diff options
-rw-r--r-- | examples/LDAP/export2_smbpasswd.pl | 64 | ||||
-rw-r--r-- | examples/LDAP/export_smbpasswd.pl | 51 | ||||
-rw-r--r-- | examples/LDAP/import2_smbpasswd.pl | 108 | ||||
-rw-r--r-- | examples/LDAP/import_smbpasswd.pl | 122 |
4 files changed, 114 insertions, 231 deletions
diff --git a/examples/LDAP/export2_smbpasswd.pl b/examples/LDAP/export2_smbpasswd.pl deleted file mode 100644 index 90f5805e55..0000000000 --- a/examples/LDAP/export2_smbpasswd.pl +++ /dev/null @@ -1,64 +0,0 @@ -#!/usr/bin/perl -## -## Example script to export ldap entries into an smbpasswd file format -## using the Mozilla PerLDAP module. -## -## writen by jerry@samba.org -## -## ported to Net::LDAP by dkrovich@slackworks.com - -use Net::LDAP; - -###################################################### -## Set these values to whatever you need for your site -## - -$DN="dc=samba,dc=my-domain,dc=com"; -$ROOTDN="cn=Manager,dc=my-domain,dc=com"; -$rootpw = "secret"; -$LDAPSERVER="localhost"; - -## -## end local site variables -###################################################### - -$ldap = Net::LDAP->new($LDAPSERVER) or die "Unable to connect to LDAP server $LDAPSERVER"; - -print "##\n"; -print "## Autogenerated smbpasswd file via ldapsearch\n"; -print "## from $LDAPSERVER ($DN)\n"; -print "##\n"; - -## scheck for the existence of the posixAccount first -$result = $ldap->search ( base => "$DN", - scope => "sub", - filter => "(objectclass=smbpasswordentry)" - ); - - - -## loop over the entries we found -while ( $entry = $result->shift_entry() ) { - - @uid = $entry->get_value("uid"); - @uidNumber = $entry->get_value("uidNumber"); - @lm_pw = $entry->get_value("lmpassword"); - @nt_pw = $entry->get_value("ntpassword"); - @acct = $entry->get_value("acctFlags"); - @pwdLastSet = $entry->get_value("pwdLastSet"); - - if (($#uid+1) && ($#uidNumber+1)) { - - $lm_pw[0] = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" if (! ($#lm_pw+1)); - $nt_pw[0] = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" if (! ($#nt_pw+1)); - $acct[0] = "[DU ]" if (! ($#acct+1)); - $pwdLastSet[0] = "FFFFFFFF" if (! ($#pwdLastSet+1)); - - print "$uid[0]:$uidNumber[0]:$lm_pw[0]:$nt_pw[0]:$acct[0]:LCT-$pwdLastSet[0]\n"; - } - -} - -$ldap->unbind(); -exit 0; - diff --git a/examples/LDAP/export_smbpasswd.pl b/examples/LDAP/export_smbpasswd.pl index 3f67dc6242..e4f120bf02 100644 --- a/examples/LDAP/export_smbpasswd.pl +++ b/examples/LDAP/export_smbpasswd.pl @@ -5,16 +5,16 @@ ## ## writen by jerry@samba.org ## +## ported to Net::LDAP by dkrovich@slackworks.com -use Mozilla::LDAP::Conn; -use Mozilla::LDAP::Entry; +use Net::LDAP; ###################################################### ## Set these values to whatever you need for your site ## -$DN="ou=people,dc=plainjoe,dc=org"; -$ROOTDN="cn=Manager,dc=plainjoe,dc=org"; +$DN="dc=samba,dc=my-domain,dc=com"; +$ROOTDN="cn=Manager,dc=my-domain,dc=com"; $rootpw = "secret"; $LDAPSERVER="localhost"; @@ -22,9 +22,7 @@ $LDAPSERVER="localhost"; ## end local site variables ###################################################### - -$conn = new Mozilla::LDAP::Conn ("$LDAPSERVER", "389", $ROOTDN, $rootpw ); -die "Unable to connect to LDAP server $LDAPSERVER" unless $conn; +$ldap = Net::LDAP->new($LDAPSERVER) or die "Unable to connect to LDAP server $LDAPSERVER"; print "##\n"; print "## Autogenerated smbpasswd file via ldapsearch\n"; @@ -32,32 +30,35 @@ print "## from $LDAPSERVER ($DN)\n"; print "##\n"; ## scheck for the existence of the posixAccount first -$result = $conn->search ("$DN", "sub", "(objectclass=smbPasswordEntry)"); - - +$result = $ldap->search ( base => "$DN", + scope => "sub", + filter => "(objectclass=sambaAccount)" + ); + + + ## loop over the entries we found -while ($result) { - - @uid = $result->getValue("uid"); - @uidNumber = $result->getValue("uidNumber"); - @lm_pw = $result->getValue("lmpassword"); - @nt_pw = $result->getValue("ntpassword"); - @acct = $result->getValue("acctFlags"); - @pwdLastSet = $result->getValue("pwdLastSet"); - +while ( $entry = $result->shift_entry() ) { + + @uid = $entry->get_value("uid"); + @uidNumber = $entry->get_value("uidNumber"); + @lm_pw = $entry->get_value("lmpassword"); + @nt_pw = $entry->get_value("ntpassword"); + @acct = $entry->get_value("acctFlags"); + @pwdLastSet = $entry->get_value("pwdLastSet"); + if (($#uid+1) && ($#uidNumber+1)) { - + $lm_pw[0] = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" if (! ($#lm_pw+1)); $nt_pw[0] = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" if (! ($#nt_pw+1)); $acct[0] = "[DU ]" if (! ($#acct+1)); $pwdLastSet[0] = "FFFFFFFF" if (! ($#pwdLastSet+1)); - + print "$uid[0]:$uidNumber[0]:$lm_pw[0]:$nt_pw[0]:$acct[0]:LCT-$pwdLastSet[0]\n"; } - - $result = $conn->nextEntry(); - + } -$conn->close(); +$ldap->unbind(); exit 0; + diff --git a/examples/LDAP/import2_smbpasswd.pl b/examples/LDAP/import2_smbpasswd.pl deleted file mode 100644 index bf643391a7..0000000000 --- a/examples/LDAP/import2_smbpasswd.pl +++ /dev/null @@ -1,108 +0,0 @@ -#!/usr/bin/perl -## -## Example script of how you could import a smbpasswd file into an LDAP -## directory using the Mozilla PerLDAP module. -## -## writen by jerry@samba.org -## -## ported to Net::LDAP by dkrovich@slackworks.com - -use Net::LDAP; - -################################################# -## set these to a value appropriate for your site -## - -$DN="dc=samba,dc=my-domain,dc=com"; -$ROOTDN="cn=Manager,dc=my-domain,dc=com"; -$rootpw = "secret"; -$LDAPSERVER="localhost"; - -## -## end local site variables -################################################# - -$ldap = Net::LDAP->new($LDAPSERVER) or die "Unable to connect to LDAP server $LDAPSERVER"; - -## Bind as $ROOTDN so you can do updates -$mesg = $ldap->bind($ROOTDN, password => $rootpw); - -while ( $string = <STDIN> ) { - chop ($string); - - ## Get the account info from the smbpasswd file - @smbentry = split (/:/, $string); - - ## Check for the existence of a system account - @getpwinfo = getpwnam($smbentry[0]); - if (! @getpwinfo ) { - print STDERR "$smbentry[0] does not have a system account... skipping\n"; - next; - } - - ## check and see if account info already exists in LDAP. - $result = $ldap->search ( base => "$DN", - scope => "sub", - filter => "(&(|(objectclass=posixAccount)(objectclass=smbPasswordEntry))(uid=$smbentry[0]))" - ); - - ## If no LDAP entry exists, create one. - if ( $result->count == 0 ) { - $entry = $ldap->add ( dn => "uid=$smbentry[0]\,$DN", - attrs => [ - uid => $smbentry[0], - uidNumber => @getpwinfo[2], - lmPassword => $smbentry[2], - ntPassword => $smbentry[3], - acctFlags => $smbentry[4], - pwdLastSet => substr($smbentry[5],4), - objectclass => [ 'top', 'smbPasswordEntry' ] - ] - ); - print "Adding [uid=" . $smbentry[0] . "," . $DN . "]\n"; - - ## Otherwise, supplement/update the existing entry. - } elsif ($result->count == 1) { - # Put the search results into an entry object - $entry = $result->shift_entry; - - print "Updating [" . $entry->dn . "]\n"; - - ## Add the objectclass: smbPasswordEntry attribute if it's not there - @values = $entry->get_value( "objectclass" ); - $flag = 1; - foreach $item (@values) { - if ( lc($item) eq "smbpasswordentry" ) { - print $item . "\n"; - $flag = 0; - } - } - if ( $flag ) { - $entry->add(objectclass => "smbPasswordEntry"); - } - - ## Set the other attribute values - $entry->replace(lmPassword => $smbentry[2], - ntPassword => $smbentry[3], - acctFlags => $smbentry[4], - pwdLastSet => substr($smbentry[5],4) - ); - - ## Apply changes to the LDAP server - $updatemesg = $entry->update($ldap); - if ( $updatemesg->code ) { - print "Error updating $smbentry[0]!\n"; - } - - ## If we get here, the LDAP search returned more than one value - ## which shouldn't happen under normal circumstances. - } else { - print STDERR "LDAP search returned more than one entry for $smbentry[0]... skipping!\n"; - next; - } -} - -$ldap->unbind(); -exit 0; - - diff --git a/examples/LDAP/import_smbpasswd.pl b/examples/LDAP/import_smbpasswd.pl index 14aeff967f..61ad33c809 100644 --- a/examples/LDAP/import_smbpasswd.pl +++ b/examples/LDAP/import_smbpasswd.pl @@ -1,13 +1,13 @@ #!/usr/bin/perl ## -## Example script of how you could import and smbpasswd file into an LDAP +## Example script of how you could import a smbpasswd file into an LDAP ## directory using the Mozilla PerLDAP module. ## ## writen by jerry@samba.org ## +## ported to Net::LDAP by dkrovich@slackworks.com -use Mozilla::LDAP::Conn; -use Mozilla::LDAP::Entry; +use Net::LDAP; ################################################# ## set these to a value appropriate for your site @@ -15,51 +15,105 @@ use Mozilla::LDAP::Entry; $DN="ou=people,dc=plainjoe,dc=org"; $ROOTDN="cn=Manager,dc=plainjoe,dc=org"; -$rootpw = "secret"; -$LDAPSERVER="localhost"; +# If you use perl special character in your +# rootpw, escape them: +# $rootpw = "secr\@t" instead of $rootpw = "secr@t" +$rootpw = "n0pass"; +$LDAPSERVER="scooby"; ## ## end local site variables ################################################# -$conn = new Mozilla::LDAP::Conn ("$LDAPSERVER", "389", $ROOTDN, $rootpw ); -die "Unable to connect to LDAP server $LDAPSERVER" unless $conn; +$ldap = Net::LDAP->new($LDAPSERVER) or die "Unable to connect to LDAP server $LDAPSERVER"; +## Bind as $ROOTDN so you can do updates +$mesg = $ldap->bind($ROOTDN, password => $rootpw); +$mesg->error() if $mesg->code(); while ( $string = <STDIN> ) { - chop ($string); + chomp ($string); - ## get the account information + ## Get the account info from the smbpasswd file @smbentry = split (/:/, $string); - ## check for the existence of the posixAccount first + ## Check for the existence of a system account + @getpwinfo = getpwnam($smbentry[0]); + if (! @getpwinfo ) { + print STDERR "**$smbentry[0] does not have a system account... \n"; + next; + } + ## Calculate RID = uid*2 +1000 + $rid=@getpwinfo[2]*2+1000; + + ## check and see if account info already exists in LDAP. + $result = $ldap->search ( base => "$DN", + scope => "sub", + filter => "(uid=$smbentry[0])" + ); - ## FIXME!! Should do a getownam() and let the NSS modules lookup the account - ## This way you can have a UNIX account in /etc/passwd and the smbpasswd i - ## entry in LDAP. - $result = $conn->search ("$DN", "sub", "(&(uid=$smbentry[0])(objectclass=posixAccount))"); - if ( ! $result ) { - print STDERR "uid=$smbentry[0] does not have a posixAccount entry in the directory!\n"; - next; - } + ## If no LDAP entry exists, create one. + if ( $result->count == 0 ) { + $new_entry = Net::LDAP::Entry->new(); + $new_entry->add( dn => "uid=$smbentry[0],$DN", + uid => $smbentry[0], + rid => $rid, + lmPassword => $smbentry[2], + ntPassword => $smbentry[3], + acctFlags => $smbentry[4], + cn => $smbentry[0], + pwdLastSet => hex(substr($smbentry[5],4)), + objectclass => 'sambaAccount' ); - print "Updating [" . $result->getDN() . "]\n"; + $result = $ldap->add( $new_entry ); + $result->error() if $result->code(); + print "Adding [uid=" . $smbentry[0] . "," . $DN . "]\n"; - ## Do we need to add the 'objectclass: smbPasswordEntry' attribute? - if (! $result->hasValue("objectclass", "smbPasswordEntry")) { - $result->addValue("objectclass", "smbPasswordEntry"); - } - - ## Set other attribute values - $result->setValues ("lmPassword", $smbentry[2]); - $result->setValues ("ntPassword", $smbentry[3]); - $result->setValues ("acctFlags", $smbentry[4]); - $result->setValues ("pwdLastSet", substr($smbentry[5],4)); - - if (! $conn->update($result)) { - print "Error updating!\n"; - } + ## Otherwise, supplement/update the existing entry. + } + elsif ($result->count == 1) + { + # Put the search results into an entry object + $entry = $result->entry(0); + + print "Updating [" . $entry->dn . "]\n"; + + ## Add the objectclass: sambaAccount attribute if it's not there + @values = $entry->get_value( "objectclass" ); + $flag = 1; + foreach $item (@values) { + print "$item\n"; + if ( "$item" eq "sambaAccount" ) { + $flag = 0; + } + } + if ( $flag ) { + ## Adding sambaAccount objectclass requires adding at least rid: + ## uid attribute already exists we know since we searched on it + $entry->add(objectclass => "sambaAccount", + rid => $rid ); + } + + ## Set the other attribute values + $entry->replace(rid => $rid, + lmPassword => $smbentry[2], + ntPassword => $smbentry[3], + acctFlags => $smbentry[4], + pwdLastSet => hex(substr($smbentry[5],4))); + + ## Apply changes to the LDAP server + $updatemesg = $entry->update($ldap); + $updatemesg->error() if $updatemesg->code(); + + ## If we get here, the LDAP search returned more than one value + ## which shouldn't happen under normal circumstances. + } else { + print STDERR "LDAP search returned more than one entry for $smbentry[0]... skipping!\n"; + next; + } } -$conn->close(); +$ldap->unbind(); exit 0; + + |