diff options
Diffstat (limited to 'examples/LDAP/smbldap-tools/smbldap-migrate-groups.pl')
-rw-r--r-- | examples/LDAP/smbldap-tools/smbldap-migrate-groups.pl | 225 |
1 files changed, 225 insertions, 0 deletions
diff --git a/examples/LDAP/smbldap-tools/smbldap-migrate-groups.pl b/examples/LDAP/smbldap-tools/smbldap-migrate-groups.pl new file mode 100644 index 0000000000..0d3dd07d50 --- /dev/null +++ b/examples/LDAP/smbldap-tools/smbldap-migrate-groups.pl @@ -0,0 +1,225 @@ +#!/usr/bin/perl + +# This code was developped by IDEALX (http://IDEALX.org/) and +# contributors (their names can be found in the CONTRIBUTORS file). +# +# Copyright (C) 2002 IDEALX +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License +# as published by the Free Software Foundation; either version 2 +# of the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, +# USA. + +# Purpose of smbldap-migrate-groups : to parse a Windows +# group dump and populate Unix groups +# Reads group dump on stdin + + +use strict; +use smbldap_tools; +use smbldap_conf; +use Getopt::Std; + + + +sub process_rec_group +{ + my ($group, $mb) = @_; + my @members; + + if (!(@members = group_get_members($group))) { + return 0; + } + + foreach my $m (@members) { + if ( !($m =~ m/^\*/) ) { + push @{$mb}, $m; + } else { + my $gname = $m; + $gname =~ s/^.//; + if (!process_rec_group($gname, $mb)) { + print "recursive group not added : $gname\n"; + } + } + } +} + + +# given a group dn and a list of members, update the group +sub modify_group +{ + my ($group, $dn_line, @members, $recgroup) = @_; + my $m; + my @new_mb; + + foreach $m (@members) { + if ( ($m =~ m/^\*/) ) { + my $gname = $m; + $gname =~ s/^.//; + if (!$recgroup) { + print "recursive group not added : $gname\n"; + } else { + if (!process_rec_group($gname, \@new_mb)) { + print "recursive group not added : $gname\n"; + } + } + } else { + push @new_mb, $m; + } + } + + # new_mb contains flat members from group dump + # now append them to existing members + push @new_mb, group_get_members($group); + # uniq them + my %saw; + @saw{@new_mb} = (); + @new_mb = keys %saw; + + my $nmb = $#new_mb + 1; + print STDERR "Group $group now has $nmb member(s)\n"; + + my $mbs; + foreach $m (@new_mb) { + $mbs .= "memberUid: $m\n"; + } + + my $mods="$dn_line +changetype: modify +replace: memberUid +$mbs +"; + + #print "$mods\n"; + my $tmpldif = +"$mods +"; + + die "$0: error while modifying group $group\n" + unless (do_ldapmodify($tmpldif) == 0); + undef $tmpldif; +} + +sub display_group +{ + my ($group, @members) = @_; + + print "Group name $group\n"; + print "Members\n"; + my $m; + my $i = 0; + foreach $m (@members) { + print "$m "; + if ($i % 5 == 0) { + print "\n"; + } + $i++; + } +} + +sub process_group +{ + my ($group, @members, $nocreate, $noupdate, $recgroup) = @_; + + my $dn_line; + if (!defined($dn_line = get_group_dn($group))) { + # group not found, create it ? + if (!$nocreate) { + system "/usr/local/sbin/smbldap-groupadd.pl \"$group\"; sleep 5"; + if (!defined($dn_line = get_group_dn($group))) { + return 1; + } + modify_group($group, $dn_line, @members, $recgroup); + } else { + # don't create + print "not created:\n"; + display_group($group, @members); + } + } else { + # group found, update it ? + if (!$noupdate) { + modify_group($group, $dn_line, @members, $recgroup); + } else { + # don't update + print "not updated:\n"; + display_group($group, @members); + } + } +} + +################################################### + +my %Options; + +my $ok = getopts('CUr?', \%Options); +if ( (!$ok) || ($Options{'?'}) ) { + print "Usage: $0 [-CUr?] < group_dump\n"; + print " -C don't create group if it doesn't exist\n"; + print " -U don't update group if it exists\n"; + print " -r recursively process groups\n"; + exit(1); +} + +my $group_name; +my $group_desc; +my $has_members = 0; +my @members = (); + +while (<>) +{ + my $line = $_; + chomp($line); + next if ( $line =~ m/^\s*$/ ); + + if ($group_name eq "") { + if ( $line =~ m/^Group name\s+(.+).$/ ) { + $group_name = $1; + next; + } + } + if ($group_desc eq "") { + if ( $line =~ m/^Comment\s+(.*)$/ ) { + $group_desc = $1; + next; + } + } + next if ( $line =~ m/^-+.$/ ); + if (!$has_members) { + if ( $line =~ m/^Members/ ) { + $has_members = 1; + next; + } + } else { + if ( $line =~ m/^The command completed successfully/ ) { + last; + } else { + push(@members, split(/\s+/, $line)); + next; + } + } + + #print; +} + +if ( $#members > -1) { + process_group($group_name, @members, $Options{'C'}, $Options{'U'}, $Options{'r'}); +} + +#print "gn=$group_name\n"; +#print "gd=$group_desc\n"; +#my $m; +#foreach $m (@members) +#{ +# print "$m "; +#} +#print "\n"; |