summaryrefslogtreecommitdiff
path: root/examples/LDAP/import2_smbpasswd.pl
diff options
context:
space:
mode:
Diffstat (limited to 'examples/LDAP/import2_smbpasswd.pl')
-rw-r--r--examples/LDAP/import2_smbpasswd.pl108
1 files changed, 108 insertions, 0 deletions
diff --git a/examples/LDAP/import2_smbpasswd.pl b/examples/LDAP/import2_smbpasswd.pl
new file mode 100644
index 0000000000..bf643391a7
--- /dev/null
+++ b/examples/LDAP/import2_smbpasswd.pl
@@ -0,0 +1,108 @@
+#!/usr/bin/perl
+##
+## Example script of how you could import a smbpasswd file into an LDAP
+## directory using the Mozilla PerLDAP module.
+##
+## writen by jerry@samba.org
+##
+## ported to Net::LDAP by dkrovich@slackworks.com
+
+use Net::LDAP;
+
+#################################################
+## set these to a value appropriate for your site
+##
+
+$DN="dc=samba,dc=my-domain,dc=com";
+$ROOTDN="cn=Manager,dc=my-domain,dc=com";
+$rootpw = "secret";
+$LDAPSERVER="localhost";
+
+##
+## end local site variables
+#################################################
+
+$ldap = Net::LDAP->new($LDAPSERVER) or die "Unable to connect to LDAP server $LDAPSERVER";
+
+## Bind as $ROOTDN so you can do updates
+$mesg = $ldap->bind($ROOTDN, password => $rootpw);
+
+while ( $string = <STDIN> ) {
+ chop ($string);
+
+ ## Get the account info from the smbpasswd file
+ @smbentry = split (/:/, $string);
+
+ ## Check for the existence of a system account
+ @getpwinfo = getpwnam($smbentry[0]);
+ if (! @getpwinfo ) {
+ print STDERR "$smbentry[0] does not have a system account... skipping\n";
+ next;
+ }
+
+ ## check and see if account info already exists in LDAP.
+ $result = $ldap->search ( base => "$DN",
+ scope => "sub",
+ filter => "(&(|(objectclass=posixAccount)(objectclass=smbPasswordEntry))(uid=$smbentry[0]))"
+ );
+
+ ## If no LDAP entry exists, create one.
+ if ( $result->count == 0 ) {
+ $entry = $ldap->add ( dn => "uid=$smbentry[0]\,$DN",
+ attrs => [
+ uid => $smbentry[0],
+ uidNumber => @getpwinfo[2],
+ lmPassword => $smbentry[2],
+ ntPassword => $smbentry[3],
+ acctFlags => $smbentry[4],
+ pwdLastSet => substr($smbentry[5],4),
+ objectclass => [ 'top', 'smbPasswordEntry' ]
+ ]
+ );
+ print "Adding [uid=" . $smbentry[0] . "," . $DN . "]\n";
+
+ ## Otherwise, supplement/update the existing entry.
+ } elsif ($result->count == 1) {
+ # Put the search results into an entry object
+ $entry = $result->shift_entry;
+
+ print "Updating [" . $entry->dn . "]\n";
+
+ ## Add the objectclass: smbPasswordEntry attribute if it's not there
+ @values = $entry->get_value( "objectclass" );
+ $flag = 1;
+ foreach $item (@values) {
+ if ( lc($item) eq "smbpasswordentry" ) {
+ print $item . "\n";
+ $flag = 0;
+ }
+ }
+ if ( $flag ) {
+ $entry->add(objectclass => "smbPasswordEntry");
+ }
+
+ ## Set the other attribute values
+ $entry->replace(lmPassword => $smbentry[2],
+ ntPassword => $smbentry[3],
+ acctFlags => $smbentry[4],
+ pwdLastSet => substr($smbentry[5],4)
+ );
+
+ ## Apply changes to the LDAP server
+ $updatemesg = $entry->update($ldap);
+ if ( $updatemesg->code ) {
+ print "Error updating $smbentry[0]!\n";
+ }
+
+ ## If we get here, the LDAP search returned more than one value
+ ## which shouldn't happen under normal circumstances.
+ } else {
+ print STDERR "LDAP search returned more than one entry for $smbentry[0]... skipping!\n";
+ next;
+ }
+}
+
+$ldap->unbind();
+exit 0;
+
+