linux_wiki:freeipa_user_add

FreeIPA User Add

General Information

This script adds a new user account to FreeIPA and emails the user a temporary random password.

Checklist


The Script

Run this script on your FreeIPA server to add a new user account.

user-add.sh
#!/bin/bash
# Name: user-add.sh
# Description: Add a new user to FreeIPA and email them a temporary random password.
# Last Updated: 2016-10-07
# Recent Changes:-Added support for username and help arguments
###############################################################################################
 
##### Customize These Variables #####
# admin credentials
admin_user="admin"
 
# system admins email
system_admins_email="sysadmins@example.com"
 
# self-service portal URL
self_service_portal="https://ipaserver.example.com/ipa/ui/"
 
# Temp files for output parsing and e-mail message
new_user_output="/root/ldap-scripts/tmp/user-add_output"
new_user_email="/root/ldap-scripts/tmp/user-add_email"
##### End of Customize Variables #####
 
#=====================================
# Functions; Main starts after
#=====================================
function show_usage
{
  echo -e "\n==== IPA: User Add ===="
  echo -e "\nDescripton: Add a new user to FreeIPA and e-mail them the temporary random password."
  echo -e "\n--Usage--"
  echo -e "./user-add.sh [OPTIONS]"
  echo -e "\n-OPTIONS-"
  echo -e "-h                    => Display usage."
  echo -e "-u username           => Username to add."
  echo -e "\n--Other Requirements--"
  echo -e "-> FreeIPA admin access."
  echo -e
}
 
#=======================
# Get Script Arguments
#=======================
# Reset POSIX variable in case it has been used previously in this shell
OPTIND=1
 
while getopts "hu:" opt; do
  case "${opt}" in
    h) # -h (help) argument
      show_usage
      exit 0
    ;;
    u) # -u (username) argument
      user_name="${OPTARG}"
    ;;
    *) # invalid argument
      show_usage
      exit 0
    ;;
  esac
done
 
#==================
# Pre-Checks
#==================
 
# See if we have a kerberos ticket, if not, prompt login
/usr/bin/klist -s
if [[ $? -ne 0 ]]; then
  echo ">> No kerberos ticket found for (${admin_user}), login as ${admin_user} now:"
  /usr/bin/kinit ${admin_user}
  echo
fi
 
#==================
# Main Starts Here
#==================
 
echo -e "================================================"
echo -e "####============ IPA: User Add =============####"
echo -e "================================================"
echo
echo -e "This script will add a new user to FreeIPA and e-mail notification to them.\n"
 
 
#### Gather Information ####
 
## If no argument, prompt for username
if [[ -z "${user_name}" ]]; then
  echo -en "-> Username: "
  read user_name
else
  # Otherwise, show user name provided from argument
  echo -e "-> Username: ${user_name}"
fi
 
echo -en "-> User ID (auto assigned if not provided): "
read user_id
 
echo -en "-> First Name: "
read user_firstname
 
echo -en "-> Last Name: "
read user_lastname
 
echo -en "-> Job Title: "
read user_jobtitle
 
echo -en "-> Email Address: "
read user_email
 
echo -en "-> Phone Number: "
read user_phone
 
echo -e "\n-User's Shell-"
echo -e "1) bash (default)"
echo -e "2) tcsh"
echo -e "3) sh"
echo -e "4) csh"
echo -en "=> Enter a number [Default: 1]: "
read user_shell_menu
 
# Set a shell path
case ${user_shell_menu} in
  1)
    user_shell="/bin/bash"
  ;;
  2)
    user_shell="/bin/tcsh"
  ;;
  3)
    user_shell="/bin/sh"
  ;;
  4)
    user_shell="/bin/csh"
  ;;
  *)
    user_shell="/bin/bash"
  ;;
esac
 
# Review information
echo -e "\n>> Create a new user with the following information?"
echo -e "Username: ${user_name}"
 
if [[ -z ${user_id} ]]; then
  echo -e "User ID: (Will be auto generated)"
else
  echo -e "User ID: ${user_id}"
fi
 
echo -e "First Name: ${user_firstname}"
echo -e "Last Name: ${user_lastname}"
echo -e "Job Title: ${user_jobtitle}"
echo -e "Email Address: ${user_email}"
echo -e "Phone Number: ${user_phone}"
echo -e "Shell: ${user_shell}"
echo -en "\n=> Create user and email them a temporary random password? [y/n]: "
read create_user
 
# Exit if not yes ("y")
if [[ ${create_user} != "y" ]]; then
  echo -e "\n>> Will NOT create user. Exiting..."
  exit 1
fi
 
# Create user with the info provided, set a random password
if [[ -z ${user_id} ]]; then
  # User ID not provided, generate one automatically
  /usr/bin/ipa user-add ${user_name} --gidnumber="100" --first="${user_firstname}" --last="${user_lastname}" --title="${user_jobtitle}" --email="${user_email}" --phone="${user_phone}" --shell="${user_shell}" --random > ${new_user_output}
 
  # If the ipa user-add command had an error, exit.
  if [[ $? -ne 0 ]]; then
    echo -e "\n>> ERROR: ipa user-add exited with a non zero return code. Exiting..."
    # Clear contents of tmp password file
    cat /dev/null > ${new_user_output}
    exit 1
  fi
else
  # User ID provided, use that one
  /usr/bin/ipa user-add ${user_name} --uid="${user_id}" --gidnumber="100" --first="${user_firstname}" --last="${user_lastname}" --title="${user_jobtitle}" --email="${user_email}" --phone="${user_phone}" --shell="${user_shell}" --random > ${new_user_output}
 
  # If the ipa user-add command had an error, exit.
  if [[ $? -ne 0 ]]; then
    echo -e "\n>> ERROR: ipa user-add exited with a non zero return code. Exiting..."
    # Clear contents of tmp password file
    cat /dev/null > ${new_user_output}
    exit 1
  fi
fi
 
### Email the user the temporary random password ###
 
# Get temp random password from user output file
user_tmp_password="$(awk '/password/ {print $3}' ${new_user_output})"
 
# Clear contents of tmp password file
cat /dev/null > ${new_user_output}
 
# Create email message
echo -e "${user_firstname}," > ${new_user_email}
echo -e "\nYour new Linux account has been created." >> ${new_user_email}
echo -e "\nUsername: ${user_name}" >> ${new_user_email}
echo -e "Temporary Password: ${user_tmp_password}" >> ${new_user_email}
 
echo -e "\nLogin with the above temporary password to one of the systems that you have access to." >> ${new_user_email}
echo -e "Alternatively, login to the self-service portal: ${self_service_portal}" >> ${new_user_email}
 
echo -e "\nAfter you login with the above temporary password, you will be prompted to change it." >> ${new_user_email}
 
echo -e "\nYour new password requirements are:" >> ${new_user_email}
echo ">At least 12 characters in length" >> ${new_user_email}
echo ">At least 3 types of characters from the following categories:" >> ${new_user_email}
echo "--Upper case letters" >> ${new_user_email}
echo "--Lower case letters" >> ${new_user_email}
echo "--Numbers" >> ${new_user_email}
echo "--Special Characters" >> ${new_user_email}
 
echo -e "\nIf you have any questions, please contact your System Administrators." >> ${new_user_email}
echo -e "\n----\nSystem Administrators" >> ${new_user_email}
echo "${system_admins_email}" >> ${new_user_email}
 
# E-mail User the random password with login instructions
echo -e "\n>>E-mailing ${user_email} their new login information..."
/usr/bin/mail -s "Linux Account Created" -r ${system_admins_email} ${user_email} < ${new_user_email}
 
# Clear out contents of temporary email file
cat /dev/null > ${new_user_email}
 
echo -e "\n================================================"
echo -e "####========== User Add Complete ===========####"
echo -e "================================================"

  • linux_wiki/freeipa_user_add.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)