Skip to content
/ cligu Public

Manage posix groups and users in openldap with a fancy syntax

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

andis/cligu

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
bin
bin
 
 
features
features
 
 
lib
lib
 
 
test
test
 
 
.gitignore
.gitignore
 
 
Gemfile
Gemfile
 
 
LICENSE
LICENSE
 
 
README.org
README.org
 
 
Rakefile
Rakefile
 
 
cligu.gemspec
cligu.gemspec
 
 

Repository files navigation

cligu

Manage users and groups using a fancy syntax.

CLI for Groups and Users is a thin wrapper around the activeldap gem for environments that store their posix users and groups in openldap.

Usage

cligu [options] [command:user_or_group[operator<groups_or_users>][:attribute=value]*]*

Commands are:

  • user
  • group
  • list:users and list:groups

Operators are:

  • + add user to listed groups or members to group
  • = explicitly set groups or members
  • % remove a user from the listed groups or members from a group

Attributes are passed directly to LDAP.

Examples

  • list all users and groups
cligu list:users list:groups
  • add the users bob, jon, and ron to the group “staff”
cligu group:staff+bob,jon,ron
  • remove jon and jack from the group “authors”:
cligu group:authors%jon,jack
  • add the user alice to the group “staff” and change the login shell and mail address:
cligu user:alice+staff:loginshell:/bin/zsh:mail=alice@example.com

which may need the following LDAP-ACL to work:

access to attrs=loginshell,mail
    by self write
    by * break
  • With the following command and LDAP-ACL, all members of any group with the description “selfsustained” can add or remove members to their group:
cligu group:grassroots:description=selfsustained

access to dn.sub="ou=groups,dc=example,dc=com" filter=(description=selfsustained) attr=memberUid
    by set="this/memberUid & user/uid" manage
    by *
    break

Cligu IRB Repl Mode Console

Run cligu --irb to get the Cligu Console.

Here you have direct access to Activeldap: Examples:

f = Users.find('funky')
f.homedirectory = '/home/funky'
f.save

n = Users.new('neo')
n.save
pp n.errors ;nil

Requirements

  • The gems activeldap and ruby-ldap (see Gemfile).
  • on Debian/Ubuntu, the gem ruby-ldap needs the packages: build-essential libldap2-dev libsasl2-dev
  • Currently, authentication is handled via Kerberos, so a working LDAP&Kerberos-Environment
  • probably more

Configuration

Cligu tries to guess connection details from /etc/ldap/ldap.conf /etc/ldap.conf ~/.ldaprc ENV['LDAPRC']

Configuration files are evaled in this order:

/etc/cligu_conf.rb, /etc/cligu.d/*_conf.rb, ~/.cligu_conf.rb, ~/.local/share/cligu/*_conf.rb, ENV['CLIGUCONF']

Plans

  • Extend documentation
  • Authentication via Username+Password
  • Syntax for creating users, groups
  • Drop dependency on activeldap

Copyright

Copyright (c) 2010-2014 Andi Fink. See LICENSE for details.

About

Manage posix groups and users in openldap with a fancy syntax

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages