summaryrefslogtreecommitdiff
path: root/examples/LDAP/smbldap-tools/smbldap-groupadd.pl
diff options
context:
space:
mode:
Diffstat (limited to 'examples/LDAP/smbldap-tools/smbldap-groupadd.pl')
-rwxr-xr-xexamples/LDAP/smbldap-tools/smbldap-groupadd.pl95
1 files changed, 83 insertions, 12 deletions
diff --git a/examples/LDAP/smbldap-tools/smbldap-groupadd.pl b/examples/LDAP/smbldap-tools/smbldap-groupadd.pl
index 91cd2dad53..e242d6e223 100755
--- a/examples/LDAP/smbldap-tools/smbldap-groupadd.pl
+++ b/examples/LDAP/smbldap-tools/smbldap-groupadd.pl
@@ -27,33 +27,104 @@ use FindBin;
use FindBin qw($RealBin);
use lib "$RealBin/";
use smbldap_tools;
-
+use smbldap_conf;
use Getopt::Std;
my %Options;
-my $ok = getopts('og:?', \%Options);
+my $ok = getopts('ag:or:s:t:p?', \%Options);
if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) ) {
- print "Usage: $0 [-go?] groupname\n";
- print " -g gid\n";
- print " -o gid is not unique\n";
- print " -? show this help message\n";
- exit (1);
+ print "Usage: $0 [-agorst?] groupname\n";
+ print " -a add automatic group mapping entry\n";
+ print " -g gid\n";
+ print " -o gid is not unique\n";
+ print " -r group-rid\n";
+ print " -s group-sid\n";
+ print " -t group-type\n";
+ print " -p print the gidNumber to stdout\n";
+ print " -? show this help message\n";
+ exit (1);
}
my $_groupName = $ARGV[0];
if (defined(get_group_dn($_groupName))) {
- print "$0: group $_groupName exists\n";
- exit (6);
+ warn "$0: group $_groupName exists\n";
+ exit (6);
}
my $_groupGidNumber = $Options{'g'};
+if (! defined ($_groupGidNumber = group_add($_groupName, $_groupGidNumber, $Options{'o'}))) {
+ warn "$0: error adding group $_groupName\n";
+ exit (6);
+}
+
+my $group_sid;
+my $tmp;
+if ($tmp= $Options{'s'}) {
+ if ($tmp =~ /^S-(?:\d+-)+\d+$/) {
+ $group_sid = $tmp;
+ } else {
+ warn "$0: illegal group-rid $tmp\n";
+ exit(7);
+ }
+} elsif ($Options{'r'} || $Options{'a'}) {
+ my $group_rid;
+ if ($tmp= $Options{'r'}) {
+ if ($tmp =~ /^\d+$/) {
+ $group_rid = $tmp;
+ } else {
+ warn "$0: illegal group-rid $tmp\n";
+ exit(7);
+ }
+ } else {
+ # algorithmic mapping
+ $group_rid = 2*$_groupGidNumber+1001;
+ }
+ $group_sid = $SID.'-'.$group_rid;
+}
-if (!group_add($_groupName, $_groupGidNumber, $Options{'o'})) {
- print "$0: error adding group $_groupName\n";
- exit (6);
+if ($Options{'r'} || $Options{'a'} || $Options{'s'}) {
+ # let's test if this SID already exist
+ my $test_exist_sid=does_sid_exist($group_sid,$groupsdn);
+ if ($test_exist_sid->count == 1) {
+ warn "Group SID already owned by\n";
+ # there should not exist more than one entry, but ...
+ foreach my $entry ($test_exist_sid->all_entries) {
+ my $dn= $entry->dn;
+ chomp($dn);
+ warn "$dn\n";
+ }
+ exit(7);
+ }
}
+if ($group_sid) {
+ my $group_type;
+ my $tmp;
+ if ($tmp= $Options{'t'}) {
+ unless (defined($group_type = &group_type_by_name($tmp))) {
+ warn "$0: unknown group type $tmp\n";
+ exit(8);
+ }
+ } else {
+ $group_type = group_type_by_name('domain');
+ }
+ my $ldap_master=connect_ldap_master();
+ my $modify = $ldap_master->modify ( "cn=$_groupName,$groupsdn",
+ add => {
+ 'objectClass' => 'sambaGroupMapping',
+ 'sambaSID' => $group_sid,
+ 'sambaGroupType' => $group_type
+ }
+ );
+ $modify->code && warn "failed to delete entry: ", $modify->error ;
+ # take down session
+ $ldap_master->unbind
+}
+
+if ($Options{'p'}) {
+ print STDOUT "$_groupGidNumber";
+}
exit(0);
########################################
generated by cgit (git 2.34.1) at 2024-11-27 17:27:59 +0000