Account Management Plugin
This plugin provides various variables for forms, form elements and actions for the D-INFK account management.
Syntax Rules
This plugin provides the following commands:
- %ACCTMGTCONTROL{...}%
- %ACCTMGTFORM{...}%
- %ACCTMGTFIELD{...}%
- %ACCTMGTACTION{...}%
- %ACCTMGTHELP{...}%
- %ACCTMGTPARAM{...}%
- %ACCTMGTTOOL{...}%
Attributes
The following attributes are supported. Not all attributes work for each command and command type:
| Attribute |
Values |
Description |
type |
see for each command above |
The type of form, action, control, etc. |
whereadmin |
yes/no |
For forms and controls that contain selectors this will limit the items to be selected to items which the authenticated user can administer (eg. OUs, groups, users, etc.) |
wheremember |
yes/no |
For forms and controls that contain selectors this will limit the items to be selected to items where the authenticated user is member (eg. OUs, groups, etc.) |
level |
isg/ik/responsible/all |
For forms and action the level describes the feature level of the form or action |
starttopic |
topic name |
For any action the topic to go to if an unusual error is detected, usually because the user messed with CGI parameters |
empty |
string |
For selectors the string to display in teh unselected state. Defaults to 'Please select...' |
default |
selection keyword |
For selectors the parameter value to pre-select a default entry |
new |
yes/no |
For forms this will start with an empty form if set. Otherwise the form will be populated with the current values for the item to be modified. |
errortopic |
topic name |
Topic to redirect to in case of errors |
create |
topic name |
Topic for the [create] link generated in the user lists of the nethz=search action |
show |
topic name |
Topic for the [show] link generated in the user lists of the nethz=search and user_list actions |
delete |
topic name |
Topic for the [delete] link generated in the user lists of the nethz=search and user_list actions |
modify |
topic name |
Topic for the [modify] link generated in the user lists of the user_list action |
nethz |
topic name |
Topic for the [nethz] link generated in the user lists of the user_list action |
Controls
The command
%ACCTMGTCONTROL{...}%
can be used to insert various controls into a form. For more infos on how forms work, please see below.
The following types are supported:
| type |
group_selector |
| attributes |
whereadmin, default |
| description |
Inserts a XHTML select tag for UNIX groups |
| parameter name |
group |
| parameter value |
The selected UNIX group name |
| type |
netgroup_selector |
| attributes |
whereadmin, default |
| description |
Inserts a XHTML select tag for UNIX netgroups |
| parameter name |
netgroup |
| parameter value |
The selected UNIX netgroup name |
| type |
ou_selector |
| attributes |
whereadmin, wheremember, default, empty |
| description |
Inserts a XHTML select tag for OUs |
| parameter name |
ou |
| parameter value |
The selected OU name |
| type |
subou_selector |
| attributes |
level, empty |
| description |
Inserts a XHTML select tag for the standard sub-OU names. The names system and other are only available for level isg. |
| parameter name |
subou |
| parameter value |
The selected sub-OU name |
| type |
user_shell_selector |
| attributes |
- |
| parameters |
ou |
| description |
Inserts a XHTML select tag for the shells. The ou CGI parameter must be present and is be used to preselect the shell. |
| parameter name |
shell |
| parameter value |
The selected shell path. One of /bin/sh, /bin/tcsh, /bin/bash or /bin/csh |
| type |
user_selector |
| attributes |
whereadmin |
| parameters |
ou |
| description |
Inserts a XHTML select tag for the users of an OU. The ou CGI parameter must be present and is used to gather the user list. |
| parameter name |
uname |
| parameter value |
The selected user |
The command
%ACCTMGTFORM{...}%
can be used to insert various forms into a TWiki page. The following types are supported:
| type |
group_editor |
| attributes |
new, level, whereadmin |
| parameters |
group |
| description |
Inserts a group edit form |
| parameters |
group (group name)
gid (numeric group ID)
members (list of unames)
class (group class)
expire (expiration date)
responsible (uname of responsible user)
comment (comment string) |
| type |
netgroup_editor |
| attributes |
new, level, whereadmin |
| parameters |
netgroup |
| description |
Inserts a netgroup edit form |
| parameters |
netgroup (group name)
hosts (list of host names)
members (list of member netgroups)
class (netgroup class)
responsible (uname of responsible user)
comment (comment string) |
| type |
ou_editor |
| attributes |
new, level |
| parameters |
ou |
| description |
Inserts an OU edit form |
| parameters |
ou (OU name)
lz (cost center)
vuser (virtual user)
class (OU class)
name (descriptive name)
comment (comment string) |
| type |
user_editor |
| attributes |
level |
| parameters |
uname, ou |
| description |
Inserts a user edit form. The quota part of the form will only be shown if the quota attribute is set for the OU. |
| parameters |
uname (user name)
ou (OU name)
gid (numeric group ID)
gecos (gecos field)
shell (login shell)
home (home directory)
nismapentry (NFS path of home directory)
class (user class)
expire (expiration date)
responsible (uname of responsible user)
comment (comment string)
ik (IK flag)
automated (automated flag)
quota_blocks (blocks quota)
quota_lblocks (blocks quota limit)
quota_files (files quota)
quota_lfiles (files quota limit) |
| type |
template_editor |
| attributes |
new, level |
| parameters |
ou, subou |
| description |
Inserts a template edit form. The quota part of the form will only be shown if the quota attribute is set for the OU. |
| parameters |
ou (OU name)
gid (numeric group ID)
shell (login shell)
home (home directory pattern)
nismapentry (NFS path pattern of home directory)
ous (member OUs)
groups (member groups)
netgroups (added netgroups)
quota_blocks (blocks quota)
quota_lblocks (blocks quota limit)
quota_files (files quota)
quota_lfiles (files quota limit) |
| type |
user_creator |
| attributes |
whereadmin |
| parameters |
uname |
| description |
Inserts a user creation form |
| parameters |
uname (user name)
ou (OU name)
class (user class)
expire (expiration date)
responsible (uname of responsible user)
comment (comment string) |
| type |
user_deletor |
| attributes |
whereadmin |
| parameters |
uname |
| description |
Inserts a user deletion form |
| parameters |
uname (user name)
ou (OU name) |
The XHTML form tags are not included an must be provided by the topic. The form method must be
get and not
post. The form link should usually point to a topic where an
%ACCTMGTACTION{...}% command processes the parameters.
Example:
<nop>%TABLE{tableborder="0" headerbg="#FFFFFF" databg="#FFFFFF"}<nop>%
<form action="DoneWebHomeAccountManagementUsersCreate" method="get">
<nop>%ACCTMGTFORM{type="user_creator" whereadmin="yes"}<nop>%
| | |
| | <input type="submit" value="Create" /> |
</form>
Actions
The command
%ACCTMGTACTION{...}%
can be used to create a TWiki page that will perform a given action when loaded with a set of CGI parameters. Pages containing actions should otherwise not containt other content, unless noted otherwise. The action will usually generate a verbose status message.
The following types are supported:
| type |
auth_check |
| attributes |
errortopic |
| parameters |
- |
| description |
Verifies that the page is loaded by an user who has authenticated himself. If not a redirect to error topic is triggered. This action can be included in any topic that requires user authentication on a per-topic basis |
| Output |
- |
| type |
error_msg |
| attributes |
text (text format string) |
| parameters |
error (error text) |
| description |
Inserts an error text if error is defined. This action can be combined with forms and fields. Currently error is set by the template_modify and user_modify forms when the selected template or user is not set and a redirect to starttopic is triggered. |
| Output |
(text) |
| type |
group_create |
| attributes |
- |
| parameters |
group (group name)
gid (numeric group ID)
members (list of unames)
class (group class)
expire (expiration date)
responsible (uname of responsible user)
comment (comment string) |
| description |
Creates a UNIX group |
| Output |
Descriptive success or error message |
| type |
group_modify |
| attributes |
level |
| parameters |
group (group name)
gid (numeric group ID)
members (list of unames)
class (group class)
expire (expiration date)
responsible (uname of responsible user)
comment (comment string) |
| description |
Modifies an existing UNIX group |
| Output |
Descriptive success or error message |
| type |
group_delete |
| attributes |
- |
| parameters |
group (group name) |
| description |
Deletes an existing UNIX group |
| Output |
Descriptive success or error message |
| type |
group_show |
| attributes |
- |
| parameters |
group (group name) |
| description |
Displays details of an existing UNIX group |
| Output |
Output of group_tool --list |
| type |
netgroup_create |
| attributes |
- |
| parameters |
netgroup (netgroup name)
host (list of hosts)
members (list of member netgroups)
class (netgroup class)
responsible (uname of responsible user)
comment (comment string) |
| description |
Creates a UNIX netgroup |
| Output |
Descriptive success or error message |
| type |
netgroup_modify |
| attributes |
level |
| parameters |
netgroup (netgroup name)
host (list of hosts)
members (list of member netgroups)
class (netgroup class)
responsible (uname of responsible user)
comment (comment string) |
| description |
Modifies an existing UNIX netgroup |
| Output |
Descriptive success or error message |
| type |
netgroup_delete |
| attributes |
- |
| parameters |
netgroup (netgroup name) |
| description |
Deletes an existing UNIX netgroup |
| Output |
Descriptive success or error message |
| type |
netgroup_show |
| attributes |
- |
| parameters |
netgroup (netgroup name) |
| description |
Displays details of an existing UNIX netgroup |
| Output |
Output of netgroup_tool --list |
| type |
ou_create |
| attributes |
- |
| parameters |
ou (OU name)
name (descriptive name)
lz (cost center)
class (OU class)
vuser (virtual user)
comment (comment string) |
| description |
Creates a new OU |
| Output |
Descriptive success or error message |
| type |
ou_modify |
| attributes |
- |
| parameters |
ou (OU name)
name (descriptive name)
lz (cost center)
class (OU class)
vuser (virtual user)
comment (comment string) |
| description |
Modifies an existing OU |
| Output |
Descriptive success or error message |
| type |
ou_delete |
| attributes |
- |
| parameters |
ou (OU name) |
| description |
Deletes an existing OU |
| Output |
Descriptive success or error message |
| type |
ou_show |
| attributes |
- |
| parameters |
ou (OU name) |
| description |
Displays details of an existing OU and its sub-OUs |
| Output |
Output of ou_tool --list --subou |
| type |
user_create |
| attributes |
- |
| parameters |
uname (user name)
ou (OU name)
class (user class)
expire (expiration date)
responsible (uname of responsible user)
comment (comment string) |
| description |
Creates a user |
| Output |
Descriptive success or error message |
| type |
user_modify |
| attributes |
level |
| parameters |
uname (user name)
ou (OU name)
gid (numeric group ID)
gecos (gecos field)
shell (login shell)
home (home directory)
nismapentry (NFS path of home directory)
class (user class)
expire (expiration date)
responsible (uname of responsible user)
comment (comment string)
ik (IK flag)
automated (automated flag)
quota_blocks (blocks quota)
quota_lblocks (blocks quota limit)
quota_files (files quota)
quota_lfiles (files quota limit) |
| description |
Modifies an existing user |
| Output |
Descriptive success or error message |
| type |
user_delete |
| attributes |
- |
| parameters |
uname (user name)
ou (OU name) |
| description |
Deletes an existing user |
| Output |
Descriptive success or error message |
| type |
user_show |
| attributes |
- |
| parameters |
uname (user name)
ou (OU name)
subou (sub-OU flag) |
| description |
Displays details of an existing user in one/all OUs (and sub-OUs) |
| Output |
Output of user_tool --list --subou |
| type |
user_list |
| attributes |
show, modify, delete, nethz |
| parameters |
ou (OU name) |
| description |
Displays a table with a list of all users in an OU. A set of links is included to quickly show details, modify and delete users. |
| Output |
Page with a table containing all users in an OU |
| type |
user_shell_modify |
| attributes |
- |
| parameters |
ou (OU name)
shell (login shell) |
| description |
Modifies the shell of the authenticated user in an OU. The sell must be one of /bin/sh, /bin/tcsh, /bin/bash or /bin/csh. |
| Output |
"Your shell has been successfully changed to $shell" |
| type |
nethz_show |
| attributes |
- |
| parameters |
uname (user name) |
| description |
Displays details of an existing n.ethz user |
| Output |
Output of nethz_tool --list |
| type |
nethz_search |
| attributes |
show, create |
| parameters |
uname (user name pattern)
firstname (first name pattern)
lastname (last name pattern)
name (name pattern)
nuid (numeric UID)
npid (NPID)
legi (student ID)
ou (organizational unit) |
| description |
Displays the search result. A set of links is included to quickly show details and create users in an OU |
| Output |
Output of nethz_tool --search |
| type |
template_modify |
| attributes |
level |
| parameters |
ou (OU name)
gid (numeric group ID)
shell (login shell)
home (home directory pattern)
nismapentry (NFS path pattern of home directory)
ous (member OUs)
groups (member groups)
netgroups (added netgroups)
quota_blocks (blocks quota)
quota_lblocks (blocks quota limit)
quota_files (files quota)
quota_lfiles (files quota limit) |
| description |
Modifies an template |
| Output |
Descriptive success or error message |
Miscellaneous
Fields
The command
%ACCTMGTFIELD{text="field name" mandatory="yes|no"}%
can be used to insert a field table entry of the form "| field name: | ". The text will be rendered bold if mandatory is
yes. Default is not mandatory. In a topic this command can be used as follows:
%ACCTMGTFIELD{text="Select OU" mandatory="yes"}%%ACCTMGTCONTROL{type="ou_selector"}% |
Parameters
The command
%ACCTMGTPARAM{name="parameter name"}%
can be used to insert the URL decoded value of a CGI parameter passed to the current topic. In a topic this command can be used as follows:
---++ Details for User '%ACCTMGTPARAM{name="uname"}%'
%ACCTMGTACTION{type="user_show"}%
Help
The command
%ACCTMGTHELP{}%
can be used to insert the man page of a tool. The tool name mist be passed as CGI parameter
tool. The following tools are recognized:
-
group_tool
-
netgroup_tool
-
ou_tool
-
nethz_tool
-
user_tool
-
template_tool
-
undo_tool
-
pwcd
-
home_mgr
-
acct_mgr
-
info_mgr
Typically there would be a page containing links for all tools:
<A HREF="ManPages?tool=group_tool">group_tool</A>
<A HREF="ManPages?tool=netgroup_tool">netgroup_tool</A>
...
The topic
ManPages of the link pointed at would only contain:
%ACCTMGTHELP{}%
Use of Topics
For a standard form there is typically one topic containing the form that is reachable through links or the regular topic hierarchy.
Another topic is needed to perform an action using the parameters of the form. This topic should not be shown in the topic hierarchy as a sub-topic. On a normal TWiki installation this can be achieved by putting teh sub-topic name
at the beginning of the whole parent topic string. Such sub-topics are not shown in the sub-topic tree.
If for example there is a topic
AcctMgtCreateUser containing a user create form (
%ACCTMGTFORM{type="user_creator"}%), the topic containing the action to create the user (
%ACCTMGTACTION{type="user_create"}%) could be named
DoAcctMgtCreateUser.
Full Example
A full example is given here see how it all works together. The goal is to have a set of topics to modify a user. The first topic
AcctMgtUserModify will have the necessary controls to select a user and an OU:
...
<form action="EditAcctMgtUserModify" method="get">
%ACCTMGTFIELD{text="Login name"mandatory="yes"}%<input size="20" name="uname" /> %ACCTMGTACTION{type="error_msg" text="No user '%s' in OU '%s'"}%|
%ACCTMGTFIELD{text="OU" anchor="ou" mandatory="yes"}%%ACCTMGTCONTROL{type="ou_selector" whereadmin="yes"}%|
| | <input type="submit" value="Modify" /> |
</form>
...
The description of the input fields is done using
%ACCTMGTFIELD{...}%. The form URL is the the topic that contains the edit form. The sub-topic name
Edit is added at the beginning of the string to hide it in the sub-topic tree. Because the
user_modify form supports redirection to an error topic,
an
error_msg action is added to display an error text if no such user exists in the OU.
The topic
EditAcctMgtUserModify contains the form:
---++ Modify User '%ACCTMGTPARAM{name="uname"}%' in OU '%ACCTMGTPARAM{name="ou"}%'
...
<form action="DoneAcctMgtUserModify" method="get">
%ACCTMGTFORM{type="user_editor" starttopic="AcctMgtUserModify"}%
| | <input type="submit" value="Modify" /> |
</form>
...
The topic name uses
%ACCTMGTPARAM{...}% to display the selected user name and OU in the topic title. The form URL this time contains the action to modify the user. Insted of a new sub-topic of the edit topic
EditAcctMgtUserModify a sister topic
DoneAcctMgtUserModify is used. The form will trigger a redirect to
starttopic if the user to modify does not exist.
The
DoneAcctMgtUserModify topic only contains the
user_modify action:
%ACCTMGTACTION{type="user_modify" starttopic="AcctMgtUserModify"}%
The action will trigger a redirect to
starttopic if the passed parameters are invalid.
Plugin Installation Instructions
- Copy
AccountManagementPlugin.pm to .../lib/TWiki/Plugins/
- Copy
AccountManagementPlugin.txt to .../data/TWiki/
- Restart the webserver
The plugin requires that the account management scripts are available
and working in
/usr/supp/accts and that the credentials file
/etc/supp/credentials contains all passwords and is readable by the webserver process.
Plugin Info
| Plugin Author: |
StefanWalter |
| Plugin Version: |
27 Oct 2006 |
| Change History: |
|
| 15 Oct 2024: |
Ported to foswiki |
| 27 Oct 2006: |
First release |
| CPAN Dependencies: |
none |
| Other Dependencies: |
none |
| Perl Version: |
5.0 |
Related Topics: TWikiPreferences,
TWikiPlugins
--
StefanWalter - 27 Oct 2006
PAM
Copyright © by the contributing authors. All material on this site is the property of the contributing authors.