--- /dev/null
+#!/usr/bin/perl -w
+
+# $Id: smbldap-groupadd,v 1.11 2005/01/08 12:04:45 jtournier Exp $
+#
+# This code was developped by IDEALX (http://IDEALX.org/) and
+# contributors (their names can be found in the CONTRIBUTORS file).
+#
+# Copyright (C) 2001-2002 IDEALX
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+# USA.
+
+# Purpose of smbldap-groupadd : group (posix) add
+
+
+use strict;
+use FindBin;
+use FindBin qw($RealBin);
+use lib "$RealBin/";
+use smbldap_tools;
+use Getopt::Std;
+my %Options;
+
+my $ok = getopts('ag:or:s:t:p?', \%Options);
+if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) ) {
+ print_banner;
+ print "Usage: $0 [-agorst?] groupname\n";
+ print " -a add automatic group mapping entry\n";
+ print " -g gid\n";
+ print " -o gid is not unique\n";
+ print " -r group-rid\n";
+ print " -s group-sid\n";
+ print " -t group-type\n";
+ print " -p print the gidNumber to stdout\n";
+ print " -? show this help message\n";
+ exit (1);
+}
+
+
+my $_groupName = $ARGV[0];
+
+my $ldap_master=connect_ldap_master();
+
+if (defined(get_group_dn($_groupName))) {
+ warn "$0: group $_groupName exists\n";
+ exit (6);
+}
+
+my $_groupGidNumber = $Options{'g'};
+if (! defined ($_groupGidNumber = group_add($_groupName, $_groupGidNumber, $Options{'o'}))) {
+ warn "$0: error adding group $_groupName\n";
+ exit (6);
+}
+
+my $group_sid;
+my $tmp;
+if ($tmp= $Options{'s'}) {
+ if ($tmp =~ /^S-(?:\d+-)+\d+$/) {
+ $group_sid = $tmp;
+ } else {
+ warn "$0: illegal group-rid $tmp\n";
+ exit(7);
+ }
+} elsif ($Options{'r'} || $Options{'a'}) {
+ my $group_rid;
+ if ($tmp= $Options{'r'}) {
+ if ($tmp =~ /^\d+$/) {
+ $group_rid = $tmp;
+ } else {
+ warn "$0: illegal group-rid $tmp\n";
+ exit(7);
+ }
+ } else {
+ # algorithmic mapping
+ $group_rid = 2*$_groupGidNumber+1001;
+ }
+ $group_sid = $config{SID}.'-'.$group_rid;
+}
+
+if ($Options{'r'} || $Options{'a'} || $Options{'s'}) {
+ # let's test if this SID already exist
+ my $test_exist_sid=does_sid_exist($group_sid,$config{groupsdn});
+ if ($test_exist_sid->count == 1) {
+ warn "Group SID already owned by\n";
+ # there should not exist more than one entry, but ...
+ foreach my $entry ($test_exist_sid->all_entries) {
+ my $dn= $entry->dn;
+ chomp($dn);
+ warn "$dn\n";
+ }
+ exit(7);
+ }
+}
+
+if ($group_sid) {
+ my $group_type;
+ my $tmp;
+ if ($tmp= $Options{'t'}) {
+ unless (defined($group_type = &group_type_by_name($tmp))) {
+ warn "$0: unknown group type $tmp\n";
+ exit(8);
+ }
+ } else {
+ $group_type = group_type_by_name('domain');
+ }
+ my $modify = $ldap_master->modify ( "cn=$_groupName,$config{groupsdn}",
+ add => {
+ 'objectClass' => 'sambaGroupMapping',
+ 'sambaSID' => $group_sid,
+ 'sambaGroupType' => $group_type,
+ 'displayName' => "$_groupName"
+ }
+ );
+ $modify->code && warn "failed to delete entry: ", $modify->error ;
+}
+
+# take down session
+$ldap_master->unbind;
+
+if ($Options{'p'}) {
+ print STDOUT "$_groupGidNumber";
+}
+exit(0);
+
+########################################
+
+=head1 NAME
+
+ smbldap-groupadd - Create a new group
+
+=head1 SYNOPSIS
+
+ smbldap-groupadd [-g gid ] [-a] [-o] [-r rid] [-s sid]
+ [-t group type] [-p] group
+
+=head1 DESCRIPTION
+
+ The smbldap-groupadd command creates a new group account using
+ the values specified on the command line and the default values
+ from the configuration file.
+ The new group will be entered into the system files as needed.
+ Available options are :
+
+ -g gid
+ The numerical value of the group's ID. This value must be
+ unique, unless the -o option is used. The value must be non-
+ negative. The default is to use the smallest ID value greater
+ than 1000 and greater than every other group.
+
+ -a
+ add an automatic Security ID for the group (SID).
+ The rid of the group is calculated from the gidNumber of the
+ group as rid=2*gidNumber+1001. Thus the resulted SID of the
+ group is $SID-$rid where $SID and $rid are the domain SID and
+ the group rid
+
+ -s sid
+ set the group SID.
+ The SID must be unique and defined with the domain Security ID
+ ($SID) like sid=$SID-rid where rid is the group rid.
+
+ -r rid
+ set the group rid.
+ The SID is then calculated as sid=$SID-rid where $SID is the
+ domain Security ID.
+
+ -t group type
+ set the NT Group type for the new group. Available values are
+ 2 (domain group), 4 (local group) and 5 (builtin group).
+ The default group type is 2.
+
+=head1 SEE ALSO
+
+ groupadd(1)
+
+=cut
+
+#'