PDA

View Full Version : Help with bash script


woodson2
23rd December 2010, 03:47 AM
My script is below and it all works well and fine, however I need to have checks put in for erroneous user input during the smbldap-passwd functions and the ldapadd functions.

I've figured out a statement that will look at the exit status of the command and it will remove the user that was added in the previous step and exit but I can't figure out how to put these if statements into my existing script without breaking it. Yes, I'm a new shell scripter so any help will be greatly appreciated. Thanks

/opt/IDEALX/sbin/smbldap-passwd $USERNAME
if [ $? -ne 0 ] ; then
echo exiting!!!!
/opt/IDEALX/sbin/smbldap-userdel -r $USERNAME




Exisiting script:

#!/bin/bash -x
TMPFILE=/db/backups/tmp-expire.ldif
TMPFILE2=/db/backups/tmp-expire-ou.ldif
TMPFILE3=/db/backups/variable3-ou.ldif
TMPFILE4=/db/backups/variable4-ou.ldif

echo Please enter the username you would like to add to LDAP!

read USERNAME

if getent passwd | grep -wq $USERNAME

then
echo $USERNAME already exists in the LDAP database!
exit
fi

echo Please enter the menu group to associate with this account!
sleep 1

echo "(guser1,guser2,gsuer3,guser4,guser5,guser6,guser7, guser8,guser9,gadmin,gsuper)"

read GUSER

if [[ "$GUSER" = guser* || "$GUSER" = "gadmin" || "$GUSER" = "gsuper" ]]; then

echo Which LDAP organizational container do you want to add the user to?
else
echo You entered an invalid group!!
exit
fi

sleep 1

echo "(EXAMPLE1,example2,Default)"
sleep 1
echo If you are unsure please enter Default for the LDAP organizational container.

read organization

if [[ "$organization" = "EXAMPLE1" || "$organization" = "example2" ]]; then

echo Please assign a role to this account.

elif [ "$organization" = "Default" ]; then
/opt/IDEALX/sbin/smbldap-useradd -G 1513,$GUSER,26 -s /bin/ksh -d /home/operations/$USERNAME -a $USERNAME
sleep 1

echo Setting the inital LDAP password for $USERNAME.
sleep 1

/opt/IDEALX/sbin/smbldap-passwd $USERNAME
sleep 1

echo Enforcing password expiration upon first login!!!!!!

cat $TMPFILE | sed "s/USER/$USERNAME/g" /db/backups/tmp-expire.ldif > /db/backups/variable3.ldif
ldapadd -f /db/backups/variable3.ldif -x -D cn=root,dc=mdvcat,dc=lott -W

exit
else
echo You entered an invalid Organizational Unit!!
exit
fi

sleep 1
echo "(admins,network,developers,vendors)"

read role

if [[ "$role" = "admins" || "$role" = "network" || "$role" = "developers" || "$role" = "vendors" ]]; then


/opt/IDEALX/sbin/smbldap-useradd -G 1513,$GUSER,26 -o $role,$organization -s /bin/ksh -d /home/operations/$USERNAME -a $USERNAME

sleep 1

echo Setting the inital LDAP password for $USERNAME.

sleep 1

/opt/IDEALX/sbin/smbldap-passwd $USERNAME

sleep 1

echo Enforcing password expiration upon first login!!!!!!

cat $TMPFILE2 | sed -e "s/USER/$USERNAME/g" /db/backups/tmp-expire-ou.ldif > /db/backups/variable3-ou.ldif
cat $TMPFILE3 | sed "s/role/$role/g" /db/backups/variable3-ou.ldif > /db/backups/variable4-ou.ldif
cat $TMPFILE4 | sed "s/organization/$organization/g" /db/backups/variable4-ou.ldif > /db/backups/variable5-ou.ldif

ldapadd -f /db/backups/variable5-ou.ldif -x -D cn=root,dc=mdvcat,dc=lott -W


else
echo You entered an invalid role!!!
exit
fi

vallimar
23rd December 2010, 09:06 PM
Looks like you have the right start to me.. can you give more details on what happens/errors received?
Did you try fleshing your commands like below?

/opt/IDEALX/sbin/smbldap-passwd $USERNAME
if [ $? -ne 0 ]; then
echo exiting!!!!
/opt/IDEALX/sbin/smbldap-userdel -r $USERNAME
exit 1
fi

woodson2
24th December 2010, 03:58 PM
Looks like you have the right start to me.. can you give more details on what happens/errors received?
Did you try fleshing your commands like below?

/opt/IDEALX/sbin/smbldap-passwd $USERNAME
if [ $? -ne 0 ]; then
echo exiting!!!!
/opt/IDEALX/sbin/smbldap-userdel -r $USERNAME
exit 1
fi


If I change my script to add the checks in bold everything works if you choose Default for the organizational unit, but if you choose EXAMPLE1 or example2 I get errors. The script doesn't know how to process the EXAMPLE and example2 choices. Prior to added the checks the script would just go down to the next line and ask for a role to be assigned since everything was all in one if statement.

Which LDAP organizational container do you want to add the user to?
+ sleep 1
+ echo '(EXAMPLE1,example2,Default)'
(EXAMPLE1,example2,Default)
+ sleep 1
+ echo If you are unsure please enter Default for the LDAP organizational container.
If you are unsure please enter Default for the LDAP organizational container.
+ read organization
EXAMPLE1
+ [[ EXAMPLE1 = \E\X\A\M\P\L\E\1 ]]
+ echo Please assign a role to this account.
Please assign a role to this account.
+ /opt/IDEALX/sbin/smbldap-passwd tipp
/opt/IDEALX/sbin/smbldap-passwd: user tipp doesn't exist
+ '[' 10 -ne 0 ']'
+ echo 'exiting!!!!'
exiting!!!!
+ /opt/IDEALX/sbin/smbldap-userdel -r tipp
/opt/IDEALX/sbin/smbldap-userdel: user tipp does not exist
+ exit




New script


#!/bin/bash -x
TMPFILE=/db/backups/tmp-expire.ldif
TMPFILE2=/db/backups/tmp-expire-ou.ldif
TMPFILE3=/db/backups/variable3-ou.ldif
TMPFILE4=/db/backups/variable4-ou.ldif

echo Please enter the username you would like to add to LDAP!

read USERNAME

if getent passwd | grep -wq $USERNAME

then
echo $USERNAME already exists in the LDAP database!
exit
fi

echo Please enter the menu group to associate with this account!
sleep 1

echo "(guser1,guser2,gsuer3.guser4,guser5,guser6,guser7, guser8,guser9,gadmin,gsuper)"

read GUSER

if [[ "$GUSER" = guser* || "$GUSER" = "gadmin" || "$GUSER" = "gsuper" ]]; then

echo Which LDAP organizational container do you want to add the user to?
else
echo You entered an invalid group!!
exit
fi

sleep 1

echo "(EXAMPLE1,example2,Default)"
sleep 1
echo If you are unsure please enter Default for the LDAP organizational container.

read organization

if [[ "$organization" = "EXAMPLE1" || "$organization" = "example2" ]]; then

echo Please assign a role to this account.

elif [ "$organization" = "Default" ]; then
/opt/IDEALX/sbin/smbldap-useradd -G 1513,$GUSER,26 -s /bin/ksh -d /home/operations/$USERNAME -a $USERNAME
sleep 1

echo Setting the inital LDAP password for $USERNAME.
sleep 1
fi

/opt/IDEALX/sbin/smbldap-passwd $USERNAME
if [ $? -ne 0 ] ; then
echo exiting!!!!
/opt/IDEALX/sbin/smbldap-userdel -r $USERNAME
exit
fi

echo Enforcing password expiration upon first login!!!!!!

cat $TMPFILE | sed "s/USER/$USERNAME/g" /db/backups/tmp-expire.ldif > /db/backups/variable3.ldif

ldapadd -f /db/backups/variable3.ldif -x -D cn=root,dc=mdvcat,dc=lott -W
if [ $? -ne 0 ] ; then
echo exiting!!!!
/opt/IDEALX/sbin/smbldap-userdel -r $USERNAME

exit
else
echo Sucessfully added $USERNAME to the database!
exit
fi

sleep 1
echo "(admins,network,developers,vendors)"

read role

if [[ "$role" = "admins" || "$role" = "network" || "$role" = "developers" || "$role" = "vendors" ]]; then


/opt/IDEALX/sbin/smbldap-useradd -G 1513,$GUSER,26 -o $role,$organization -s /bin/ksh -d /home/operations/$USERNAME -a $USERNAME

sleep 1

echo Setting the inital LDAP password for $USERNAME.

sleep 1

/opt/IDEALX/sbin/smbldap-passwd $USERNAME

sleep 1

echo Enforcing password expiration upon first login!!!!!!

cat $TMPFILE2 | sed -e "s/USER/$USERNAME/g" /db/backups/tmp-expire-ou.ldif > /db/backups/variable3-ou.ldif
cat $TMPFILE3 | sed "s/role/$role/g" /db/backups/variable3-ou.ldif > /db/backups/variable4-ou.ldif
cat $TMPFILE4 | sed "s/organization/$organization/g" /db/backups/variable4-ou.ldif > /db/backups/variable5-ou.ldif

ldapadd -f /db/backups/variable5-ou.ldif -x -D cn=root,dc=mdvcat,dc=lott -W


else
echo You entered an invalid role!!!
exit
fi

vallimar
24th December 2010, 07:09 PM
Okay trying to read through the flatly formated script.. I think that is the wrong snippet at the wrong point.
Looks to me like you should do the test twice, after the two different user add calls instead.



/opt/IDEALX/sbin/smbldap-useradd -G 1513,$GUSER,26 -s /bin/ksh -d /home/operations/$USERNAME -a $USERNAME

if [ $? -ne 0 ] ; then
echo "Couldn't add $USERNAME to DEFAULT!"
/opt/IDEALX/sbin/smbldap-userdel -r $USERNAME
exit 1
fi

sleep 1



/opt/IDEALX/sbin/smbldap-useradd -G 1513,$GUSER,26 -o $role,$organization -s /bin/ksh -d /home/operations/$USERNAME -a $USERNAME

if [ $? -ne 0 ] ; then
echo "Couldn't add $USERNAME to $organization with $role role!"
/opt/IDEALX/sbin/smbldap-userdel -r $USERNAME
exit 1
fi

sleep 1


And remove that other check. Think that is closer to what you need.
I don't claim it will work, but I think it's in the right direction. Also, you should keep
the number after the exit lines.. you can use something other than '1' but if you don't
provide an exit error code, it will default to 0, which in *nix means success. So give it
an error number so you can check the return of this script properly later on, just as you
are checking the return code of smbldap-useradd.

Lastly, you may want to consider breaking the script apart into routines where you define
and call functions. Though that would require a total refactoring and may not be worthwhile.

stevea
25th December 2010, 05:14 AM
Minor nit but I believe that

if ! /opt/IDEALX/sbin/smbldap-useradd -G ....
then
...
....
fi

is clearer than testing $?

vallimar
25th December 2010, 02:09 PM
I think that falls under personal preference.

South Sudan - Iran Instagram Photos - Kinshasa Travel Photos -