From 79cb5593a8a99647426d3deb70babc64f43473f8 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 23 Sep 2003 20:39:22 +0000 Subject: update smbldap-tool sscripts from Jérôme Tournier (This used to be commit c1546a5311a4e9ad2d6566e71e11c6d5f8f120a9) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- examples/LDAP/smbldap-tools/AUTHORS | 0 examples/LDAP/smbldap-tools/NEWS | 0 examples/LDAP/smbldap-tools/smbldap-groupadd.pl | 5 +- examples/LDAP/smbldap-tools/smbldap-groupdel.pl | 9 +- examples/LDAP/smbldap-tools/smbldap-groupmod.pl | 112 ++--- examples/LDAP/smbldap-tools/smbldap-groupshow.pl | 6 +- .../LDAP/smbldap-tools/smbldap-migrate-accounts.pl | 60 ++- .../LDAP/smbldap-tools/smbldap-migrate-groups.pl | 6 +- examples/LDAP/smbldap-tools/smbldap-passwd.pl | 58 ++- examples/LDAP/smbldap-tools/smbldap-populate.pl | 45 +- examples/LDAP/smbldap-tools/smbldap-useradd.pl | 176 ++++--- examples/LDAP/smbldap-tools/smbldap-userdel.pl | 3 + examples/LDAP/smbldap-tools/smbldap-usermod.pl | 203 ++++---- examples/LDAP/smbldap-tools/smbldap-usershow.pl | 5 +- examples/LDAP/smbldap-tools/smbldap_conf.pm | 118 ++--- examples/LDAP/smbldap-tools/smbldap_tools.pm | 551 ++++++++++----------- 16 files changed, 694 insertions(+), 663 deletions(-) delete mode 100644 examples/LDAP/smbldap-tools/AUTHORS delete mode 100644 examples/LDAP/smbldap-tools/NEWS (limited to 'examples/LDAP/smbldap-tools') diff --git a/examples/LDAP/smbldap-tools/AUTHORS b/examples/LDAP/smbldap-tools/AUTHORS deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/examples/LDAP/smbldap-tools/NEWS b/examples/LDAP/smbldap-tools/NEWS deleted file mode 100644 index e69de29bb2..0000000000 diff --git a/examples/LDAP/smbldap-tools/smbldap-groupadd.pl b/examples/LDAP/smbldap-tools/smbldap-groupadd.pl index ee804b34d3..91cd2dad53 100755 --- a/examples/LDAP/smbldap-tools/smbldap-groupadd.pl +++ b/examples/LDAP/smbldap-tools/smbldap-groupadd.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/perl -w # This code was developped by IDEALX (http://IDEALX.org/) and # contributors (their names can be found in the CONTRIBUTORS file). @@ -23,6 +23,9 @@ # Purpose of smbldap-groupadd : group (posix) add use strict; +use FindBin; +use FindBin qw($RealBin); +use lib "$RealBin/"; use smbldap_tools; use Getopt::Std; diff --git a/examples/LDAP/smbldap-tools/smbldap-groupdel.pl b/examples/LDAP/smbldap-tools/smbldap-groupdel.pl index 3d072585b2..89d0d993ac 100755 --- a/examples/LDAP/smbldap-tools/smbldap-groupdel.pl +++ b/examples/LDAP/smbldap-tools/smbldap-groupdel.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/perl -w # This code was developped by IDEALX (http://IDEALX.org/) and # contributors (their names can be found in the CONTRIBUTORS file). @@ -23,6 +23,9 @@ # Purpose of smbldap-groupdel : group (posix) deletion use strict; +use FindBin; +use FindBin qw($RealBin); +use lib "$RealBin/"; use smbldap_tools; use smbldap_conf; @@ -48,9 +51,7 @@ if (!defined($dn_line = get_group_dn($_groupName))) { my $dn = get_dn_from_line($dn_line); -my $rc = system "$ldapdelete $dn >/dev/null"; -die "$0: error while deleting group $_groupName\n" - unless ($rc == 0); +group_del($dn); my $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1"; diff --git a/examples/LDAP/smbldap-tools/smbldap-groupmod.pl b/examples/LDAP/smbldap-tools/smbldap-groupmod.pl index 4a891a2772..f897101602 100755 --- a/examples/LDAP/smbldap-tools/smbldap-groupmod.pl +++ b/examples/LDAP/smbldap-tools/smbldap-groupmod.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/perl -w # This code was developped by IDEALX (http://IDEALX.org/) and # contributors (their names can be found in the CONTRIBUTORS file). # @@ -23,6 +23,9 @@ use strict; +use FindBin; +use FindBin qw($RealBin); +use lib "$RealBin/"; use smbldap_tools; use smbldap_conf; @@ -70,45 +73,30 @@ if (defined($tmp = $Options{'g'}) and $tmp =~ /\d+/) { } } if (!($gid == $tmp)) { - my $tmpldif = -"dn: cn=$groupName,$groupsdn -changetype: modify -replace: gidNumber -gidNumber: $tmp - -"; - die "$0: error while modifying group $groupName\n" - unless (do_ldapmodify($tmpldif) == 0); - undef $tmpldif; - + my $ldap_master=connect_ldap_master(); + my $modify = $ldap_master->modify ( "cn=$groupName,$groupsdn", + changes => [ + replace => [gidNumber => $tmp] + ] + ); + $modify->code && die "failed to modify entry: ", $modify->error ; + # take down session + $ldap_master->unbind } } -if (defined($newname)) { - my $FILE="|$ldapmodrdn >/dev/null"; - open (FILE, $FILE) || die "$!\n"; - print FILE <moddn ( + "cn=$groupName,$groupsdn", + newrdn => "cn=$newname", + deleteoldrdn => "1", + newsuperior => "$groupsdn" + ); + $modify->code && die "failed to modify entry: ", $modify->error ; + # take down session + $ldap_master->unbind } # Add members @@ -117,16 +105,24 @@ if (defined($Options{'m'})) { my @members = split( /,/, $members ); my $member; foreach $member ( @members ) { - my $tmpldif = -"dn: cn=$groupName,$groupsdn -changetype: modify -add: memberUid -memberUid: $member - -"; - die "$0: error while modifying group $groupName\n" - unless (do_ldapmodify($tmpldif) == 0); - undef $tmpldif; + if (is_unix_user($member)) { + if (is_group_member("cn=$groupName,$groupsdn",$member)) { + print "User $member already in the group\n"; + } else { + print "adding user $member to group $groupName\n"; + my $ldap_master=connect_ldap_master(); + my $modify = $ldap_master->modify ( "cn=$groupName,$groupsdn", + changes => [ + add => [memberUid => $member] + ] + ); + $modify->code && warn "failed to add entry: ", $modify->error ; + # take down session + $ldap_master->unbind + } + } else { + print "User $member does not exist: create it first !\n"; + } } } @@ -136,16 +132,20 @@ if (defined($Options{'x'})) { my @members = split( /,/, $members ); my $member; foreach $member ( @members ) { - my $tmpldif = -"dn: cn=$groupName,$groupsdn -changetype: modify -delete: memberUid -memberUid: $member - -"; - die "$0: error while modifying group $groupName\n" - unless (do_ldapmodify($tmpldif) == 0); - undef $tmpldif; + if (is_group_member("cn=$groupName,$groupsdn",$member)) { + print "deleting user $member from group $groupName\n"; + my $ldap_master=connect_ldap_master(); + my $modify = $ldap_master->modify ( "cn=$groupName,$groupsdn", + changes => [ + delete => [memberUid => $member] + ] + ); + $modify->code && warn "failed to delete entry: ", $modify->error ; + # take down session + $ldap_master->unbind + } else { + print "User $member is not in the group $groupName!\n"; + } } } diff --git a/examples/LDAP/smbldap-tools/smbldap-groupshow.pl b/examples/LDAP/smbldap-tools/smbldap-groupshow.pl index bc5b4d98fb..18fe082e66 100755 --- a/examples/LDAP/smbldap-tools/smbldap-groupshow.pl +++ b/examples/LDAP/smbldap-tools/smbldap-groupshow.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/perl -w # This code was developped by IDEALX (http://IDEALX.org/) and # contributors (their names can be found in the CONTRIBUTORS file). @@ -26,8 +26,10 @@ # . originally by David Le Corfec use strict; +use FindBin; +use FindBin qw($RealBin); +use lib "$RealBin/"; use smbldap_tools; - use Getopt::Std; my %Options; diff --git a/examples/LDAP/smbldap-tools/smbldap-migrate-accounts.pl b/examples/LDAP/smbldap-tools/smbldap-migrate-accounts.pl index 0d0efa384c..86f52cb53e 100755 --- a/examples/LDAP/smbldap-tools/smbldap-migrate-accounts.pl +++ b/examples/LDAP/smbldap-tools/smbldap-migrate-accounts.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/perl -w # This code was developped by IDEALX (http://IDEALX.org/) and # contributors (their names can be found in the CONTRIBUTORS file). @@ -25,10 +25,13 @@ use strict; use Getopt::Std; +use FindBin; +use FindBin qw($RealBin); +use lib "$RealBin/"; use smbldap_tools; use smbldap_conf; -# smbldap-migrate.pl (-? for help) +# smbldap-migrate.pl (-? or -h for help) # # Read pwdump entries on stdin, and add them to the ldap server. # Output uncreated/unmodified entries (see parameters -C -U) @@ -38,20 +41,19 @@ use smbldap_conf; sub modify_account { my ($login, $basedn, $lmpwd, $ntpwd, $gecos, $homedir) = @_; - - my $tmpldif = -"dn: uid=$login,$basedn -changetype: modify -lmpassword: $lmpwd -ntpassword: $ntpwd -gecos: $gecos -sambaHomePath: $homedir - -"; - - die "$0: error while modifying user $login\n" - unless (do_ldapmodify($tmpldif) == 0); - undef $tmpldif; + # bind to a directory with dn and password + my $ldap_master=connect_ldap_master(); + my $modify = $ldap_master->modify ("uid=$login,$basedn", + changes => [ + replace => [lmpassword => "$lmpwd"], + replace => [ntpassword => "$ntpwd"], + replace => [gecos => "$gecos"], + replace => [sambaHomePath => "$homedir"] + ] + ); + $modify->code && die "failed to modify entry: ", $modify->error ; + # take down the session + $ldap_master->unbind; } ##################### @@ -59,9 +61,9 @@ sambaHomePath: $homedir my %Options; -my $ok = getopts('awA:CUW:?', \%Options); +my $ok = getopts('awA:CUW:?h', \%Options); -if ( (!$ok) || ($Options{'?'}) ) { +if ( (!$ok) || ($Options{'?'}) || ($Options{'h'}) ) { print "Usage: $0 [-awAWCU?]\n"; print " -a process only people, ignore computers\n"; print " -w process only computers, ignore persons\n"; @@ -69,7 +71,7 @@ if ( (!$ok) || ($Options{'?'}) ) { print " -W option string passed verbatim to smbldap-useradd for computers\n"; print " -C if entry not found, don't create it and log it to stdout (default: create it)\n"; print " -U if entry found, don't update it and log it to stdout (default: update it)\n"; - print " -? show this help message\n"; + print " -?|-h show this help message\n"; exit (1); } @@ -81,8 +83,7 @@ my %errors = ( 'user' => 0, 'machine' => 0); my %existing = ( 'user' => 0, 'machine' => 0); my $specialskipped = 0; -while (<>) -{ +while (<>) { my ($login, $rid, $lmpwd, $ntpwd, $gecos, $homedir, $b) = split(/:/, $_); my $usertype; my $userbasedn; @@ -99,8 +100,7 @@ while (<>) $usertype = "-w $Options{'W'}"; $userbasedn = $computersdn; - } - else { # people + } else { # people $processed{'user'}++; if (defined($Options{'w'})) { print STDERR "ignoring $login\n"; @@ -124,7 +124,7 @@ while (<>) # normalize gecos if (!($gecos eq "")) { - $gecos =~ tr//AAAAaaaaCcEEEEEeeeeeIIIIiiiiNnOOOOooooUUUUuuuuYyy/; + $gecos =~ tr/ÁÀÂÄáàâäÇçÉÈÊËÆéèêëæÍÌÏÎíìîÏÑñÓÒÔÖóòôöÚÙÜÛúùüûÝýÿ/AAAAaaaaCcEEEEEeeeeeIIIIiiiiNnOOOOooooUUUUuuuuYyy/; } else { $gecos = $_userGecos; } @@ -142,25 +142,21 @@ while (<>) next; } # lem modif... a retirer si pb - if ($entry_type eq "user") - { + if ($entry_type eq "user") { modify_account($login, $userbasedn, $lmpwd, $ntpwd, $gecos, $homedir); } $created{$entry_type}++; - } - else { # uid doesn't exist and no create => log + } else { # uid doesn't exist and no create => log print "$_"; $logged{$entry_type}++; } - } - else { # account exists + } else { # account exists $existing{$entry_type}++; if (!defined($Options{'U'})) { # exists and modify modify_account($login, $userbasedn, $lmpwd, $ntpwd, $gecos, $homedir); $updated{$entry_type}++; - } - else { # exists and log + } else { # exists and log print "$_"; $logged{$entry_type}++; } diff --git a/examples/LDAP/smbldap-tools/smbldap-migrate-groups.pl b/examples/LDAP/smbldap-tools/smbldap-migrate-groups.pl index 0d3dd07d50..c60be18caf 100644 --- a/examples/LDAP/smbldap-tools/smbldap-migrate-groups.pl +++ b/examples/LDAP/smbldap-tools/smbldap-migrate-groups.pl @@ -26,6 +26,9 @@ use strict; +use FindBin; +use FindBin qw($RealBin); +use lib "$RealBin/"; use smbldap_tools; use smbldap_conf; use Getopt::Std; @@ -175,8 +178,7 @@ my $group_desc; my $has_members = 0; my @members = (); -while (<>) -{ +while (<>) { my $line = $_; chomp($line); next if ( $line =~ m/^\s*$/ ); diff --git a/examples/LDAP/smbldap-tools/smbldap-passwd.pl b/examples/LDAP/smbldap-tools/smbldap-passwd.pl index 29aee97c50..7845e5548e 100755 --- a/examples/LDAP/smbldap-tools/smbldap-passwd.pl +++ b/examples/LDAP/smbldap-tools/smbldap-passwd.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/perl -w # LDAP to unix password sync script for samba # @@ -27,6 +27,9 @@ # . may also replace /bin/passwd use strict; +use FindBin; +use FindBin qw($RealBin); +use lib "$RealBin/"; use smbldap_tools; use smbldap_conf; @@ -105,6 +108,9 @@ if ($pass ne $pass2) { exit (10); } +# First, connecting to the directory +my $ldap_master=connect_ldap_master(); + # only modify smb passwords if smb user if ($samba == 1) { if (!$with_smbpasswd) { @@ -116,25 +122,19 @@ if ($samba == 1) { my $ntpwd = `$mk_ntpasswd '$pass'`; chomp(my $sambaLMPassword = substr($ntpwd, 0, index($ntpwd, ':'))); chomp(my $sambaNTPassword = substr($ntpwd, index($ntpwd, ':')+1)); - -# change nt/lm passwords - my $tmpldif = -"$dn_line -changetype: modify -replace: sambaLMPassword -sambaLMPassword: $sambaLMPassword -- -changetype: modify -replace: sambaNTPassword -sambaNTPassword: $sambaNTPassword -- - -"; - die "$0: error while modifying password for $user\n" - unless (do_ldapmodify($tmpldif) == 0); - undef $tmpldif; - } - else { + # the sambaPwdLastSet must be updating + my $date=time; + # Let's change nt/lm passwords + my $modify = $ldap_master->modify ( "$dn", + changes => [ + replace => [sambaLMPassword => "$sambaLMPassword"], + replace => [sambaNTPassword => "$sambaNTPassword"], + replace => [sambaPwdLastSet => "$date"] + ] + ); + $modify->code && warn "failed to modify entry: ", $modify->error ; + + } else { if ($< != 0) { my $FILE="|$smbpasswd -s >/dev/null"; open (FILE, $FILE) || die "$!\n"; @@ -157,13 +157,19 @@ EOF } } } + # change unix password -$ret = system "$ldappasswd $dn -s '$pass' > /dev/null"; -if ($ret == 0) { - print "all authentication tokens updated successfully\n"; -} else { - return $ret; -} +my $hash_password = `slappasswd -h {$hash_encrypt} -s '$pass'`; +chomp($hash_password); +my $modify = $ldap_master->modify ( "$dn", + changes => [ + replace => [userPassword => "$hash_password"] + ] + ); +$modify->code && warn "Unable to change password : ", $modify->error ; + +# take down session +$ldap_master->unbind; exit 0; diff --git a/examples/LDAP/smbldap-tools/smbldap-populate.pl b/examples/LDAP/smbldap-tools/smbldap-populate.pl index 1676017c67..ce497672a9 100755 --- a/examples/LDAP/smbldap-tools/smbldap-populate.pl +++ b/examples/LDAP/smbldap-tools/smbldap-populate.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/perl -w # Populate a LDAP base for Samba-LDAP usage # @@ -27,10 +27,13 @@ # . For lazy people, replace ldapadd (with only an ldif parameter) use strict; +use FindBin; +use FindBin qw($RealBin); +use lib "$RealBin/"; use smbldap_tools; use smbldap_conf; - use Getopt::Std; +use Net::LDAP::LDIF; use vars qw(%oc); @@ -56,6 +59,7 @@ if ( (!$ok) || ($Options{'?'}) ) { } my $_ldifName; +my $tmp_ldif_file="/tmp/$$.ldif"; if (@ARGV >= 1) { $_ldifName = $ARGV[0]; @@ -76,6 +80,7 @@ if (!defined($_ldifName)) { my $val; my $objcl; + print "Using builtin directory structure\n"; if ($suffix =~ m/([^=]+)=([^,]+)/) { $attr = $1; $val = $2; @@ -90,8 +95,8 @@ if (!defined($_ldifName)) { my ($organisation,$ext) = ($suffix =~ m/dc=(\w+),dc=(\w+)$/); #my $FILE="|cat"; - my $FILE="|$ldapadd -c"; - open (FILE, $FILE) || die "$!\n"; + my $FILE=$tmp_ldif_file; + open (FILE, ">$FILE") || die "Can't open file $FILE: $!\n"; print FILE <new($tmp_ldif_file, "r", onerror => 'undef' ); +while( not $ldif->eof() ) { + my $entry = $ldif->read_entry(); + if ( $ldif->error() ) { + print "Error msg: ",$ldif->error(),"\n"; + print "Error lines:\n",$ldif->error_lines(),"\n"; + } else { + my $dn = $entry->dn; + print "adding new entry: $dn\n"; + my $result=$ldap_master->add($entry); + $result->code && warn "failed to add entry: ", $result->error ; + } +} +$ldap_master->unbind; +system "rm -f $tmp_ldif_file"; exit(0); @@ -280,9 +299,7 @@ exit(0); If you give an extra parameter, it is assumed to be the ldif file to use instead of the builtin one. Options -a and -b - will be ignored. This usage mode makes the command behave - like ldapadd(1) with extra parameters taken from the smbldap-tools - config (smbldap_conf.pm). + will be ignored. =head1 FILES diff --git a/examples/LDAP/smbldap-tools/smbldap-useradd.pl b/examples/LDAP/smbldap-tools/smbldap-useradd.pl index 99c9525e82..a84d9f68b2 100755 --- a/examples/LDAP/smbldap-tools/smbldap-useradd.pl +++ b/examples/LDAP/smbldap-tools/smbldap-useradd.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/perl -w # This code was developped by IDEALX (http://IDEALX.org/) and # contributors (their names can be found in the CONTRIBUTORS file). @@ -23,6 +23,10 @@ # Purpose of smbldap-useradd : user (posix,shadow,samba) add use strict; + +use FindBin; +use FindBin qw($RealBin); +use lib "$RealBin/"; use smbldap_tools; use smbldap_conf; @@ -31,7 +35,7 @@ use smbldap_conf; use Getopt::Std; my %Options; -my $ok = getopts('axnmwPG:u:g:d:s:c:k:A:B:C:D:E:F:H:?', \%Options); +my $ok = getopts('axnmwPG:u:g:d:s:c:k:A:B:C:D:E:F:H:N:S:?', \%Options); if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) ) { print "Usage: $0 [-awmugdsckGPABCDEFH?] username\n"; @@ -55,6 +59,8 @@ if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) ) { print " -E sambaLogonScript (DOS script to execute on login)\n"; print " -F sambaProfilePath (profile directory, like '\\\\PDC-SRV\\profiles\\foo')\n"; print " -H sambaAcctFlags (samba account control bits like '[NDHTUMWSLKI]')\n"; + print " -N canonical name\n"; + print " -S surname\n"; print " -? show this help message\n"; exit (1); } @@ -75,7 +81,9 @@ if (!defined($userUidNumber)) { $UID_START++; } $userUidNumber = $UID_START; -} elsif (getpwuid($userUidNumber)) { die "Uid already exists.\n"; } +} elsif (getpwuid($userUidNumber)) { + die "Uid already exists.\n"; +} if ($nscd_status == 0) { system "/etc/init.d/nscd start > /dev/null 2>&1"; @@ -126,6 +134,14 @@ if (defined($Options{'x'})) { # Read only first @ARGV my $userName = $ARGV[0]; +# untaint $userName (can finish with one or two $) +if ($userName =~ /^([\w -]+\$?)$/) { + $userName = $1; +} else { + print "$0: illegal username\n"; + exit (1); +} + # user must not exist in LDAP (should it be nss-wide ?) my ($rc, $dn) = get_user_dn2($userName); if ($rc and defined($dn)) { @@ -137,17 +153,24 @@ if ($rc and defined($dn)) { } my $userHomeDirectory; +my ($userCN, $userSN); my $tmp; -if (!defined($userHomeDirectory = $Options{'d'})) -{ +if (!defined($userHomeDirectory = $Options{'d'})) { $userHomeDirectory = $_userHomePrefix."/".$userName; } $_userLoginShell = $tmp if (defined($tmp = $Options{'s'})); $_userGecos = $tmp if (defined($tmp = $Options{'c'})); $_skeletonDir = $tmp if (defined($tmp = $Options{'k'})); +$userCN = ($Options{'c'} || $userName); +$userCN = $tmp if (defined($tmp = $Options{'N'})); +$userSN = $userName; +$userSN = $tmp if (defined($tmp = $Options{'S'})); + ######################## +my $ldap_master=connect_ldap_master(); + # MACHINE ACCOUNT if (defined($tmp = $Options{'w'})) { @@ -163,55 +186,47 @@ if (defined($tmp = $Options{'w'})) { } if (!$with_smbpasswd) { - if (!add_samba_machine_mkntpwd($userName, $userUidNumber)) { - die "$0: error while adding samba account\n"; - } + # (jtournier) + # Objectclass sambaSAMAccount is now added directly by samba when joigning the domain (for samba3) + #if (!add_samba_machine_mkntpwd($userName, $userUidNumber)) { + # die "$0: error while adding samba account\n"; + #} } else { if (!add_samba_machine($userName)) { die "$0: error while adding samba account\n"; } - - my $tmpldif = -"dn: uid=$userName,$computersdn -changetype: modify -sambaAcctFlags: [W ] - -"; - die "$0: error while modifying accountflags of $userName\n" - unless (do_ldapmodify($tmpldif) == 0); - undef $tmpldif; + my $modify = $ldap_master->modify ( "$dn", + changes => [ + replace => [sambaAcctFlags => '[W ]'] + ] + ); + $modify->code && warn "failed to modify entry: ", $modify->error ; } exit 0; } -####################### - # USER ACCOUNT - # add posix account first -my $tmpldif = -"dn: uid=$userName,$usersdn -objectclass: inetOrgPerson -objectclass: posixAccount -cn: $userName -sn: $userName -uid: $userName -uidNumber: $userUidNumber -gidNumber: $userGidNumber -homeDirectory: $userHomeDirectory -loginShell: $_userLoginShell -gecos: $_userGecos -description: $_userGecos -userPassword: {crypt}x - -"; +my $add = $ldap_master->add ("uid=$userName,$usersdn", + attr => [ + 'objectclass' => ['top','inetOrgPerson', 'posixAccount'], + 'cn' => "$userCN", + 'sn' => "$userSN", + 'uid' => "$userName", + 'uidNumber' => "$userUidNumber", + 'gidNumber' => "$userGidNumber", + 'homeDirectory' => "$userHomeDirectory", + 'loginShell' => "$_userLoginShell", + 'gecos' => "$_userGecos", + 'description' => "$_userGecos", + 'userPassword' => "{crypt}x" + ] + ); + +$add->code && warn "failed to add entry: ", $add->error ; -die "$0: error while adding posix user $userName\n" - unless (do_ldapadd($tmpldif) == 0); - -undef $tmpldif; #if ($createGroup) { # group_add($userName, $userGidNumber); @@ -267,28 +282,24 @@ if (defined($Options{'a'})) { $valacctflags = "$tmp"; } - my $tmpldif = -"dn: uid=$userName,$usersdn -changetype: modify -objectClass: inetOrgPerson -objectclass: posixAccount -objectClass: sambaSAMAccount -sambaPwdLastSet: 0 -sambaLogonTime: 0 -sambaLogoffTime: 2147483647 -sambaKickoffTime: 2147483647 -sambaPwdCanChange: $valpwdcanchange -sambaPwdMustChange: $valpwdmustchange -displayName: $_userGecos -sambaAcctFlags: $valacctflags -sambaSID: $smbldap_conf::SID-$userRid - -"; + + my $modify = $ldap_master->modify ( "uid=$userName,$usersdn", + changes => [ + add => [objectClass => 'sambaSAMAccount'], + add => [sambaPwdLastSet => '0'], + add => [sambaLogonTime => '0'], + add => [sambaLogoffTime => '2147483647'], + add => [sambaKickoffTime => '2147483647'], + add => [sambaPwdCanChange => "$valpwdcanchange"], + add => [sambaPwdMustChange => "$valpwdmustchange"], + add => [displayName => "$_userGecos"], + add => [sambaAcctFlags => "$valacctflags"], + add => [sambaSID => "$SID-$userRid"] + ] + ); - die "$0: error while adding samba account to posix user $userName\n" - unless (do_ldapmodify($tmpldif) == 0); + $modify->code && die "failed to add entry: ", $modify->error ; - undef $tmpldif; } else { my $FILE="|smbpasswd -s -a $userName >/dev/null" ; open (FILE, $FILE) || die "$!\n"; @@ -326,24 +337,24 @@ if (defined($tmp = $Options{'F'})) { $valprofilepath = "$tmp"; } - my $tmpldif = -"dn: uid=$userName,$usersdn -changetype: modify -sambaSID: $smbldap_conf::SID-$userRid -sambaPrimaryGroupSID: $smbldap_conf::SID-$userGroupRid -sambaHomeDrive: $valhomedrive -sambaHomePath: $valsmbhome -sambaProfilePath: $valprofilepath -sambaLogonScript: $valscriptpath -sambaLMPassword: XXX -sambaNTPassword: XXX - -"; - - die "$0: error while modifying samba account of user $userName\n" - unless (do_ldapmodify($tmpldif) == 0); - undef $tmpldif; + + my $modify = $ldap_master->modify ( "uid=$userName,$usersdn", + changes => [ + add => [sambaPrimaryGroupSID => "$SID-$userGroupRid"], + add => [sambaHomeDrive => "$valhomedrive"], + add => [sambaHomePath => "$valsmbhome"], + add => [sambaProfilePath => "$valprofilepath"], + add => [sambaLogonScript => "$valscriptpath"], + add => [sambaLMPassword => 'XXX'], + add => [sambaNTPassword => 'XXX'] + ] + ); + + $modify->code && die "failed to add entry: ", $modify->error ; + } +$ldap_master->unbind; # take down session + if (defined($Options{'P'})) { exec "/usr/local/sbin/smbldap-passwd.pl $userName" @@ -418,8 +429,8 @@ exit 0; -m The user's home directory will be created if it does not exist. The files contained in skeleton_dir will be copied to the home - directory if the -k option is used, otherwise the files con - tained in /etc/skel will be used instead. Any directories con + directory if the -k option is used, otherwise the files con­ + tained in /etc/skel will be used instead. Any directories con­ tained in skeleton_dir or /etc/skel will be created in the user's home directory as well. The -k option is only valid in conjunction with the -m option. The default is to not create @@ -451,6 +462,11 @@ exit 0; -H sambaAcctFlags, spaces and trailing bracket are ignored (samba account control bits like '[NDHTUMWSLKI]') + -N canonical name (defaults to gecos or username, if gecos not set) + + -S surname (defaults to username) + + =head1 SEE ALSO useradd(1) diff --git a/examples/LDAP/smbldap-tools/smbldap-userdel.pl b/examples/LDAP/smbldap-tools/smbldap-userdel.pl index 435be4fdd0..1a1a3214b5 100755 --- a/examples/LDAP/smbldap-tools/smbldap-userdel.pl +++ b/examples/LDAP/smbldap-tools/smbldap-userdel.pl @@ -23,6 +23,9 @@ # Purpose of smbldap-userdel : user (posix,shadow,samba) deletion use strict; +use FindBin; +use FindBin qw($RealBin); +use lib "$RealBin/"; use smbldap_tools; diff --git a/examples/LDAP/smbldap-tools/smbldap-usermod.pl b/examples/LDAP/smbldap-tools/smbldap-usermod.pl index dffb95bace..f25c730fc8 100755 --- a/examples/LDAP/smbldap-tools/smbldap-usermod.pl +++ b/examples/LDAP/smbldap-tools/smbldap-usermod.pl @@ -23,6 +23,9 @@ # Purpose of smbldap-usermod : user (posix,shadow,samba) modification use strict; +use FindBin; +use FindBin qw($RealBin); +use lib "$RealBin/"; use smbldap_tools; use smbldap_conf; @@ -33,13 +36,13 @@ use Getopt::Std; my %Options; my $nscd_status; -my $ok = getopts('A:B:C:D:E:F:H:IJxme:f:u:g:G:d:l:s:c:ok:?', \%Options); -if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) ) { - print "Usage: $0 [-awmugdsckxABCDEFGHI?] username\n"; +my $ok = getopts('A:B:C:D:E:F:H:IJN:S:xme:f:u:g:G:d:l:s:c:ok:?h', \%Options); +if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) || ($Options{'h'}) ) { + print "Usage: $0 [-awmugdsckxABCDEFGHI?h] username\n"; + print "Available options are:\n"; print " -c gecos\n"; print " -d home directory\n"; #print " -m move home directory\n"; - #print " -e expire date (YYYY-MM-DD)\n"; #print " -f inactive days\n"; print " -u uid\n"; print " -o uid can be non unique\n"; @@ -47,6 +50,10 @@ if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) ) { print " -G supplementary groups (comma separated)\n"; print " -l login name\n"; print " -s shell\n"; + print " -N canonical name\n"; + print " -S surname\n"; + print " For samba users:\n"; + print " -e expire date (\"YYYY-MM-DD HH:MM:SS\")\n"; print " -x creates rid and primaryGroupID in hex instead of decimal (for Samba 2.2.2 unpatched only)\n"; print " -A can change password ? 0 if no, 1 if yes\n"; print " -B must change password ? 0 if no, 1 if yes\n"; @@ -57,7 +64,7 @@ if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) ) { print " -H sambaAcctFlags (samba account control bits like '[NDHTUMWSLKI]')\n"; print " -I disable an user. Can't be used with -H or -J\n"; print " -J enable an user. Can't be used with -H or -I\n"; - print " -? show this help message\n"; + print " -?|-h show this help message\n"; exit (1); } @@ -69,30 +76,23 @@ if ($< != 0) { # Read only first @ARGV my $user = $ARGV[0]; -# Read user datas -my $lines = read_user($user); -if (!defined($lines)) { +# Read user data +my $user_entry = read_user_entry($user); +if (!defined($user_entry)) { print "$0: user $user doesn't exist\n"; exit (1); } -#print "$lines\n"; -my $dn_line; -if ( $lines =~ /(^dn: .*)/ ) { - $dn_line = $1; -} - -chomp($dn_line); - my $samba = 0; -if ($lines =~ m/objectClass: sambaAccount/) { +if (grep ($_ =~ /^sambaSamAccount$/i, $user_entry->get_value('objectClass'))) { $samba = 1; } -############ +# get the dn of the user +my $dn= $user_entry->dn(); my $tmp; -my $mods; +my @mods; # Process options my $changed_uid; @@ -119,15 +119,15 @@ if (defined($tmp = $Options{'u'})) { } } + push(@mods, 'uidNumber', $tmp); $_userUidNumber = $tmp; + if ($samba) { # as rid we use 2 * uid + 1000 my $_userRid = 2 * $_userUidNumber + 1000; if (defined($Options{'x'})) { $_userRid= sprint("%x", $_userRid); } - $mods .= "uidNumber: $_userUidNumber\n"; - if ($samba) { - $mods .= "rid: $_userRid\n"; + push(@mods, 'sambaSID', $SID.'-'.$_userRid); } $changed_uid = 1; } @@ -141,42 +141,42 @@ if (defined($tmp = $Options{'g'})) { print "$0: group $tmp doesn't exist\n"; exit (6); } + push(@mods, 'gidNumber', $_userGidNumber); + if ($samba) { # as grouprid we use 2 * gid + 1001 my $_userGroupRid = 2 * $_userGidNumber + 1001; if (defined($Options{'x'})) { $_userGroupRid = sprint("%x", $_userGroupRid); } - $mods .= "gidNumber: $_userGidNumber\n"; - if ($samba) { - $mods .= "primaryGroupID: $_userGroupRid\n"; + push(@mods, 'sambaPrimaryGroupSid', $SID.'-'.$_userGroupRid); } $changed_gid = 1; } -my $changed_shell; -my $_userLoginShell; if (defined($tmp = $Options{'s'})) { - $_userLoginShell = $tmp; - $mods .= "loginShell: $_userLoginShell\n"; - $changed_shell = 1; + push(@mods, 'loginShell' => $tmp); } -my $changed_gecos; -my $_userGecos; + if (defined($tmp = $Options{'c'})) { - $_userGecos = $tmp; - $mods .= "gecos: $_userGecos\n"; - $changed_gecos = 1; + push(@mods, 'gecos' => $tmp, + 'description' => $tmp); + if ($samba == 1) { + push(@mods, 'displayName' => $tmp); + } } -my $changed_homedir; -my $newhomedir; if (defined($tmp = $Options{'d'})) { - $newhomedir = $tmp; - $mods .= "homeDirectory: $newhomedir\n"; - $changed_homedir = 1; + push(@mods, 'homeDirectory' => $tmp); } +if (defined($tmp = $Options{'N'})) { + push(@mods, 'cn' => $tmp); +} + +if (defined($tmp = $Options{'S'})) { + push(@mods, 'sn' => $tmp); +} if (defined($tmp = $Options{'G'})) { @@ -212,102 +212,135 @@ if (defined($tmp = $Options{'G'})) { my $attr; my $winmagic = 2147483647; +my $samba = is_samba_user($user); + +if (defined($tmp = $Options{'e'})) { + if ($samba == 1) { + my $kickoffTime=`date --date='$tmp' +%s`; + chomp($kickoffTime); + push(@mods, 'sambakickoffTime' => $kickoffTime); + } else { + print "User $user is not a samba user\n"; + } +} + +my $_sambaPwdCanChange; if (defined($tmp = $Options{'A'})) { + if ($samba == 1) { $attr = "sambaPwdCanChange"; if ($tmp != 0) { - $mods .= "$attr: 0\n"; + $_sambaPwdCanChange=0; } else { - $mods .= "$attr: $winmagic\n"; + $_sambaPwdCanChange=$winmagic; + } + push(@mods, 'sambaPwdCanChange' => $_sambaPwdCanChange); + } else { + print "User $user is not a samba user\n"; } } +my $_sambaPwdMustChange; if (defined($tmp = $Options{'B'})) { - $attr = "sambaPwdMustChange"; + if ($samba == 1) { if ($tmp != 0) { - $mods .= "$attr: 0\n"; + $_sambaPwdMustChange=0; + } else { + $_sambaPwdMustChange=$winmagic; + } + push(@mods, 'sambaPwdMustChange' => $_sambaPwdMustChange); } else { - $mods .= "$attr: $winmagic\n"; + print "User $user is not a samba user\n"; } } if (defined($tmp = $Options{'C'})) { - $attr = "sambaHomePath"; + if ($samba == 1) { #$tmp =~ s/\\/\\\\/g; - $mods .= "$attr: $tmp\n"; + push(@mods, 'sambaHomePath' => $tmp); + } else { + print "User $user is not a samba user\n"; + } } +my $_sambaHomeDrive; if (defined($tmp = $Options{'D'})) { - $attr = "sambaHomeDrive"; + if ($samba == 1) { $tmp = $tmp.":" unless ($tmp =~ /:/); - $mods .= "$attr: $tmp\n"; + push(@mods, 'sambaHomeDrive' => $tmp); + } else { + print "User $user is not a samba user\n"; + } } if (defined($tmp = $Options{'E'})) { - $attr = "sambaLogonScript"; + if ($samba == 1) { #$tmp =~ s/\\/\\\\/g; - $mods .= "$attr: $tmp\n"; + push(@mods, 'sambaLogonScript' => $tmp); + } else { + print "User $user is not a samba user\n"; + } } if (defined($tmp = $Options{'F'})) { - $attr = "sambaProfilePath"; + if ($samba == 1) { #$tmp =~ s/\\/\\\\/g; - $mods .= "$attr: $tmp\n"; + push(@mods, 'sambaProfilePath' => $tmp); + } else { + print "User $user is not a samba user\n"; + } } +if ($samba == 1 and (defined $Options{'H'} or defined $Options{'I'} or defined $Options{'J'})) { + my $_sambaAcctFlags; if (defined($tmp = $Options{'H'})) { - $attr = "sambaAcctFlags"; #$tmp =~ s/\\/\\\\/g; - $mods .= "$attr: $tmp\n"; -} elsif (defined($tmp = $Options{'I'})) { + $_sambaAcctFlags=$tmp; + } else { + # I or J my $flags; + $flags = $user_entry->get_value('sambaAcctFlags'); - if ( $lines =~ /^sambaAcctFlags: (.*)/m ) { - $flags = $1; - } - - chomp($flags); - + if (defined($tmp = $Options{'I'})) { if ( !($flags =~ /D/) ) { my $letters; if ($flags =~ /(\w+)/) { $letters = $1; } - $mods .= "sambaAcctFlags: \[D$letters\]\n"; + $_sambaAcctFlags="\[D$letters\]"; } } elsif (defined($tmp = $Options{'J'})) { - my $flags; - - if ( $lines =~ /^sambaAcctFlags: (.*)/m ) { - $flags = $1; - } - - chomp($flags); - if ( $flags =~ /D/ ) { my $letters; if ($flags =~ /(\w+)/) { $letters = $1; } $letters =~ s/D//; - $mods .= "sambaAcctFlags: \[$letters\]\n"; + $_sambaAcctFlags="\[$letters\]"; + } } } -if ($mods ne '') { - #print "----\n$dn_line\n$mods\n----\n"; - - my $tmpldif = -"$dn_line -changetype: modify -$mods -"; - die "$0: error while modifying user $user\n" - unless (do_ldapmodify($tmpldif) == 0); + if ("$_sambaAcctFlags" ne '') { + push(@mods, 'sambaAcctFlags' => $_sambaAcctFlags); + } - undef $tmpldif; +} elsif (!$samba == 1 and (defined $Options{'H'} or defined $Options{'I'} or defined $Options{'J'})) { + print "User $user is not a samba user\n"; } +# Let's connect to the directory first +my $ldap_master=connect_ldap_master(); + +# apply changes +my $modify = $ldap_master->modify ( "$dn", + 'replace' => { @mods } + ); +$modify->code && warn "failed to modify entry: ", $modify->error ; + +# take down session +$ldap_master->unbind; + $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1"; if ($nscd_status == 0) { @@ -358,7 +391,7 @@ if ($nscd_status == 0) { -l login_name The name of the user will be changed from login to login_name. - Nothing else is changed. In particular, the user's home direc + Nothing else is changed. In particular, the user's home direc­ tory name should probably be changed to reflect the new login name. @@ -369,7 +402,7 @@ if ($nscd_status == 0) { -u uid The numerical value of the user's ID. This value must be unique, unless the -o option is used. The value must be non- negative. Any files which the user owns and which are - located in the directory tree rooted at the user's home direc + located in the directory tree rooted at the user's home direc­ tory will have the file user ID changed automatically. Files outside of the user's home directory must be altered manually. diff --git a/examples/LDAP/smbldap-tools/smbldap-usershow.pl b/examples/LDAP/smbldap-tools/smbldap-usershow.pl index b05f087620..555b35ffd8 100755 --- a/examples/LDAP/smbldap-tools/smbldap-usershow.pl +++ b/examples/LDAP/smbldap-tools/smbldap-usershow.pl @@ -1,4 +1,4 @@ -#!/usr/bin/perl +#!/usr/bin/perl -w # This code was developped by IDEALX (http://IDEALX.org/) and # contributors (their names can be found in the CONTRIBUTORS file). @@ -23,6 +23,9 @@ # Purpose of smbldap-userdisplay : user (posix,shadow,samba) display use strict; +use FindBin; +use FindBin qw($RealBin); +use lib "$RealBin/"; use smbldap_tools; use Getopt::Std; diff --git a/examples/LDAP/smbldap-tools/smbldap_conf.pm b/examples/LDAP/smbldap-tools/smbldap_conf.pm index dd1d772ea7..c3d5c1732c 100644 --- a/examples/LDAP/smbldap-tools/smbldap_conf.pm +++ b/examples/LDAP/smbldap-tools/smbldap_conf.pm @@ -30,16 +30,14 @@ package smbldap_conf; use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS $UID_START $GID_START $smbpasswd $slaveLDAP $masterLDAP $slavePort $masterPort $ldapSSL $slaveURI $masterURI $with_smbpasswd $mk_ntpasswd -$ldap_path $ldap_opts $ldapsearch $ldapsearchnobind -$ldapmodify $ldappasswd $ldapadd $ldapdelete $ldapmodrdn -$suffix $usersdn $computersdn +$ldap_path $ldap_opts $ldapmodify $suffix $usersdn $computersdn $groupsdn $scope $binddn $bindpasswd $slaveDN $slavePw $masterDN $masterPw $_userLoginShell $_userHomePrefix $_userGecos $_defaultUserGid $_defaultComputerGid $_skeletonDir $_userSmbHome $_userProfile $_userHomeDrive -$_userScript $usersou $computersou $groupsou +$_userScript $usersou $computersou $groupsou $SID $hash_encrypt ); use Exporter; @@ -49,14 +47,13 @@ $VERSION = 1.00; @EXPORT = qw( $UID_START $GID_START $smbpasswd $slaveLDAP $masterLDAP $slavePort $masterPort $ldapSSL $slaveURI $masterURI $with_smbpasswd $mk_ntpasswd -$ldap_path $ldap_opts $ldapsearch $ldapsearchnobind $ldapmodify $ldappasswd -$ldapadd $ldapdelete $ldapmodrdn $suffix $usersdn +$ldap_path $ldap_opts $ldapmodify $suffix $usersdn $computersdn $groupsdn $scope $binddn $bindpasswd $slaveDN $slavePw $masterDN $masterPw $_userLoginShell $_userHomePrefix $_userGecos $_defaultUserGid $_defaultComputerGid $_skeletonDir $_userSmbHome $_userProfile $_userHomeDrive $_userScript -$usersou $computersou $groupsou +$usersou $computersou $groupsou $SID $hash_encrypt ); @@ -66,16 +63,13 @@ $usersou $computersou $groupsou # ############################################################################## -# # UID and GID starting at... -# - $UID_START = 1000; $GID_START = 1000; # Put your own SID -# to obtain this number do: # net getlocalsid -our $SID='S-1-5-21-636805976-1992644568-3666589737'; +# to obtain this number do: "net getlocalsid" +$SID='S-1-5-21-3516781642-1962875130-3438800523'; ############################################################################## # @@ -86,84 +80,65 @@ our $SID='S-1-5-21-636805976-1992644568-3666589737'; # Notes: to use to dual ldap servers backend for Samba, you must patch # Samba with the dual-head patch from IDEALX. If not using this patch # just use the same server for slaveLDAP and masterLDAP. -# -# Slave LDAP : needed for read operations -# +# Those two servers declarations can also be used when you have +# . one master LDAP server where all writing operations must be done +# . one slave LDAP server where all reading operations must be done +# (typically a replication directory) + # Ex: $slaveLDAP = "127.0.0.1"; $slaveLDAP = "127.0.0.1"; - $slavePort = "389"; -# # Master LDAP : needed for write operations -# # Ex: $masterLDAP = "127.0.0.1"; $masterLDAP = "127.0.0.1"; - - -# -# Master Port -# 389 636 -# Ex: $masterPort = " $masterPort = "389"; -# # Use SSL for LDAP -# +# If set to "1", this option will use start_tls for connection +# (you should also used the port 389) $ldapSSL = "0"; -# # LDAP Suffix -# # Ex: $suffix = "dc=IDEALX,dc=ORG"; $suffix = "dc=IDEALX,dc=ORG"; -# # Where are stored Users -# # Ex: $usersdn = "ou=Users,$suffix"; for ou=Users,dc=IDEALX,dc=ORG $usersou = q(_USERS_); - $usersdn = "ou=$usersou,$suffix"; -# # Where are stored Computers -# # Ex: $computersdn = "ou=Computers,$suffix"; for ou=Computers,dc=IDEALX,dc=ORG $computersou = q(_COMPUTERS_); - $computersdn = "ou=$computersou,$suffix"; -# # Where are stored Groups -# # Ex $groupsdn = "ou=Groups,$suffix"; for ou=Groups,dc=IDEALX,dc=ORG $groupsou = q(_GROUPS_); - $groupsdn = "ou=$groupsou,$suffix"; -# # Default scope Used -# $scope = "sub"; -# -# Credential Configuration -# +# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA) +$hash_encrypt="SSHA"; + +############################ +# Credential Configuration # +############################ # Bind DN used # Ex: $binddn = "cn=Manager,$suffix"; for cn=Manager,dc=IDEALX,dc=org $binddn = "cn=Manager,$suffix"; -# + # Bind DN passwd used # Ex: $bindpasswd = 'secret'; for 'secret' $bindpasswd = "secret"; -# # Notes: if using dual ldap patch, you can specify to different configuration # By default, we will use the same DN (so it will work for standard Samba # release) -# $slaveDN = $binddn; $slavePw = $bindpasswd; $masterDN = $binddn; @@ -176,36 +151,24 @@ $masterPw = $bindpasswd; ############################################################################## # Login defs -# # Default Login Shell -# # Ex: $_userLoginShell = q(/bin/bash); $_userLoginShell = q(_LOGINSHELL_); -# # Home directory prefix (without username) -# #Ex: $_userHomePrefix = q(/home/); $_userHomePrefix = q(_HOMEPREFIX_); -# # Gecos -# $_userGecos = q(System User); -# # Default User (POSIX and Samba) GID -# -$_defaultUserGid = 100; +$_defaultUserGid = 513; -# # Default Computer (Samba) GID -# $_defaultComputerGid = 553; -# # Skel dir -# $_skeletonDir = q(/etc/skel); ############################################################################## @@ -214,28 +177,23 @@ $_skeletonDir = q(/etc/skel); # ############################################################################## -# # The UNC path to home drives location without the username last extension # (will be dynamically prepended) # Ex: q(\\\\My-PDC-netbios-name\\homes) for \\My-PDC-netbios-name\homes $_userSmbHome = q(\\\\_PDCNAME_\\homes); -# # The UNC path to profiles locations without the username last extension # (will be dynamically prepended) -# Ex: q(\\\\My-PDC-netbios-name\\profiles) for \\My-PDC-netbios-name\profiles +# Ex: q(\\\\My-PDC-netbios-name\\profiles\\) for \\My-PDC-netbios-name\profiles $_userProfile = q(\\\\_PDCNAME_\\profiles\\); -# # The default Home Drive Letter mapping # (will be automatically mapped at logon time if home directory exist) # Ex: q(U:) for U: $_userHomeDrive = q(_HOMEDRIVE_); -# # The default user netlogon script name # if not used, will be automatically username.cmd -# #$_userScript = q(startup.cmd); # make sure script file is edited under dos @@ -251,28 +209,28 @@ $with_smbpasswd = 0; $smbpasswd = "/usr/bin/smbpasswd"; $mk_ntpasswd = "/usr/local/sbin/mkntpwd"; -if ( $ldapSSL eq "0" ) { +# those next externals commands are kept fot the migration scripts and +# for the populate script: this will be updated as soon as possible $slaveURI = "ldap://$slaveLDAP:$slavePort"; $masterURI = "ldap://$masterLDAP:$masterPort"; -} -elsif ( $ldapSSL eq "1" ) { - $slaveURI = "ldaps://$slaveLDAP:$slavePort"; - $masterURI = "ldaps://$masterLDAP:$masterPort"; -} -else { - die "ldapSSL option must be either 0 or 1.\n"; -} - $ldap_path = "/usr/bin"; + +if ( $ldapSSL eq "0" ) { $ldap_opts = "-x"; -$ldapsearch = "$ldap_path/ldapsearch $ldap_opts -H $slaveURI -D '$slaveDN' -w '$slavePw'"; -$ldapsearchnobind = "$ldap_path/ldapsearch $ldap_opts -H $slaveURI"; +} elsif ( $ldapSSL eq "1" ) { + $ldap_opts = "-x -Z"; +} else { + die "ldapSSL option must be either 0 or 1.\n"; +} + +#$ldapsearch = "$ldap_path/ldapsearch $ldap_opts -H $slaveURI -D '$slaveDN' -w '$slavePw'"; +#$ldapsearchnobind = "$ldap_path/ldapsearch $ldap_opts -H $slaveURI"; $ldapmodify = "$ldap_path/ldapmodify $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'"; -$ldappasswd = "$ldap_path/ldappasswd $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'"; -$ldapadd = "$ldap_path/ldapadd $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'"; -$ldapdelete = "$ldap_path/ldapdelete $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'"; -$ldapmodrdn = "$ldap_path/ldapmodrdn $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'"; +#$ldappasswd = "$ldap_path/ldappasswd $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'"; +#$ldapadd = "$ldap_path/ldapadd $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'"; +#$ldapdelete = "$ldap_path/ldapdelete $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'"; +#$ldapmodrdn = "$ldap_path/ldapmodrdn $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'"; diff --git a/examples/LDAP/smbldap-tools/smbldap_tools.pm b/examples/LDAP/smbldap-tools/smbldap_tools.pm index ad6ef74eb6..8001442fe8 100755 --- a/examples/LDAP/smbldap-tools/smbldap_tools.pm +++ b/examples/LDAP/smbldap-tools/smbldap_tools.pm @@ -1,4 +1,4 @@ -#! /usr/bin/perl +#! /usr/bin/perl -w use strict; package smbldap_tools; use smbldap_conf; @@ -36,7 +36,9 @@ $VERSION = 1.00; @EXPORT = qw( get_user_dn get_group_dn + is_group_member is_samba_user + is_unix_user is_user_valid get_dn_from_line add_posix_machine @@ -47,8 +49,10 @@ add_grouplist_user disable_user delete_user group_add + group_del get_homedir read_user + read_user_entry read_group find_groups_of parse_group @@ -57,32 +61,74 @@ group_get_members do_ldapadd do_ldapmodify get_user_dn2 + connect_ldap_master + connect_ldap_slave ); -# dn_line = get_user_dn($username) -# where dn_line is like "dn: a=b,c=d" - -#sub ldap_search -#{ -#my ($local_base,$local_scope,$local_filtre)=@_; -#} - +sub connect_ldap_master + { + # bind to a directory with dn and password + my $ldap_master = Net::LDAP->new( + "$masterLDAP", + port => "$masterPort", + version => 3, + # debug => 0xffff, + ) + or die "erreur LDAP: Can't contact master ldap server ($@)"; + if ($ldapSSL == 1) { + $ldap_master->start_tls( + # verify => 'require', + # clientcert => 'mycert.pem', + # clientkey => 'mykey.pem', + # decryptkey => sub { 'secret'; }, + # capath => '/usr/local/cacerts/' + ); + } + $ldap_master->bind ( "$binddn", + password => "$masterPw" + ); + return($ldap_master); + } +sub connect_ldap_slave + { + # bind to a directory with dn and password + my $ldap_slave = Net::LDAP->new( + "$slaveLDAP", + port => "$slavePort", + version => 3, + # debug => 0xffff, + ) + or die "erreur LDAP: Can't contact slave ldap server ($@)"; + if ($ldapSSL == 1) { + $ldap_slave->start_tls( + # verify => 'require', + # clientcert => 'mycert.pem', + # clientkey => 'mykey.pem', + # decryptkey => sub { 'secret'; }, + # capath => '/usr/local/cacerts/' + ); + } + $ldap_slave->bind ( "$binddn", + password => "$slavePw" + ); + return($ldap_slave); + } sub get_user_dn { my $user = shift; my $dn=''; - my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP"; - $ldap->bind ; - my $mesg = $ldap->search ( base => $suffix, + my $ldap_slave=connect_ldap_slave(); + my $mesg = $ldap_slave->search ( base => $suffix, scope => $scope, filter => "(&(objectclass=posixAccount)(uid=$user))" ); $mesg->code && die $mesg->error; foreach my $entry ($mesg->all_entries) { - $dn= $entry->dn;} - $ldap->unbind; + $dn= $entry->dn; + } + $ldap_slave->unbind; chomp($dn); if ($dn eq '') { return undef; @@ -92,28 +138,21 @@ sub get_user_dn } -sub get_user_dn2 ## migr +sub get_user_dn2 { my $user = shift; my $dn=''; - my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP"; - $ldap->bind ; - my $mesg = $ldap->search ( base => $suffix, + my $ldap_slave=connect_ldap_slave(); + my $mesg = $ldap_slave->search ( base => $suffix, scope => $scope, filter => "(&(objectclass=posixAccount)(uid=$user))" ); - # $mesg->code && warn $mesg->error; - if ($mesg->code) - { - print("Code erreur : ",$mesg->code,"\n"); - print("Message d'erreur : ",$mesg->error,"\n"); - return (0,undef); - } + $mesg->code && warn "failed to perform search; ", $mesg->error; foreach my $entry ($mesg->all_entries) { $dn= $entry->dn; } - $ldap->unbind; + $ldap_slave->unbind; chomp($dn); if ($dn eq '') { return (1,undef); @@ -127,16 +166,16 @@ sub get_group_dn { my $group = shift; my $dn=''; - my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP"; - $ldap->bind ; - my $mesg = $ldap->search ( base => $groupsdn, + my $ldap_slave=connect_ldap_slave(); + my $mesg = $ldap_slave->search ( base => $groupsdn, scope => $scope, filter => "(&(objectclass=posixGroup)(|(cn=$group)(gidNumber=$group)))" ); $mesg->code && die $mesg->error; foreach my $entry ($mesg->all_entries) { - $dn= $entry->dn;} - $ldap->unbind; + $dn= $entry->dn; + } + $ldap_slave->unbind; chomp($dn); if ($dn eq '') { return undef; @@ -150,14 +189,41 @@ sub get_group_dn sub is_samba_user { my $user = shift; - my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP"; - $ldap->bind ; - my $mesg = $ldap->search ( base => $suffix, + my $ldap_slave=connect_ldap_slave(); + my $mesg = $ldap_slave->search ( base => $suffix, scope => $scope, filter => "(&(objectClass=sambaSamAccount)(uid=$user))" ); $mesg->code && die $mesg->error; - $ldap->unbind; + $ldap_slave->unbind; + return ($mesg->count ne 0); + } + +sub is_unix_user + { + my $user = shift; + my $ldap_slave=connect_ldap_slave(); + my $mesg = $ldap_slave->search ( base => $suffix, + scope => $scope, + filter => "(&(objectClass=posixAccount)(uid=$user))" + ); + $mesg->code && die $mesg->error; + $ldap_slave->unbind; + return ($mesg->count ne 0); + } + +sub is_group_member + { + my $dn_group = shift; + my $user = shift; + my $ldap_slave=connect_ldap_slave(); + my $mesg = $ldap_slave->search ( + base => "$dn_group", + scope => 'base', + filter => "(&(memberUid=$user))" + ); + $mesg->code && die $mesg->error; + $ldap_slave->unbind; return ($mesg->count ne 0); } @@ -168,21 +234,19 @@ sub is_user_valid my ($user, $dn, $pass) = @_; my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP"; my $mesg= $ldap->bind (dn => $dn, password => $pass ); - if ($mesg->code eq 0) - { + if ($mesg->code eq 0) { $ldap->unbind; return 1; - } - else - { + } else { if($ldap->bind()) { $ldap->unbind; return 0; } else { - print ("Le serveur LDAP est indisponible.\nVrifier le serveur, les cblages, ..."); + print ("The LDAP directory is not available.\n Check the server, cables ..."); $ldap->unbind; return 0; - } die "Problme : Contacter votre administrateur"; + } + die "Problem : contact your administrator"; } } @@ -199,27 +263,29 @@ sub get_dn_from_line sub add_posix_machine { my ($user, $uid, $gid) = @_; - my $tmpldif = - "dn: uid=$user,$computersdn -objectclass: inetOrgPerson -objectclass: posixAccount -sn: $user -cn: $user -uid: $user -uidNumber: $uid -gidNumber: $gid -homeDirectory: /dev/null -loginShell: /bin/false -description: Computer - -"; - - die "$0: error while adding posix account to machine $user\n" - unless (do_ldapadd($tmpldif) == 0); - undef $tmpldif; - return 1; + # bind to a directory with dn and password + my $ldap_master=connect_ldap_master(); + my $add = $ldap_master->add ( "uid=$user,$computersdn", + attr => [ + 'objectclass' => ['top','inetOrgPerson', 'posixAccount'], + 'cn' => "$user", + 'sn' => "$user", + 'uid' => "$user", + 'uidNumber' => "$uid", + 'gidNumber' => "$gid", + 'homeDirectory' => '/dev/null', + 'loginShell' => '/bin/false', + 'description' => 'Computer', + ] + ); + + $add->code && warn "failed to add entry: ", $add->error ; + # take down the session + $ldap_master->unbind; + } + # success = add_samba_machine($computername) sub add_samba_machine { @@ -244,33 +310,31 @@ sub add_samba_machine_mkntpwd chomp(my $lmpassword = substr($ntpwd, 0, index($ntpwd, ':'))); chomp(my $ntpassword = substr($ntpwd, index($ntpwd, ':')+1)); - my $tmpldif = - "dn: uid=$user,$computersdn -changetype: modify -objectclass: inetOrgPerson -objectclass: posixAccount -objectClass: sambaSamAccount -sambaPwdLastSet: 0 -sambaLogonTime: 0 -sambaLogoffTime: 2147483647 -sambaKickoffTime: 2147483647 -sambaPwdCanChange: 0 -sambaPwdMustChange: 2147483647 -sambaAcctFlags: [W ] -sambaLMPassword: $lmpassword -sambaNTPassword: $ntpassword -sambaSID: $smbldap_conf::SID-$sambaSID -sambaPrimaryGroupSID: $smbldap_conf::SID-0 - -"; - - die "$0: error while adding samba account to $user\n" - unless (do_ldapmodify($tmpldif) == 0); - undef $tmpldif; + my $ldap_master=connect_ldap_master(); + my $modify = $ldap_master->modify ( "uid=$user,$computersdn", + changes => [ + replace => [objectClass => ['inetOrgPerson', 'posixAccount', 'sambaSAMAccount']], + add => [sambaPwdLastSet => '0'], + add => [sambaLogonTime => '0'], + add => [sambaLogoffTime => '2147483647'], + add => [sambaKickoffTime => '2147483647'], + add => [sambaPwdCanChange => '0'], + add => [sambaPwdMustChange => '0'], + add => [sambaAcctFlags => '[W ]'], + add => [sambaLMPassword => "$lmpassword"], + add => [sambaNTPassword => "$ntpassword"], + add => [sambaSID => "$SID-$sambaSID"], + add => [sambaPrimaryGroupSID => "$SID-0"] + ] + ); + + $modify->code && die "failed to add entry: ", $modify->error ; return 1; - } + # take down the session + $ldap_master->unbind; + } sub group_add_user @@ -278,55 +342,43 @@ sub group_add_user my ($group, $userid) = @_; my $members=''; my $dn_line = get_group_dn($group); + if (!defined(get_group_dn($group))) { + print "$0: group \"$group\" doesn't exist\n"; + exit (6); + } if (!defined($dn_line)) { return 1; } - my $dn = get_dn_from_line($dn_line); - - my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP"; - $ldap->bind ; - my $mesg = $ldap->search ( base =>$dn, scope => "base", filter => "(objectClass=*)" ); - $mesg->code && die $mesg->error; - foreach my $entry ($mesg->all_entries){ - foreach my $attr ($entry->attributes) - { - if ($attr=~/\bmemberUid\b/){ - foreach my $ent($entry->get_value($attr)) { $members.= $attr.": ".$ent."\n"; } - } + my $dn = get_dn_from_line("$dn_line"); + # on look if the user is already present in the group + my $is_member=is_group_member($dn,$userid); + if ($is_member == 1) { + print "User \"$userid\" already member of the group \"$group\".\n"; + } else { + # bind to a directory with dn and password + my $ldap_master=connect_ldap_master(); + # It does not matter if the user already exist, Net::LDAP will add the user + # if he does not exist, and ignore him if his already in the directory. + my $modify = $ldap_master->modify ( "$dn", + changes => [ + add => [memberUid => $userid] + ] + ); + $modify->code && die "failed to modify entry: ", $modify->error ; + # take down session + $ldap_master->unbind; } } - $ldap->unbind; - chomp($members); - # user already member ? - if ($members =~ m/^memberUid: $userid/) { - return 2; - } - my $mods = ""; - if ($members ne '') { - $mods="$dn_line -changetype: modify -replace: memberUid -$members -memberUid: $userid - -"; - } else { - $mods="$dn_line -changetype: modify -add: memberUid -memberUid: $userid -"; - } - #print "$mods\n"; - my $tmpldif = - "$mods -"; - - die "$0: error while modifying group $group\n" - unless (do_ldapmodify($tmpldif) == 0); - undef $tmpldif; - return 0; +sub group_del + { + my $group_dn=shift; + # bind to a directory with dn and password + my $ldap_master=connect_ldap_master(); + my $modify = $ldap_master->delete ($group_dn); + $modify->code && die "failed to delete group : ", $modify->error ; + # take down session + $ldap_master->unbind; } sub add_grouplist_user @@ -338,43 +390,34 @@ sub add_grouplist_user } } -# XXX FIXME : sambaAcctFlags |= D, and not sambaAcctFlags = D sub disable_user { my $user = shift; my $dn_line; + my $dn = get_dn_from_line($dn_line); if (!defined($dn_line = get_user_dn($user))) { print "$0: user $user doesn't exist\n"; exit (10); } - - my $tmpldif = - "dn: $dn_line -changetype: modify -replace: userPassword -userPassword: {crypt}!x - -"; - - die "$0: error while modifying user $user\n" - unless (do_ldapmodify($tmpldif) == 0); - undef $tmpldif; + my $ldap_master=connect_ldap_master(); + my $modify = $ldap_master->modify ( "$dn", + changes => [ + replace => [userPassword => '{crypt}!x'] + ] + ); + $modify->code && die "failed to modify entry: ", $modify->error ; if (is_samba_user($user)) { - - my $tmpldif = - "dn: $dn_line -changetype: modify -replace: sambaAcctFlags -sambaAcctFlags: [D ] - -"; - - die "$0: error while modifying user $user\n" - unless (do_ldapmodify($tmpldif) == 0); - undef $tmpldif; + my $modify = $ldap_master->modify ( "$dn", + changes => [ + replace => [sambaAcctFlags => '[D ]'] + ] + ); + $modify->code && die "failed to modify entry: ", $modify->error ; } + # take down session + $ldap_master->unbind; } # delete_user($user) @@ -389,7 +432,9 @@ sub delete_user } my $dn = get_dn_from_line($dn_line); - system "$ldapdelete $dn >/dev/null"; + my $ldap_master=connect_ldap_master(); + my $modify = $ldap_master->delete($dn); + $ldap_master->unbind; } # $success = group_add($groupname, $group_gid, $force_using_existing_gid) @@ -415,17 +460,18 @@ sub group_add if ($nscd_status == 0) { system "/etc/init.d/nscd start > /dev/null 2>&1"; } - my $tmpldif = - "dn: cn=$gname,$groupsdn -objectclass: posixGroup -cn: $gname -gidNumber: $gid - -"; - - die "$0: error while adding posix group $gname\n" - unless (do_ldapadd($tmpldif) == 0); - undef $tmpldif; + my $ldap_master=connect_ldap_master(); + my $modify = $ldap_master->add ( "cn=$gname,$groupsdn", + attrs => [ + objectClass => 'posixGroup', + cn => "$gname", + gidNumber => "$gid" + ] + ); + + $modify->code && die "failed to add entry: ", $modify->error ; + # take down session + $ldap_master->unbind; return 1; } @@ -434,14 +480,15 @@ sub get_homedir { my $user = shift; my $homeDir=''; - # my $homeDir=`$ldapsearch -b '$suffix' -s '$scope' '(&(objectclass=posixAccount)(uid=$user))' | grep "^homeDirectory:"`; - my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP"; - $ldap->bind ; - my $mesg = $ldap->search ( base =>$suffix, scope => $scope, filter => "(&(objectclass=posixAccount)(uid=$user))" ); + my $ldap_slave=connect_ldap_slave(); + my $mesg = $ldap_slave->search ( + base =>$suffix, + scope => $scope, + filter => "(&(objectclass=posixAccount)(uid=$user))" + ); $mesg->code && die $mesg->error; foreach my $entry ($mesg->all_entries){ - foreach my $attr ($entry->attributes) - { + foreach my $attr ($entry->attributes) { if ($attr=~/\bhomeDirectory\b/){ foreach my $ent($entry->get_value($attr)) { $homeDir.= $attr.": ".$ent."\n"; @@ -449,7 +496,7 @@ sub get_homedir } } } - $ldap->unbind; + $ldap_slave->unbind; chomp $homeDir; if ($homeDir eq '') { return undef; @@ -463,9 +510,8 @@ sub read_user { my $user = shift; my $lines =''; - my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP"; - $ldap->bind ; - my $mesg = $ldap->search ( # perform a search + my $ldap_slave=connect_ldap_slave(); + my $mesg = $ldap_slave->search ( # perform a search base => $suffix, scope => $scope, filter => "(&(objectclass=posixAccount)(uid=$user))" @@ -480,7 +526,8 @@ sub read_user } } } - $ldap->unbind; # take down sessio(n + # take down session + $ldap_slave->unbind; chomp $lines; if ($lines eq '') { return undef; @@ -488,14 +535,31 @@ sub read_user return $lines; } +# search for a user +# return the attributes in an array +sub read_user_entry + { + my $user = shift; + my $ldap_slave=connect_ldap_slave(); + my $mesg = $ldap_slave->search ( # perform a search + base => $suffix, + scope => $scope, + filter => "(&(objectclass=posixAccount)(uid=$user))" + ); + + $mesg->code && die $mesg->error; + my $entry = $mesg->entry(); + $ldap_slave->unbind; + return $entry; + } + # search for a group sub read_group { my $user = shift; my $lines =''; - my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP"; - $ldap->bind ; - my $mesg = $ldap->search ( # perform a search + my $ldap_slave=connect_ldap_slave(); + my $mesg = $ldap_slave->search ( # perform a search base => $groupsdn, scope => $scope, filter => "(&(objectclass=posixGroup)(cn=$user))" @@ -510,8 +574,8 @@ sub read_group } } } - - $ldap->unbind; # take down sessio(n + # take down session + $ldap_slave->unbind; chomp $lines; if ($lines eq '') { return undef; @@ -525,9 +589,8 @@ sub find_groups_of { my $user = shift; my $lines =''; - my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP"; - $ldap->bind ; - my $mesg = $ldap->search ( # perform a search + my $ldap_slave=connect_ldap_slave; + my $mesg = $ldap_slave->search ( # perform a search base => $groupsdn, scope => $scope, filter => "(&(objectclass=posixGroup)(memberuid=$user))" @@ -536,9 +599,11 @@ sub find_groups_of foreach my $entry ($mesg->all_entries) { $lines.= "dn: ".$entry->dn."\n"; } - $ldap->unbind; + $ldap_slave->unbind; chomp($lines); - if ($lines eq '') {return undef; } + if ($lines eq '') { + return undef; + } return $lines; } @@ -571,53 +636,20 @@ sub group_remove_member if (!defined($grp_line)) { return 0; } - - my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP"; - $ldap->bind ; - my $mesg = $ldap->search ( base => $groupsdn, - scope => $scope, - filter => "(&(objectclass=posixgroup)(cn=$group))" + my $dn = get_dn_from_line($grp_line); + # we test if the user exist in the group + my $is_member=is_group_member($dn,$user); + if ($is_member == 1) { + my $ldap_master=connect_ldap_master(); + # delete only the user from the group + my $modify = $ldap_master->modify ( "$dn", + changes => [ + delete => [memberUid => ["$user"]] + ] ); - $mesg->code && die $mesg->error; - foreach my $entry ($mesg->all_entries){ - foreach my $attr ($entry->attributes) - { - if ($attr=~/\bmemberUid\b/){ - foreach my $ent($entry->get_value($attr)) { - $members.= $attr.": ".$ent."\n"; - } + $modify->code && die "failed to delete entry: ", $modify->error ; + $ldap_master->unbind; } - } - } - #print "Valeurs de members :\n$members"; - $ldap->unbind; - # my $members = `$ldapsearch -b '$groupsdn' -s '$scope' '(&(objectclass=posixgroup)(cn=$group))' | grep -i "^memberUid:"`; - # print "avant ---\n$members\n"; - $members =~ s/memberUid: $user\n//; - #print "aprs ---\n$members\n"; - chomp($members); - - my $header; - if ($members eq '') { - $header = "changetype: modify\n"; - $header .= "delete: memberUid"; - } else { - $header = "changetype: modify\n"; - $header .= "replace: memberUid"; - } - - my $tmpldif = -"$grp_line -$header -$members -"; - - #print "Valeur du tmpldif : \n$tmpldif"; - die "$0: error while modifying group $group\n" - unless (do_ldapmodify($tmpldif) == 0); - undef $tmpldif; - - $ldap->unbind; return 1; } @@ -627,11 +659,14 @@ sub group_get_members my $members; my @resultat; my $grp_line = get_group_dn($group); - if (!defined($grp_line)) { return 0; } + if (!defined($grp_line)) { + return 0; + } my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP"; $ldap->bind ; - my $mesg = $ldap->search ( base => $groupsdn, + my $mesg = $ldap->search ( + base => $groupsdn, scope => $scope, filter => "(&(objectclass=posixgroup)(cn=$group))" ); @@ -639,57 +674,13 @@ sub group_get_members foreach my $entry ($mesg->all_entries){ foreach my $attr ($entry->attributes){ if ($attr=~/\bmemberUid\b/){ - foreach my $ent($entry->get_value($attr)) { push (@resultat,$ent); } + foreach my $ent ($entry->get_value($attr)) { + push (@resultat,$ent); } } } - return @resultat; - } - -sub file_write { - my ($filename, $filecontent) = @_; - local *FILE; - open (FILE, "> $filename") || - die "Cannot open $filename for writing: $!\n"; - print FILE $filecontent; - close FILE; } - -# wrapper for ldapadd -sub do_ldapadd2 - { - my $ldif = shift; - my $tempfile = "/tmp/smbldapadd.$$"; - file_write($tempfile, $ldif); - - my $rc = system "$ldapadd < $tempfile >/dev/null"; - unlink($tempfile); - return $rc; - } - -sub do_ldapadd - { - my $ldif = shift; - my $FILE = "|$ldapadd >/dev/null"; - open (FILE, $FILE) || die "$!\n"; - print FILE </dev/null"; - unlink($tempfile); - return $rc; + return @resultat; } sub do_ldapmodify -- cgit