This file is indexed.

/usr/bin/ldap-add-user-to-group is in debian-edu-config 1.818+deb8u2.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#!/bin/bash 
# $Id$
# This script takes 2 parameters
# The username and the group to add the user into
# use at own risk

UNAME=$1
GROUP=$2

if [ -z "$UNAME" -o -z "$GROUP" ] ; then 
  echo -e "usage:\n\t$0 <username> <group>"
  echo
  echo "  Adds a user as a member in the given group."
  exit 9
fi

# Locate the LDAP admin DN
admindn=$(ldapsearch -x "(&(cn=admin)(objectClass=simpleSecurityObject))" 2>/dev/null | perl -p0e 's/\n //g' | awk '/^dn: / {print $2}')

# Look up group DN
groupdn=$(ldapsearch -x "(&(cn=$GROUP)(objectClass=posixGroup))" 2>/dev/null | perl -p0e 's/\n //g' | awk '/^dn: / {print $2}')
if [ "$groupdn" ] ; then
    cat << EOF | ldapmodify -ZZ -D "$admindn" -W -v -x
dn: $groupdn
changetype: modify
add: memberUid
memberUid: $UNAME
EOF
else
    groupdn=$(ldapsearch -x "(&(cn=$GROUP)(objectClass=groupOfNames))" 2>/dev/null | perl -p0e 's/\n //g' | awk '/^dn: / {print $2}')
    if [ "$groupdn" ] ; then
	userdn=$(ldapsearch -x "(&(uid=$UNAME)(objectClass=posixAccount))" 2>/dev/null | perl -p0e 's/\n //g' | awk '/^dn: / {print $2}')
	cat << EOF | ldapmodify -ZZ -D "$admindn" -W -v -x
dn: $groupdn
changetype: modify
add: member
member: $userdn
EOF
    else
	echo "error: unable to find group"
    fi
fi