manual merge

684ec99e · Chris Hines · b5ad86c2 · 7308b61f · b5ad86c2 · b5ad86c2
Commit 684ec99e authored 8 years ago by Chris Hines
--- a/roles/enable_lmod/tasks/main.yml
+++ b/roles/enable_lmod/tasks/main.yml
---
- include_vars: "{{ ansible_os_family }}.yml"
-
- name: install lua
-  yum: name={{ item }} state=installed
-  with_items:
-    - lua
-    - lua-filesystem
-    - lua-posix
-  sudo: true
-  when: ansible_os_family == 'RedHat'
-
- name: install lua
-  apt: name={{ item }} state=installed
-  with_items:
-    - lua5.2
-    - lua5.2
-    - lua-filesystem
-    - lua-bitop
-    - lua-posix
-    - liblua5.2-0
-    - liblua5.2-dev
-    - tcl
-  sudo: true
-  when: ansible_os_family == 'Debian'
-
- name: link bash
-  file: src={{ soft_dir }}/lmod/lmod/init/bash dest=/etc/profile.d/lmod.sh state=link
-  sudo: true
-
- name: link csh
-  file: src={{ soft_dir }}/lmod/lmod/init/cshrc dest=/etc/profile.d/lmod.csh state=link
-  sudo: true
--- a/roles/enable_lmod/vars/Debian.yml
+++ b/roles/enable_lmod/vars/Debian.yml
---
-lua_include: /usr/include/lua5.2
--- a/roles/enable_lmod/vars/RedHat.yml
+++ b/roles/enable_lmod/vars/RedHat.yml
---
-lua_include: /usr/local
--- a/roles/enable_modules/tasks/main.yml
+++ b/roles/enable_modules/tasks/main.yml
+---
+
+- name: template lmod bash
+  template: src=lmod.sh.j2 dest=/etc/profile.d/lmod.sh 
+  become: true
+  become_user: root
+  when: default_modules == "lmod"
+
+- name: template lmod csh
+  template: src=lmod.csh.j2 dest=/etc/profile.d/lmod.csh
+  become: true
+  become_user: root
+  when: default_modules == "lmod"
+
+- name: remove modulecmd bash
+  file: path=/etc/profile.d/modulecmd.sh state=absent
+  become: true
+  become_user: root
+  when: default_modules == "lmod"
+
+- name: remove modulcmd csh
+  file: path=/etc/profile.d/modulecmd.csh state=absent
+  become: true
+  become_user: root
+  when: default_modules == "lmod"
+
+- name: template modulecmd bash
+  template: src=modulecmd.sh.j2 dest=/etc/profile.d/modulecmd.sh
+  become: true
+  become_user: root
+  when: default_modules == "modulecmd"
+
+- name: template modulecmd csh
+  template: src=modulecmd.csh.j2 dest=/etc/profile.d/modulecmd.csh
+  become: true
+  become_user: root
+  when: default_modules == "modulecmd"
+
+- name: remove lmod bash
+  file: path=/etc/profile.d/lmod.sh state=absent
+  become: true
+  become_user: root
+  when: default_modules == "modulecmd"
+
+- name: remove modulcmd csh
+  file: path=/etc/profile.d/lmod.csh state=absent
+  become: true
+  become_user: root
+  when: default_modules == "modulecmd"
--- a/roles/enable_modules/templates/lmod.csh.j2
+++ b/roles/enable_modules/templates/lmod.csh.j2
+#!/bin/csh
+# -*- shell-script -*-
+########################################################################
+#  This is the system wide source file for setting up
+#  modules:
+#
+########################################################################
+
+set MY_NAME="{{ lmoddir }}/lmod/lmod/init/cshrc"
+
+
+
+if ( ! $?MODULEPATH_ROOT ) then
+    if ( $?USER) then
+        setenv USER $LOGNAME
+    endif
+
+    set UNAME = `uname`
+    setenv LMOD_sys    $UNAME
+
+    setenv LMOD_arch   `uname -m`
+    if ( "x$UNAME" == xAIX ) then
+        setenv LMOD_arch   rs6k
+    endif
+
+    setenv TARG_TITLE_BAR_PAREN " "
+    setenv LMOD_FULL_SETTARG_SUPPORT no
+    setenv LMOD_SETTARG_CMD     :
+    setenv LMOD_COLORIZE        yes
+    setenv LMOD_PREPEND_BLOCK   normal
+    setenv MODULEPATH_ROOT      "{{ lmoddir }}/modulefiles"
+    setenv MODULEPATH           `{{ lmoddir }}/lmod/lmod/libexec/addto --append MODULEPATH $MODULEPATH_ROOT/$LMOD_sys $MODULEPATH_ROOT/Core`
+    setenv MODULEPATH           `{{ lmoddir }}/lmod/lmod/libexec/addto --append MODULEPATH {{ lmoddir }}/lmod/lmod/modulefiles/Core`
+    setenv MODULEPATH           "/usr/local/Modules/modulefiles"
+    setenv MODULESHOME          "{{ lmoddir }}/lmod/lmod"
+    setenv BASH_ENV             "$MODULESHOME/init/bash"
+
+    #
+    # If MANPATH is empty, Lmod is adding a trailing ":" so that
+    # the system MANPATH will be found
+    if ( ! $?MANPATH ) then
+      setenv MANPATH :
+    endif
+    setenv MANPATH `{{ lmoddir }}/lmod/lmod/libexec/addto MANPATH {{ lmoddir }}/lmod/lmod/share/man`
+
+endif
+
+if ( -f  {{ lmoddir }}/lmod/lmod/init/csh  ) then
+  source {{ lmoddir }}/lmod/lmod/init/csh
+endif
--- a/roles/enable_modules/templates/lmod.sh.j2
+++ b/roles/enable_modules/templates/lmod.sh.j2
+#!/bin/bash
+# -*- shell-script -*-
+
+
+LMOD_PKG={{ lmoddir}}/lmod/lmod
+LMOD_DIR={{ lmoddir }}/lmod/lmod/libexec
+LMOD_CMD={{ lmoddir }}/lmod/lmod/libexec/lmod
+MODULESHOME={{ lmoddir }}/lmod/lmod
+MODULEPATH=/usr/local/Modules/modulefiles
+export LMOD_PKG
+export LMOD_CMD
+export LMOD_DIR
+export MODULESHOME
+
+########################################################################
+#  Define the module command:  The first line runs the "lmod" command
+#  to generate text:
+#      export PATH="..."
+#  then the "eval" converts the text into changes in the current shell.
+#
+#  The second command is the settarg command.  Normally LMOD_SETTARG_CMD
+#  is undefined or is ":".  Either way the eval does nothing.  When the
+#  settarg module is loaded, it defines LMOD_SETTARG_CMD.  The settarg
+#  command knows how to read the ModuleTable that Lmod maintains and
+#  generates a series of env. vars that describe the current state of
+#  loaded modules.  So if one is on a x86_64 linux computer with gcc/4.7.2
+#  and openmpi/1.6.3 loaded, then settarg will assign:
+#
+#     TARG=_x86_64_gcc-4.7.2_openmpi-1.6.3
+#     TARG_COMPILER=gcc-4.7.2
+#     TARG_COMPILER_FAMILY=gcc
+#     TARG_MACH=x86_64
+#     TARG_MPI=openmpi-1.6.3
+#     TARG_MPI_FAMILY=openmpi
+#     TARG_SUMMARY=x86_64_gcc-4.7.2_openmpi-1.6.3
+#     TARG_TITLE_BAR=gcc-4.7.2 O-1.6.3
+#     TARG_TITLE_BAR_PAREN=(gcc-4.7.2 O-1.6.3)
+#
+#  unloading openmpi/1.6.3 automatically changes these vars to be:
+#
+#     TARG=_x86_64_gcc-4.6.3
+#     TARG_COMPILER=gcc-4.6.3
+#     TARG_COMPILER_FAMILY=gcc
+#     TARG_MACH=x86_64
+#     TARG_SUMMARY=x86_64_gcc-4.6.3
+#     TARG_TITLE_BAR=gcc-4.6.3
+#     TARG_TITLE_BAR_PAREN=(gcc-4.6.3)
+#
+# See Lmod web site for more details.
+
+module()
+{
+  eval $($LMOD_CMD bash "$@") 
+  [ $? = 0 ] && eval $(${LMOD_SETTARG_CMD:-:} -s sh)
+}
+
+
+if [ "${LMOD_SETTARG_CMD:-:}" != ":" ]; then
+  settarg () {
+    eval $(${LMOD_SETTARG_CMD:-:} -s sh "$@" )
+  }
+fi
+
+
+########################################################################
+#  ml is a shorthand tool for people who can't type moduel, err, module
+#  It is also a combination command:
+#     ml            -> module list
+#     ml gcc        -> module load gcc
+#     ml -gcc intel -> module unload gcc; module load intel
+#  It does much more do: "ml --help" for more information.
+
+
+unalias ml > /dev/null 2>&1
+ml()
+{
+  eval $($LMOD_DIR/ml_cmd "$@")
+}
+
+export_module=$(echo "YES" | tr '[:upper:]' '[:lower:]')
+if [ -n "$BASH_VERSION" -a "$export_module" != no ]; then
+  export -f module
+  export -f ml
+fi
+unset export_module
+
+########################################################################
+#  clearMT removes the ModuleTable from your environment.  It is rarely
+#  needed but it useful sometimes.
+
+clearMT()
+{
+  eval $($LMOD_DIR/clearMT_cmd bash)
+}
+
+########################################################################
+#  The following make the action of the settarg available to the titlebar
+#  for both xterm's and screen but only for interactive shells.
+if [ "$PS1" ]; then
+  if [ -n "$LMOD_FULL_SETTARG_SUPPORT" -a "$LMOD_FULL_SETTARG_SUPPORT" != no ]; then
+    xSetTitleLmod()
+    {
+      builtin echo -n -e "\033]2;$1\007";
+    }
+    SET_TITLE_BAR=:
+
+    case $TERM in
+      xterm*)
+        SET_TITLE_BAR=xSetTitleLmod
+        ;;
+    esac
+
+    SHOST=${SHOST-${HOSTNAME%%.*}}
+    precmd()
+    {
+      eval $(${LMOD_SETTARG_CMD:-:} -s bash)
+      ${SET_TITLE_BAR:-:} "${TARG_TITLE_BAR_PAREN}${USER}@${SHOST}:${PWD/#$HOME/~}"
+      ${USER_PROMPT_CMD:-:}
+    }
+
+    # define the PROMPT_COMMAND to be precmd iff it isn't defined already.
+    : ${PROMPT_COMMAND:=precmd}
+  fi
+fi
+
+########################################################################
+#  Make tab completions available to bash users.
+
+if [ ${BASH_VERSINFO:-0} -ge 3 ] && [ -r  {{ lmoddir }}/lmod/lmod/init/lmod_bash_completions ] && [ -n "$PS1" ]; then
+ . {{ lmoddir }}/lmod/lmod/init/lmod_bash_completions
+fi
--- a/roles/enable_modules/templates/modulecmd.csh.j2
+++ b/roles/enable_modules/templates/modulecmd.csh.j2
+if ($?tcsh) then
+	set modules_shell="tcsh"
+else
+	set modules_shell="csh"
+endif
+set exec_prefix='/usr/bin'
+
+set prefix=""
+set postfix=""
+
+if ( $?histchars ) then
+  set histchar = `echo $histchars | cut -c1`
+  set _histchars = $histchars
+
+  set prefix  = 'unset histchars;'
+  set postfix = 'set histchars = $_histchars;'
+else
+  set histchar = \!
+endif
+
+if ($?prompt) then
+  set prefix  = "$prefix"'set _prompt="$prompt";set prompt="";'
+  set postfix = "$postfix"'set prompt="$_prompt";unset _prompt;'
+endif
+
+if ($?noglob) then
+  set prefix  = "$prefix""set noglob;"
+  set postfix = "$postfix""unset noglob;"
+endif
+set postfix = "set _exit="'$status'"; $postfix; /usr/bin/test 0 = "'$_exit;'
+
+alias module $prefix'eval `'$exec_prefix'/modulecmd '$modules_shell' '$histchar'*`; '$postfix
+unset exec_prefix
+unset prefix
+unset postfix
+
+setenv MODULESHOME /usr/share/Modules
+
+if (! $?MODULEPATH ) then
+  setenv MODULEPATH `sed -n 's/[ 	#].*$//; /./H; $ { x; s/^\n//; s/\n/:/g; p; }' ${MODULESHOME}/init/.modulespath`:/usr/local/Modules/modulefiles
+endif
+
+if (! $?LOADEDMODULES ) then
+  setenv LOADEDMODULES ""
+endif
--- a/roles/enable_modules/templates/modulecmd.sh.j2
+++ b/roles/enable_modules/templates/modulecmd.sh.j2
+
+module() { eval `/usr/bin/modulecmd bash $*`;  /usr/local/hpcusr/latest/bin/modulelog $*;}
+export -f module
+
+MODULESHOME=/usr/share/Modules
+export MODULESHOME
+
+if [ "${LOADEDMODULES:-}" = "" ]; then
+  LOADEDMODULES=
+  export LOADEDMODULES
+fi
+
+if [ "${MODULEPATH:-}" = "" ]; then
+  MODULEPATH=`sed -n 's/[ 	#].*$//; /./H; $ { x; s/^\n//; s/\n/:/g; p; }' ${MODULESHOME}/init/.modulespath`:/usr/local/Modules/modulefiles
+  export MODULEPATH
+fi
+
+if [ ${BASH_VERSINFO:-0} -ge 3 ] && [ -r ${MODULESHOME}/init/bash_completion ]; then
+ . ${MODULESHOME}/init/bash_completion
+fi
--- a/roles/enable_lmod/vars/main.yml
+++ b/roles/enable_lmod/vars/main.yml
 ---
 source_dir: /tmp
-soft_dir: /opt/lmod/
+lmoddir: /opt/lmod
+modulecmddir: /usr/share
 lmod_version: 5.8.6
--- a/roles/ldapclient/tasks/configLdapClient.yml
+++ b/roles/ldapclient/tasks/configLdapClient.yml
@@ -2,7 +2,6 @@
 - name: "Copy configuration files to ldap client"
  template: src={{ item }}.j2 dest=/etc/{{ item }}
  with_items:
-    - pam_ldap.conf
    - nsswitch.conf
  become: true
  become_user: root

--- a/roles/ldapserver/tasks/main.yml
+++ b/roles/ldapserver/tasks/main.yml
@@ -51,6 +51,21 @@
 - name: template ssl.ldif
  template: src=ssl_ldif.j2 dest=/tmp/ssl.ldif mode=600

+- name: template acl_groups.ldif
+  template: src=acl_groups_ldif.j2 dest=/tmp/acl_groups.ldif mode=600
+
+- name: template load_memberof.ldif
+  template: src=load_memberof_ldif.j2 dest=/tmp/load_memberof.ldif mode=600
+
+- name: template load_refint.ldif
+  template: src=load_refint_ldif.j2 dest=/tmp/load_refint.ldif mode=600
+
+- name: template memberOfConfig.ldif
+  template: src=memberOfConfig_ldif.j2 dest=/tmp/memberOfConfig.ldif mode=600
+
+- name: template refint_config.ldif
+  template: src=refint_config_ldif.j2 dest=/tmp/refint_config.ldif mode=600
+
 - name: template manager.ldif
  template: src=manager_ldif.j2 dest=/tmp/manager.ldif mode=600
  sudo: true
@@ -147,6 +162,46 @@
  sudo: true
  when: ppolicyOverlayConfigured|failed

+- name: check refint module loaded
+  shell: slapcat -b cn=config | grep "olcModuleLoad. {.*}refint"
+  sudo: true
+  ignore_errors: true
+  register: refintModuleLoaded
+
+- name: load refint module
+  shell: ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/load_refint.ldif -D cn=config 
+  sudo: true
+  when: refintModuleLoaded|failed
+
+- name: check memberof module loaded
+  shell: slapcat -b cn=config | grep "olcModuleLoad. {.*}memberof"
+  sudo: true
+  ignore_errors: true
+  register: memberofModuleLoaded
+
+- name: load memberof module
+  shell: ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/load_memberof.ldif -D cn=config 
+  sudo: true
+  when: memberofModuleLoaded|failed
+
+- name: check member of config
+  shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapGroupBase }} -x -H ldap://localhost objectClass=olcMemberOf"
+  ignore_errors: true
+  register: memberOfConfigured
+
+- name: add member of config 
+  shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/memberOfConfig.ldif
+  when: memberOfConfigured|failed
+
+- name: check refinit config
+  shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapGroupBase }} -x -H ldap://localhost objectClass=olcRefintConfig"
+  ignore_errors: true
+  register: refintConfigured
+
+- name: add refint config 
+  shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/refint_config.ldif
+  when: refintConfigured|failed
+
 - name: check Manager config
  shell: "slapcat -b cn=config | grep 'olcRootDN: {{ ldapManager }}'"
  ignore_errors: true
@@ -210,6 +265,16 @@
  shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/groups.ldif
  when: groupsConfigured|failed

+- name: check aclroups config
+  shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapAclGroupBase }} -x -H ldap://localhost objectClass=*"
+  ignore_errors: true
+  register: aclgroupsConfigured
+
+- name: add aclgroups OU
+  shell: ldapadd -x -D {{ ldapManager }} -w {{ ldapManagerPassword }} -x -H ldap://localhost -f /tmp/acl_groups.ldif
+  when: aclgroupsConfigured|failed
+
+
 - name: check Accounts config
  shell: "ldapsearch -D {{ ldapManager }} -w {{ ldapManagerPassword }} -b {{ ldapUserBase }} -x -H ldap://localhost objectClass=*"
  ignore_errors: true

--- a/roles/ldapserver/templates/acl_groups_ldif.j2
+++ b/roles/ldapserver/templates/acl_groups_ldif.j2
+dn: {{ ldapAclGroupBase }}
+objectClass: organizationalUnit
--- a/roles/ldapserver/templates/load_memberof_ldif.j2
+++ b/roles/ldapserver/templates/load_memberof_ldif.j2
+dn: cn=module{0},cn=config
+changetype: modify
+add: olcModuleLoad
+olcModuleLoad: memberof.la
--- a/roles/ldapserver/templates/load_refint_ldif.j2
+++ b/roles/ldapserver/templates/load_refint_ldif.j2
+dn: cn=module{0},cn=config
+changetype: modify
+add: olcModuleLoad 
+olcModuleLoad: refint.la
--- a/roles/ldapserver/templates/memberOfConfig_ldif.j2
+++ b/roles/ldapserver/templates/memberOfConfig_ldif.j2
+dn: olcOverlay=memberof,olcDatabase={2}bdb,cn=config
+objectClass: olcConfig
+objectClass: olcMemberOf
+objectClass: olcOverlayConfig
+objectClass: top
+olcOverlay: memberof
+olcMemberOfDangling: ignore
+olcMemberOfRefInt: TRUE
+olcMemberOfGroupOC: groupOfNames
+olcMemberOfMemberAD: member
+olcMemberOfMemberOfAD: memberOf
--- a/roles/ldapserver/templates/refint_config_ldif.j2
+++ b/roles/ldapserver/templates/refint_config_ldif.j2
+dn: olcOverlay=refint,olcDatabase={2}bdb,cn=config
+objectClass: olcConfig
+objectClass: olcOverlayConfig
+objectClass: olcRefintConfig
+objectClass: top
+olcOverlay: refint
+olcRefintAttribute: memberof member manager owner
--- a/roles/pam_slurm/tasks/main.yml
+++ b/roles/pam_slurm/tasks/main.yml
+---
+- name: "Copy access.conf"
+  template: src=access.conf.j2 dest=/etc/security/access.conf
+  become: true
+  become_user: root
+
+- name: "Copy password sshd pam config"
+  template: src=sshd.j2 dest=/etc/pam.d/sshd
+  become: true
+  become_user: root
+
--- a/roles/pam_slurm/templates/access.conf.j2
+++ b/roles/pam_slurm/templates/access.conf.j2
+-:ALL EXCEPT root systems ec2-user debian ubuntu admin :ALL
--- a/roles/pam_slurm/templates/sshd.j2
+++ b/roles/pam_slurm/templates/sshd.j2
+#%PAM-1.0
+auth	   required	pam_sepermit.so
+auth       substack     password-auth
+auth       include      postlogin
+# Used with polkit to reauthorize users in remote sessions
+-auth      optional     pam_reauthorize.so prepare
+account    required     pam_nologin.so
+account    include      password-auth
+account    sufficient   pam_slurm.so
+account    required     pam_access.so
+password   include      password-auth
+# pam_selinux.so close should be the first session rule
+session    required     pam_selinux.so close
+session    required     pam_loginuid.so
+# pam_selinux.so open should only be followed by sessions to be executed in the user context
+session    required     pam_selinux.so open env_params
+session    required     pam_namespace.so
+session    optional     pam_keyinit.so force revoke
+session    include      password-auth
+session    include      postlogin
+# Used with polkit to reauthorize users in remote sessions
+-session   optional     pam_reauthorize.so prepare
--- a/roles/provision_homedir/templates/provision_homedir.py.j2
+++ b/roles/provision_homedir/templates/provision_homedir.py.j2
@@ -3,7 +3,7 @@ import ldap
 import traceback
 import os
 import stat
-#import shutil
+import shutil
 import subprocess

 class ldapSearchConfig:
@@ -44,17 +44,16 @@ def get_users(server):
    return allusers

 def mk_homedir(path,uidNumber,gidNumber):
+	skelroot = path.rsplit("/", 1)[0]
+	# fix this later if your common/skel is located elsewhere
+	skelpath = os.path.join(skelroot, 'common', 'skel')
 	try:
 		statinfo = os.stat(path)
 	except OSError as e:
 		if 'No such file or directory' in e:
-			os.mkdir(path,0700)
+		    shutil.copytree(skelpath, path)
 	statinfo = os.stat(path)
-	if stat.S_ISDIR(statinfo.st_mode):
-		if statinfo.st_gid != gidNumber or statinfo.st_uid!=uidNumber:
-			os.chown(path,uidNumber,gidNumber)
-	else:
-		raise Exception("users homedirectory is not a directory %s"%path)
+	recursive_chown(path, uidNumber, gidNumber)

 # adapted from http://stackoverflow.com/questions/5994840/how-to-change-the-user-and-group-permissions-for-a-directory-by-name
 def recursive_chown(path,uidNumber,gidNumber):
@@ -68,24 +67,6 @@ def recursive_chown(path,uidNumber,gidNumber):
 		for fname in files:
 			os.chown(os.path.join(root, fname), uidNumber, gidNumber)

-def cp_skel(skelroot, path, uidNumber, gidNumber):
-	if skelroot is None:
-		# assumes NO trailing / on the home path or dead meat
-		skelroot = path.rsplit("/", 1)[0]
-	# fix this later if your common/skel is located elsewhere
-	skelpath = os.path.join(skelroot, 'common', 'skel')
-	if os.path.isdir(skelpath):
-		# copy the skel into the user $HOME
-		# os.system("/bin/cp -r %s/* %s" % (skelpath, path))
-		subprocess.call(['/bin/cp', '-r', "%s/*" % skelpath, path])
-		# os.system("/bin/cp %s/\.* %s" % (skelpath, path))
-		subprocess.call(['/bin/cp', "%s/.*" % skelpath, path])
-		# ideally use this, but it assumes 'path' does not exist
-		# shutil.copytree(skelpath, path)
-		# chown to user ownership
-		recursive_chown(path, uidNumber, gidNumber)
-	else:
-		raise Exception("skel path is missing %s" % skelpath)

 s=ldapSearchConfig()
 s.ldapserver="{{ ldapURI }}"
@@ -103,8 +84,7 @@ for user in users:
 			path=mnthome+"/"+users[user].entry[homeDirEntry][0].rsplit("/",1)[1]
 		else:
 			path=users[user].entry[homeDirEntry][0]
-		mk_homedir(None, path,int(users[user].entry['uidNumber'][0]),int(users[user].entry['gidNumber'][0]))
-		cp_skel(None, path,int(users[user].entry['uidNumber'][0]),int(users[user].entry['gidNumber'][0]))
+		mk_homedir(path,int(users[user].entry['uidNumber'][0]),int(users[user].entry['gidNumber'][0]))
 	except:
 		print traceback.format_exc()
 		pass