diff options
Diffstat (limited to 'examples/LDAP/convertSambaAccount')
| -rwxr-xr-x | examples/LDAP/convertSambaAccount | 233 |
1 files changed, 233 insertions, 0 deletions
diff --git a/examples/LDAP/convertSambaAccount b/examples/LDAP/convertSambaAccount new file mode 100755 index 0000000000..4357dbc8f8 --- /dev/null +++ b/examples/LDAP/convertSambaAccount @@ -0,0 +1,233 @@ +#!/usr/bin/perl -w +## +## Convert an LDIF file containing sambaAccount entries +## to the new sambaSamAccount objectclass +## +## Copyright Gerald (Jerry) Carter 2003 +## +## Usage: convertSambaAccount --sid=<Domain SID> \ +## --input=<input ldif> --output=<output ldif> \ +## --changetype=[modify|add] +## +## You can generate an input ldif file using: +## $ ldapsearch -LL -x -h ldapsrv -D cn=root,dc=company,dc=com \ +## -b dc=copmany,dc=com > /tmp/samba3.alpha23.ldif +## +## Note the "-LL" so no additional comments are generated +## + + +use strict; +use Net::LDAP::LDIF; +use Getopt::Long; + + +############################################################################## +## local variables + +my ( $domain, $domsid, $changetype ); +my ( $ldif, $ldif2 ); +my ( $entry, @objclasses, $obj ); +my ( $is_samba_account, $is_samba_group ); +my ( %attr_map, %group_attr_map, $key ); +my ( @dels, $deletion, @adds, $addition ); +my ( $result, %options ); + + +############################################################################## +## Print the option usage + +sub usage { + + print "convertSambaAccount <options>\n"; + print "Options:\n"; + print " --help print this help message\n"; + print " --input input LDIF filename\n"; + print " --output output LDIF filename\n"; + print " --sid domain SID\n"; + print " --changetype [modify|add] (default is 'add')\n"; +} + + +############################################################################## +## MAIN DRIVER ## +############################################################################## + +## +## hashes to map old attribute names to new ones +## + +%attr_map = ( + lmPassword => 'sambaLMPassword', + ntPassword => 'sambaNTPassword', + pwdLastSet => 'sambaPwdLastSet', + pwdMustChange => 'sambaPwdMustChange', + pwdCanChange => 'sambaPwdCanChange', + homeDrive => 'sambaHomeDrive', + smbHome => 'sambaHomePath', + scriptPath => 'sambaLogonScript', + profilePath => 'sambaProfilePath', + kickoffTime => 'sambaKickoffTime', + logonTime => 'sambaLogonTime', + logoffTime => 'sambaLogoffTime', + userWorkstations => 'sambaUserWorkstations', + domain => 'sambaDomainName', + acctFlags => 'sambaAcctFlags', +); + +%group_attr_map = ( + ntSid => 'sambaSID', + ntGroupType => 'sambaGroupType', +); + +## +## process command line args +## + +$result = GetOptions(\%options, + "help", + "input=s", + "output=s", + "sid=s", + "changetype=s"); + +if (!$result && ($#ARGV != -1)) { + usage(); + exit 1; +} + +if ( defined($options{'help'}) ) { + usage(); + exit 0; +} + + +if ( !defined( $options{'sid'} ) ) { + print "You must provide a domain sid\n"; + exit 1; +} + +$domsid = $options{'sid'}; + +$changetype = 'add'; +if ( defined( $options{'changetype'} ) ) { + $changetype = $options{'changetype'}; +} + +## +## open files +## + +$ldif = Net::LDAP::LDIF->new ($options{'input'}, "r") or die $!; + +if ( "$changetype" eq "add" ) { + $ldif2 = Net::LDAP::LDIF->new ($options{'output'}, "w") or die $!; +} +elsif ( "$changetype" eq "modify" ) { + open( OUTPUT, ">$options{'output'}" ) or die $!; +} +else { + print "Bad changetype!\n"; + exit 1; +} + +## +## process LDIF +## + +while ( !$ldif->eof ) { + undef ( $entry ); + $entry = $ldif->read_entry(); + + ## skip entry if we find an error + if ( $ldif->error() ) { + print "Error msg: ",$ldif->error(),"\n"; + print "Error lines:\n",$ldif->error_lines(),"\n"; + next; + } + + ## + ## check to see if we have anything to do on this + ## entry. If not just write it out + ## + @objclasses = $entry->get_value( "objectClass" ); + undef ( $is_samba_account ); + undef ( $is_samba_group ); + @adds = (); + @dels = (); + foreach $obj ( @objclasses ) { + if ( "$obj" eq "sambaAccount" ) { + $is_samba_account = 1; + } elsif ( "$obj" eq "sambaGroupMapping" ) { + $is_samba_group = 1; + } + } + + if ( defined ( $is_samba_account ) ) { + ## + ## start editing the sambaAccount + ## + + @dels = ( 'objectclass: sambaAccount', 'rid' ); + @adds = ('objectclass: sambaSamAccount', "sambaSID: " . ${domsid} . "-" . ${entry}->get_value( 'rid' ) ); + $entry->delete( 'objectclass' => [ 'sambaAccount' ] ); + $entry->add( 'objectclass' => 'sambaSamAccount' ); + + $entry->add( 'sambaSID' => $domsid."-".$entry->get_value( "rid" ) ); + $entry->delete( 'rid' ); + + if ( defined($entry->get_value( "primaryGroupID" )) ) { + push @adds, "sambaPrimaryGroupSID: " . $domsid."-".$entry->get_value( "primaryGroupID" ); + push @dels, "primaryGroupID"; + $entry->add( 'sambaPrimaryGroupSID' => $domsid."-".$entry->get_value( "primaryGroupID" ) ); + $entry->delete( 'primaryGroupID' ); + } + + + foreach $key ( keys %attr_map ) { + if ( defined($entry->get_value($key)) ) { + push @adds, "$attr_map{$key}: " . $entry->get_value($key); + push @dels, "$key"; + $entry->add( $attr_map{$key} => $entry->get_value($key) ); + $entry->delete( $key ); + } + } + } elsif ( defined ( $is_samba_group ) ) { + foreach $key ( keys %group_attr_map ) { + if ( defined($entry->get_value($key)) ) { + push @adds, "$group_attr_map{$key}: " . $entry->get_value($key); + push @dels, "$key"; + $entry->add( $group_attr_map{$key} => $entry->get_value($key) ); + $entry->delete( $key ); + } + } + } + + ## see if we should write full entries or only the changes + + if ( "$changetype" eq "add" ) { + $ldif2->write_entry( $entry ); + } + else { + if ( defined ( $is_samba_account ) || defined ( $is_samba_group ) ){ + if ( @adds + @dels > 0 ) { + print OUTPUT "dn: " . $entry->dn . "\n"; + foreach $addition (@adds) { + $addition =~ /(^\w+):/; + print OUTPUT "add: " . $1 . "\n"; + print OUTPUT "$addition\n-\n"; + } + foreach $deletion (@dels) { + if ( $deletion =~ /^(\w+):\s(.*)/ ) { + print OUTPUT "delete: $1\n$1: $2\n-\n"; + } else { + print OUTPUT "delete: $deletion\n-\n" + } + } + print OUTPUT "\n" + } + } + } +} + + |