cn: $USER
gidNumber: $ID
memberUid: $USER
-" | sudo ldapadd -x -D cn=admin,dc=hcoop,dc=net -y /etc/ldap.secret
+" | sudo ldapadd -x -D cn=admin,dc=hcoop,dc=net -y /etc/ldap.secret || true
# USER.mailfilter entry
echo "
cn: $USER.mailfilter
gidNumber: $ID_MF
memberUid: $USER.mailfilter
-" | sudo ldapadd -x -D cn=admin,dc=hcoop,dc=net -y /etc/ldap.secret
+" | sudo ldapadd -x -D cn=admin,dc=hcoop,dc=net -y /etc/ldap.secret || true
# USER.cgi entry
echo "
cn: $USER.cgi
gidNumber: $ID_CGI
memberUid: $USER.cgi
-" | sudo ldapadd -x -D cn=admin,dc=hcoop,dc=net -y /etc/ldap.secret
+" | sudo ldapadd -x -D cn=admin,dc=hcoop,dc=net -y /etc/ldap.secret || true
#
# create a mailfilter keytab (used by /etc/exim4/get-token)
sudo kadmin.local -p root/admin -q "ktadd -k /etc/keytabs/mailfilter/$USER $USER/mailfilter@HCOOP.NET"
+
# create a cgi keytab
sudo kadmin.local -p root/admin -q "ktadd -k /etc/keytabs/cgi/$USER $USER/cgi@HCOOP.NET"
sudo chown $USER:wheel /etc/keytabs/mailfilter/$USER
sudo chmod 440 /etc/keytabs/cgi/$USER /etc/keytabs/mailfilter/$USER
-# FIXME: rsync keytabs to mire?
+# rsync keytabs to mire
+rsync -e ssh -a /etc/keytabs/cgi/$USER mire.hcoop.net:/etc/keytabs/cgi/$USER
#
# Create/mount/set-perms on user's volumes (home, mail, databases, logs)
#
# HOME VOLUME
-vos create deleuze.hcoop.net /vicepa user.$USER -maxquota 400000
+vos examine user.$USER 2>/dev/null || \
+ vos create deleuze.hcoop.net /vicepa user.$USER -maxquota 400000
mkdir -p `dirname $HOMEPATH`
-fs mkm $HOMEPATH user.$USER
+fs ls $HOMEPATH || fs mkm $HOMEPATH user.$USER
chown $USER $HOMEPATH
fs sa $HOMEPATH $USER all
fs sa $HOMEPATH system:anyuser rl
mkdir -p $HOMEPATH/logs/apache
fs sa $HOMEPATH/logs/apache $USER.cgi rlwidk
+# public_html
+mkdir -p $HOMEPATH/public_html/
+fs sa $HOMEPATH/public_html system:anyuser rl
+mkdir -p $HOMEPATH/.procmail.d/
+fs sa $HOMEPATH/.procmail.d/ system:anyuser rl
+
# MAIL VOLUME
-vos create deleuze.hcoop.net /vicepa mail.$USER -maxquota 400000
+vos examine mail.$USER 2>/dev/null || \
+ vos create deleuze.hcoop.net /vicepa mail.$USER -maxquota 400000
mkdir -p `dirname $MAILPATH`
-fs mkm $MAILPATH mail.$USER
-fs mkm $HOMEPATH/Maildir mail.$USER
+fs ls $MAILPATH || fs mkm $MAILPATH mail.$USER
+fs ls $HOMEPATH/Maildir || fs mkm $HOMEPATH/Maildir mail.$USER
fs sa $MAILPATH $USER all
fs sa $MAILPATH $USER.mailfilter all
mkdir -p `dirname /afs/hcoop.net/old/user/$PATHBITS`
mkdir -p `dirname /afs/hcoop.net/old/mail/$PATHBITS`
-fs mkm /afs/hcoop.net/old/user/$PATHBITS user.$USER.backup
-fs mkm /afs/hcoop.net/old/mail/$PATHBITS mail.$USER.backup
+fs ls /afs/hcoop.net/old/user/$PATHBITS || \
+ fs mkm /afs/hcoop.net/old/user/$PATHBITS user.$USER.backup
+fs ls /afs/hcoop.net/old/mail/$PATHBITS || \
+ fs mkm /afs/hcoop.net/old/mail/$PATHBITS mail.$USER.backup
vos syncserv deleuze
vos syncvldb deleuze
#
# Finally, set password for main user's principal
# Aborting this operation is harmless. Just re-invoke cpw.
+#
+# kadmin.local doesn't report errors properly, so we have to
+# check manually
#
-sudo kadmin.local -p root/admin -q "cpw $USER@HCOOP.NET"
+sudo rm -f /tmp/kadmin.out
+sudo kadmin.local -p root/admin -q "cpw $USER@HCOOP.NET" \
+ 2>&1 | tee /tmp/kadmin.out
+cat /tmp/kadmin.out | grep 'Password for .* changed'
+sudo rm -f /tmp/kadmin.out
HCoop / clinton / scripts.git / blobdiff