3
# $Id: smbldap-groupadd,v 1.11 2005/01/08 12:04:45 jtournier Exp $
5
# This code was developped by IDEALX (http://IDEALX.org/) and
6
# contributors (their names can be found in the CONTRIBUTORS file).
8
# Copyright (C) 2001-2002 IDEALX
10
# This program is free software; you can redistribute it and/or
11
# modify it under the terms of the GNU General Public License
12
# as published by the Free Software Foundation; either version 2
13
# of the License, or (at your option) any later version.
15
# This program is distributed in the hope that it will be useful,
16
# but WITHOUT ANY WARRANTY; without even the implied warranty of
17
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18
# GNU General Public License for more details.
20
# You should have received a copy of the GNU General Public License
21
# along with this program; if not, write to the Free Software
22
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
25
# Purpose of smbldap-groupadd : group (posix) add
30
use FindBin qw($RealBin);
36
my $ok = getopts('ag:or:s:t:p?', \%Options);
37
if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) ) {
39
print "Usage: $0 [-agorst?] groupname\n";
40
print " -a add automatic group mapping entry\n";
42
print " -o gid is not unique\n";
43
print " -r group-rid\n";
44
print " -s group-sid\n";
45
print " -t group-type\n";
46
print " -p print the gidNumber to stdout\n";
47
print " -? show this help message\n";
52
my $_groupName = $ARGV[0];
54
my $ldap_master=connect_ldap_master();
56
if (defined(get_group_dn($_groupName))) {
57
warn "$0: group $_groupName exists\n";
61
my $_groupGidNumber = $Options{'g'};
62
if (! defined ($_groupGidNumber = group_add($_groupName, $_groupGidNumber, $Options{'o'}))) {
63
warn "$0: error adding group $_groupName\n";
69
if ($tmp= $Options{'s'}) {
70
if ($tmp =~ /^S-(?:\d+-)+\d+$/) {
73
warn "$0: illegal group-rid $tmp\n";
76
} elsif ($Options{'r'} || $Options{'a'}) {
78
if ($tmp= $Options{'r'}) {
79
if ($tmp =~ /^\d+$/) {
82
warn "$0: illegal group-rid $tmp\n";
87
$group_rid = 2*$_groupGidNumber+1001;
89
$group_sid = $config{SID}.'-'.$group_rid;
92
if ($Options{'r'} || $Options{'a'} || $Options{'s'}) {
93
# let's test if this SID already exist
94
my $test_exist_sid=does_sid_exist($group_sid,$config{groupsdn});
95
if ($test_exist_sid->count == 1) {
96
warn "Group SID already owned by\n";
97
# there should not exist more than one entry, but ...
98
foreach my $entry ($test_exist_sid->all_entries) {
110
if ($tmp= $Options{'t'}) {
111
unless (defined($group_type = &group_type_by_name($tmp))) {
112
warn "$0: unknown group type $tmp\n";
116
$group_type = group_type_by_name('domain');
118
my $modify = $ldap_master->modify ( "cn=$_groupName,$config{groupsdn}",
120
'objectClass' => 'sambaGroupMapping',
121
'sambaSID' => $group_sid,
122
'sambaGroupType' => $group_type,
123
'displayName' => "$_groupName"
126
$modify->code && warn "failed to delete entry: ", $modify->error ;
130
$ldap_master->unbind;
133
print STDOUT "$_groupGidNumber";
137
########################################
141
smbldap-groupadd - Create a new group
145
smbldap-groupadd [-g gid ] [-a] [-o] [-r rid] [-s sid]
146
[-t group type] [-p] group
150
The smbldap-groupadd command creates a new group account using
151
the values specified on the command line and the default values
152
from the configuration file.
153
The new group will be entered into the system files as needed.
154
Available options are :
157
The numerical value of the group's ID. This value must be
158
unique, unless the -o option is used. The value must be non-
159
negative. The default is to use the smallest ID value greater
160
than 1000 and greater than every other group.
163
add an automatic Security ID for the group (SID).
164
The rid of the group is calculated from the gidNumber of the
165
group as rid=2*gidNumber+1001. Thus the resulted SID of the
166
group is $SID-$rid where $SID and $rid are the domain SID and
171
The SID must be unique and defined with the domain Security ID
172
($SID) like sid=$SID-rid where rid is the group rid.
176
The SID is then calculated as sid=$SID-rid where $SID is the
180
set the NT Group type for the new group. Available values are
181
2 (domain group), 4 (local group) and 5 (builtin group).
182
The default group type is 2.