summaryrefslogtreecommitdiff
path: root/examples/LDAP/convertSambaAccount
blob: 5b7febd6a04712a080fe5b9d8425fbace8cde37d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
#!/usr/bin/perl  -w
##
## Convert an LDIF file containing sambaAccount entries
## to the new sambaSamAccount objectclass
##
## Copyright Gerald (Jerry) Carter	2003
##
## Usage: convertSambaAccount <Domain SID> <input ldif> <output ldif>
##


use strict;
use Net::LDAP::LDIF;

my ( $domain, $domsid );
my ( $ldif, $ldif2 );
my ( $entry, @objclasses, $obj );
my ( $is_samba_account, $is_samba_group );
my ( %attr_map, %group_attr_map, $key );

if ( $#ARGV != 2 ) {
	print "Usage: convertSambaAccount domain_sid input_ldif output_ldif\n";
	exit 1;
}

%attr_map = ( 
	lmPassword	=> 'sambaLMPassword',
	ntPassword	=> 'sambaNTPassword',
	pwdLastSet	=> 'sambaPwdLastSet',
	pwdMustChange	=> 'sambaPwdMustChange',
	pwdCanChange	=> 'sambaPwdCanChange',
	homeDrive	=> 'sambaHomeDrive',
	smbHome		=> 'sambaHomePath',
	scriptPath	=> 'sambaLogonScript',
	profilePath	=> 'sambaProfilePath',
	kickoffTime	=> 'sambaKickoffTime',
	logonTime	=> 'sambaLogonTime',
	logoffTime	=> 'sambaLogoffTime',
	userWorkstations	=> 'sambaUserWorkstations',
	domain		=> 'sambaDomainName',
	acctFlags	=> 'sambaAcctFlags',
);

%group_attr_map = (
	ntSid		=> 'sambaSID',
	ntGroupType	=> 'sambaGroupType',
);

$domsid = $ARGV[0];

$ldif = Net::LDAP::LDIF->new ($ARGV[1], "r")
	or die $!;
$ldif2 = Net::LDAP::LDIF->new ($ARGV[2], "w")
	or die $!;

while ( !$ldif->eof ) {
	undef ( $entry );
	$entry = $ldif->read_entry();

	## skip entry if we find an error
	if ( $ldif->error() ) {
		print "Error msg: ",$ldif->error(),"\n";
		print "Error lines:\n",$ldif->error_lines(),"\n";
		next;
	}

	##
	## check to see if we have anything to do on this
	## entry.  If not just write it out
	##
	@objclasses = $entry->get_value( "objectClass" );
	undef ( $is_samba_account );
	undef ( $is_samba_group );
	foreach $obj ( @objclasses ) {
		if ( "$obj" eq "sambaAccount" ) {
			$is_samba_account = 1;
		} elsif ( "$obj" eq "sambaGroupMapping" ) {
			$is_samba_group = 1;
		}
	}

	if ( defined ( $is_samba_account ) ) {
		##
		## start editing the sambaAccount
		##

		$entry->delete( 'objectclass' => [ 'sambaAccount' ] );
		$entry->add( 'objectclass' => 'sambaSamAccount' );

		$entry->add( 'sambaSID' => $domsid."-".$entry->get_value( "rid" ) );
		$entry->delete( 'rid' );
	
		if ( $entry->get_value( "primaryGroupID" ) ) {
			$entry->add( 'sambaPrimaryGroupSID' => $domsid."-".$entry->get_value( "primaryGroupID" ) );
			$entry->delete( 'primaryGroupID' );
		}
	

		foreach $key ( keys %attr_map ) {
			if ( defined($entry->get_value($key)) ) {
				$entry->add( $attr_map{$key} => $entry->get_value($key) );
				$entry->delete( $key );
			}
		}
	} elsif ( defined ( $is_samba_group ) ) {
		foreach $key ( keys %group_attr_map ) {
			if ( defined($entry->get_value($key)) ) {
				$entry->add( $attr_map{$key} => $entry->get_value($key) );
				$entry->delete( $key );
			}
		}
	}
	
	$ldif2->write_entry( $entry );
}