automatically, and instead
> > Bulk creation would probably be a good thing for adduser to have anyway, and
> > the "quiet" mode (not really quiet, I'd say non-intrusive, perhaps <g>)
> No, it's genuinely quiet. The only thing you get asked for is the
"Quiet" to me implies "shut up about it" not "don't ask me questions".
Whatever you want to call it, however, it looks like a nifty feature, if it
can be non-destructively added to the adduser code.
> Remove the --simulate and those accounts would have been created and
> immediately live. Pipe the output to a file, and you get one prompt
> for the bind password and no other output, and you have a file
> containing starting account names and passwords that you can mail off
> to someone to chop up and divvy out. If I could combine this with a
> setting to enforce that the passwords be changed within 72 hours, I'd
> be a very happy man. As it is, I'm feeling inordinately pleased with
> myself :)
As for forcing password change, I'm sure there's something about this in an
LDAP schema somewhere. Probably an AD one (I know NT has a "must change
password at next logon" feature).
> > would be a good complement to that. If you can turn them into patches to
> > adduser, I'm sure Roland would be appropriately interested. I don't have a
> > need for them directly myself, and I'm a bit snowed to be triaging general
> > patches for adduser at the moment.
> Okay, this is going to take quite a bit of time. I started my own
> from scratch because I was using this as an excuse to learn perl as
> much as to scratch an itch, and what I've written doesn't neatly drop
> into the standard adduser. I'll see what I can do. It may actually
> be easier for me to simply incorporate the adduser code into what I
> have and just present you with a complete rewrite fait accompli.
Considering the warts that have grown into adduser over the years, a rewrite
probably wouldn't hurt (gak, I hate Perl). What is needed, though, is a
single command which (based on external config) uses either files *or* LDAP.
I thought about rewriting all of the passwd tools (useradd, groupadd, et al)
but for some reason thought that implementing in in adduser was better.
Anyway, for my implementation, grab it from
http://www.baileyroberts.com.au/~mpalmer/adduser_3.50.2_all.deb. It'll go
into official adduser at some stage.
> Incidentally, I might have discovered a Perl bug while writing
> this, but since it's much more common for someone learning a language
> to find a personal bug than a language bug, I'm not confident enough
> to write a bug report. If you have spare time, poke at the if(defined
> $opt_gid) code (around line 325) and tell me why calling getgrgid with
> exactly the same argument into the same variable fails in the second
> pass of a loop and exits silently with return value 141?
No thanks. I've dealt with the horror of obscure Perl bugs myself. I have
no desire to take on other people's as well. <g>