3 # Created by P.Wieleba@iem.pw.edu.pl in 2004
8 use FindBin qw($RealBin);
12 # function declaration
16 # smbldap-migrate-unix-groups (-? or -h for help)
22 my $ok = getopts('G:nv?ha', \%Options);
24 if ( (!$ok) || ($Options{'?'}) || ($Options{'h'}) || (!keys(%Options)) ) {
25 print "Usage: $0 [-Gnv?ha]\n";
26 print " -?|-h show this help message\n";
27 print " -G file import group file\n";
28 print " -v displays modified entries to STDOUT\n";
29 print " -n do everything execpt updating LDAP\n";
30 print " -a adds sambaGroupMapping objectClass\n";
36 if ( $Options{'G'} ) {
37 open($INFILE,$Options{'G'}) or
38 die "I cannot open file: " . $Options{'G'} . "\n";
41 my $ldap_master=connect_ldap_master();
43 while ( my $line=<$INFILE> ) {
45 next if ( $line =~ /^\s*$/ ); # whitespace
46 next if ( $line =~ /^#/ );
47 next if ( $line =~ /^\+/ );
50 my($group, $pwd, $gid, $users) = split(/:/,$line);
51 # if user is not in LDAP new entry will be created
52 $entry = get_group_entry($ldap_master,$group);
53 $entry = migrate_group($entry,$group, $pwd, $gid, $users);
57 # if used "-a" and sambaGroupMapping doesn't exist.
58 if ( $Options{'a'} and !exist_in_tab([$entry->get_value('objectClass')],'sambaGroupMapping') ) {
59 my @objectClass = $entry->get_value( 'objectClass' );
60 $entry->replace( 'objectclass' => [add_to_tab(\@objectClass,'sambaGroupMapping')] );
62 # the below part comes from smbldap-groupadd and
63 # maybe it should be replaced by a new subroutine.
64 my $groupGidNumber = $entry->get_value('gidNumber');
65 # as rid we use 2 * gid + 1001
66 my $group_rid = 2*$groupGidNumber+1001;
67 # let's test if this SID already exist
68 my $group_sid = "$config{SID}-$group_rid";
69 my $test_exist_sid=does_sid_exist($group_sid,$config{groupsdn});
70 if ($test_exist_sid->count == 1) {
71 warn "Group SID already owned by\n";
72 # there should not exist more than one entry, but ...
73 foreach my $entry ($test_exist_sid->all_entries) {
79 $entry->replace( 'sambaSID' => $group_sid );
80 $entry->replace( 'sambaGroupType' => group_type_by_name('domain') );
88 my $mesg = $entry->update($ldap_master);
89 if ($mesg->is_error()) {
90 print "Error: " . $mesg->error() . "\n";
97 $INFILE and close($INFILE);
98 # take down the session
99 $ldap_master and $ldap_master->unbind;
101 # returns updated $entry
104 my($entry,$group, $pwd, $gid, $users) = @_;
106 # posixGroup MUST ( cn $ gidNumber )
107 my @objectClass = $entry->get_value( 'objectClass' );
108 $entry->replace( 'objectClass' => [add_to_tab(\@objectClass,'posixGroup')] );
110 $entry->replace( 'cn' => $group );
111 ($pwd) and $entry->replace( 'userPassword' => "{crypt}" . $pwd );
112 ($gid ne "") and $entry->replace( 'gidNumber' => $gid );
114 my @users = split(',',$users);
115 # choose only unique users
117 foreach my $user (@users) {
118 $unique_users{$user} = 1;
120 @users = keys(%unique_users);
121 ($users) and $entry->replace( 'memberUid' => [ @users ] );
126 # creates a _new_entry_ if group doesn't exist in ldap
127 # else return's ldap user entry
130 my($ldap_master,$group) = @_;
132 # do not use try read_user_entry()
133 my $mesg = $ldap_master->search( base => $config{groupsdn},
135 filter => "(cn=$group)"
138 if ( $mesg->count() != 1 ) {
139 $entry = Net::LDAP::Entry->new();
140 $entry->dn("cn=$group,$config{groupsdn}");
142 $entry = $mesg->entry(0); # ????
147 # Check if a $text element exists in @table
148 # eg. exist_in_tab(\@table,$text);
151 my($ref_tab,$text) = @_;
154 foreach my $elem (@tab) {
155 if ( lc($elem) eq lc($text) ) {
162 # Add $text to tab if it doesn't exist there
165 my($ref_tab,$text) = @_;
168 if ( !exist_in_tab(\@tab,$text) ) {
175 ########################################
179 smbldap-migrate-unix-groups - Migrate unix groups to LDAP
183 smbldap-migrate-unix-groups [-G file] [-n] [-v] [-h] [-?] [-a]
187 This command processes one file as defined by option and
188 creates new or changes existing ldap group entry.
189 New attributes are added, and existing are changed.
190 None of the existing attributes is deleted.
193 Processes group_file and uptades LDAP. Creates new ldap group
194 entry or just adds posixGroup objectclass and corresponding
195 attributes to the ldap group entry or just uptades their values.
197 -h show the help message
201 -v displayes modified entries to STDOUT
203 -n do everything execpt updating LDAP. It is useful when used
206 -a adds sambaGroupMapping objectClass, generates sambaSID
207 and adds sambaGroupType attribute