Scan for users without groups
To have better control about users, which logged in first time by LDAP and did not get mapped to default group, we use some SQL / bash script to inform the webmaster about that:
vim /opt/teedy-unmapped-users.sh#!/bin/bash
#check for new users which have been created the last 10 minutes, but have no propery group membership. if result is not empty we send a new email
DB_USER="db_user"
DB_NAME="db_name"
OUT=$(psql -t -U$DB_USER $DB_NAME --no-align --command="
SELECT
use_id_c,
use_username_c
FROM t_user AS U
JOIN t_user_group AS UG ON UG.ugp_iduser_c = U.use_id_c
JOIN t_group AS G ON G.grp_id_c = UG.ugp_idgroup_c
WHERE
U.use_deletedate_d IS NULL AND
U.use_disabledate_d IS NULL AND
UG.ugp_deletedate_d IS NULL AND
G.grp_deletedate_d IS NULL AND
G.grp_name_c NOT IN ('Administratoren', 'Group2', 'Editors', 'Viewers') AND
U.use_username_c NOT IN ('admin', 'anotherUser', 'anotherUser2')
;
")
if [[ ! -z $OUT ]]; then
#echo -e -n _${OUT}_
#first inform about the document via mail
echo -e -n " "$OUT | mail -s "dms.domain.org new user(s) have to be mapped" webmaster@domain.org
BASE_URL="https://dms.domain.org"
BASE_URL="http://localhost:8080/dms"
TEEDY_USER="user"
AUTH_TOKEN=$(psql -t -U$DB_USER $DB_NAME --command="SELECT aut_id_c FROM t_authentication_token AS A JOIN t_user AS U ON U.use_id_c = A.aut_iduser_c WHERE use_username_c = '$TEEDY_USER' AND aut_lastconnectiondate_d IS NOT NULL LIMIT 1;")
if [ -z "$AUTH_TOKEN" ]
then
echo "NO AUTHTOKEN. Please create a session for the user first to automate things!" >&2 #print to stderr to trigger cron.d mail on error
exit 1
else
for VAR in $OUT; do
echo
curl --silent -X DELETE -H "Cookie: auth_token=$AUTH_TOKEN" "$BASE_URL/api/tag/$VAR" -k
done
fi
else
echo "No users to map to groups ..."
fi
Keine Kommentare