arif/xcat-core
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

-Add listclusterusers command with AD

Browse Source 
git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@5362 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd
This commit is contained in:
jbjohnso 2010-03-04 14:58:45 +00:00
parent f2b1f4a191
commit 355b5ebdd7
2 changed files with 90 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
xCAT-server/lib/perl/xCAT/ADUtils.pm
View File

@ -98,7 +98,6 @@ sub list_user_accounts { #provide enough data to construct an /etc/passwd lookin
my $searchin;
my $searcherr = gensym;
my $search = open3($searchin,$searchout,$searcherr,@searchcmd);
print Dumper(@searchcmd);
my $searchselect = IO::Select->new($searchout,$searchin);
my @handles;
my $failure;
@ -107,7 +106,6 @@ sub list_user_accounts { #provide enough data to construct an /etc/passwd lookin
while (@handles = $searchselect->can_read()) {
foreach (@handles) {
my $line = <$_>;
print $line;
if (not defined $line) {
$searchselect->remove($_);
next;

127
xCAT-server/lib/xcat/plugins/activedirectory.pm
View File

@ -14,6 +14,10 @@ sub handled_commands {
return {
addclusteruser => 'site:directoryprovider',
addclouduser => 'site:directoryprovider',
delclusteruser => 'site:directoryprovider',
delclouduser => 'site:directoryprovider',
listclusterusers => 'site:directoryprovider',
listcloudusers => 'site:directoryprovider',
};
}
@ -23,7 +27,84 @@ sub process_request {
$callback = shift;
my $doreq = shift;
use Data::Dumper;
if ($command =~ /add.*user/) { #user management command, adding
my $sitetab = xCAT::Table->new('site');
my $domain;
$domain = $sitetab->getAttribs({key=>'domain'},['value']);
if ($domain and $domain->{value}) {
$domain = $domain->{value};
} else {
$domain = undef;
}
#TODO: if multi-domain support implemented, use the domains table to reference between realm and domain
my $server = $sitetab->getAttribs({key=>'directoryserver'},['value']);
my $realm = $sitetab->getAttribs({key=>'realm'},['value']);
if ($realm and $realm->{value}) {
$realm = $realm->{value};
} else {
$realm = uc($domain);
$realm =~ s/\.$//; #remove trailing dot if provided
}
my $passtab = xCAT::Table->new('passwd');
my $adpent = $passtab->getAttribs({key=>'activedirectory'},[qw/username password/]);
unless ($adpent and $adpent->{username} and $adpent->{password}) {
sendmsg([1,"activedirectory entry missing from passwd table"]);
return 1;
}
if ($server and $server->{value}) {
$server = $server->{value};
} else {
my $res = Net::DNS::Resolver->new;
my $query = $res->query("_ldap._tcp.$domain","SRV");
if ($query) {
foreach my $srec ($query->answer) {
$server = $srec->{target};
}
}
unless ($server) {
sendmsg([1,"Unable to determine a directory server to communicate with, try site.directoryserver"]);
return;
}
}
if ($command =~ /list.*user/) { #user management command, listing
my $passwdfmt;
@ARGV=@{$request->{arg}};
Getopt::Long::Configure("bundling");
Getopt::Long::Configure("no_pass_through");
if (!GetOptions(
'p' => \$passwdfmt
)) {
die "TODO: usage message";
}
unless ($domain and $realm) {
sendmsg([1,"Unable to determine domain from arguments or site tabel"]);
return undef;
}
my $err = xCAT::ADUtils::krb_login(username=>$adpent->{username},password=>$adpent->{password},realm=>$realm);
if ($err) {
sendmsg([1,"Error authenticating to Active Directory"]);
return 1;
}
my $accounts = xCAT::ADUtils::list_user_accounts(
dnsdomain => $domain,
directoryserver=> $server,
);
if ($passwdfmt) {
my $account;
foreach $account (keys %$accounts) {
my $textout = ":".$account.":x:"; #first colon is because sendmsg would mistake it for a description
foreach (qw/uid gid fullname homedir shell/) {
$textout .= $accounts->{$account}->{$_}.":";
}
$textout =~ s/:$//;
sendmsg($textout);
}
} else {
my $account;
foreach $account (keys %$accounts) {
sendmsg($account);
}
}
} elsif ($command =~ /add.*user/) { #user management command, adding
my $homedir;
my $fullname;
my $gid;
@ -43,48 +124,20 @@ sub process_request {
}
my $username = shift @ARGV;
my $domain;
my $sitetab = xCAT::Table->new('site');
if ($username =~ /@/) {
($username,$domain) = split /@/,$username;
$domain = lc($domain);
} else {
$domain = $sitetab->getAttribs({key=>'domain'},['value']);
unless ($domain and $domain->{value}) {
sendmsg([1,"Domain not provided and none set in site table"]);
}
$domain = $domain->{value};
}
#TODO: if multi-domain support implemented, use the domains table to reference between realm and domain
my $server = $sitetab->getAttribs({key=>'directoryserver'},['value']);
if ($server and $server->{value}) {
$server = $server->{value};
} else {
my $res = Net::DNS::Resolver->new;
my $query = $res->query("_ldap._tcp.$domain","SRV");
if ($query) {
foreach my $srec ($query->answer) {
$server = $srec->{target};
}
}
unless ($server) {
sendmsg([1,"Unable to determine a directory server to communicate with, try site.directoryserver"]);
}
}
unless ($domain) {
sendmsg([1,"Unable to determine domain from arguments or site tabel"]);
return undef;
}
my $realm = $sitetab->getAttribs({key=>'realm'},['value']);
if ($realm and $realm->{value}) {
$realm = $realm->{value};
} else {
$realm = uc($domain);
$realm =~ s/\.$//; #remove trailing dot if provided
}
#my $domainstab = xCAT::Table->new('domains');
#$realm = $domainstab->getAttribs({domain=>$domain},
my $passtab = xCAT::Table->new('passwd');
my $adpent = $passtab->getAttribs({key=>'activedirectory'},[qw/username password/]);
unless ($adpent and $adpent->{username} and $adpent->{password}) {
sendmsg([1,"activedirectory entry missing from passwd table"]);
return 1;
unless ($realm) {
$realm = uc($domain);
$realm =~ s/\.$//; #remove trailing dot if provided
}
my $err = xCAT::ADUtils::krb_login(username=>$adpent->{username},password=>$adpent->{password},realm=>$realm);
@ -96,7 +149,7 @@ sub process_request {
username => $username,
dnsdomain => $domain,
directoryserver=> $server,
);
);
if ($fullname) { $args{fullname} = $fullname };
if ($ou) { $args{ou} = $ou };
if ($request->{environment} and