summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--examples/LDAP/export2_smbpasswd.pl64
-rw-r--r--examples/LDAP/export_smbpasswd.pl51
-rw-r--r--examples/LDAP/import2_smbpasswd.pl108
-rw-r--r--examples/LDAP/import_smbpasswd.pl122
4 files changed, 114 insertions, 231 deletions
diff --git a/examples/LDAP/export2_smbpasswd.pl b/examples/LDAP/export2_smbpasswd.pl
deleted file mode 100644
index 90f5805e55..0000000000
--- a/examples/LDAP/export2_smbpasswd.pl
+++ /dev/null
@@ -1,64 +0,0 @@
-#!/usr/bin/perl
-##
-## Example script to export ldap entries into an smbpasswd file format
-## using the Mozilla PerLDAP module.
-##
-## writen by jerry@samba.org
-##
-## ported to Net::LDAP by dkrovich@slackworks.com
-
-use Net::LDAP;
-
-######################################################
-## Set these values to whatever you need for your site
-##
-
-$DN="dc=samba,dc=my-domain,dc=com";
-$ROOTDN="cn=Manager,dc=my-domain,dc=com";
-$rootpw = "secret";
-$LDAPSERVER="localhost";
-
-##
-## end local site variables
-######################################################
-
-$ldap = Net::LDAP->new($LDAPSERVER) or die "Unable to connect to LDAP server $LDAPSERVER";
-
-print "##\n";
-print "## Autogenerated smbpasswd file via ldapsearch\n";
-print "## from $LDAPSERVER ($DN)\n";
-print "##\n";
-
-## scheck for the existence of the posixAccount first
-$result = $ldap->search ( base => "$DN",
- scope => "sub",
- filter => "(objectclass=smbpasswordentry)"
- );
-
-
-
-## loop over the entries we found
-while ( $entry = $result->shift_entry() ) {
-
- @uid = $entry->get_value("uid");
- @uidNumber = $entry->get_value("uidNumber");
- @lm_pw = $entry->get_value("lmpassword");
- @nt_pw = $entry->get_value("ntpassword");
- @acct = $entry->get_value("acctFlags");
- @pwdLastSet = $entry->get_value("pwdLastSet");
-
- if (($#uid+1) && ($#uidNumber+1)) {
-
- $lm_pw[0] = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" if (! ($#lm_pw+1));
- $nt_pw[0] = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" if (! ($#nt_pw+1));
- $acct[0] = "[DU ]" if (! ($#acct+1));
- $pwdLastSet[0] = "FFFFFFFF" if (! ($#pwdLastSet+1));
-
- print "$uid[0]:$uidNumber[0]:$lm_pw[0]:$nt_pw[0]:$acct[0]:LCT-$pwdLastSet[0]\n";
- }
-
-}
-
-$ldap->unbind();
-exit 0;
-
diff --git a/examples/LDAP/export_smbpasswd.pl b/examples/LDAP/export_smbpasswd.pl
index 3f67dc6242..e4f120bf02 100644
--- a/examples/LDAP/export_smbpasswd.pl
+++ b/examples/LDAP/export_smbpasswd.pl
@@ -5,16 +5,16 @@
##
## writen by jerry@samba.org
##
+## ported to Net::LDAP by dkrovich@slackworks.com
-use Mozilla::LDAP::Conn;
-use Mozilla::LDAP::Entry;
+use Net::LDAP;
######################################################
## Set these values to whatever you need for your site
##
-$DN="ou=people,dc=plainjoe,dc=org";
-$ROOTDN="cn=Manager,dc=plainjoe,dc=org";
+$DN="dc=samba,dc=my-domain,dc=com";
+$ROOTDN="cn=Manager,dc=my-domain,dc=com";
$rootpw = "secret";
$LDAPSERVER="localhost";
@@ -22,9 +22,7 @@ $LDAPSERVER="localhost";
## end local site variables
######################################################
-
-$conn = new Mozilla::LDAP::Conn ("$LDAPSERVER", "389", $ROOTDN, $rootpw );
-die "Unable to connect to LDAP server $LDAPSERVER" unless $conn;
+$ldap = Net::LDAP->new($LDAPSERVER) or die "Unable to connect to LDAP server $LDAPSERVER";
print "##\n";
print "## Autogenerated smbpasswd file via ldapsearch\n";
@@ -32,32 +30,35 @@ print "## from $LDAPSERVER ($DN)\n";
print "##\n";
## scheck for the existence of the posixAccount first
-$result = $conn->search ("$DN", "sub", "(objectclass=smbPasswordEntry)");
-
-
+$result = $ldap->search ( base => "$DN",
+ scope => "sub",
+ filter => "(objectclass=sambaAccount)"
+ );
+
+
+
## loop over the entries we found
-while ($result) {
-
- @uid = $result->getValue("uid");
- @uidNumber = $result->getValue("uidNumber");
- @lm_pw = $result->getValue("lmpassword");
- @nt_pw = $result->getValue("ntpassword");
- @acct = $result->getValue("acctFlags");
- @pwdLastSet = $result->getValue("pwdLastSet");
-
+while ( $entry = $result->shift_entry() ) {
+
+ @uid = $entry->get_value("uid");
+ @uidNumber = $entry->get_value("uidNumber");
+ @lm_pw = $entry->get_value("lmpassword");
+ @nt_pw = $entry->get_value("ntpassword");
+ @acct = $entry->get_value("acctFlags");
+ @pwdLastSet = $entry->get_value("pwdLastSet");
+
if (($#uid+1) && ($#uidNumber+1)) {
-
+
$lm_pw[0] = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" if (! ($#lm_pw+1));
$nt_pw[0] = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" if (! ($#nt_pw+1));
$acct[0] = "[DU ]" if (! ($#acct+1));
$pwdLastSet[0] = "FFFFFFFF" if (! ($#pwdLastSet+1));
-
+
print "$uid[0]:$uidNumber[0]:$lm_pw[0]:$nt_pw[0]:$acct[0]:LCT-$pwdLastSet[0]\n";
}
-
- $result = $conn->nextEntry();
-
+
}
-$conn->close();
+$ldap->unbind();
exit 0;
+
diff --git a/examples/LDAP/import2_smbpasswd.pl b/examples/LDAP/import2_smbpasswd.pl
deleted file mode 100644
index bf643391a7..0000000000
--- a/examples/LDAP/import2_smbpasswd.pl
+++ /dev/null
@@ -1,108 +0,0 @@
-#!/usr/bin/perl
-##
-## Example script of how you could import a smbpasswd file into an LDAP
-## directory using the Mozilla PerLDAP module.
-##
-## writen by jerry@samba.org
-##
-## ported to Net::LDAP by dkrovich@slackworks.com
-
-use Net::LDAP;
-
-#################################################
-## set these to a value appropriate for your site
-##
-
-$DN="dc=samba,dc=my-domain,dc=com";
-$ROOTDN="cn=Manager,dc=my-domain,dc=com";
-$rootpw = "secret";
-$LDAPSERVER="localhost";
-
-##
-## end local site variables
-#################################################
-
-$ldap = Net::LDAP->new($LDAPSERVER) or die "Unable to connect to LDAP server $LDAPSERVER";
-
-## Bind as $ROOTDN so you can do updates
-$mesg = $ldap->bind($ROOTDN, password => $rootpw);
-
-while ( $string = <STDIN> ) {
- chop ($string);
-
- ## Get the account info from the smbpasswd file
- @smbentry = split (/:/, $string);
-
- ## Check for the existence of a system account
- @getpwinfo = getpwnam($smbentry[0]);
- if (! @getpwinfo ) {
- print STDERR "$smbentry[0] does not have a system account... skipping\n";
- next;
- }
-
- ## check and see if account info already exists in LDAP.
- $result = $ldap->search ( base => "$DN",
- scope => "sub",
- filter => "(&(|(objectclass=posixAccount)(objectclass=smbPasswordEntry))(uid=$smbentry[0]))"
- );
-
- ## If no LDAP entry exists, create one.
- if ( $result->count == 0 ) {
- $entry = $ldap->add ( dn => "uid=$smbentry[0]\,$DN",
- attrs => [
- uid => $smbentry[0],
- uidNumber => @getpwinfo[2],
- lmPassword => $smbentry[2],
- ntPassword => $smbentry[3],
- acctFlags => $smbentry[4],
- pwdLastSet => substr($smbentry[5],4),
- objectclass => [ 'top', 'smbPasswordEntry' ]
- ]
- );
- print "Adding [uid=" . $smbentry[0] . "," . $DN . "]\n";
-
- ## Otherwise, supplement/update the existing entry.
- } elsif ($result->count == 1) {
- # Put the search results into an entry object
- $entry = $result->shift_entry;
-
- print "Updating [" . $entry->dn . "]\n";
-
- ## Add the objectclass: smbPasswordEntry attribute if it's not there
- @values = $entry->get_value( "objectclass" );
- $flag = 1;
- foreach $item (@values) {
- if ( lc($item) eq "smbpasswordentry" ) {
- print $item . "\n";
- $flag = 0;
- }
- }
- if ( $flag ) {
- $entry->add(objectclass => "smbPasswordEntry");
- }
-
- ## Set the other attribute values
- $entry->replace(lmPassword => $smbentry[2],
- ntPassword => $smbentry[3],
- acctFlags => $smbentry[4],
- pwdLastSet => substr($smbentry[5],4)
- );
-
- ## Apply changes to the LDAP server
- $updatemesg = $entry->update($ldap);
- if ( $updatemesg->code ) {
- print "Error updating $smbentry[0]!\n";
- }
-
- ## If we get here, the LDAP search returned more than one value
- ## which shouldn't happen under normal circumstances.
- } else {
- print STDERR "LDAP search returned more than one entry for $smbentry[0]... skipping!\n";
- next;
- }
-}
-
-$ldap->unbind();
-exit 0;
-
-
diff --git a/examples/LDAP/import_smbpasswd.pl b/examples/LDAP/import_smbpasswd.pl
index 14aeff967f..61ad33c809 100644
--- a/examples/LDAP/import_smbpasswd.pl
+++ b/examples/LDAP/import_smbpasswd.pl
@@ -1,13 +1,13 @@
#!/usr/bin/perl
##
-## Example script of how you could import and smbpasswd file into an LDAP
+## Example script of how you could import a smbpasswd file into an LDAP
## directory using the Mozilla PerLDAP module.
##
## writen by jerry@samba.org
##
+## ported to Net::LDAP by dkrovich@slackworks.com
-use Mozilla::LDAP::Conn;
-use Mozilla::LDAP::Entry;
+use Net::LDAP;
#################################################
## set these to a value appropriate for your site
@@ -15,51 +15,105 @@ use Mozilla::LDAP::Entry;
$DN="ou=people,dc=plainjoe,dc=org";
$ROOTDN="cn=Manager,dc=plainjoe,dc=org";
-$rootpw = "secret";
-$LDAPSERVER="localhost";
+# If you use perl special character in your
+# rootpw, escape them:
+# $rootpw = "secr\@t" instead of $rootpw = "secr@t"
+$rootpw = "n0pass";
+$LDAPSERVER="scooby";
##
## end local site variables
#################################################
-$conn = new Mozilla::LDAP::Conn ("$LDAPSERVER", "389", $ROOTDN, $rootpw );
-die "Unable to connect to LDAP server $LDAPSERVER" unless $conn;
+$ldap = Net::LDAP->new($LDAPSERVER) or die "Unable to connect to LDAP server $LDAPSERVER";
+## Bind as $ROOTDN so you can do updates
+$mesg = $ldap->bind($ROOTDN, password => $rootpw);
+$mesg->error() if $mesg->code();
while ( $string = <STDIN> ) {
- chop ($string);
+ chomp ($string);
- ## get the account information
+ ## Get the account info from the smbpasswd file
@smbentry = split (/:/, $string);
- ## check for the existence of the posixAccount first
+ ## Check for the existence of a system account
+ @getpwinfo = getpwnam($smbentry[0]);
+ if (! @getpwinfo ) {
+ print STDERR "**$smbentry[0] does not have a system account... \n";
+ next;
+ }
+ ## Calculate RID = uid*2 +1000
+ $rid=@getpwinfo[2]*2+1000;
+
+ ## check and see if account info already exists in LDAP.
+ $result = $ldap->search ( base => "$DN",
+ scope => "sub",
+ filter => "(uid=$smbentry[0])"
+ );
- ## FIXME!! Should do a getownam() and let the NSS modules lookup the account
- ## This way you can have a UNIX account in /etc/passwd and the smbpasswd i
- ## entry in LDAP.
- $result = $conn->search ("$DN", "sub", "(&(uid=$smbentry[0])(objectclass=posixAccount))");
- if ( ! $result ) {
- print STDERR "uid=$smbentry[0] does not have a posixAccount entry in the directory!\n";
- next;
- }
+ ## If no LDAP entry exists, create one.
+ if ( $result->count == 0 ) {
+ $new_entry = Net::LDAP::Entry->new();
+ $new_entry->add( dn => "uid=$smbentry[0],$DN",
+ uid => $smbentry[0],
+ rid => $rid,
+ lmPassword => $smbentry[2],
+ ntPassword => $smbentry[3],
+ acctFlags => $smbentry[4],
+ cn => $smbentry[0],
+ pwdLastSet => hex(substr($smbentry[5],4)),
+ objectclass => 'sambaAccount' );
- print "Updating [" . $result->getDN() . "]\n";
+ $result = $ldap->add( $new_entry );
+ $result->error() if $result->code();
+ print "Adding [uid=" . $smbentry[0] . "," . $DN . "]\n";
- ## Do we need to add the 'objectclass: smbPasswordEntry' attribute?
- if (! $result->hasValue("objectclass", "smbPasswordEntry")) {
- $result->addValue("objectclass", "smbPasswordEntry");
- }
-
- ## Set other attribute values
- $result->setValues ("lmPassword", $smbentry[2]);
- $result->setValues ("ntPassword", $smbentry[3]);
- $result->setValues ("acctFlags", $smbentry[4]);
- $result->setValues ("pwdLastSet", substr($smbentry[5],4));
-
- if (! $conn->update($result)) {
- print "Error updating!\n";
- }
+ ## Otherwise, supplement/update the existing entry.
+ }
+ elsif ($result->count == 1)
+ {
+ # Put the search results into an entry object
+ $entry = $result->entry(0);
+
+ print "Updating [" . $entry->dn . "]\n";
+
+ ## Add the objectclass: sambaAccount attribute if it's not there
+ @values = $entry->get_value( "objectclass" );
+ $flag = 1;
+ foreach $item (@values) {
+ print "$item\n";
+ if ( "$item" eq "sambaAccount" ) {
+ $flag = 0;
+ }
+ }
+ if ( $flag ) {
+ ## Adding sambaAccount objectclass requires adding at least rid:
+ ## uid attribute already exists we know since we searched on it
+ $entry->add(objectclass => "sambaAccount",
+ rid => $rid );
+ }
+
+ ## Set the other attribute values
+ $entry->replace(rid => $rid,
+ lmPassword => $smbentry[2],
+ ntPassword => $smbentry[3],
+ acctFlags => $smbentry[4],
+ pwdLastSet => hex(substr($smbentry[5],4)));
+
+ ## Apply changes to the LDAP server
+ $updatemesg = $entry->update($ldap);
+ $updatemesg->error() if $updatemesg->code();
+
+ ## If we get here, the LDAP search returned more than one value
+ ## which shouldn't happen under normal circumstances.
+ } else {
+ print STDERR "LDAP search returned more than one entry for $smbentry[0]... skipping!\n";
+ next;
+ }
}
-$conn->close();
+$ldap->unbind();
exit 0;
+
+