3 # Populate a LDAP base for Samba-LDAP usage
5 # $Id: smbldap-populate.pl,v 1.1.6.4 2003/12/04 21:59:19 jerry Exp $
7 # This code was developped by IDEALX (http://IDEALX.org/) and
8 # contributors (their names can be found in the CONTRIBUTORS file).
10 # Copyright (C) 2001-2002 IDEALX
12 # This program is free software; you can redistribute it and/or
13 # modify it under the terms of the GNU General Public License
14 # as published by the Free Software Foundation; either version 2
15 # of the License, or (at your option) any later version.
17 # This program is distributed in the hope that it will be useful,
18 # but WITHOUT ANY WARRANTY; without even the implied warranty of
19 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 # GNU General Public License for more details.
22 # You should have received a copy of the GNU General Public License
23 # along with this program; if not, write to the Free Software
24 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
28 # . Create an initial LDAP database suitable for Samba 2.2
29 # . For lazy people, replace ldapadd (with only an ldif parameter)
33 use FindBin qw($RealBin);
42 # objectclass of the suffix
44 "ou" => "organizationalUnit",
45 "o" => "organization",
52 my $ok = getopts('a:b:?', \%Options);
53 if ( (!$ok) || ($Options{'?'}) ) {
54 print "Usage: $0 [-ab?] [ldif]\n";
55 print " -a administrator login name (default: Administrator)\n";
56 print " -b guest login name (default: nobody)\n";
57 print " -? show this help message\n";
58 print " ldif file to add to ldap (default: suffix, Groups,";
59 print " Users, Computers and builtin users )\n";
64 my $tmp_ldif_file="/tmp/$$.ldif";
67 $_ldifName = $ARGV[0];
70 my $adminName = $Options{'a'};
71 if (!defined($adminName)) {
72 $adminName = "Administrator";
75 my $guestName = $Options{'b'};
76 if (!defined($guestName)) {
77 $guestName = "nobody";
80 if (!defined($_ldifName)) {
85 print "Using builtin directory structure\n";
86 if ($suffix =~ m/([^=]+)=([^,]+)/) {
89 $objcl = $oc{$attr} if (exists $oc{$attr});
90 if (!defined($objcl)) {
91 $objcl = "myhardcodedobjectclass";
94 die "can't extract first attr and value from suffix $suffix";
96 #print "$attr=$val\n";
97 my ($organisation,$ext) = ($suffix =~ m/dc=(.*),dc=(.*)$/);
100 my $FILE=$tmp_ldif_file;
101 open (FILE, ">$FILE") || die "Can't open file $FILE: $!\n";
106 objectclass: organization
111 objectClass: organizationalUnit
115 objectClass: organizationalUnit
119 objectClass: organizationalUnit
122 dn: uid=$adminName,$usersdn
125 objectClass: inetOrgPerson
126 objectClass: sambaSAMAccount
127 objectClass: posixAccount
131 homeDirectory: $_userHomePrefix
134 sambaLogoffTime: 2147483647
135 sambaKickoffTime: 2147483647
137 sambaPwdMustChange: 2147483647
138 sambaHomePath: $_userSmbHome
139 sambaHomeDrive: $_userHomeDrive
140 sambaProfilePath: $_userProfile
141 sambaPrimaryGroupSID: $SID-512
146 loginShell: /bin/false
147 gecos: Netbios Domain Administrator
149 dn: uid=$guestName,$usersdn
152 objectClass: inetOrgPerson
153 objectClass: sambaSAMAccount
154 objectClass: posixAccount
158 homeDirectory: /dev/null
161 sambaLogoffTime: 2147483647
162 sambaKickoffTime: 2147483647
164 sambaPwdMustChange: 2147483647
165 sambaHomePath: $_userSmbHome
166 sambaHomeDrive: $_userHomeDrive
167 sambaProfilePath: $_userProfile
168 sambaPrimaryGroupSID: $SID-514
169 sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
170 sambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
171 sambaAcctFlags: [NU ]
173 loginShell: /bin/false
175 dn: cn=Domain Admins,$groupsdn
176 objectClass: posixGroup
177 objectClass: sambaGroupMapping
180 memberUid: $adminName
181 description: Netbios Domain Administrators
184 displayName: Domain Admins
186 dn: cn=Domain Users,$groupsdn
187 objectClass: posixGroup
188 objectClass: sambaGroupMapping
191 description: Netbios Domain Users
194 displayName: Domain Users
196 dn: cn=Domain Guests,$groupsdn
197 objectClass: posixGroup
198 objectClass: sambaGroupMapping
201 description: Netbios Domain Guests Users
204 displayName: Domain Guests
206 dn: cn=Administrators,$groupsdn
207 objectClass: posixGroup
208 objectClass: sambaGroupMapping
211 description: Netbios Domain Members can fully administer the computer/sambaDomainName
214 displayName: Administrators
216 dn: cn=Users,$groupsdn
217 objectClass: posixGroup
218 objectClass: sambaGroupMapping
221 description: Netbios Domain Ordinary users
226 dn: cn=Guests,$groupsdn
227 objectClass: posixGroup
228 objectClass: sambaGroupMapping
231 memberUid: $guestName
232 description: Netbios Domain Users granted guest access to the computer/sambaDomainName
237 dn: cn=Power Users,$groupsdn
238 objectClass: posixGroup
239 objectClass: sambaGroupMapping
242 description: Netbios Domain Members can share directories and printers
245 displayName: Power Users
247 dn: cn=Account Operators,$groupsdn
248 objectClass: posixGroup
249 objectClass: sambaGroupMapping
251 cn: Account Operators
252 description: Netbios Domain Users to manipulate users accounts
255 displayName: Account Operators
257 dn: cn=Server Operators,$groupsdn
258 objectClass: posixGroup
259 objectClass: sambaGroupMapping
262 description: Netbios Domain Server Operators
265 displayName: Server Operators
267 dn: cn=Print Operators,$groupsdn
268 objectClass: posixGroup
269 objectClass: sambaGroupMapping
272 description: Netbios Domain Print Operators
275 displayName: Print Operators
277 dn: cn=Backup Operators,$groupsdn
278 objectClass: posixGroup
279 objectClass: sambaGroupMapping
282 description: Netbios Domain Members can bypass file security to back up files
285 displayName: Backup Operators
287 dn: cn=Replicator,$groupsdn
288 objectClass: posixGroup
289 objectClass: sambaGroupMapping
292 description: Netbios Domain Supports file replication in a sambaDomainName
295 displayName: Replicator
297 dn: cn=Domain Computers,$groupsdn
298 objectClass: posixGroup
299 objectClass: sambaGroupMapping
302 description: Netbios Domain Computers accounts
305 displayName: Domain Computers
310 $tmp_ldif_file=$_ldifName;
313 my $ldap_master=connect_ldap_master();
314 my $ldif = Net::LDAP::LDIF->new($tmp_ldif_file, "r", onerror => 'undef' );
315 while( not $ldif->eof() ) {
316 my $entry = $ldif->read_entry();
317 if ( $ldif->error() ) {
318 print "Error msg: ",$ldif->error(),"\n";
319 print "Error lines:\n",$ldif->error_lines(),"\n";
322 print "adding new entry: $dn\n";
323 my $result=$ldap_master->add($entry);
324 $result->code && warn "failed to add entry: ", $result->error ;
327 $ldap_master->unbind;
328 system "rm -f $tmp_ldif_file";
332 ########################################
336 smbldap-populate.pl - Populate your LDAP database
340 smbldap-populate.pl [ldif-file]
344 The smbldap-populate.pl command helps to populate an LDAP server
345 by adding the necessary entries : base suffix (doesn't abort
346 if already there), organizational units for users, groups and
347 computers, builtin users : Administrator and guest, builtin
348 groups (though posixAccount only, no SambaTNG support).
350 -a name Your local administrator login name (default: Administrator)
351 -b name Your local guest login name (default: nobody)
353 If you give an extra parameter, it is assumed to be the ldif
354 file to use instead of the builtin one. Options -a and -b
359 /usr/lib/perl5/site-perl/smbldap_conf.pm : Global parameters.