summaryrefslogtreecommitdiff
path: root/examples/LDAP/smbldap-tools/smbldap_tools.pm
diff options
context:
space:
mode:
Diffstat (limited to 'examples/LDAP/smbldap-tools/smbldap_tools.pm')
-rwxr-xr-xexamples/LDAP/smbldap-tools/smbldap_tools.pm861
1 files changed, 494 insertions, 367 deletions
diff --git a/examples/LDAP/smbldap-tools/smbldap_tools.pm b/examples/LDAP/smbldap-tools/smbldap_tools.pm
index 0a451210f3..ad6ef74eb6 100755
--- a/examples/LDAP/smbldap-tools/smbldap_tools.pm
+++ b/examples/LDAP/smbldap-tools/smbldap_tools.pm
@@ -2,6 +2,7 @@
use strict;
package smbldap_tools;
use smbldap_conf;
+use Net::LDAP;
# This code was developped by IDEALX (http://IDEALX.org/) and
# contributors (their names can be found in the CONTRIBUTORS file).
@@ -29,6 +30,7 @@ use smbldap_conf;
use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
use Exporter;
$VERSION = 1.00;
+
@ISA = qw(Exporter);
@EXPORT = qw(
@@ -59,101 +61,149 @@ get_user_dn2
# dn_line = get_user_dn($username)
# where dn_line is like "dn: a=b,c=d"
+
+#sub ldap_search
+#{
+#my ($local_base,$local_scope,$local_filtre)=@_;
+#}
+
+
+
sub get_user_dn
{
my $user = shift;
- my $dn=`$ldapsearch -b '$suffix' -s '$scope' '(&(objectclass=posixAccount)(uid=$user))' | grep "^dn:"`;
- chomp $dn;
+ my $dn='';
+ my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
+ $ldap->bind ;
+ my $mesg = $ldap->search ( base => $suffix,
+ scope => $scope,
+ filter => "(&(objectclass=posixAccount)(uid=$user))"
+ );
+ $mesg->code && die $mesg->error;
+ foreach my $entry ($mesg->all_entries) {
+ $dn= $entry->dn;}
+ $ldap->unbind;
+ chomp($dn);
if ($dn eq '') {
return undef;
}
-
+ $dn="dn: ".$dn;
return $dn;
}
-# return (success, dn)
-sub get_user_dn2
+
+sub get_user_dn2 ## migré
{
my $user = shift;
-
- my $sr = `$ldapsearch -b '$suffix' -s '$scope' '(&(objectclass=posixAccount)(uid=$user))'`;
- if ($sr eq "") {
- print "get_user_dn2: error in ldapsearch :
-$ldapsearch -b '$suffix' -s '$scope' '(&(objectclass=posixAccount)(uid=$user))'\n";
- return (0, undef);
+ my $dn='';
+ my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
+ $ldap->bind ;
+ my $mesg = $ldap->search ( base => $suffix,
+ scope => $scope,
+ filter => "(&(objectclass=posixAccount)(uid=$user))"
+ );
+ # $mesg->code && warn $mesg->error;
+ if ($mesg->code)
+ {
+ print("Code erreur : ",$mesg->code,"\n");
+ print("Message d'erreur : ",$mesg->error,"\n");
+ return (0,undef);
+ }
+
+ foreach my $entry ($mesg->all_entries) {
+ $dn= $entry->dn;
}
-
- my @lines = split(/\n/, $sr);
-
- my @matches = grep(/^dn:/, @lines);
-
- my $dn = $matches[0];
- chomp $dn;
+ $ldap->unbind;
+ chomp($dn);
if ($dn eq '') {
- return (1, undef);
+ return (1,undef);
}
-
- return (1, $dn);
+ $dn="dn: ".$dn;
+ return (1,$dn);
}
-# dn_line = get_group_dn($groupname)
-# where dn_line is like "dn: a=b,c=d"
+
sub get_group_dn
-{
- my $group = shift;
- my $dn=`$ldapsearch -b '$groupsdn' -s '$scope' '(&(objectclass=posixGroup)(|(cn=$group)(gidNumber=$group)))' | grep "^dn:"`;
- chomp $dn;
- if ($dn eq '') {
- return undef;
- }
-
- return $dn;
-}
+ {
+ my $group = shift;
+ my $dn='';
+ my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
+ $ldap->bind ;
+ my $mesg = $ldap->search ( base => $groupsdn,
+ scope => $scope,
+ filter => "(&(objectclass=posixGroup)(|(cn=$group)(gidNumber=$group)))"
+ );
+ $mesg->code && die $mesg->error;
+ foreach my $entry ($mesg->all_entries) {
+ $dn= $entry->dn;}
+ $ldap->unbind;
+ chomp($dn);
+ if ($dn eq '') {
+ return undef;
+ }
+ $dn="dn: ".$dn;
+ return $dn;
+ }
+# return (success, dn)
# bool = is_samba_user($username)
sub is_samba_user
-{
- my $user = shift;
- my $cmd = "$ldapsearch -b '$suffix' -s '$scope' '(&(objectClass=sambaAccount)(uid=$user))' | grep '^dn:\'";
- my $res=`$cmd`;
- chomp $res;
- if ($res ne '') {
- return 1;
- }
- return 0;
-}
+ {
+ my $user = shift;
+ my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
+ $ldap->bind ;
+ my $mesg = $ldap->search ( base => $suffix,
+ scope => $scope,
+ filter => "(&(objectClass=sambaSamAccount)(uid=$user))"
+ );
+ $mesg->code && die $mesg->error;
+ $ldap->unbind;
+ return ($mesg->count ne 0);
+ }
+
-# bool = is_user_valid($username)
# try to bind with user dn and password to validate current password
-sub is_user_valid
-{
- my ($user, $dn, $pass) = @_;
- my $res=`$ldapsearchnobind -b '$usersdn' -s '$scope' -D '$dn' -w '$pass' '(&(objectclass=posixAccount)(uid=$user))' 2>/dev/null | grep "^dn:"`;
- chomp $res;
- if ($res eq '') {
- return 0;
- }
- return 1;
+sub is_user_valid
+ {
+ my ($user, $dn, $pass) = @_;
+ my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
+ my $mesg= $ldap->bind (dn => $dn, password => $pass );
+ if ($mesg->code eq 0)
+ {
+ $ldap->unbind;
+ return 1;
+ }
+ else
+ {
+ if($ldap->bind()) {
+ $ldap->unbind;
+ return 0;
+ } else {
+ print ("Le serveur LDAP est indisponible.\nVérifier le serveur, les câblages, ...");
+ $ldap->unbind;
+ return 0;
+ } die "Problème : Contacter votre administrateur";
+ }
}
# dn = get_dn_from_line ($dn_line)
# helper to get "a=b,c=d" from "dn: a=b,c=d"
sub get_dn_from_line
-{
- my $dn = shift;
- $dn =~ s/^dn: //;
- return $dn;
-}
+ {
+ my $dn = shift;
+ $dn =~ s/^dn: //;
+ return $dn;
+ }
# success = add_posix_machine($user, $uid, $gid)
sub add_posix_machine
-{
- my ($user, $uid, $gid) = @_;
-
-my $tmpldif =
-"dn: uid=$user,$computersdn
-objectclass: top
+ {
+ my ($user, $uid, $gid) = @_;
+ my $tmpldif =
+ "dn: uid=$user,$computersdn
+objectclass: inetOrgPerson
objectclass: posixAccount
+sn: $user
cn: $user
uid: $user
uidNumber: $uid
@@ -164,420 +214,497 @@ description: Computer
";
- die "$0: error while adding posix account to machine $user\n"
+ die "$0: error while adding posix account to machine $user\n"
unless (do_ldapadd($tmpldif) == 0);
-
- undef $tmpldif;
-
- return 1;
-}
+ undef $tmpldif;
+ return 1;
+ }
# success = add_samba_machine($computername)
sub add_samba_machine
{
my $user = shift;
system "smbpasswd -a -m $user";
-
return 1;
}
sub add_samba_machine_mkntpwd
-{
- my ($user, $uid) = @_;
- my $rid = 2 * $uid + 1000; # Samba 2.2.2 stuff
-
- my $name = $user;
- $name =~ s/.$//s;
-
- if ($mk_ntpasswd eq '') {
- print "Either set \$with_smbpasswd = 1 or specify \$mk_ntpasswd\n";
- return 0;
- }
-
- my $ntpwd = `$mk_ntpasswd '$name'`;
- chomp(my $lmpassword = substr($ntpwd, 0, index($ntpwd, ':')));
- chomp(my $ntpassword = substr($ntpwd, index($ntpwd, ':')+1));
-
- my $tmpldif =
-"dn: uid=$user,$computersdn
+ {
+ my ($user, $uid) = @_;
+ my $sambaSID = 2 * $uid + 1000;
+ my $name = $user;
+ $name =~ s/.$//s;
+
+ if ($mk_ntpasswd eq '') {
+ print "Either set \$with_smbpasswd = 1 or specify \$mk_ntpasswd\n";
+ return 0;
+ }
+
+ my $ntpwd = `$mk_ntpasswd '$name'`;
+ chomp(my $lmpassword = substr($ntpwd, 0, index($ntpwd, ':')));
+ chomp(my $ntpassword = substr($ntpwd, index($ntpwd, ':')+1));
+
+ my $tmpldif =
+ "dn: uid=$user,$computersdn
changetype: modify
-objectclass: top
+objectclass: inetOrgPerson
objectclass: posixAccount
-objectClass: sambaAccount
-pwdLastSet: 0
-logonTime: 0
-logoffTime: 2147483647
-kickoffTime: 2147483647
-pwdCanChange: 0
-pwdMustChange: 2147483647
-acctFlags: [W ]
-lmpassword: $lmpassword
-ntpassword: $ntpassword
-rid: $rid
-primaryGroupID: 0
+objectClass: sambaSamAccount
+sambaPwdLastSet: 0
+sambaLogonTime: 0
+sambaLogoffTime: 2147483647
+sambaKickoffTime: 2147483647
+sambaPwdCanChange: 0
+sambaPwdMustChange: 2147483647
+sambaAcctFlags: [W ]
+sambaLMPassword: $lmpassword
+sambaNTPassword: $ntpassword
+sambaSID: $smbldap_conf::SID-$sambaSID
+sambaPrimaryGroupSID: $smbldap_conf::SID-0
";
- die "$0: error while adding samba account to $user\n"
- unless (do_ldapmodify($tmpldif) == 0);
- undef $tmpldif;
+ die "$0: error while adding samba account to $user\n"
+ unless (do_ldapmodify($tmpldif) == 0);
+ undef $tmpldif;
- return 1;
-}
+ return 1;
+ }
sub group_add_user
-{
- my ($group, $userid) = @_;
- my $dn_line;
-
- if (!defined($dn_line = get_group_dn($group))) {
- return 1;
- }
- my $dn = get_dn_from_line($dn_line);
- my $members = `$ldapsearch -b '$dn' -s base | grep -i "^memberUid:"`;
- chomp($members);
- # user already member ?
- if ($members =~ m/^memberUid: $userid/) {
- return 2;
- }
- my $mods = "";
- if ($members ne '') {
- $mods="$dn_line
+ {
+ my ($group, $userid) = @_;
+ my $members='';
+ my $dn_line = get_group_dn($group);
+ if (!defined($dn_line)) {
+ return 1;
+ }
+ my $dn = get_dn_from_line($dn_line);
+
+ my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
+ $ldap->bind ;
+ my $mesg = $ldap->search ( base =>$dn, scope => "base", filter => "(objectClass=*)" );
+ $mesg->code && die $mesg->error;
+ foreach my $entry ($mesg->all_entries){
+ foreach my $attr ($entry->attributes)
+ {
+ if ($attr=~/\bmemberUid\b/){
+ foreach my $ent($entry->get_value($attr)) { $members.= $attr.": ".$ent."\n"; }
+ }
+ }
+ }
+ $ldap->unbind;
+ chomp($members);
+ # user already member ?
+ if ($members =~ m/^memberUid: $userid/) {
+ return 2;
+ }
+ my $mods = "";
+ if ($members ne '') {
+ $mods="$dn_line
changetype: modify
replace: memberUid
$members
memberUid: $userid
+
";
- } else {
- $mods="$dn_line
+ } else {
+ $mods="$dn_line
changetype: modify
add: memberUid
memberUid: $userid
-";
- }
+";
+ }
#print "$mods\n";
-
- my $tmpldif =
-"$mods
+ my $tmpldif =
+ "$mods
";
- die "$0: error while modifying group $group\n"
+ die "$0: error while modifying group $group\n"
unless (do_ldapmodify($tmpldif) == 0);
- undef $tmpldif;
- return 0;
-}
-
-sub add_grouplist_user
-{
- my ($grouplist, $user) = @_;
- my @array = split(/,/, $grouplist);
- foreach my $group (@array) {
- group_add_user($group, $user);
- }
-}
-
-# XXX FIXME : acctFlags |= D, and not acctFlags = D
+ undef $tmpldif;
+ return 0;
+ }
+
+sub add_grouplist_user
+ {
+ my ($grouplist, $user) = @_;
+ my @array = split(/,/, $grouplist);
+ foreach my $group (@array) {
+ group_add_user($group, $user);
+ }
+ }
+
+# XXX FIXME : sambaAcctFlags |= D, and not sambaAcctFlags = D
sub disable_user
-{
- my $user = shift;
- my $dn_line;
+ {
+ my $user = shift;
+ my $dn_line;
- if (!defined($dn_line = get_user_dn($user))) {
- print "$0: user $user doesn't exist\n";
- exit (10);
- }
+ if (!defined($dn_line = get_user_dn($user))) {
+ print "$0: user $user doesn't exist\n";
+ exit (10);
+ }
- my $tmpldif =
-"dn: $dn_line
+ my $tmpldif =
+ "dn: $dn_line
changetype: modify
replace: userPassword
userPassword: {crypt}!x
";
- die "$0: error while modifying user $user\n"
+ die "$0: error while modifying user $user\n"
unless (do_ldapmodify($tmpldif) == 0);
- undef $tmpldif;
+ undef $tmpldif;
- if (is_samba_user($user)) {
-
- my $tmpldif =
-"dn: $dn_line
+ if (is_samba_user($user)) {
+
+ my $tmpldif =
+ "dn: $dn_line
changetype: modify
-replace: acctFlags
-acctFlags: [D ]
+replace: sambaAcctFlags
+sambaAcctFlags: [D ]
";
- die "$0: error while modifying user $user\n"
+ die "$0: error while modifying user $user\n"
unless (do_ldapmodify($tmpldif) == 0);
- undef $tmpldif;
-
- }
-
-}
+ undef $tmpldif;
+ }
+ }
# delete_user($user)
sub delete_user
-{
- my $user = shift;
- my $dn_line;
+ {
+ my $user = shift;
+ my $dn_line;
- if (!defined($dn_line = get_user_dn($user))) {
- print "$0: user $user doesn't exist\n";
- exit (10);
- }
+ if (!defined($dn_line = get_user_dn($user))) {
+ print "$0: user $user doesn't exist\n";
+ exit (10);
+ }
- my $dn = get_dn_from_line($dn_line);
- system "$ldapdelete $dn >/dev/null";
-}
+ my $dn = get_dn_from_line($dn_line);
+ system "$ldapdelete $dn >/dev/null";
+ }
# $success = group_add($groupname, $group_gid, $force_using_existing_gid)
sub group_add
-{
- my ($gname, $gid, $force) = @_;
-
- my $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";
-
- if ($nscd_status == 0) {
- system "/etc/init.d/nscd stop > /dev/null 2>&1";
- }
-
- if (!defined($gid)) {
- while (defined(getgrgid($GID_START))) {
- $GID_START++;
- }
- $gid = $GID_START;
- } else {
- if (!defined($force)) {
- if (defined(getgrgid($gid))) {
- return 0;
- }
- }
- }
-
- if ($nscd_status == 0) {
- system "/etc/init.d/nscd start > /dev/null 2>&1";
- }
-
- my $tmpldif =
-"dn: cn=$gname,$groupsdn
+ {
+ my ($gname, $gid, $force) = @_;
+ my $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";
+ if ($nscd_status == 0) {
+ system "/etc/init.d/nscd stop > /dev/null 2>&1";
+ }
+ if (!defined($gid)) {
+ while (defined(getgrgid($GID_START))) {
+ $GID_START++;
+ }
+ $gid = $GID_START;
+ } else {
+ if (!defined($force)) {
+ if (defined(getgrgid($gid))) {
+ return 0;
+ }
+ }
+ }
+ if ($nscd_status == 0) {
+ system "/etc/init.d/nscd start > /dev/null 2>&1";
+ }
+ my $tmpldif =
+ "dn: cn=$gname,$groupsdn
objectclass: posixGroup
cn: $gname
gidNumber: $gid
";
- die "$0: error while adding posix group $gname\n"
+ die "$0: error while adding posix group $gname\n"
unless (do_ldapadd($tmpldif) == 0);
-
- undef $tmpldif;
-
- return 1;
-}
+ undef $tmpldif;
+ return 1;
+ }
# $homedir = get_homedir ($user)
sub get_homedir
-{
- my $user = shift;
- my $homeDir=`$ldapsearch -b '$suffix' -s '$scope' '(&(objectclass=posixAccount)(uid=$user))' | grep "^homeDirectory:"`;
- chomp $homeDir;
- if ($homeDir eq '') {
- return undef;
- }
- $homeDir =~ s/^homeDirectory: //;
-
- return $homeDir;
-}
+ {
+ my $user = shift;
+ my $homeDir='';
+ # my $homeDir=`$ldapsearch -b '$suffix' -s '$scope' '(&(objectclass=posixAccount)(uid=$user))' | grep "^homeDirectory:"`;
+ my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
+ $ldap->bind ;
+ my $mesg = $ldap->search ( base =>$suffix, scope => $scope, filter => "(&(objectclass=posixAccount)(uid=$user))" );
+ $mesg->code && die $mesg->error;
+ foreach my $entry ($mesg->all_entries){
+ foreach my $attr ($entry->attributes)
+ {
+ if ($attr=~/\bhomeDirectory\b/){
+ foreach my $ent($entry->get_value($attr)) {
+ $homeDir.= $attr.": ".$ent."\n";
+ }
+ }
+ }
+ }
+ $ldap->unbind;
+ chomp $homeDir;
+ if ($homeDir eq '') {
+ return undef;
+ }
+ $homeDir =~ s/^homeDirectory: //;
+ return $homeDir;
+ }
# search for an user
sub read_user
-{
- my $user = shift;
- my $lines=`$ldapsearch -b '$suffix' -s '$scope' '(&(objectclass=posixAccount)(uid=$user))' -LLL`;
- chomp $lines;
- if ($lines eq '') {
- return undef;
- }
-
- return $lines;
-}
+ {
+ my $user = shift;
+ my $lines ='';
+ my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
+ $ldap->bind ;
+ my $mesg = $ldap->search ( # perform a search
+ base => $suffix,
+ scope => $scope,
+ filter => "(&(objectclass=posixAccount)(uid=$user))"
+ );
+
+ $mesg->code && die $mesg->error;
+ foreach my $entry ($mesg->all_entries) {
+ $lines.= "dn: " . $entry->dn."\n";
+ foreach my $attr ($entry->attributes) {
+ {
+ $lines.= $attr.": ".join(',', $entry->get_value($attr))."\n";
+ }
+ }
+ }
+ $ldap->unbind; # take down sessio(n
+ chomp $lines;
+ if ($lines eq '') {
+ return undef;
+ }
+ return $lines;
+ }
# search for a group
sub read_group
-{
- my $user = shift;
- my $lines=`$ldapsearch -b '$groupsdn' -s '$scope' '(&(objectclass=posixGroup)(cn=$user))' -LLL`;
- chomp $lines;
- if ($lines eq '') {
- return undef;
- }
-
- return $lines;
-}
+ {
+ my $user = shift;
+ my $lines ='';
+ my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
+ $ldap->bind ;
+ my $mesg = $ldap->search ( # perform a search
+ base => $groupsdn,
+ scope => $scope,
+ filter => "(&(objectclass=posixGroup)(cn=$user))"
+ );
+
+ $mesg->code && die $mesg->error;
+ foreach my $entry ($mesg->all_entries) {
+ $lines.= "dn: " . $entry->dn."\n";
+ foreach my $attr ($entry->attributes) {
+ {
+ $lines.= $attr.": ".join(',', $entry->get_value($attr))."\n";
+ }
+ }
+ }
+
+ $ldap->unbind; # take down sessio(n
+ chomp $lines;
+ if ($lines eq '') {
+ return undef;
+ }
+ return $lines;
+ }
# find groups of a given user
+##### MODIFIE ########
sub find_groups_of
-{
- my $user = shift;
- my $lines=`$ldapsearch -b '$groupsdn' -s '$scope' '(&(objectclass=posixGroup)(memberuid=$user))' -LLL | grep "^dn: "`;
- chomp $lines;
- if ($lines eq '') {
- return undef;
- }
-
- return $lines;
-}
+ {
+ my $user = shift;
+ my $lines ='';
+ my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
+ $ldap->bind ;
+ my $mesg = $ldap->search ( # perform a search
+ base => $groupsdn,
+ scope => $scope,
+ filter => "(&(objectclass=posixGroup)(memberuid=$user))"
+ );
+ $mesg->code && die $mesg->error;
+ foreach my $entry ($mesg->all_entries) {
+ $lines.= "dn: ".$entry->dn."\n";
+ }
+ $ldap->unbind;
+ chomp($lines);
+ if ($lines eq '') {return undef; }
+ return $lines;
+ }
# return the gidnumber for a group given as name or gid
# -1 : bad group name
# -2 : bad gidnumber
sub parse_group
-{
- my $userGidNumber = shift;
-
- if ($userGidNumber =~ /[^\d]/ ) {
- my $gname = $userGidNumber;
- my $gidnum = getgrnam($gname);
- if ($gidnum !~ /\d+/) {
- return -1;
- } else {
- $userGidNumber = $gidnum;
- }
- } elsif (!defined(getgrgid($userGidNumber))) {
- return -2;
- }
- return $userGidNumber;
-}
+ {
+ my $userGidNumber = shift;
+ if ($userGidNumber =~ /[^\d]/ ) {
+ my $gname = $userGidNumber;
+ my $gidnum = getgrnam($gname);
+ if ($gidnum !~ /\d+/) {
+ return -1;
+ } else {
+ $userGidNumber = $gidnum;
+ }
+ } elsif (!defined(getgrgid($userGidNumber))) {
+ return -2;
+ }
+ return $userGidNumber;
+ }
# remove $user from $group
sub group_remove_member
-{
- my ($group, $user) = @_;
-
- my $grp_line = get_group_dn($group);
- if (!defined($grp_line)) {
- return 0;
- }
- my $members = `$ldapsearch -b '$groupsdn' -s '$scope' '(&(objectclass=posixgroup)(cn=$group))' | grep -i "^memberUid:"`;
-
- #print "avant ---\n$members\n";
- $members =~ s/memberUid: $user\n//;
- #print "----\n$members\n---\n";
-
- chomp($members);
-
- my $header;
- if ($members eq '') {
- $header = "changetype: modify\n";
- $header .= "delete: memberUid";
- } else {
- $header = "changetype: modify\n";
- $header .= "replace: memberUid";
- }
-
- my $tmpldif =
+ {
+ my ($group, $user) = @_;
+ my $members='';
+ my $grp_line = get_group_dn($group);
+ if (!defined($grp_line)) {
+ return 0;
+ }
+
+ my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
+ $ldap->bind ;
+ my $mesg = $ldap->search ( base => $groupsdn,
+ scope => $scope,
+ filter => "(&(objectclass=posixgroup)(cn=$group))"
+ );
+ $mesg->code && die $mesg->error;
+ foreach my $entry ($mesg->all_entries){
+ foreach my $attr ($entry->attributes)
+ {
+ if ($attr=~/\bmemberUid\b/){
+ foreach my $ent($entry->get_value($attr)) {
+ $members.= $attr.": ".$ent."\n";
+ }
+ }
+ }
+ }
+ #print "Valeurs de members :\n$members";
+ $ldap->unbind;
+ # my $members = `$ldapsearch -b '$groupsdn' -s '$scope' '(&(objectclass=posixgroup)(cn=$group))' | grep -i "^memberUid:"`;
+ # print "avant ---\n$members\n";
+ $members =~ s/memberUid: $user\n//;
+ #print "après ---\n$members\n";
+ chomp($members);
+
+ my $header;
+ if ($members eq '') {
+ $header = "changetype: modify\n";
+ $header .= "delete: memberUid";
+ } else {
+ $header = "changetype: modify\n";
+ $header .= "replace: memberUid";
+ }
+
+ my $tmpldif =
"$grp_line
$header
$members
";
- die "$0: error while modifying group $group\n"
+
+ #print "Valeur du tmpldif : \n$tmpldif";
+ die "$0: error while modifying group $group\n"
unless (do_ldapmodify($tmpldif) == 0);
- undef $tmpldif;
+ undef $tmpldif;
- return 1;
-}
+ $ldap->unbind;
+ return 1;
+ }
sub group_get_members
-{
- my ($group) = @_;
- my @members;
-
- my $grp_line = get_group_dn($group);
- if (!defined($grp_line)) {
- return 0;
- }
- my $members = `$ldapsearch -b '$groupsdn' -s '$scope' '(&(objectclass=posixgroup)(cn=$group))' memberUid | grep -i "^memberUid:"`;
-
- my @lines = split (/\n/, $members);
- foreach my $line (@lines) {
- $line =~ s/^memberUid: //;
- push(@members, $line);
- }
-
- return @members;
-}
+ {
+ my ($group) = @_;
+ my $members;
+ my @resultat;
+ my $grp_line = get_group_dn($group);
+ if (!defined($grp_line)) { return 0; }
+
+ my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
+ $ldap->bind ;
+ my $mesg = $ldap->search ( base => $groupsdn,
+ scope => $scope,
+ filter => "(&(objectclass=posixgroup)(cn=$group))"
+ );
+ $mesg->code && die $mesg->error;
+ foreach my $entry ($mesg->all_entries){
+ foreach my $attr ($entry->attributes){
+ if ($attr=~/\bmemberUid\b/){
+ foreach my $ent($entry->get_value($attr)) { push (@resultat,$ent); }
+ }
+ }
+ }
+ return @resultat;
+ }
sub file_write {
- my ($filename, $filecontent) = @_;
- local *FILE;
- open (FILE, "> $filename") ||
- die "Cannot open «$filename» for writing: $!\n";
- print FILE $filecontent;
- close FILE;
+ my ($filename, $filecontent) = @_;
+ local *FILE;
+ open (FILE, "> $filename") ||
+ die "Cannot open $filename for writing: $!\n";
+ print FILE $filecontent;
+ close FILE;
}
# wrapper for ldapadd
sub do_ldapadd2
-{
- my $ldif = shift;
+ {
+ my $ldif = shift;
+ my $tempfile = "/tmp/smbldapadd.$$";
+ file_write($tempfile, $ldif);
- my $tempfile = "/tmp/smbldapadd.$$";
- file_write($tempfile, $ldif);
-
- my $rc = system "$ldapadd < $tempfile >/dev/null";
- unlink($tempfile);
- return $rc;
-}
+ my $rc = system "$ldapadd < $tempfile >/dev/null";
+ unlink($tempfile);
+ return $rc;
+ }
sub do_ldapadd
-{
- my $ldif = shift;
-
- my $FILE = "|$ldapadd >/dev/null";
- open (FILE, $FILE) || die "$!\n";
- print FILE <<EOF;
+ {
+ my $ldif = shift;
+ my $FILE = "|$ldapadd >/dev/null";
+ open (FILE, $FILE) || die "$!\n";
+ print FILE <<EOF;
$ldif
EOF
- ;
- close FILE;
- my $rc = $?;
- return $rc;
-}
+ ;
+ close FILE;
+ my $rc = $?;
+ return $rc;
+ }
# wrapper for ldapmodify
sub do_ldapmodify2
-{
- my $ldif = shift;
-
- my $tempfile = "/tmp/smbldapmod.$$";
- file_write($tempfile, $ldif);
-
- my $rc = system "$ldapmodify -r < $tempfile >/dev/null";
- unlink($tempfile);
- return $rc;
-}
+ {
+ my $ldif = shift;
+ my $tempfile = "/tmp/smbldapmod.$$";
+ file_write($tempfile, $ldif);
+ my $rc = system "$ldapmodify -r < $tempfile >/dev/null";
+ unlink($tempfile);
+ return $rc;
+ }
sub do_ldapmodify
-{
- my $ldif = shift;
-
- my $FILE = "|$ldapmodify -r >/dev/null";
- open (FILE, $FILE) || die "$!\n";
- print FILE <<EOF;
+ {
+ my $ldif = shift;
+ my $FILE = "|$ldapmodify -r >/dev/null";
+ open (FILE, $FILE) || die "$!\n";
+ print FILE <<EOF;
$ldif
EOF
- ;
- close FILE;
- my $rc = $?;
-
- return $rc;
-}
-
-
+ ;
+ close FILE;
+ my $rc = $?;
+ return $rc;
+ }
1;
generated by cgit (git 2.34.1) at 2024-07-09 11:54:46 +0000