1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
|
#!/usr/bin/perl -w
##
## Convert an LDIF file containing sambaAccount entries
## to the new sambaSamAccount objectclass
##
## Copyright Gerald (Jerry) Carter 2003
##
## Usage: convertSambaAccount <Domain SID> <input ldif> <output ldif>
##
use strict;
use Net::LDAP::LDIF;
my ( $domain, $domsid );
my ( $ldif, $ldif2 );
my ( $entry, @objclasses, $obj );
my ( $is_samba_account, $is_samba_group );
my ( %attr_map, %group_attr_map, $key );
if ( $#ARGV != 2 ) {
print "Usage: convertSambaAccount domain_sid input_ldif output_ldif\n";
exit 1;
}
%attr_map = (
lmPassword => 'sambaLMPassword',
ntPassword => 'sambaNTPassword',
pwdLastSet => 'sambaPwdLastSet',
pwdMustChange => 'sambaPwdMustChange',
pwdCanChange => 'sambaPwdCanChange',
homeDrive => 'sambaHomeDrive',
smbHome => 'sambaHomePath',
scriptPath => 'sambaLogonScript',
profilePath => 'sambaProfilePath',
kickoffTime => 'sambaKickoffTime',
logonTime => 'sambaLogonTime',
logoffTime => 'sambaLogoffTime',
userWorkstations => 'sambaUserWorkstations',
domain => 'sambaDomainName',
acctFlags => 'sambaAcctFlags',
);
%group_attr_map = (
ntSid => 'sambaSID',
ntGroupType => 'sambaGroupType',
);
$domsid = $ARGV[0];
$ldif = Net::LDAP::LDIF->new ($ARGV[1], "r")
or die $!;
$ldif2 = Net::LDAP::LDIF->new ($ARGV[2], "w")
or die $!;
while ( !$ldif->eof ) {
undef ( $entry );
$entry = $ldif->read_entry();
## skip entry if we find an error
if ( $ldif->error() ) {
print "Error msg: ",$ldif->error(),"\n";
print "Error lines:\n",$ldif->error_lines(),"\n";
next;
}
##
## check to see if we have anything to do on this
## entry. If not just write it out
##
@objclasses = $entry->get_value( "objectClass" );
undef ( $is_samba_account );
undef ( $is_samba_group );
foreach $obj ( @objclasses ) {
if ( "$obj" eq "sambaAccount" ) {
$is_samba_account = 1;
} elsif ( "$obj" eq "sambaGroupMapping" ) {
$is_samba_group = 1;
}
}
if ( defined ( $is_samba_account ) ) {
##
## start editing the sambaAccount
##
$entry->delete( 'objectclass' => [ 'sambaAccount' ] );
$entry->add( 'objectclass' => 'sambaSamAccount' );
$entry->add( 'sambaSID' => $domsid."-".$entry->get_value( "rid" ) );
$entry->delete( 'rid' );
if ( $entry->get_value( "primaryGroupID" ) ) {
$entry->add( 'sambaPrimaryGroupSID' => $domsid."-".$entry->get_value( "primaryGroupID" ) );
$entry->delete( 'primaryGroupID' );
}
foreach $key ( keys %attr_map ) {
if ( defined($entry->get_value($key)) ) {
$entry->add( $attr_map{$key} => $entry->get_value($key) );
$entry->delete( $key );
}
}
} elsif ( defined ( $is_samba_group ) ) {
foreach $key ( keys %group_attr_map ) {
if ( defined($entry->get_value($key)) ) {
$entry->add( $group_attr_map{$key} => $entry->get_value($key) );
$entry->delete( $key );
}
}
}
$ldif2->write_entry( $entry );
}
|
