3
# $Id: smbldap-migrate-pwdump-accounts,v 1.1 2005/03/08 09:29:47 jtournier Exp $
5
# This code was developped by IDEALX (http://IDEALX.org/) and
6
# contributors (their names can be found in the CONTRIBUTORS file).
8
# Copyright (C) 2002 IDEALX
10
# This program is free software; you can redistribute it and/or
11
# modify it under the terms of the GNU General Public License
12
# as published by the Free Software Foundation; either version 2
13
# of the License, or (at your option) any later version.
15
# This program is distributed in the hope that it will be useful,
16
# but WITHOUT ANY WARRANTY; without even the implied warranty of
17
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18
# GNU General Public License for more details.
20
# You should have received a copy of the GNU General Public License
21
# along with this program; if not, write to the Free Software
22
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
25
# Purpose of smbldap-migrate-accounts : add NT sam entries from pwdump
31
use FindBin qw($RealBin);
35
# smbldap-migrate (-? or -h for help)
37
# Read pwdump entries on stdin, and add them to the ldap server.
38
# Output uncreated/unmodified entries (see parameters -C -U)
39
# in pwdump format to stdout.
40
# Errors, debug and stats are output to stderr.
44
my ($login, $basedn, $lmpwd, $ntpwd, $gecos, $homedir) = @_;
45
# bind to a directory with dn and password
46
my $ldap_master=connect_ldap_master();
47
my $modify = $ldap_master->modify ("uid=$login,$basedn",
49
replace => [sambaLMPassword => "$lmpwd"],
50
replace => [sambaNTPassword => "$ntpwd"],
51
replace => [gecos => "$gecos"],
52
replace => [sambaHomePath => "$homedir"]
55
$modify->code && die "failed to modify entry: ", $modify->error ;
56
# take down the session
65
my $ok = getopts('awA:CUW:?h', \%Options);
67
if ( (!$ok) || ($Options{'?'}) || ($Options{'h'}) ) {
68
print "Usage: $0 [-awAWCU?]\n";
69
print " -a process only people, ignore computers\n";
70
print " -w process only computers, ignore persons\n";
71
print " -A <opts> option string passed verbatim to smbldap-useradd for persons\n";
72
print " -W <opts> option string passed verbatim to smbldap-useradd for computers\n";
73
print " -C if entry not found, don't create it and log it to stdout (default: create it)\n";
74
print " -U if entry found, don't update it and log it to stdout (default: update it)\n";
75
print " -?|-h show this help message\n";
79
my %processed = ( 'user' => 0, 'machine' => 0);
80
my %created = ( 'user' => 0, 'machine' => 0);
81
my %updated = ( 'user' => 0, 'machine' => 0);
82
my %logged = ( 'user' => 0, 'machine' => 0);
83
my %errors = ( 'user' => 0, 'machine' => 0);
84
my %existing = ( 'user' => 0, 'machine' => 0);
85
my $specialskipped = 0;
88
my ($login, $rid, $lmpwd, $ntpwd, $gecos, $homedir, $b) = split(/:/, $_);
92
my $entry_type = 'user';
94
if ($login =~ m/.*\$$/ ) { # computer
95
$processed{'machine'}++;
96
$entry_type = 'machine';
97
if (defined($Options{'a'})) {
98
print STDERR "ignoring $login\n";
102
$usertype = "-w $Options{'W'}";
103
$userbasedn = $config{computersdn};
105
$processed{'user'}++;
106
if (defined($Options{'w'})) {
107
print STDERR "ignoring $login\n";
112
print STDERR "$login seems to be a special Win account (rid=$rid), skipping\n";
116
$usertype = "-a $Options{'A'}";
117
$userbasedn = $config{usersdn};
121
# uncomment to replace configured share with share from pwdump
122
# if ($homedir eq "") {
123
$homedir = $config{userSmbHome};
127
if (!($gecos eq "")) {
128
$gecos =~ tr/�������������������������������������������������/AAAAaaaaCcEEEEEeeeeeIIIIiiiiNnOOOOooooUUUUuuuuYyy/;
130
$gecos = $config{userGecos};
133
my $user_exists = is_samba_user($login);
136
if (!defined($Options{'C'})) {
137
# uid doesn't exist and we want to create it
138
my $addcmd = "/usr/local/sbin/smbldap-useradd $usertype $login > /dev/null";
139
print STDERR "$addcmd\n";
140
my $r = system "$addcmd";
142
print STDERR "error adding $login, skipping\n";
145
# lem modif... a retirer si pb
146
if ($entry_type eq "user") {
147
modify_account($login, $userbasedn, $lmpwd, $ntpwd, $gecos, $homedir);
150
$created{$entry_type}++;
151
} else { # uid doesn't exist and no create => log
153
$logged{$entry_type}++;
155
} else { # account exists
156
$existing{$entry_type}++;
157
if (!defined($Options{'U'})) { # exists and modify
158
modify_account($login, $userbasedn, $lmpwd, $ntpwd, $gecos, $homedir);
159
$updated{$entry_type}++;
160
} else { # exists and log
162
$logged{$entry_type}++;
169
$sum = $processed{'user'} + $processed{'machine'};
170
print STDERR "processed: all=$sum user=$processed{'user'} machine=$processed{'machine'}\n";
172
$sum = $existing{'user'} + $existing{'machine'};
173
print STDERR "existing: all=$sum user=$existing{'user'} machine=$existing{'machine'}\n";
175
$sum = $created{'user'} + $created{'machine'};
176
print STDERR "created: all=$sum user=$created{'user'} machine=$created{'machine'}\n";
178
$sum = $updated{'user'} + $updated{'machine'};
179
print STDERR "updated: all=$sum user=$updated{'user'} machine=$updated{'machine'}\n";
181
$sum = $logged{'user'} + $logged{'machine'};
182
print STDERR "logged: all=$sum user=$logged{'user'} machine=$logged{'machine'}\n";
184
print STDERR "special users skipped: $specialskipped\n";
187
########################################
191
smbldap-migrate - Migrate NT accounts to LDAP
195
smbldap-migrate [-a] [-w] [-A opts] [-W opts] [-C] [-U] [-?]
199
This command reads from stdin account entries as created by pwdump,
200
a tool to dump an user database on NT.
201
Depending of the options, some account entries may be output on
202
stdout. All errors and informations are sent to stderr.
204
-a process only people, ignore computers
206
-w process only computers, ignore persons
209
a string containing arguments to pass verbatim to
210
smbldap-useradd when adding users, eg "-m -x".
211
You don't have to specify -a in this string.
214
a string containing arguments to pass verbatim to
215
smbldap-useradd when adding computers, eg "-m -x".
216
You don't have to specify -w in this string.
218
-C if NT account not found in LDAP, don't create it and log it to stdout
221
-U if NT account found in LDAP, don't update it and log it to stdout
224
-? show the help message