NDSDOFORMMB NDSCMDFORMMB

Scripts to bulk process NDS controled Unix accounts

NDSDOFOR NDSCMDFOR

Scripts to process one NDS controled Unix account

Purpose:

In our environnment, Linux accounts are authenticated using the PAM_NCP authentification module and have their Unix home on a Linux NFS server.

We needed some scripts to bulk process all accounts such as printing some informations, copying, updating or deleting some files in every Unix or Netware home...

Perl scripts ndsdoformmb and ndscmdformmb were created for this purpose.

ndsdoformmb.pl requires a shell script and ndscmdformmb.pl a simple command line (surrounded by quotes)

ndsdofor.pl and ndscmdfor.pl behaves the same way but on only one NDS user.

They will retrieve 8 Unix properties from NDS for every member of a group and pass them to the script or the command line:

unix name	NDS CN	NDS mandatory attribute
unix ID	NDS L attribute U:xxxx or u:xxxx	required , must be set wth NWadmin or pam_ncp snapin
FQDN	NDS fully qualified name	NDS mandatory attribute
unix Home	NDS L attribute H:/home/login or h:/home/login	required, must be set wth NWadmn or pam_ncp snapin
unix group	NDS L attribute G:100 or g:100	not required, default =100
unix Gecos	NDS Full Name attribute	not required, default 'unknow user'
Email	NDS Internet Email Address attribute	not required, default '"nomail\@nowhere'
Netware Home directory	NDS Home directory attribute	not required, default 'NOSERVER:/NOPATH'

Unix properties stored in the multistring NDS L attribute (also called Description as used by the PAM pam_auth_ncp module) can be edited directly with NWAdmin or with the pam_ncp snapin for NWAdmin, or imported to NDS from a text file using uimport DOs utility

Requirements:

ncpfs version 2.2 installed and operational (slist) on the Linux box.
If acting on NFS homes, the scripts must be run by on the NDS server by a user (root) that has all rights of every user's home
If acting on Netware homes, user running the script must be logged to Netware (ncplogin or ncpmount) as a user with all rights on every Netware homes

Usage:

usage: ./ndsdoformmb.pl [options] script

-h	Print this help text
-g group to scan	(default= LinuxOK.PC)
-T treename	(default= INSA_ROOT)
-d	verbose printing
-t	testing: do not run script but print the command line
-n number	Limit ouput to n accounts (for testing)
script	script (sh, perl...) to run for every found account. The script will receive 8 command lines parameters in the following order: #!/usr/bin/perl #perl example of argument retrieval: $unixname=$ARGV[0]; $home=$ARGV[1]; $uid=$ARGV[2]; $fqdn=$ARGV[3]; $group=$ARGV[4]; $email=$ARGV[5]; $nwhome=$ARGV[6]; $gecos=$ARGV[7];

usage: ./ndscmdformmb.pl [options] 'cmd'

-h Print this help text

-g group to scan (default= LinuxOK.PC)

-T treename (default= INSA_ROOT)

-d verbose printing

-t testing: do not run command but print what would be done

-n number Limit ouput to n accounts (for testing)

'cmd' a quote surrounded command line that will be executed for every found account
The command can have 8 markers that will be substituted with the current user's NDS retrieved data:
@USER the Unix name of that user @UID the Unix id of that user @HOME the Unix path to user's home @FQDN the NDS fully qualified user's name @GRP the Unix primary group number (if present in NDS else default value 100) @EMAIL the NDS Internet email address property @NWHOME the path to his Netware home ( in the format needed by ncpmap) @GECOS the NDS full name property

Edit the scripts to match your NDS:

$DEFTREE="INSA_ROOT";    <-- change this to your NDS tree
$DEFGRP="LinuxOK.PC";	<-- change this to match the user's group allowed to login from Linux

run the test script by ./ndsdoformmb.pl ./test.pl
This should print out for every member of your NDS Unix group the following:

processing  1760 members of group LinuxOK.PC
...
alambasdiaz		 <- CN or Unix login
/cipc/eurinsa/2120204	<- Linux home directory
13118			<- Unix ID
alambasdiaz.PC		<- NDS FQDN
100			<- Unix primary GID
Alba.Lambas-diaz@insa-lyon.fr	<-Email address if set
EURINSA_APPS.PC:HOME/02/2120204	<- Netware home directory
Alba Lambasdiaz		<- NDS full name = Unix gecos
alaporte		<- next user
/cipc/eurinsa/2111048
13119
alaporte.PC
100
Aude.Laporte@insa-lyon.fr
EURINSA_APPS.PC:HOME/02/2111048
Aude Claire Laporte
...

or for the command line version:
./ndscmdformmb.pl 'echo @USER'
processing  1760 members of group LinuxOK.PC
aabdessamad
aadler
aakrikorian
aalacroix
...

Some real life examples:

ndscmdformmb.pl -g LinuxOK.PC "echo @USER:@UID:@HOME" >test Dump some users infos to a text file

ndscmdformmb.pl -g LinuxOK.PC -v " rm -f @HOME/core" On NFS server
Remove core's files in every NFS home( verbose mode)

ndscmdformmb.pl -g LinuxOK.pc "setquota @USER 50000 55000 0 0 -a" On NFS server
set global quota to 50Mb for all

ndscmdformmb.pl -g LinuxOK.pc "du -s -h @HOME >>diskusage.log" On NFS server
who is a disk eater ?

ndscmdformmb.pl -g LinuxOK.PC "cp -f /etc/skel/OpenOffice1.0/user/config/javarc @HOME/OpenOffice1.0/user/config/" On NFS server
update Java run time information for OpenOffice 1.0 on all existing accounts.

ndsdoformmb.pl -n 5 -t dummy dummy run of a non existing script dummy for the 5 first users of the default group:
processing 1759 members of group LinuxOK.PC
dummy run of :dummy aabdessamad /cipc/pc/2110013 12026 "aabdessamad.PC" 100 Ali.Abdessamad@insa-lyon.fr CIPCINSA_APPS.PC:HOME/02/2110013 "Ali Abdessamad"
dummy run of :dummy aadler /cipc/eurinsa/2119291 13080 "aadler.PC" 100 Andrei.Adler@insa-lyon.fr EURINSA_APPS.PC:HOME/02/2119291 "Andrei Adler"
dummy run of :dummy aakrikorian /cipc/pc/2210853 14043 "aakrikorian.PC" 100 alexandre-armen.krikorian@insa-lyon.fr CIPCINSA_APPS.PC:HOME/03/2210853 "Alexandre-Armen Krikorian"
dummy run of :dummy aalacroix /cipc/eurinsa/2212811 14693 "aalacroix.PC" 100 axel.lacroix@insa-lyon.fr EURINSA_APPS.PC:HOME/03/2212811 "Axel-Antoine Raoul Lacroix"
dummy run of :dummy aapavatjrut /cipc/asinsa/2212400 14632 "aapavatjrut.PC" 100 anya.apavatjrut@insa-lyon.fr CIPCINSA_APPS.PC:HOME/03/2212400 "Anya Apavatjrut"
5 users processed on 5 members of LinuxOK.PC and 0 succeeded.

ndsdoformmb.pl -n 5 ./test.sh print out all gathered infos for the 5 first users found
with the following shell script test.sh #!/bin/bash echo "unixname:$1" echo "home:$2" echo "uid:$3" echo "user:$4" echo "group:$5" echo "email:$6" echo "nwhome:$7" echo "gecos:$8"

/ndsdoformmb.pl ./pmxf.pl apply the script pmxf.pl to every Netware home of members of the default group
#!/usr/bin/perl # this script will create a /pmail/pmxf.ini file in a Netware user's home to # force the Mercury mail gateway to autoforward all local Pegasus Mail mails # to user to user@mail.insa-lyon.fr # which is the official mail address for every student # user running this script MUST be logged to NDS (for ncpmap to work) # and as admin equivalent (to be able to create pmxf.ini file # in every user's home). $mntpnt="/mnt/ncp/temp"; # must exist !!! #collect infos sent by ndsdoformmb.pl $unixname=$ARGV[0]; #unix name= Netware CN = INSA user name $nwhome=$ARGV[6]; #Netware home in the format server:path ($vol,$path)=split(':',$nwhome); #print ("ncpmap -V $vol -R $path -X [root] $mntpnt"); #mount user's Netware home if (system ("ncpmap -V $vol -R $path -X [root] $mntpnt")==0) { if (open (FIC ,">$mntpnt/pmail/pmxf.ini")) { print (FIC "Local autoforward =$unixname\@mail.insa-lyon.fr\r\n"); print (FIC "Internet autoforward =$unixname\@mail.insa-lyon.fr\r\n"); print (FIC "Deliver even when forwarding = N\r\n"); print (FIC "Allow confirmation of reading = N\r\n"); print (FIC "Disable mail delivery = N\r\n"); print (FIC "Send delivery broadcasts = N\r\n"); close FIC; #debug print what has been done #system("cat $mntpnt/pmail/pmxf.ini"); } system ("ncpumount $mntpnt"); exit 0; }else { exit ($@); }

To be on the safe side:
Since these scripts can be really harmfull, we recommand that you first "test run" them using the -t and -n options before really executing them.

Download:

History:

  ndscmdformmb.pl 1.00 2002   Sept 23             Patrick Pollet 

                this program is an Perl script retrieving members of an NDS group
                and calling the specified command
               the command may contains 8 markers that will be substitued by :
                       @USER   the Unix name of that user
                       @UID    the Unix id of that user
                       @HOME   the Unix path to user's home
                       @FQDN   the NDS fully qualified user's name
                       @GRP    the Unix primary group number (if preseent in NDS else default value 100)
                       @EMAIL  the NDS Internet email address property
                       @NWHOME  the path to his Netware home ( NDS format )
                       @GECOS   the NDS full name property
               User's Unix data are stored in the multistring NDS L attribute (also called Description)
               as used by the PAM pam_auth_ncp module
               withe the following format
                       unix ID         U:xxxxx  or  u:xxxx             required
                       unix Home       H:/home/login or h:/home/login  required

               This program could be run to perform any "one liner" command on every NDS maintained Unix
               users accounts or Unix homes.

  ndsdoformmb.pl 1.00 2002   Sept 23             Patrick Pollet 

                the program is an Perl script retrieving members of an NDS group
                and calling the specified command with 8 arguments :
               Unix_User_Name, Unix_Home,unix_id, NDS fqdn,Unix primary group,email address,Netware Home and Netware Fullname
               User's Unix data are stored in the multistring NDS L attribute (also called Description)
               as used by the PAM pam_auth_ncp module
               withe the following format
                      unix ID         U:xxxxx  or  u:xxxx             required
                       unix Home       H:/home/login or h:/home/login  required
                       unix group      G:100       or g:/              not required (will use default)
                       email address   NDS property Internet Email Address
               Command can be written in any scripting langae (bash, perl...) that accept command lines parameters

               This program could be run to perform any action on every NDS maintained Unix
               users accounts or Unix homes.
               Currently the ncpfs system do not have a nss_switch module such as Ldap
               to extends the local user's database with "remote " NDS accounts. So, for
               some Unix commands that check /etc/passwd for user name (setquota...), the local database
               must be in sync with NDS. See script nds2pwd.pl to perform this.

#   ndsdofor.pl and ndscmdfor.pl

#        1.00 2003   Oct 7             Patrick Pollet 
#		similar to bulk processing but restricted to one NDS user
#		(replace -g option by -u NDSLogin.context).

TODO:

Modify ncpreadprops attribute list to fetch "official NDS8" Unix informations
If the nss_ncp library ever got finalized, four properties (Unix ID, Unix Home, Unix group and Unix Gecos) should be retrieved by getpwdent() instead of ncpreadprops.

Vous êtes notre eme visiteur

ndscmdformmb.pl -g LinuxOK.PC "echo @USER:@UID:@HOME" >test	Dump some users infos to a text file
ndscmdformmb.pl -g LinuxOK.PC -v " rm -f @HOME/core"	On NFS server Remove core's files in every NFS home( verbose mode)
ndscmdformmb.pl -g LinuxOK.pc "setquota @USER 50000 55000 0 0 -a"	On NFS server set global quota to 50Mb for all
ndscmdformmb.pl -g LinuxOK.pc "du -s -h @HOME >>diskusage.log"	On NFS server who is a disk eater ?
ndscmdformmb.pl -g LinuxOK.PC "cp -f /etc/skel/OpenOffice1.0/user/config/javarc @HOME/OpenOffice1.0/user/config/"	On NFS server update Java run time information for OpenOffice 1.0 on all existing accounts.
ndsdoformmb.pl -n 5 -t dummy	dummy run of a non existing script dummy for the 5 first users of the default group: processing 1759 members of group LinuxOK.PC dummy run of :dummy aabdessamad /cipc/pc/2110013 12026 "aabdessamad.PC" 100 Ali.Abdessamad@insa-lyon.fr CIPCINSA_APPS.PC:HOME/02/2110013 "Ali Abdessamad" dummy run of :dummy aadler /cipc/eurinsa/2119291 13080 "aadler.PC" 100 Andrei.Adler@insa-lyon.fr EURINSA_APPS.PC:HOME/02/2119291 "Andrei Adler" dummy run of :dummy aakrikorian /cipc/pc/2210853 14043 "aakrikorian.PC" 100 alexandre-armen.krikorian@insa-lyon.fr CIPCINSA_APPS.PC:HOME/03/2210853 "Alexandre-Armen Krikorian" dummy run of :dummy aalacroix /cipc/eurinsa/2212811 14693 "aalacroix.PC" 100 axel.lacroix@insa-lyon.fr EURINSA_APPS.PC:HOME/03/2212811 "Axel-Antoine Raoul Lacroix" dummy run of :dummy aapavatjrut /cipc/asinsa/2212400 14632 "aapavatjrut.PC" 100 anya.apavatjrut@insa-lyon.fr CIPCINSA_APPS.PC:HOME/03/2212400 "Anya Apavatjrut" 5 users processed on 5 members of LinuxOK.PC and 0 succeeded.
ndsdoformmb.pl -n 5 ./test.sh	print out all gathered infos for the 5 first users found with the following shell script test.sh #!/bin/bash echo "unixname:$1" echo "home:$2" echo "uid:$3" echo "user:$4" echo "group:$5" echo "email:$6" echo "nwhome:$7" echo "gecos:$8"
/ndsdoformmb.pl ./pmxf.pl	apply the script pmxf.pl to every Netware home of members of the default group #!/usr/bin/perl # this script will create a /pmail/pmxf.ini file in a Netware user's home to # force the Mercury mail gateway to autoforward all local Pegasus Mail mails # to user to user@mail.insa-lyon.fr # which is the official mail address for every student # user running this script MUST be logged to NDS (for ncpmap to work) # and as admin equivalent (to be able to create pmxf.ini file # in every user's home). $mntpnt="/mnt/ncp/temp"; # must exist !!! #collect infos sent by ndsdoformmb.pl $unixname=$ARGV[0]; #unix name= Netware CN = INSA user name $nwhome=$ARGV[6]; #Netware home in the format server:path ($vol,$path)=split(':',$nwhome); #print ("ncpmap -V $vol -R $path -X [root] $mntpnt"); #mount user's Netware home if (system ("ncpmap -V $vol -R $path -X [root] $mntpnt")==0) { if (open (FIC ,">$mntpnt/pmail/pmxf.ini")) { print (FIC "Local autoforward =$unixname\@mail.insa-lyon.fr\r\n"); print (FIC "Internet autoforward =$unixname\@mail.insa-lyon.fr\r\n"); print (FIC "Deliver even when forwarding = N\r\n"); print (FIC "Allow confirmation of reading = N\r\n"); print (FIC "Disable mail delivery = N\r\n"); print (FIC "Send delivery broadcasts = N\r\n"); close FIC; #debug print what has been done #system("cat $mntpnt/pmail/pmxf.ini"); } system ("ncpumount $mntpnt"); exit 0; }else { exit ($@); }