Differences

This shows you the differences between two versions of the page.

--- linux_wiki:freeipa_user_add [2016/11/26 23:00]
billdozor created
+++ linux_wiki:freeipa_user_add [2019/05/25 23:50]
@@ Line 1: / Line 1: @@
-====== Freeipa User Add ======
-**General Information**
-This script adds a new user account to FreeIPA and emails the user a temporary random password.
-**Checklist**
-  * Distro(s):Enterprise Linux 6/7
-  * Other: [[http://www.unixmen.com/configure-freeipa-server-centos-7/|FreeIPA Server Installed]] (script runs there)
-----
-====== The Script ======
-Run this script on your FreeIPA server to add a new user account.
-<code bash user-add.sh>
-#!/bin/bash
-# Name: user-add.sh
-# Description: Add a new user to FreeIPA and email them a temporary random password.
-# Last Updated: 2016-10-07
-# Recent Changes:-Added support for username and help arguments
-###############################################################################################
-##### Customize These Variables #####
-# admin credentials
-admin_user="admin"
-# system admins email
-system_admins_email="sysadmins@example.com"
-# self-service portal URL
-self_service_portal="https://ipaserver.example.com/ipa/ui/"
-# Temp files for output parsing and e-mail message
-new_user_output="/root/ldap-scripts/tmp/user-add_output"
-new_user_email="/root/ldap-scripts/tmp/user-add_email"
-##### End of Customize Variables #####
-#=====================================
-# Functions; Main starts after
-#=====================================
-function show_usage
-{
-  echo -e "\n==== IPA: User Add ===="
-  echo -e "\nDescripton: Add a new user to FreeIPA and e-mail them the temporary random password."
-  echo -e "\n--Usage--"
-  echo -e "./user-add.sh [OPTIONS]"
-  echo -e "\n-OPTIONS-"
-  echo -e "-h                    => Display usage."
-  echo -e "-u username           => Username to add."
-  echo -e "\n--Other Requirements--"
-  echo -e "-> FreeIPA admin access."
-  echo -e
-}
-#=======================
-# Get Script Arguments
-#=======================
-# Reset POSIX variable in case it has been used previously in this shell
-OPTIND=1
-while getopts "hu:" opt; do
-  case "${opt}" in
-    h) # -h (help) argument
-      show_usage
-      exit 0
-    ;;
-    u) # -u (username) argument
-      user_name="${OPTARG}"
-    ;;
-    *) # invalid argument
-      show_usage
-      exit 0
-    ;;
-  esac
-done
-#==================
-# Pre-Checks
-#==================
-# See if we have a kerberos ticket, if not, prompt login
-/usr/bin/klist -s
-if [[ $? -ne 0 ]]; then
-  echo ">> No kerberos ticket found for (${admin_user}), login as ${admin_user} now:"
-  /usr/bin/kinit ${admin_user}
-  echo
-fi
-#==================
-# Main Starts Here
-#==================
-echo -e "================================================"
-echo -e "####============ IPA: User Add =============####"
-echo -e "================================================"
-echo
-echo -e "This script will add a new user to FreeIPA and e-mail notification to them.\n"
-#### Gather Information ####
-## If no argument, prompt for username
-if [[ -z "${user_name}" ]]; then
-  echo -en "-> Username: "
-  read user_name
-else
-  # Otherwise, show user name provided from argument
-  echo -e "-> Username: ${user_name}"
-fi
-echo -en "-> User ID (auto assigned if not provided): "
-read user_id
-echo -en "-> First Name: "
-read user_firstname
-echo -en "-> Last Name: "
-read user_lastname
-echo -en "-> Job Title: "
-read user_jobtitle
-echo -en "-> Email Address: "
-read user_email
-echo -en "-> Phone Number: "
-read user_phone
-echo -e "\n-User's Shell-"
-echo -e "1) bash (default)"
-echo -e "2) tcsh"
-echo -e "3) sh"
-echo -e "4) csh"
-echo -en "=> Enter a number [Default: 1]: "
-read user_shell_menu
-# Set a shell path
-case ${user_shell_menu} in
-)
-    user_shell="/bin/bash"
-  ;;
-)
-    user_shell="/bin/tcsh"
-  ;;
-)
-    user_shell="/bin/sh"
-  ;;
-)
-    user_shell="/bin/csh"
-  ;;
-  *)
-    user_shell="/bin/bash"
-  ;;
-esac
-# Review information
-echo -e "\n>> Create a new user with the following information?"
-echo -e "Username: ${user_name}"
-if [[ -z ${user_id} ]]; then
-  echo -e "User ID: (Will be auto generated)"
-else
-  echo -e "User ID: ${user_id}"
-fi
-echo -e "First Name: ${user_firstname}"
-echo -e "Last Name: ${user_lastname}"
-echo -e "Job Title: ${user_jobtitle}"
-echo -e "Email Address: ${user_email}"
-echo -e "Phone Number: ${user_phone}"
-echo -e "Shell: ${user_shell}"
-echo -en "\n=> Create user and email them a temporary random password? [y/n]: "
-read create_user
-# Exit if not yes ("y")
-if [[ ${create_user} != "y" ]]; then
-  echo -e "\n>> Will NOT create user. Exiting..."
-  exit 1
-fi
-# Create user with the info provided, set a random password
-if [[ -z ${user_id} ]]; then
-  # User ID not provided, generate one automatically
-  /usr/bin/ipa user-add ${user_name} --gidnumber="100" --first="${user_firstname}" --last="${user_lastname}" --title="${user_jobtitle}" --email="${user_email}" --phone="${user_phone}" --shell="${user_shell}" --random > ${new_user_output}
-  # If the ipa user-add command had an error, exit.
-  if [[ $? -ne 0 ]]; then
-    echo -e "\n>> ERROR: ipa user-add exited with a non zero return code. Exiting..."
-    # Clear contents of tmp password file
-    cat /dev/null > ${new_user_output}
-    exit 1
-  fi
-else
-  # User ID provided, use that one
-  /usr/bin/ipa user-add ${user_name} --uid="${user_id}" --gidnumber="100" --first="${user_firstname}" --last="${user_lastname}" --title="${user_jobtitle}" --email="${user_email}" --phone="${user_phone}" --shell="${user_shell}" --random > ${new_user_output}
-  # If the ipa user-add command had an error, exit.
-  if [[ $? -ne 0 ]]; then
-    echo -e "\n>> ERROR: ipa user-add exited with a non zero return code. Exiting..."
-    # Clear contents of tmp password file
-    cat /dev/null > ${new_user_output}
-    exit 1
-  fi
-fi
-### Email the user the temporary random password ###
-# Get temp random password from user output file
-user_tmp_password="$(awk '/password/ {print $3}' ${new_user_output})"
-# Clear contents of tmp password file
-cat /dev/null > ${new_user_output}
-# Create email message
-echo -e "${user_firstname}," > ${new_user_email}
-echo -e "\nYour new Linux account has been created." >> ${new_user_email}
-echo -e "\nUsername: ${user_name}" >> ${new_user_email}
-echo -e "Temporary Password: ${user_tmp_password}" >> ${new_user_email}
-echo -e "\nLogin with the above temporary password to one of the systems that you have access to." >> ${new_user_email}
-echo -e "Alternatively, login to the self-service portal: ${self_service_portal}" >> ${new_user_email}
-echo -e "\nAfter you login with the above temporary password, you will be prompted to change it." >> ${new_user_email}
-echo -e "\nYour new password requirements are:" >> ${new_user_email}
-echo ">At least 12 characters in length" >> ${new_user_email}
-echo ">At least 3 types of characters from the following categories:" >> ${new_user_email}
-echo "--Upper case letters" >> ${new_user_email}
-echo "--Lower case letters" >> ${new_user_email}
-echo "--Numbers" >> ${new_user_email}
-echo "--Special Characters" >> ${new_user_email}
-echo -e "\nIf you have any questions, please contact your System Administrators." >> ${new_user_email}
-echo -e "\n----\nSystem Administrators" >> ${new_user_email}
-echo "${system_admins_email}" >> ${new_user_email}
-# E-mail User the random password with login instructions
-echo -e "\n>>E-mailing ${user_email} their new login information..."
-/usr/bin/mail -s "Linux Account Created" -r ${system_admins_email} ${user_email} < ${new_user_email}
-# Clear out contents of temporary email file
-cat /dev/null > ${new_user_email}
-echo -e "\n================================================"
-echo -e "####========== User Add Complete ===========####"
-echo -e "================================================"
-</code>
-----