ldap-sshkey2file.py: add dry-run and verbose mode

1 files changed, 16 insertions, 0 deletions

diff --git a/modules/openssh/templates/ldap-sshkey2file.py b/modules/openssh/templates/ldap-sshkey2file.py
index 7c41832d..2d2b2c27 100755
--- a/modules/openssh/templates/ldap-sshkey2file.py
+++ b/modules/openssh/templates/ldap-sshkey2file.py
@@ -43,6 +43,8 @@ parser = argparse.ArgumentParser(
 
         This script is intended to be run from cron as root;
         ''' % (peopledn, keypathprefix)))
+parser.add_argument('-n', '--dry-run', action='store_true')
+parser.add_argument('-v', '--verbose', action='store_true')
 args = parser.parse_args()
 
 def get_bindpw():
@@ -107,6 +109,13 @@ def write_keys(keys, user, uid, gid):
     if fromldap == fromfile:
         return False
 
+    if args.dry_run:
+        print "Would write %s" % keyfile
+        return True
+
+    if args.verbose:
+        print "Writing %s" % keyfile
+
     if not os.path.isdir("%s/%s" % (keypathprefix,user)):
        shutil.copytree('/etc/skel', "%s/%s" % (keypathprefix,user))
        os.chown("%s/%s" % (keypathprefix,user), uid, gid)
@@ -152,6 +161,9 @@ try:
     except:
         pass
 
+    if args.verbose:
+        print "Found users: " + ", ".join(sorted(map(lambda x: x[1]['uid'][0], res)))
+
     for result in res:
         dn, entry = result
         # skip possible system users
@@ -166,8 +178,12 @@ except Exception, e:
     raise
 
 if changed:
+    if args.verbose:
+        print "SSH keys changed"
     sys.exit(0)
 
+if args.verbose:
+    print "No changes in SSH keys"
 sys.exit(1)