ldap---22---增加用户与组的创建配置

aarongo · Jan 17, 2019 · d01645e · d01645e
1 parent 3c10296
commit d01645e
Show file tree

Hide file tree

Showing 12 changed files with 111 additions and 4 deletions.
diff --git a/03-server.yml b/03-server.yml
@@ -1,4 +1,6 @@
 ---
 - hosts: server
   roles:
-    - { role: ldap_server, install_server: true }
+    - { role: prepare}
+    - { role: chrony, CHRONY_NTP: true}
+    - { role: ldap_server, install_server: true, ENABLE_SSL: true}
diff --git a/04-add_plugin.yml b/04-add_plugin.yml
@@ -1,4 +1,4 @@
 ---
 - hosts: server
   roles:
-    - { role: ldap_expan, add_memberof: false, add_web: false, sudo_ssh: true}
+    - { role: ldap_expan, add_memberof: true, add_web: true, sudo_ssh: true}
diff --git a/07-addaccount.yml b/07-addaccount.yml
@@ -0,0 +1,4 @@
+---
+- hosts: server
+  roles:
+    - ldap_account
diff --git a/README.md b/README.md
@@ -4,7 +4,9 @@
 
 ## 配置过程
 
-
+**当单独运行某个角色的时候需要运行基础配置**
+#密码必须由管理员重置
+pwdReset: TRUE
 
 ## 基础命令使用
 
@@ -43,4 +45,16 @@ ldapsearch -x -D cn=config -b "cn=config" -w K7KdHqkEed -LLL dn
 2. ansible-playbook 02-chrony.yml
 3. ansible-playbook 03-server.yml
 4. ansible-playbook 04-add_plugin.yml
-5. ansible-playbook 05-client.yml
+5. ansible-playbook 05-client.yml
+6. ansible-playbook 06-addclient.yml
+7. ansible-playbook 07-addaccount.yml 
+
+**7**:运行时参数说明:
+- `user_name`： 要创建的用户名
+- `user_id`: 要创建的用户 id （1000+）
+- `group_id`: 要创建的组 id（500+）
+- `mail`: 用户邮箱地址
+- `group_name`: 用户组名称
+- `group_exist`: 组是否存在 true|false
+- `create_user`: 是否要创建用户 true|false
+- `user_passwd`: 用户密码
diff --git a/account_json.json b/account_json.json
@@ -0,0 +1,11 @@
+{
+  "user_name": "lyl2",
+  "user_passwd": "1qazxsw2",
+  "group_name": "linux_users",
+  "user_id": "1014",
+  "group_id": "505",
+  "mail": "[email protected]",
+  "create_group": false,
+  "create_user": true,
+  "add_group": true
+}
diff --git a/roles/ldap_account/tasks/existing_group.yml b/roles/ldap_account/tasks/existing_group.yml
@@ -0,0 +1,12 @@
+---
+- name: copy add user to group ldif
+  template:
+    src: existing_group.ldif.j2
+    dest: /tmp/existing_group.ldif
+
+- name: Add an user an existing group
+  shell: ldapadd -x -D "cn=Manager,dc={{ SERVER_FQDN.split('.')[0] }},dc={{ SERVER_FQDN.split('.')[2] }}" -w {{ ROOTPW }} -f /tmp/existing_group.ldif
+  register: exist_group
+
+- debug:
+    msg: "{{ exist_group.stdout_lines }}"
diff --git a/roles/ldap_account/tasks/group_add.yml b/roles/ldap_account/tasks/group_add.yml
@@ -0,0 +1,12 @@
+---
+- name: copy group ldif
+  template:
+    src: group.ldif.j2
+    dest: /tmp/group.ldif
+
+- name: create group
+  shell: ldapadd -x -D "cn=Manager,dc={{ SERVER_FQDN.split('.')[0] }},dc={{ SERVER_FQDN.split('.')[2] }}" -w {{ ROOTPW }} -f /tmp/group.ldif
+  register: create_result
+
+- debug:
+    msg: "{{ create_result.stdout_lines }}"
diff --git a/roles/ldap_account/tasks/main.yml b/roles/ldap_account/tasks/main.yml
@@ -0,0 +1,12 @@
+---
+- name: crate group
+  include: group_add.yml
+  when: create_group
+
+- name: create user
+  include: user_add.yml
+  when: create_user
+
+- name: add user to exist group
+  include: existing_group.yml
+  when: add_group
diff --git a/roles/ldap_account/tasks/user_add.yml b/roles/ldap_account/tasks/user_add.yml
@@ -0,0 +1,16 @@
+---
+- name: general SSHA
+  shell: slappasswd -h {SSHA} -s {{ user_passwd }}
+  register: u_password
+
+- name: copy user ldif
+  template:
+    src: user.ldif.j2
+    dest: /tmp/user.ldif
+
+- name: create user
+  shell: ldapadd -x -D "cn=Manager,dc={{ SERVER_FQDN.split('.')[0] }},dc={{ SERVER_FQDN.split('.')[2] }}" -w {{ ROOTPW }} -f /tmp/user.ldif
+  register: create_result
+
+- debug:
+    msg: "{{ create_result.stdout_lines }}"
diff --git a/roles/ldap_account/templates/existing_group.ldif.j2 b/roles/ldap_account/templates/existing_group.ldif.j2
@@ -0,0 +1,4 @@
+dn: cn={{ group_name }},ou=Groups,dc={{ SERVER_FQDN.split('.')[0] }},dc={{ SERVER_FQDN.split('.')[2] }}
+changetype: modify
+add: memberuid
+memberuid: {{ user_name }}
diff --git a/roles/ldap_account/templates/group.ldif.j2 b/roles/ldap_account/templates/group.ldif.j2
@@ -0,0 +1,4 @@
+dn: cn={{ group_name }},ou=Groups,dc={{ SERVER_FQDN.split('.')[0] }},dc={{ SERVER_FQDN.split('.')[2] }}
+objectClass: top
+objectClass: posixGroup
+gidNumber: {{ group_id }}
diff --git a/roles/ldap_account/templates/user.ldif.j2 b/roles/ldap_account/templates/user.ldif.j2
@@ -0,0 +1,16 @@
+dn: uid={{ user_name }},ou=Users,dc={{ SERVER_FQDN.split('.')[0] }},dc={{ SERVER_FQDN.split('.')[2] }}
+objectClass: top
+objectClass: inetOrgPerson
+objectClass: posixAccount
+objectClass: shadowAccount
+givenName: {{ user_name }}
+cn: {{ user_name }}
+sn: Linux
+userPassword: {{ u_password.stdout_lines[0] }}
+loginShell: /bin/bash
+uid: {{ user_name }}
+uidNumber: {{ user_id }}
+gidNumber: {{ group_id }}
+homeDirectory: /home/{{ user_name }}
+mail: {{ mail }}
+pwdReset: TRUE