Difference between revisions of "Linking to Active Directory Home Directories using CentrifyDN"

From ubermix Wiki
Jump to: navigation, search
m
m
Line 18: Line 18:
 
''' 2. Create Script with adhome.pl based on article above and place in /usr/bin/adhome.pl '''
 
''' 2. Create Script with adhome.pl based on article above and place in /usr/bin/adhome.pl '''
  
 +
''' OPEN TERMINAL with Ctrl-T if it is not already open '''
  
 
     sudo -i
 
     sudo -i
Line 24: Line 25:
 
''' 2a. Copy the Shell Script into adhome.pl '''
 
''' 2a. Copy the Shell Script into adhome.pl '''
 
      
 
      
    <nowiki>#!/bin/sh /usr/share/centrifydc/perl/run
+
  <nowiki> #!/bin/sh /usr/share/centrifydc/perl/run
    # This script uses ldap to fetch user homeDirectory from AD  
+
  #This script uses ldap to fetch user homeDirectory from AD  
    # and mount/umount by smbmount and smbumount</nowiki>
+
  #and mount/umount by smbmount and smbumount</nowiki>
     <nowiki>use strict;</nowiki>
+
      
    <nowiki>#use MIME::Base64;</nowiki>
+
  <nowiki>use strict;</nowiki>
    <nowiki>use File::Spec;</nowiki>
+
 
    <nowiki># get base dn</nowiki>
+
  <nowiki># use MIME::Base64;</nowiki>
    <nowiki>my $zone_base = `cat /va/centrifydc/kset.zonename`;</nowiki>
+
  <nowiki>use File::Spec;</nowiki>
    <nowiki>#get user CN</nowiki>
+
  <nowiki># get the base dn</nowiki>
    <nowiki>my $cn = `adquery user -D ${ARGV[0]} | cut -d, -f1`;</nowiki>
+
 
    <nowiki>#print $cn;</nowiki>
+
  <nowiki>my $zone_base = `cat /va/centrifydc/kset.zonename`;</nowiki>
    <nowiki>my @cn = split(/\n/,$cn);</nowiki>
+
  <nowiki># get user CN</nowiki>
    <nowiki>#ldap search</nowiki>
+
 
    <nowiki>#search for the homeDirectory attribute of user in AD in autozone mode</nowiki>
+
  <nowiki>my $cn = `adquery user -D ${ARGV[0]} | cut -d, -f1`;</nowiki>
    <nowiki>#also cut the path out and change backward slash to forward slash</nowiki>
+
  <nowiki>#print $cn;</nowiki>
    <nowiki>my $ldap = `/usr/share/centrifydc/bin/ldapsearch -Q -H "LDAP://" -b "$zone_base"  -LLL "(@cn)" homeDirectory | grep homeDirectory | cut -d: -f2 | sed 's:\\\\:/:g' `; <\nowiki>
+
  <nowiki>my @cn = split(/\n/,$cn);</nowiki>
    <nowiki>#print $ldap;<\nowiki>
+
  <nowiki>#ldap search</nowiki>
    <nowiki>#split the output into single line</nowiki>
+
  <nowiki>#search for the homeDirectory attribute of user in AD in autozone mode</nowiki>
    <nowiki>my @line = split(/\n/, $ldap);</nowiki>
+
  <nowiki>#also cut the path out and change backward slash to forward slash</nowiki>
    <nowiki>#print @line;</nowiki>
+
  <nowiki>my $ldap = `/usr/share/centrifydc/bin/ldapsearch -Q -H "LDAP://" -b "$zone_base"  -LLL "(@cn)" homeDirectory | grep homeDirectory | cut -d: -f2 | sed 's:\\\\:/:g' `;
    <nowiki>#if ldapsearch result is not blank</nowiki>
+
  #print $ldap;
    <nowiki>if (@line )</nowiki>
+
  #split the output into single line</nowiki>
    <nowiki>{</nowiki>
+
  <nowiki>my @line = split(/\n/, $ldap);</nowiki>
    <nowiki>if(${ARGV[2]} eq "mount") {</nowiki>
+
  <nowiki>#print @line;</nowiki>
    <nowiki>#mount the homeDirectory with smbmount command on mountpoint with kerberos ticket</nowiki>
+
  <nowiki>#if ldapsearch result is not blank</nowiki>
    <nowiki>my $mount = `smbmount @line ${ARGV[1]} -o sec=krb5i`;</nowiki>
+
  <nowiki>if (@line )</nowiki>
    <nowiki>#    print "mount";</nowiki>
+
  <nowiki>{</nowiki>
    <nowiki>  }</nowiki>
+
  <nowiki>if(${ARGV[2]} eq "mount") {</nowiki>
    <nowiki>}</nowiki>
+
  <nowiki>#mount the homeDirectory with smbmount command on mountpoint with kerberos ticket</nowiki>
    <nowiki>#if argument3 is umount will umount the share</nowiki>
+
  <nowiki>my $mount = `smbmount @line ${ARGV[1]} -o sec=krb5i`;</nowiki>
    <nowiki>if(${ARGV[2]} eq "umount" ){</nowiki>
+
  <nowiki>#    print "mount";</nowiki>
    <nowiki>my $mount = `smbumount ${ARGV[1]}`;</nowiki>
+
  <nowiki>  }</nowiki>
    <nowiki>#    print "umount"</nowiki>
+
  <nowiki>}</nowiki>
     <nowiki>}<\nowiki>
+
  <nowiki>#if argument3 is umount will umount the share</nowiki>
 +
  <nowiki>if(${ARGV[2]} eq "umount" ){</nowiki>
 +
  <nowiki>my $mount = `smbumount ${ARGV[1]}`;</nowiki>
 +
  <nowiki>#    print "umount"</nowiki>
 +
     }
 +
 
 +
''' -- WORK IN PROGRESS -- '''

Revision as of 22:01, 19 April 2012

See Article: http://community.centrify.com/t5/DirectControl-Express-for-UNIX/Automounting-home-directories-defined-in-AD/td-p/1044

* Disclaimer: I did not create (write) this script, or have I tested this well. Please change any errors or omissions in these instructions! *



1. Install SAMBA.

OPEN TERMINAL with Ctrl-T if it is not already open

   sudo -i
   apt-get update
  
   apt-get install samba

2. Create Script with adhome.pl based on article above and place in /usr/bin/adhome.pl

OPEN TERMINAL with Ctrl-T if it is not already open

   sudo -i
   nano /usr/bin/adhome.pl

2a. Copy the Shell Script into adhome.pl

   #!/bin/sh /usr/share/centrifydc/perl/run
   #This script uses ldap to fetch user homeDirectory from AD 
   #and mount/umount by smbmount and smbumount
    
  use strict;
  # use MIME::Base64;
  use File::Spec;
  # get the base dn
  
  my $zone_base = `cat /va/centrifydc/kset.zonename`;
  # get user CN
  
  my $cn = `adquery user -D ${ARGV[0]} | cut -d, -f1`;
  #print $cn;
  my @cn = split(/\n/,$cn);
  #ldap search
  #search for the homeDirectory attribute of user in AD in autozone mode
  #also cut the path out and change backward slash to forward slash
  my $ldap = `/usr/share/centrifydc/bin/ldapsearch -Q -H "LDAP://" -b "$zone_base"  -LLL "(@cn)" homeDirectory | grep homeDirectory | cut -d: -f2 | sed 's:\\\\:/:g' `;
   #print $ldap;
   #split the output into single line
  my @line = split(/\n/, $ldap);
  #print @line;
  #if ldapsearch result is not blank
  if (@line )
  {
  if(${ARGV[2]} eq "mount") {
  #mount the homeDirectory with smbmount command on mountpoint with kerberos ticket
  my $mount = `smbmount @line ${ARGV[1]} -o sec=krb5i`;
  #    print "mount";
    }
  }
  #if argument3 is umount will umount the share
  if(${ARGV[2]} eq "umount" ){
  my $mount = `smbumount ${ARGV[1]}`;
  #    print "umount"
   }

-- WORK IN PROGRESS --