3
# Created by P.Wieleba@iem.pw.edu.pl in 2004
8
use FindBin qw($RealBin);
12
# function declaration
16
# smbldap-migrate-unix-groups (-? or -h for help)
22
my $ok = getopts('G:nv?ha', \%Options);
24
if ( (!$ok) || ($Options{'?'}) || ($Options{'h'}) || (!keys(%Options)) ) {
25
print "Usage: $0 [-Gnv?ha]\n";
26
print " -?|-h show this help message\n";
27
print " -G file import group file\n";
28
print " -v displays modified entries to STDOUT\n";
29
print " -n do everything execpt updating LDAP\n";
30
print " -a adds sambaGroupMapping objectClass\n";
36
if ( $Options{'G'} ) {
37
open($INFILE,$Options{'G'}) or
38
die "I cannot open file: " . $Options{'G'} . "\n";
41
my $ldap_master=connect_ldap_master();
43
while ( my $line=<$INFILE> ) {
45
next if ( $line =~ /^\s*$/ ); # whitespace
46
next if ( $line =~ /^#/ );
47
next if ( $line =~ /^\+/ );
50
my($group, $pwd, $gid, $users) = split(/:/,$line);
51
# if user is not in LDAP new entry will be created
52
$entry = get_group_entry($ldap_master,$group);
53
$entry = migrate_group($entry,$group, $pwd, $gid, $users);
57
# if used "-a" and sambaGroupMapping doesn't exist.
58
if ( $Options{'a'} and !exist_in_tab([$entry->get_value('objectClass')],'sambaGroupMapping') ) {
59
my @objectClass = $entry->get_value( 'objectClass' );
60
$entry->replace( 'objectclass' => [add_to_tab(\@objectClass,'sambaGroupMapping')] );
62
# the below part comes from smbldap-groupadd and
63
# maybe it should be replaced by a new subroutine.
64
my $groupGidNumber = $entry->get_value('gidNumber');
65
# as rid we use 2 * gid + 1001
66
my $group_rid = 2*$groupGidNumber+1001;
67
# let's test if this SID already exist
68
my $group_sid = "$config{SID}-$group_rid";
69
my $test_exist_sid=does_sid_exist($group_sid,$config{groupsdn});
70
if ($test_exist_sid->count == 1) {
71
warn "Group SID already owned by\n";
72
# there should not exist more than one entry, but ...
73
foreach my $entry ($test_exist_sid->all_entries) {
79
$entry->replace( 'sambaSID' => $group_sid );
80
$entry->replace( 'sambaGroupType' => group_type_by_name('domain') );
88
my $mesg = $entry->update($ldap_master);
89
if ($mesg->is_error()) {
90
print "Error: " . $mesg->error() . "\n";
97
$INFILE and close($INFILE);
98
# take down the session
99
$ldap_master and $ldap_master->unbind;
101
# returns updated $entry
104
my($entry,$group, $pwd, $gid, $users) = @_;
106
# posixGroup MUST ( cn $ gidNumber )
107
my @objectClass = $entry->get_value( 'objectClass' );
108
$entry->replace( 'objectClass' => [add_to_tab(\@objectClass,'posixGroup')] );
110
$entry->replace( 'cn' => $group );
111
($pwd) and $entry->replace( 'userPassword' => "{crypt}" . $pwd );
112
($gid ne "") and $entry->replace( 'gidNumber' => $gid );
114
my @users = split(',',$users);
115
# choose only unique users
117
foreach my $user (@users) {
118
$unique_users{$user} = 1;
120
@users = keys(%unique_users);
121
($users) and $entry->replace( 'memberUid' => [ @users ] );
126
# creates a _new_entry_ if group doesn't exist in ldap
127
# else return's ldap user entry
130
my($ldap_master,$group) = @_;
132
# do not use try read_user_entry()
133
my $mesg = $ldap_master->search( base => $config{groupsdn},
135
filter => "(cn=$group)"
138
if ( $mesg->count() != 1 ) {
139
$entry = Net::LDAP::Entry->new();
140
$entry->dn("cn=$group,$config{groupsdn}");
142
$entry = $mesg->entry(0); # ????
147
# Check if a $text element exists in @table
148
# eg. exist_in_tab(\@table,$text);
151
my($ref_tab,$text) = @_;
154
foreach my $elem (@tab) {
155
if ( lc($elem) eq lc($text) ) {
162
# Add $text to tab if it doesn't exist there
165
my($ref_tab,$text) = @_;
168
if ( !exist_in_tab(\@tab,$text) ) {
175
########################################
179
smbldap-migrate-unix-groups - Migrate unix groups to LDAP
183
smbldap-migrate-unix-groups [-G file] [-n] [-v] [-h] [-?] [-a]
187
This command processes one file as defined by option and
188
creates new or changes existing ldap group entry.
189
New attributes are added, and existing are changed.
190
None of the existing attributes is deleted.
193
Processes group_file and uptades LDAP. Creates new ldap group
194
entry or just adds posixGroup objectclass and corresponding
195
attributes to the ldap group entry or just uptades their values.
197
-h show the help message
201
-v displayes modified entries to STDOUT
203
-n do everything execpt updating LDAP. It is useful when used
206
-a adds sambaGroupMapping objectClass, generates sambaSID
207
and adds sambaGroupType attribute