Have contributed directly to this tools, or are always in charge of
some aspects of it developments (alphabetical order):
- . Terry Davis <tdavis@approbation.org>
+ . Terry Davis <terry@terryd.net>
. David Le Corfec <dlc@freesurf.fr>
. Olivier Lemaire <olivier.lemaire@IDEALX.com>
. Jérôme Tournier <jerome.tournier@IDEALX.com>
bug report for smbldap-passwd
. Xavier Boschian <Xavier.Boschian@rtlgroup.net>
bug report for smbldap-populate
-
-
+ . Christophe DUBREUIL <christophe.dubreuil@laposte.net>
+ Net::LDAP support in smbldap_tools.pm
# - The End
#
## ChangeLog for SMBLDAP-TOOLS
+* 2002-07-24: top and account objectclasses replaced with inetorgperson
* 2002-06-03: notes to webmin.idealx.org (idxldapaccounts)
* 2002-06-01: release 0.7. tested with 2.2.4
* 2002-05-31: fixed smbldap-populate compliance to smbldap_conf
## (BF: Bug Report / FR: Feature Request)
+FR * add 'LDAP port' for both slave and master LDAP server in smbldap_conf.pm
FR * use RFC2307 best practices (Luke, next time you visit Paris, have a
beer at IDEALX'cantina ;-)
FR * add mail (sendmail/postfix/qmail/courier) support
-#!/usr/bin/perl
-
+# $Id: smbldap-groupmod.pl,v 1.1.6.2 2003/08/26 04:36:27 jerry Exp $
+#
# This code was developped by IDEALX (http://IDEALX.org/) and
# contributors (their names can be found in the CONTRIBUTORS file).
#
lmpassword: $lmpwd
ntpassword: $ntpwd
gecos: $gecos
-smbHome: $homedir
+sambaHomePath: $homedir
";
#!/usr/bin/perl
# LDAP to unix password sync script for samba
+#
# This code was developped by IDEALX (http://IDEALX.org/) and
# contributors (their names can be found in the CONTRIBUTORS file).
#
exit(1);
}
my $ntpwd = `$mk_ntpasswd '$pass'`;
- chomp(my $lmpassword = substr($ntpwd, 0, index($ntpwd, ':')));
- chomp(my $ntpassword = substr($ntpwd, index($ntpwd, ':')+1));
+ chomp(my $sambaLMPassword = substr($ntpwd, 0, index($ntpwd, ':')));
+ chomp(my $sambaNTPassword = substr($ntpwd, index($ntpwd, ':')+1));
# change nt/lm passwords
my $tmpldif =
"$dn_line
changetype: modify
-replace: lmpassword
-lmpassword: $lmpassword
+replace: sambaLMPassword
+sambaLMPassword: $sambaLMPassword
-
changetype: modify
-replace: ntpassword
-ntpassword: $ntpassword
+replace: sambaNTPassword
+sambaNTPassword: $sambaNTPassword
-
";
die "can't extract first attr and value from suffix $suffix";
}
#print "$attr=$val\n";
+ my ($organisation,$ext) = ($suffix =~ m/dc=(\w+),dc=(\w+)$/);
#my $FILE="|cat";
my $FILE="|$ldapadd -c";
print FILE <<EOF;
dn: $suffix
objectClass: $objcl
+objectclass: organization
$attr: $val
+o: $organisation
dn: $usersdn
objectClass: organizationalUnit
dn: uid=$adminName,$usersdn
cn: $adminName
-objectClass: sambaAccount
+sn: $adminName
+objectClass: inetOrgPerson
+objectClass: sambaSAMAccount
objectClass: posixAccount
gidNumber: 512
uid: $adminName
uidNumber: 998
homeDirectory: $_userHomePrefix
-pwdLastSet: 0
-logonTime: 0
-logoffTime: 2147483647
-kickoffTime: 2147483647
-pwdCanChange: 0
-pwdMustChange: 2147483647
-smbHome: $_userSmbHome
-homeDrive: $_userHomeDrive
-profilePath: $_userProfile
-rid: 500
-primaryGroupID: 512
-lmPassword: XXX
-ntPassword: XXX
-acctFlags: [U ]
+sambaPwdLastSet: 0
+sambaLogonTime: 0
+sambaLogoffTime: 2147483647
+sambaKickoffTime: 2147483647
+sambaPwdCanChange: 0
+sambaPwdMustChange: 2147483647
+sambaHomePath: $_userSmbHome
+sambaHomeDrive: $_userHomeDrive
+sambaProfilePath: $_userProfile
+sambaPrimaryGroupSID: 512
+sambaLMPassword: XXX
+sambaNTPassword: XXX
+sambaAcctFlags: [U ]
+sambaSID: $smbldap_conf::SID-2996
loginShell: /bin/false
gecos: Netbios Domain Administrator
dn: uid=$guestName,$usersdn
cn: $guestName
-objectClass: sambaAccount
+sn: $guestName
+objectClass: inetOrgPerson
+objectClass: sambaSAMAccount
objectClass: posixAccount
gidNumber: 514
uid: $guestName
uidNumber: 999
homeDirectory: /dev/null
-pwdLastSet: 0
-logonTime: 0
-logoffTime: 2147483647
-kickoffTime: 2147483647
-pwdCanChange: 0
-pwdMustChange: 2147483647
-smbHome: $_userSmbHome
-homeDrive: $_userHomeDrive
-profilePath: $_userProfile
-rid: 501
-primaryGroupID: 514
-lmPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
-ntPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
-acctFlags: [NU ]
+sambaPwdLastSet: 0
+sambaLogonTime: 0
+sambaLogoffTime: 2147483647
+sambaKickoffTime: 2147483647
+sambaPwdCanChange: 0
+sambaPwdMustChange: 2147483647
+sambaHomePath: $_userSmbHome
+sambaHomeDrive: $_userHomeDrive
+sambaProfilePath: $_userProfile
+sambaPrimaryGroupSID: $smbldap_conf::SID-514
+sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
+sambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
+sambaAcctFlags: [NU ]
+sambaSID: $smbldap_conf::SID-2998
loginShell: /bin/false
dn: cn=Domain Admins,$groupsdn
objectClass: posixGroup
gidNumber: 544
cn: Administrators
-description: Netbios Domain Members can fully administer the computer/domain (not implemented yet)
+description: Netbios Domain Members can fully administer the computer/sambaDomainName (not implemented yet)
dn: cn=Users,$groupsdn
objectClass: posixGroup
gidNumber: 546
cn: Guests
memberUid: $guestName
-description: Netbios Domain Users granted guest access to the computer/domain (not implemented yet)
+description: Netbios Domain Users granted guest access to the computer/sambaDomainName (not implemented yet)
dn: cn=Power Users,$groupsdn
objectClass: posixGroup
gidNumber: 552
cn: Replicator
-description: Netbios Domain Supports file replication in a domain (not implemented yet)
+description: Netbios Domain Supports file replication in a sambaDomainName (not implemented yet)
dn: cn=Domain Computers,$groupsdn
objectClass: posixGroup
# $Source: /data/src/mirror/cvs/samba/examples/LDAP/smbldap-tools/smbldap-tools.spec,v $
-%define version 0.7
+%define version 0.8
%define release 1
%define name smbldap-tools
%define realname smbldap-tools
Vendor: IDEALX S.A.S.
URL: http://samba.IDEALX.org/
-Packager: Olivier Lemaire <olivier.lemaire@IDEALX.com>
+Packager: Jerome Tournier <jerome.tournier@IDEALX.com>
Source0: smbldap-groupadd.pl
Source1: smbldap-groupdel.pl
Source2: smbldap-groupmod.pl
rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/%{prefix}/sbin
mkdir -p $RPM_BUILD_ROOT/%{prefix}/share
-mkdir -p $RPM_BUILD_ROOT/%{prefix}/share/doc
-mkdir -p $RPM_BUILD_ROOT/%{prefix}/share/doc/smbldap-tools
+mkdir -p $RPM_BUILD_ROOT/usr/share/doc
+mkdir -p $RPM_BUILD_ROOT/usr/share/doc/smbldap-tools
cd mkntpwd ; make PREFIX=$RPM_BUILD_ROOT/%{prefix} install
install -m 550 %{SOURCE19} $RPM_BUILD_ROOT/%{prefix}/sbin/smbldap-migrate-accounts.pl
install -m 550 %{SOURCE20} $RPM_BUILD_ROOT/%{prefix}/sbin/smbldap-migrate-groups.pl
-install -m 644 %{SOURCE11} $RPM_BUILD_ROOT/%{prefix}/share/doc/smbldap-tools/CONTRIBUTORS
-install -m 644 %{SOURCE12} $RPM_BUILD_ROOT/%{prefix}/share/doc/smbldap-tools/COPYING
-install -m 644 %{SOURCE13} $RPM_BUILD_ROOT/%{prefix}/share/doc/smbldap-tools/ChangeLog
-install -m 644 %{SOURCE14} $RPM_BUILD_ROOT/%{prefix}/share/doc/smbldap-tools/FILES
-install -m 644 %{SOURCE15} $RPM_BUILD_ROOT/%{prefix}/share/doc/smbldap-tools/README
-install -m 644 %{SOURCE16} $RPM_BUILD_ROOT/%{prefix}/share/doc/smbldap-tools/TODO
-install -m 644 %{SOURCE21} $RPM_BUILD_ROOT/%{prefix}/share/doc/smbldap-tools/INFRA
+install -m 644 %{SOURCE11} $RPM_BUILD_ROOT/usr/share/doc/smbldap-tools/CONTRIBUTORS
+install -m 644 %{SOURCE12} $RPM_BUILD_ROOT/usr/share/doc/smbldap-tools/COPYING
+install -m 644 %{SOURCE13} $RPM_BUILD_ROOT/usr/share/doc/smbldap-tools/ChangeLog
+install -m 644 %{SOURCE14} $RPM_BUILD_ROOT/usr/share/doc/smbldap-tools/FILES
+install -m 644 %{SOURCE15} $RPM_BUILD_ROOT/usr/share/doc/smbldap-tools/README
+install -m 644 %{SOURCE16} $RPM_BUILD_ROOT/usr/share/doc/smbldap-tools/TODO
+install -m 644 %{SOURCE21} $RPM_BUILD_ROOT/usr/share/doc/smbldap-tools/INFRA
%clean
rm -rf $RPM_BUILD_ROOT
perl -i -pe 's/_COMPUTERS_/Computers/' %{prefix}/sbin/smbldap_conf.pm
perl -i -pe 's/_GROUPS_/Groups/' %{prefix}/sbin/smbldap_conf.pm
perl -i -pe 's/_LOGINSHELL_/\/bin\/bash/' %{prefix}/sbin/smbldap_conf.pm
-perl -i -pe 's/_USERHOMEPREFIX_/\/home\//' %{prefix}/sbin/smbldap_conf.pm
+perl -i -pe 's/_HOMEPREFIX_/\/home\//' %{prefix}/sbin/smbldap_conf.pm
perl -i -pe 's/_BINDDN_/cn=Manager,\$suffix/' %{prefix}/sbin/smbldap_conf.pm
perl -i -pe 's/_BINDPW_/secret/' %{prefix}/sbin/smbldap_conf.pm
perl -i -pe 's/_PDCNAME_/PDC-SRV/' %{prefix}/sbin/smbldap_conf.pm
-perl -i -pe 's/_HOMEDRIVE_/D/' %{prefix}/sbin/smbldap_conf.pm
+perl -i -pe 's/_HOMEDRIVE_/H/' %{prefix}/sbin/smbldap_conf.pm
# FIXME: links should not be removed on upgrade
#%postun
%{prefix}/sbin/smbldap_tools.pm
%config %{prefix}/sbin/smbldap_conf.pm
%{prefix}/sbin/mkntpwd
-%doc %{prefix}/share/doc/%{name}/TODO
-%doc %{prefix}/share/doc/%{name}/README
-%doc %{prefix}/share/doc/%{name}/CONTRIBUTORS
-%doc %{prefix}/share/doc/%{name}/FILES
-%doc %{prefix}/share/doc/%{name}/COPYING
+%doc /usr/share/doc/%{name}/
%changelog
+* Fri Aug 22 2003 Jerome Tournier <jerome.tournier@idealx.com> 0.8-1
+- support for Samba3.0
+
+* Thu Sep 26 2002 Gérald Macinenti <gmacinenti@IDEALX.com> 0.7-2
+- top and account objectclasses replaced by InetOrgPerson
+
* Sat Jun 1 2002 Olivier Lemaire <olem@IDEALX.com> 0.7-1
- some bugfixes about smbldap-populate
- bugfixed the smbpasswd call in smbldap-useradd
use smbldap_tools;
use smbldap_conf;
-
#####################
use Getopt::Std;
print " -P ends by invoking smbldap-passwd.pl\n";
print " -A can change password ? 0 if no, 1 if yes\n";
print " -B must change password ? 0 if no, 1 if yes\n";
- print " -C smbHome (SMB home share, like '\\\\PDC-SRV\\homes')\n";
- print " -D homeDrive (letter associated with home share, like 'H:')\n";
- print " -E scriptPath (DOS script to execute on login)\n";
- print " -F profilePath (profile directory, like '\\\\PDC-SRV\\profiles\\foo')\n";
- print " -H acctFlags (samba account control bits like '[NDHTUMWSLKI]')\n";
+ print " -C sambaHomePath (SMB home share, like '\\\\PDC-SRV\\homes')\n";
+ print " -D sambaHomeDrive (letter associated with home share, like 'H:')\n";
+ print " -E sambaLogonScript (DOS script to execute on login)\n";
+ print " -F sambaProfilePath (profile directory, like '\\\\PDC-SRV\\profiles\\foo')\n";
+ print " -H sambaAcctFlags (samba account control bits like '[NDHTUMWSLKI]')\n";
print " -? show this help message\n";
exit (1);
}
my $tmp;
if (!defined($userHomeDirectory = $Options{'d'}))
{
- $userHomeDirectory = $_userHomePrefix.$userName;
+ $userHomeDirectory = $_userHomePrefix."/".$userName;
}
$_userLoginShell = $tmp if (defined($tmp = $Options{'s'}));
$_userGecos = $tmp if (defined($tmp = $Options{'c'}));
my $tmpldif =
"dn: uid=$userName,$computersdn
changetype: modify
-acctFlags: [W ]
+sambaAcctFlags: [W ]
";
die "$0: error while modifying accountflags of $userName\n"
my $tmpldif =
"dn: uid=$userName,$usersdn
-objectclass: top
-objectclass: account
+objectclass: inetOrgPerson
objectclass: posixAccount
cn: $userName
+sn: $userName
uid: $userName
uidNumber: $userUidNumber
gidNumber: $userGidNumber
# If user was created successfully then we should create his/her home dir
if (defined($tmp = $Options{'m'})) {
+ unless ( $userName =~ /\$$/ ) {
if ( !(-e $userHomeDirectory) ) {
system "mkdir $userHomeDirectory 2>/dev/null";
system "cp -a $_skeletonDir/.[a-z,A-Z]* $_skeletonDir/* $userHomeDirectory 2>/dev/null";
system "chown -R $userUidNumber:$userGidNumber $userHomeDirectory 2>/dev/null";
system "chmod 700 $userHomeDirectory 2>/dev/null";
}
+ }
}
my $tmpldif =
"dn: uid=$userName,$usersdn
changetype: modify
-objectclass: top
-objectclass: account
+objectClass: inetOrgPerson
objectclass: posixAccount
-objectClass: sambaAccount
-pwdLastSet: 0
-logonTime: 0
-logoffTime: 2147483647
-kickoffTime: 2147483647
-pwdCanChange: $valpwdcanchange
-pwdMustChange: $valpwdmustchange
+objectClass: sambaSAMAccount
+sambaPwdLastSet: 0
+sambaLogonTime: 0
+sambaLogoffTime: 2147483647
+sambaKickoffTime: 2147483647
+sambaPwdCanChange: $valpwdcanchange
+sambaPwdMustChange: $valpwdmustchange
displayName: $_userGecos
-acctFlags: $valacctflags
-rid: $userRid
+sambaAcctFlags: $valacctflags
+sambaSID: $smbldap_conf::SID-$userRid
";
my $tmpldif =
"dn: uid=$userName,$usersdn
changetype: modify
-rid: $userRid
-primaryGroupID: $userGroupRid
-homeDrive: $valhomedrive
-smbHome: $valsmbhome
-profilePath: $valprofilepath
-scriptPath: $valscriptpath
-lmPassword: XXX
-ntPassword: XXX
+sambaSID: $smbldap_conf::SID-$userRid
+sambaPrimaryGroupSID: $smbldap_conf::SID-$userGroupRid
+sambaHomeDrive: $valhomedrive
+sambaHomePath: $valsmbhome
+sambaProfilePath: $valprofilepath
+sambaLogonScript: $valscriptpath
+sambaLMPassword: XXX
+sambaNTPassword: XXX
";
For Samba users, rid is 2*uidNumber+1000, and primaryGroupID
is 2*gidNumber+1001. Thus you may want to use
smbldap-useradd.pl -a -g "Domain Admins" -u 500 Administrator
- to create a domain administrator (admin rid is 0x1F4 = 500 and
+ to create a sambaDomainName administrator (admin rid is 0x1F4 = 500 and
grouprid is 0x200 = 512)
Without any option, the account created will be an Unix (Posix)
-a The user will have a Samba account (and Unix).
-w Creates an account for a Samba machine (Workstation), so that
- it can join a domain.
+ it can join a sambaDomainName.
-x Creates rid and primaryGroupID in hex (for Samba 2.2.2 bug). Else
decimal (2.2.2 patched from cvs or 2.2.x, x > 2)
-B must change password ? 0 if no, 1 if yes
- -C smbHome (SMB home share, like '\\\\PDC-SRV\\homes')
+ -C sambaHomePath (SMB home share, like '\\\\PDC-SRV\\homes')
- -D homeDrive (letter associated with home share, like 'H:')
+ -D sambaHomeDrive (letter associated with home share, like 'H:')
- -E scriptPath, relative to the [netlogon] share (DOS script to execute on login, like 'foo.bat')
+ -E sambaLogonScript, relative to the [netlogon] share (DOS script to execute on login, like 'foo.bat')
- -F profilePath (profile directory, like '\\\\PDC-SRV\\profiles\\foo')
+ -F sambaProfilePath (profile directory, like '\\\\PDC-SRV\\profiles\\foo')
- -H acctFlags, spaces and trailing bracket are ignored (samba account control bits like '[NDHTUMWSLKI]')
+ -H sambaAcctFlags, spaces and trailing bracket are ignored (samba account control bits like '[NDHTUMWSLKI]')
=head1 SEE ALSO
-#!/usr/bin/perl
+#!/usr/bin/perl
# This code was developped by IDEALX (http://IDEALX.org/) and
# contributors (their names can be found in the CONTRIBUTORS file).
print " -x creates rid and primaryGroupID in hex instead of decimal (for Samba 2.2.2 unpatched only)\n";
print " -A can change password ? 0 if no, 1 if yes\n";
print " -B must change password ? 0 if no, 1 if yes\n";
- print " -C smbHome (SMB home share, like '\\\\PDC-SRV\\homes')\n";
- print " -D homeDrive (letter associated with home share, like 'H:')\n";
- print " -E scriptPath (DOS script to execute on login)\n";
- print " -F profilePath (profile directory, like '\\\\PDC-SRV\\profiles\\foo')\n";
- print " -H acctFlags (samba account control bits like '[NDHTUMWSLKI]')\n";
+ print " -C sambaHomePath (SMB home share, like '\\\\PDC-SRV\\homes')\n";
+ print " -D sambaHomeDrive (letter associated with home share, like 'H:')\n";
+ print " -E sambaLogonScript (DOS script to execute on login)\n";
+ print " -F sambaProfilePath (profile directory, like '\\\\PDC-SRV\\profiles\\foo')\n";
+ print " -H sambaAcctFlags (samba account control bits like '[NDHTUMWSLKI]')\n";
print " -I disable an user. Can't be used with -H or -J\n";
print " -J enable an user. Can't be used with -H or -I\n";
print " -? show this help message\n";
}
#
-# A : pwdCanChange
-# B : pwdMustChange
-# C : smbHome
-# D : homeDrive
-# E : scriptPath
-# F : profilePath
-# H : acctFlags
+# A : sambaPwdCanChange
+# B : sambaPwdMustChange
+# C : sambaHomePath
+# D : sambaHomeDrive
+# E : sambaLogonScript
+# F : sambaProfilePath
+# H : sambaAcctFlags
my $attr;
my $winmagic = 2147483647;
if (defined($tmp = $Options{'A'})) {
- $attr = "pwdCanChange";
+ $attr = "sambaPwdCanChange";
if ($tmp != 0) {
$mods .= "$attr: 0\n";
} else {
}
if (defined($tmp = $Options{'B'})) {
- $attr = "pwdMustChange";
+ $attr = "sambaPwdMustChange";
if ($tmp != 0) {
$mods .= "$attr: 0\n";
} else {
}
if (defined($tmp = $Options{'C'})) {
- $attr = "smbHome";
+ $attr = "sambaHomePath";
#$tmp =~ s/\\/\\\\/g;
$mods .= "$attr: $tmp\n";
}
if (defined($tmp = $Options{'D'})) {
- $attr = "homeDrive";
+ $attr = "sambaHomeDrive";
$tmp = $tmp.":" unless ($tmp =~ /:/);
$mods .= "$attr: $tmp\n";
}
if (defined($tmp = $Options{'E'})) {
- $attr = "scriptPath";
+ $attr = "sambaLogonScript";
#$tmp =~ s/\\/\\\\/g;
$mods .= "$attr: $tmp\n";
}
if (defined($tmp = $Options{'F'})) {
- $attr = "profilePath";
+ $attr = "sambaProfilePath";
#$tmp =~ s/\\/\\\\/g;
$mods .= "$attr: $tmp\n";
}
if (defined($tmp = $Options{'H'})) {
- $attr = "acctFlags";
+ $attr = "sambaAcctFlags";
#$tmp =~ s/\\/\\\\/g;
$mods .= "$attr: $tmp\n";
} elsif (defined($tmp = $Options{'I'})) {
my $flags;
- if ( $lines =~ /^acctFlags: (.*)/m ) {
+ if ( $lines =~ /^sambaAcctFlags: (.*)/m ) {
$flags = $1;
}
if ($flags =~ /(\w+)/) {
$letters = $1;
}
- $mods .= "acctFlags: \[D$letters\]\n";
+ $mods .= "sambaAcctFlags: \[D$letters\]\n";
}
} elsif (defined($tmp = $Options{'J'})) {
my $flags;
- if ( $lines =~ /^acctFlags: (.*)/m ) {
+ if ( $lines =~ /^sambaAcctFlags: (.*)/m ) {
$flags = $1;
}
$letters = $1;
}
$letters =~ s/D//;
- $mods .= "acctFlags: \[$letters\]\n";
+ $mods .= "sambaAcctFlags: \[$letters\]\n";
}
}
-B must change password ? 0 if no, 1 if yes
- -C smbHome (SMB home share, like '\\\\PDC-SRV\\homes')
+ -C sambaHomePath (SMB home share, like '\\\\PDC-SRV\\homes')
- -D homeDrive (letter associated with home share, like 'H:')
+ -D sambaHomeDrive (letter associated with home share, like 'H:')
- -E scriptPath, relative to the [netlogon] share (DOS script to execute on login, like 'foo.bat')
+ -E sambaLogonScript, relative to the [netlogon] share (DOS script to execute on login, like 'foo.bat')
- -F profilePath (profile directory, like '\\\\PDC-SRV\\profiles\\foo')
+ -F sambaProfilePath (profile directory, like '\\\\PDC-SRV\\profiles\\foo')
- -H acctFlags, spaces and trailing bracket are ignored (samba account control bits like '[NDHTUMWSLKI]')
+ -H sambaAcctFlags, spaces and trailing bracket are ignored (samba account control bits like '[NDHTUMWSLKI]')
-I disable user. Can't be used with -H or -J
use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS
$UID_START $GID_START $smbpasswd $slaveLDAP $masterLDAP
-$with_smbpasswd $mk_ntpasswd
+$slavePort $masterPort $ldapSSL $slaveURI $masterURI $with_smbpasswd $mk_ntpasswd
$ldap_path $ldap_opts $ldapsearch $ldapsearchnobind
$ldapmodify $ldappasswd $ldapadd $ldapdelete $ldapmodrdn
$suffix $usersdn $computersdn
@EXPORT = qw(
$UID_START $GID_START $smbpasswd $slaveLDAP $masterLDAP
-$with_smbpasswd $mk_ntpasswd
+$slavePort $masterPort $ldapSSL $slaveURI $masterURI $with_smbpasswd $mk_ntpasswd
$ldap_path $ldap_opts $ldapsearch $ldapsearchnobind $ldapmodify $ldappasswd
$ldapadd $ldapdelete $ldapmodrdn $suffix $usersdn
$computersdn $groupsdn $scope $binddn $bindpasswd
$UID_START = 1000;
$GID_START = 1000;
+# Put your own SID
+# to obtain this number do: # net getlocalsid
+our $SID='S-1-5-21-636805976-1992644568-3666589737';
+
##############################################################################
#
# LDAP Configuration
# Slave LDAP : needed for read operations
#
# Ex: $slaveLDAP = "127.0.0.1";
-$slaveLDAP = "_SLAVELDAP_";
+$slaveLDAP = "127.0.0.1";
+
+$slavePort = "389";
#
# Master LDAP : needed for write operations
#
# Ex: $masterLDAP = "127.0.0.1";
-$masterLDAP = "_MASTERLDAP_";
+$masterLDAP = "127.0.0.1";
+
+
+#
+# Master Port
+# 389 636
+# Ex: $masterPort = "
+$masterPort = "389";
+
+#
+# Use SSL for LDAP
+#
+$ldapSSL = "0";
#
# LDAP Suffix
#
# Ex: $suffix = "dc=IDEALX,dc=ORG";
-$suffix = "_SUFFIX_";
+$suffix = "dc=IDEALX,dc=ORG";
+
#
# Where are stored Users
#
# Bind DN used
# Ex: $binddn = "cn=Manager,$suffix"; for cn=Manager,dc=IDEALX,dc=org
-$binddn = "_BINDDN_";
+$binddn = "cn=Manager,$suffix";
#
# Bind DN passwd used
# Ex: $bindpasswd = 'secret'; for 'secret'
-$bindpasswd = "_BINDPW_";
+$bindpasswd = "secret";
#
# Notes: if using dual ldap patch, you can specify to different configuration
# Home directory prefix (without username)
#
#Ex: $_userHomePrefix = q(/home/);
-$_userHomePrefix = q(_USERHOMEPREFIX_);
+$_userHomePrefix = q(_HOMEPREFIX_);
#
# Gecos
# The default Home Drive Letter mapping
# (will be automatically mapped at logon time if home directory exist)
# Ex: q(U:) for U:
-$_userHomeDrive = q(_HOMEDRIVE_:);
+$_userHomeDrive = q(_HOMEDRIVE_);
#
# The default user netlogon script name
$smbpasswd = "/usr/bin/smbpasswd";
$mk_ntpasswd = "/usr/local/sbin/mkntpwd";
+if ( $ldapSSL eq "0" ) {
+ $slaveURI = "ldap://$slaveLDAP:$slavePort";
+ $masterURI = "ldap://$masterLDAP:$masterPort";
+}
+elsif ( $ldapSSL eq "1" ) {
+ $slaveURI = "ldaps://$slaveLDAP:$slavePort";
+ $masterURI = "ldaps://$masterLDAP:$masterPort";
+}
+else {
+ die "ldapSSL option must be either 0 or 1.\n";
+}
+
+
$ldap_path = "/usr/bin";
$ldap_opts = "-x";
-$ldapsearch = "$ldap_path/ldapsearch $ldap_opts -h $slaveLDAP -D '$slaveDN' -w '$slavePw'";
-$ldapsearchnobind = "$ldap_path/ldapsearch $ldap_opts -h $slaveLDAP";
-$ldapmodify = "$ldap_path/ldapmodify $ldap_opts -h $masterLDAP -D '$masterDN' -w '$masterPw'";
-$ldappasswd = "$ldap_path/ldappasswd $ldap_opts -h $masterLDAP -D '$masterDN' -w '$masterPw'";
-$ldapadd = "$ldap_path/ldapadd $ldap_opts -h $masterLDAP -D '$masterDN' -w '$masterPw'";
-$ldapdelete = "$ldap_path/ldapdelete $ldap_opts -h $masterLDAP -D '$masterDN' -w '$masterPw'";
-$ldapmodrdn = "$ldap_path/ldapmodrdn $ldap_opts -h $masterLDAP -D '$masterDN' -w '$masterPw'";
+$ldapsearch = "$ldap_path/ldapsearch $ldap_opts -H $slaveURI -D '$slaveDN' -w '$slavePw'";
+$ldapsearchnobind = "$ldap_path/ldapsearch $ldap_opts -H $slaveURI";
+$ldapmodify = "$ldap_path/ldapmodify $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";
+$ldappasswd = "$ldap_path/ldappasswd $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";
+$ldapadd = "$ldap_path/ldapadd $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";
+$ldapdelete = "$ldap_path/ldapdelete $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";
+$ldapmodrdn = "$ldap_path/ldapmodrdn $ldap_opts -H $masterURI -D '$masterDN' -w '$masterPw'";
use strict;
package smbldap_tools;
use smbldap_conf;
+use Net::LDAP;
# This code was developped by IDEALX (http://IDEALX.org/) and
# contributors (their names can be found in the CONTRIBUTORS file).
use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
use Exporter;
$VERSION = 1.00;
+
@ISA = qw(Exporter);
@EXPORT = qw(
# dn_line = get_user_dn($username)
# where dn_line is like "dn: a=b,c=d"
+
+#sub ldap_search
+#{
+#my ($local_base,$local_scope,$local_filtre)=@_;
+#}
+
+
+
sub get_user_dn
{
my $user = shift;
- my $dn=`$ldapsearch -b '$suffix' -s '$scope' '(&(objectclass=posixAccount)(uid=$user))' | grep "^dn:"`;
- chomp $dn;
+ my $dn='';
+ my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
+ $ldap->bind ;
+ my $mesg = $ldap->search ( base => $suffix,
+ scope => $scope,
+ filter => "(&(objectclass=posixAccount)(uid=$user))"
+ );
+ $mesg->code && die $mesg->error;
+ foreach my $entry ($mesg->all_entries) {
+ $dn= $entry->dn;}
+ $ldap->unbind;
+ chomp($dn);
if ($dn eq '') {
return undef;
}
-
+ $dn="dn: ".$dn;
return $dn;
}
-# return (success, dn)
-sub get_user_dn2
+
+sub get_user_dn2 ## migré
{
my $user = shift;
-
- my $sr = `$ldapsearch -b '$suffix' -s '$scope' '(&(objectclass=posixAccount)(uid=$user))'`;
- if ($sr eq "") {
- print "get_user_dn2: error in ldapsearch :
-$ldapsearch -b '$suffix' -s '$scope' '(&(objectclass=posixAccount)(uid=$user))'\n";
- return (0, undef);
+ my $dn='';
+ my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
+ $ldap->bind ;
+ my $mesg = $ldap->search ( base => $suffix,
+ scope => $scope,
+ filter => "(&(objectclass=posixAccount)(uid=$user))"
+ );
+ # $mesg->code && warn $mesg->error;
+ if ($mesg->code)
+ {
+ print("Code erreur : ",$mesg->code,"\n");
+ print("Message d'erreur : ",$mesg->error,"\n");
+ return (0,undef);
+ }
+
+ foreach my $entry ($mesg->all_entries) {
+ $dn= $entry->dn;
}
-
- my @lines = split(/\n/, $sr);
-
- my @matches = grep(/^dn:/, @lines);
-
- my $dn = $matches[0];
- chomp $dn;
+ $ldap->unbind;
+ chomp($dn);
if ($dn eq '') {
- return (1, undef);
+ return (1,undef);
}
-
- return (1, $dn);
+ $dn="dn: ".$dn;
+ return (1,$dn);
}
-# dn_line = get_group_dn($groupname)
-# where dn_line is like "dn: a=b,c=d"
+
sub get_group_dn
-{
- my $group = shift;
- my $dn=`$ldapsearch -b '$groupsdn' -s '$scope' '(&(objectclass=posixGroup)(|(cn=$group)(gidNumber=$group)))' | grep "^dn:"`;
- chomp $dn;
- if ($dn eq '') {
- return undef;
- }
-
- return $dn;
-}
+ {
+ my $group = shift;
+ my $dn='';
+ my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
+ $ldap->bind ;
+ my $mesg = $ldap->search ( base => $groupsdn,
+ scope => $scope,
+ filter => "(&(objectclass=posixGroup)(|(cn=$group)(gidNumber=$group)))"
+ );
+ $mesg->code && die $mesg->error;
+ foreach my $entry ($mesg->all_entries) {
+ $dn= $entry->dn;}
+ $ldap->unbind;
+ chomp($dn);
+ if ($dn eq '') {
+ return undef;
+ }
+ $dn="dn: ".$dn;
+ return $dn;
+ }
+# return (success, dn)
# bool = is_samba_user($username)
sub is_samba_user
-{
- my $user = shift;
- my $cmd = "$ldapsearch -b '$suffix' -s '$scope' '(&(objectClass=sambaAccount)(uid=$user))' | grep '^dn:\'";
- my $res=`$cmd`;
- chomp $res;
- if ($res ne '') {
- return 1;
- }
- return 0;
-}
+ {
+ my $user = shift;
+ my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
+ $ldap->bind ;
+ my $mesg = $ldap->search ( base => $suffix,
+ scope => $scope,
+ filter => "(&(objectClass=sambaSamAccount)(uid=$user))"
+ );
+ $mesg->code && die $mesg->error;
+ $ldap->unbind;
+ return ($mesg->count ne 0);
+ }
+
-# bool = is_user_valid($username)
# try to bind with user dn and password to validate current password
-sub is_user_valid
-{
- my ($user, $dn, $pass) = @_;
- my $res=`$ldapsearchnobind -b '$usersdn' -s '$scope' -D '$dn' -w '$pass' '(&(objectclass=posixAccount)(uid=$user))' 2>/dev/null | grep "^dn:"`;
- chomp $res;
- if ($res eq '') {
- return 0;
- }
- return 1;
+sub is_user_valid
+ {
+ my ($user, $dn, $pass) = @_;
+ my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
+ my $mesg= $ldap->bind (dn => $dn, password => $pass );
+ if ($mesg->code eq 0)
+ {
+ $ldap->unbind;
+ return 1;
+ }
+ else
+ {
+ if($ldap->bind()) {
+ $ldap->unbind;
+ return 0;
+ } else {
+ print ("Le serveur LDAP est indisponible.\nVérifier le serveur, les câblages, ...");
+ $ldap->unbind;
+ return 0;
+ } die "Problème : Contacter votre administrateur";
+ }
}
# dn = get_dn_from_line ($dn_line)
# helper to get "a=b,c=d" from "dn: a=b,c=d"
sub get_dn_from_line
-{
- my $dn = shift;
- $dn =~ s/^dn: //;
- return $dn;
-}
+ {
+ my $dn = shift;
+ $dn =~ s/^dn: //;
+ return $dn;
+ }
# success = add_posix_machine($user, $uid, $gid)
sub add_posix_machine
-{
- my ($user, $uid, $gid) = @_;
-
-my $tmpldif =
-"dn: uid=$user,$computersdn
-objectclass: top
+ {
+ my ($user, $uid, $gid) = @_;
+ my $tmpldif =
+ "dn: uid=$user,$computersdn
+objectclass: inetOrgPerson
objectclass: posixAccount
+sn: $user
cn: $user
uid: $user
uidNumber: $uid
";
- die "$0: error while adding posix account to machine $user\n"
+ die "$0: error while adding posix account to machine $user\n"
unless (do_ldapadd($tmpldif) == 0);
-
- undef $tmpldif;
-
- return 1;
-}
+ undef $tmpldif;
+ return 1;
+ }
# success = add_samba_machine($computername)
sub add_samba_machine
{
my $user = shift;
system "smbpasswd -a -m $user";
-
return 1;
}
sub add_samba_machine_mkntpwd
-{
- my ($user, $uid) = @_;
- my $rid = 2 * $uid + 1000; # Samba 2.2.2 stuff
-
- my $name = $user;
- $name =~ s/.$//s;
-
- if ($mk_ntpasswd eq '') {
- print "Either set \$with_smbpasswd = 1 or specify \$mk_ntpasswd\n";
- return 0;
- }
-
- my $ntpwd = `$mk_ntpasswd '$name'`;
- chomp(my $lmpassword = substr($ntpwd, 0, index($ntpwd, ':')));
- chomp(my $ntpassword = substr($ntpwd, index($ntpwd, ':')+1));
-
- my $tmpldif =
-"dn: uid=$user,$computersdn
+ {
+ my ($user, $uid) = @_;
+ my $sambaSID = 2 * $uid + 1000;
+ my $name = $user;
+ $name =~ s/.$//s;
+
+ if ($mk_ntpasswd eq '') {
+ print "Either set \$with_smbpasswd = 1 or specify \$mk_ntpasswd\n";
+ return 0;
+ }
+
+ my $ntpwd = `$mk_ntpasswd '$name'`;
+ chomp(my $lmpassword = substr($ntpwd, 0, index($ntpwd, ':')));
+ chomp(my $ntpassword = substr($ntpwd, index($ntpwd, ':')+1));
+
+ my $tmpldif =
+ "dn: uid=$user,$computersdn
changetype: modify
-objectclass: top
+objectclass: inetOrgPerson
objectclass: posixAccount
-objectClass: sambaAccount
-pwdLastSet: 0
-logonTime: 0
-logoffTime: 2147483647
-kickoffTime: 2147483647
-pwdCanChange: 0
-pwdMustChange: 2147483647
-acctFlags: [W ]
-lmpassword: $lmpassword
-ntpassword: $ntpassword
-rid: $rid
-primaryGroupID: 0
+objectClass: sambaSamAccount
+sambaPwdLastSet: 0
+sambaLogonTime: 0
+sambaLogoffTime: 2147483647
+sambaKickoffTime: 2147483647
+sambaPwdCanChange: 0
+sambaPwdMustChange: 2147483647
+sambaAcctFlags: [W ]
+sambaLMPassword: $lmpassword
+sambaNTPassword: $ntpassword
+sambaSID: $smbldap_conf::SID-$sambaSID
+sambaPrimaryGroupSID: $smbldap_conf::SID-0
";
- die "$0: error while adding samba account to $user\n"
- unless (do_ldapmodify($tmpldif) == 0);
- undef $tmpldif;
+ die "$0: error while adding samba account to $user\n"
+ unless (do_ldapmodify($tmpldif) == 0);
+ undef $tmpldif;
- return 1;
-}
+ return 1;
+ }
sub group_add_user
-{
- my ($group, $userid) = @_;
- my $dn_line;
-
- if (!defined($dn_line = get_group_dn($group))) {
- return 1;
- }
- my $dn = get_dn_from_line($dn_line);
- my $members = `$ldapsearch -b '$dn' -s base | grep -i "^memberUid:"`;
- chomp($members);
- # user already member ?
- if ($members =~ m/^memberUid: $userid/) {
- return 2;
- }
- my $mods = "";
- if ($members ne '') {
- $mods="$dn_line
+ {
+ my ($group, $userid) = @_;
+ my $members='';
+ my $dn_line = get_group_dn($group);
+ if (!defined($dn_line)) {
+ return 1;
+ }
+ my $dn = get_dn_from_line($dn_line);
+
+ my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
+ $ldap->bind ;
+ my $mesg = $ldap->search ( base =>$dn, scope => "base", filter => "(objectClass=*)" );
+ $mesg->code && die $mesg->error;
+ foreach my $entry ($mesg->all_entries){
+ foreach my $attr ($entry->attributes)
+ {
+ if ($attr=~/\bmemberUid\b/){
+ foreach my $ent($entry->get_value($attr)) { $members.= $attr.": ".$ent."\n"; }
+ }
+ }
+ }
+ $ldap->unbind;
+ chomp($members);
+ # user already member ?
+ if ($members =~ m/^memberUid: $userid/) {
+ return 2;
+ }
+ my $mods = "";
+ if ($members ne '') {
+ $mods="$dn_line
changetype: modify
replace: memberUid
$members
memberUid: $userid
+
";
- } else {
- $mods="$dn_line
+ } else {
+ $mods="$dn_line
changetype: modify
add: memberUid
memberUid: $userid
-";
- }
+";
+ }
#print "$mods\n";
-
- my $tmpldif =
-"$mods
+ my $tmpldif =
+ "$mods
";
- die "$0: error while modifying group $group\n"
+ die "$0: error while modifying group $group\n"
unless (do_ldapmodify($tmpldif) == 0);
- undef $tmpldif;
- return 0;
-}
-
-sub add_grouplist_user
-{
- my ($grouplist, $user) = @_;
- my @array = split(/,/, $grouplist);
- foreach my $group (@array) {
- group_add_user($group, $user);
- }
-}
-
-# XXX FIXME : acctFlags |= D, and not acctFlags = D
+ undef $tmpldif;
+ return 0;
+ }
+
+sub add_grouplist_user
+ {
+ my ($grouplist, $user) = @_;
+ my @array = split(/,/, $grouplist);
+ foreach my $group (@array) {
+ group_add_user($group, $user);
+ }
+ }
+
+# XXX FIXME : sambaAcctFlags |= D, and not sambaAcctFlags = D
sub disable_user
-{
- my $user = shift;
- my $dn_line;
+ {
+ my $user = shift;
+ my $dn_line;
- if (!defined($dn_line = get_user_dn($user))) {
- print "$0: user $user doesn't exist\n";
- exit (10);
- }
+ if (!defined($dn_line = get_user_dn($user))) {
+ print "$0: user $user doesn't exist\n";
+ exit (10);
+ }
- my $tmpldif =
-"dn: $dn_line
+ my $tmpldif =
+ "dn: $dn_line
changetype: modify
replace: userPassword
userPassword: {crypt}!x
";
- die "$0: error while modifying user $user\n"
+ die "$0: error while modifying user $user\n"
unless (do_ldapmodify($tmpldif) == 0);
- undef $tmpldif;
+ undef $tmpldif;
- if (is_samba_user($user)) {
-
- my $tmpldif =
-"dn: $dn_line
+ if (is_samba_user($user)) {
+
+ my $tmpldif =
+ "dn: $dn_line
changetype: modify
-replace: acctFlags
-acctFlags: [D ]
+replace: sambaAcctFlags
+sambaAcctFlags: [D ]
";
- die "$0: error while modifying user $user\n"
+ die "$0: error while modifying user $user\n"
unless (do_ldapmodify($tmpldif) == 0);
- undef $tmpldif;
-
- }
-
-}
+ undef $tmpldif;
+ }
+ }
# delete_user($user)
sub delete_user
-{
- my $user = shift;
- my $dn_line;
+ {
+ my $user = shift;
+ my $dn_line;
- if (!defined($dn_line = get_user_dn($user))) {
- print "$0: user $user doesn't exist\n";
- exit (10);
- }
+ if (!defined($dn_line = get_user_dn($user))) {
+ print "$0: user $user doesn't exist\n";
+ exit (10);
+ }
- my $dn = get_dn_from_line($dn_line);
- system "$ldapdelete $dn >/dev/null";
-}
+ my $dn = get_dn_from_line($dn_line);
+ system "$ldapdelete $dn >/dev/null";
+ }
# $success = group_add($groupname, $group_gid, $force_using_existing_gid)
sub group_add
-{
- my ($gname, $gid, $force) = @_;
-
- my $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";
-
- if ($nscd_status == 0) {
- system "/etc/init.d/nscd stop > /dev/null 2>&1";
- }
-
- if (!defined($gid)) {
- while (defined(getgrgid($GID_START))) {
- $GID_START++;
- }
- $gid = $GID_START;
- } else {
- if (!defined($force)) {
- if (defined(getgrgid($gid))) {
- return 0;
- }
- }
- }
-
- if ($nscd_status == 0) {
- system "/etc/init.d/nscd start > /dev/null 2>&1";
- }
-
- my $tmpldif =
-"dn: cn=$gname,$groupsdn
+ {
+ my ($gname, $gid, $force) = @_;
+ my $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";
+ if ($nscd_status == 0) {
+ system "/etc/init.d/nscd stop > /dev/null 2>&1";
+ }
+ if (!defined($gid)) {
+ while (defined(getgrgid($GID_START))) {
+ $GID_START++;
+ }
+ $gid = $GID_START;
+ } else {
+ if (!defined($force)) {
+ if (defined(getgrgid($gid))) {
+ return 0;
+ }
+ }
+ }
+ if ($nscd_status == 0) {
+ system "/etc/init.d/nscd start > /dev/null 2>&1";
+ }
+ my $tmpldif =
+ "dn: cn=$gname,$groupsdn
objectclass: posixGroup
cn: $gname
gidNumber: $gid
";
- die "$0: error while adding posix group $gname\n"
+ die "$0: error while adding posix group $gname\n"
unless (do_ldapadd($tmpldif) == 0);
-
- undef $tmpldif;
-
- return 1;
-}
+ undef $tmpldif;
+ return 1;
+ }
# $homedir = get_homedir ($user)
sub get_homedir
-{
- my $user = shift;
- my $homeDir=`$ldapsearch -b '$suffix' -s '$scope' '(&(objectclass=posixAccount)(uid=$user))' | grep "^homeDirectory:"`;
- chomp $homeDir;
- if ($homeDir eq '') {
- return undef;
- }
- $homeDir =~ s/^homeDirectory: //;
-
- return $homeDir;
-}
+ {
+ my $user = shift;
+ my $homeDir='';
+ # my $homeDir=`$ldapsearch -b '$suffix' -s '$scope' '(&(objectclass=posixAccount)(uid=$user))' | grep "^homeDirectory:"`;
+ my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
+ $ldap->bind ;
+ my $mesg = $ldap->search ( base =>$suffix, scope => $scope, filter => "(&(objectclass=posixAccount)(uid=$user))" );
+ $mesg->code && die $mesg->error;
+ foreach my $entry ($mesg->all_entries){
+ foreach my $attr ($entry->attributes)
+ {
+ if ($attr=~/\bhomeDirectory\b/){
+ foreach my $ent($entry->get_value($attr)) {
+ $homeDir.= $attr.": ".$ent."\n";
+ }
+ }
+ }
+ }
+ $ldap->unbind;
+ chomp $homeDir;
+ if ($homeDir eq '') {
+ return undef;
+ }
+ $homeDir =~ s/^homeDirectory: //;
+ return $homeDir;
+ }
# search for an user
sub read_user
-{
- my $user = shift;
- my $lines=`$ldapsearch -b '$suffix' -s '$scope' '(&(objectclass=posixAccount)(uid=$user))' -LLL`;
- chomp $lines;
- if ($lines eq '') {
- return undef;
- }
-
- return $lines;
-}
+ {
+ my $user = shift;
+ my $lines ='';
+ my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
+ $ldap->bind ;
+ my $mesg = $ldap->search ( # perform a search
+ base => $suffix,
+ scope => $scope,
+ filter => "(&(objectclass=posixAccount)(uid=$user))"
+ );
+
+ $mesg->code && die $mesg->error;
+ foreach my $entry ($mesg->all_entries) {
+ $lines.= "dn: " . $entry->dn."\n";
+ foreach my $attr ($entry->attributes) {
+ {
+ $lines.= $attr.": ".join(',', $entry->get_value($attr))."\n";
+ }
+ }
+ }
+ $ldap->unbind; # take down sessio(n
+ chomp $lines;
+ if ($lines eq '') {
+ return undef;
+ }
+ return $lines;
+ }
# search for a group
sub read_group
-{
- my $user = shift;
- my $lines=`$ldapsearch -b '$groupsdn' -s '$scope' '(&(objectclass=posixGroup)(cn=$user))' -LLL`;
- chomp $lines;
- if ($lines eq '') {
- return undef;
- }
-
- return $lines;
-}
+ {
+ my $user = shift;
+ my $lines ='';
+ my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
+ $ldap->bind ;
+ my $mesg = $ldap->search ( # perform a search
+ base => $groupsdn,
+ scope => $scope,
+ filter => "(&(objectclass=posixGroup)(cn=$user))"
+ );
+
+ $mesg->code && die $mesg->error;
+ foreach my $entry ($mesg->all_entries) {
+ $lines.= "dn: " . $entry->dn."\n";
+ foreach my $attr ($entry->attributes) {
+ {
+ $lines.= $attr.": ".join(',', $entry->get_value($attr))."\n";
+ }
+ }
+ }
+
+ $ldap->unbind; # take down sessio(n
+ chomp $lines;
+ if ($lines eq '') {
+ return undef;
+ }
+ return $lines;
+ }
# find groups of a given user
+##### MODIFIE ########
sub find_groups_of
-{
- my $user = shift;
- my $lines=`$ldapsearch -b '$groupsdn' -s '$scope' '(&(objectclass=posixGroup)(memberuid=$user))' -LLL | grep "^dn: "`;
- chomp $lines;
- if ($lines eq '') {
- return undef;
- }
-
- return $lines;
-}
+ {
+ my $user = shift;
+ my $lines ='';
+ my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
+ $ldap->bind ;
+ my $mesg = $ldap->search ( # perform a search
+ base => $groupsdn,
+ scope => $scope,
+ filter => "(&(objectclass=posixGroup)(memberuid=$user))"
+ );
+ $mesg->code && die $mesg->error;
+ foreach my $entry ($mesg->all_entries) {
+ $lines.= "dn: ".$entry->dn."\n";
+ }
+ $ldap->unbind;
+ chomp($lines);
+ if ($lines eq '') {return undef; }
+ return $lines;
+ }
# return the gidnumber for a group given as name or gid
# -1 : bad group name
# -2 : bad gidnumber
sub parse_group
-{
- my $userGidNumber = shift;
-
- if ($userGidNumber =~ /[^\d]/ ) {
- my $gname = $userGidNumber;
- my $gidnum = getgrnam($gname);
- if ($gidnum !~ /\d+/) {
- return -1;
- } else {
- $userGidNumber = $gidnum;
- }
- } elsif (!defined(getgrgid($userGidNumber))) {
- return -2;
- }
- return $userGidNumber;
-}
+ {
+ my $userGidNumber = shift;
+ if ($userGidNumber =~ /[^\d]/ ) {
+ my $gname = $userGidNumber;
+ my $gidnum = getgrnam($gname);
+ if ($gidnum !~ /\d+/) {
+ return -1;
+ } else {
+ $userGidNumber = $gidnum;
+ }
+ } elsif (!defined(getgrgid($userGidNumber))) {
+ return -2;
+ }
+ return $userGidNumber;
+ }
# remove $user from $group
sub group_remove_member
-{
- my ($group, $user) = @_;
-
- my $grp_line = get_group_dn($group);
- if (!defined($grp_line)) {
- return 0;
- }
- my $members = `$ldapsearch -b '$groupsdn' -s '$scope' '(&(objectclass=posixgroup)(cn=$group))' | grep -i "^memberUid:"`;
-
- #print "avant ---\n$members\n";
- $members =~ s/memberUid: $user\n//;
- #print "----\n$members\n---\n";
-
- chomp($members);
-
- my $header;
- if ($members eq '') {
- $header = "changetype: modify\n";
- $header .= "delete: memberUid";
- } else {
- $header = "changetype: modify\n";
- $header .= "replace: memberUid";
- }
-
- my $tmpldif =
+ {
+ my ($group, $user) = @_;
+ my $members='';
+ my $grp_line = get_group_dn($group);
+ if (!defined($grp_line)) {
+ return 0;
+ }
+
+ my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
+ $ldap->bind ;
+ my $mesg = $ldap->search ( base => $groupsdn,
+ scope => $scope,
+ filter => "(&(objectclass=posixgroup)(cn=$group))"
+ );
+ $mesg->code && die $mesg->error;
+ foreach my $entry ($mesg->all_entries){
+ foreach my $attr ($entry->attributes)
+ {
+ if ($attr=~/\bmemberUid\b/){
+ foreach my $ent($entry->get_value($attr)) {
+ $members.= $attr.": ".$ent."\n";
+ }
+ }
+ }
+ }
+ #print "Valeurs de members :\n$members";
+ $ldap->unbind;
+ # my $members = `$ldapsearch -b '$groupsdn' -s '$scope' '(&(objectclass=posixgroup)(cn=$group))' | grep -i "^memberUid:"`;
+ # print "avant ---\n$members\n";
+ $members =~ s/memberUid: $user\n//;
+ #print "après ---\n$members\n";
+ chomp($members);
+
+ my $header;
+ if ($members eq '') {
+ $header = "changetype: modify\n";
+ $header .= "delete: memberUid";
+ } else {
+ $header = "changetype: modify\n";
+ $header .= "replace: memberUid";
+ }
+
+ my $tmpldif =
"$grp_line
$header
$members
";
- die "$0: error while modifying group $group\n"
+
+ #print "Valeur du tmpldif : \n$tmpldif";
+ die "$0: error while modifying group $group\n"
unless (do_ldapmodify($tmpldif) == 0);
- undef $tmpldif;
+ undef $tmpldif;
- return 1;
-}
+ $ldap->unbind;
+ return 1;
+ }
sub group_get_members
-{
- my ($group) = @_;
- my @members;
-
- my $grp_line = get_group_dn($group);
- if (!defined($grp_line)) {
- return 0;
- }
- my $members = `$ldapsearch -b '$groupsdn' -s '$scope' '(&(objectclass=posixgroup)(cn=$group))' memberUid | grep -i "^memberUid:"`;
-
- my @lines = split (/\n/, $members);
- foreach my $line (@lines) {
- $line =~ s/^memberUid: //;
- push(@members, $line);
- }
-
- return @members;
-}
+ {
+ my ($group) = @_;
+ my $members;
+ my @resultat;
+ my $grp_line = get_group_dn($group);
+ if (!defined($grp_line)) { return 0; }
+
+ my $ldap = Net::LDAP->new($slaveLDAP) or die "erreur LDAP";
+ $ldap->bind ;
+ my $mesg = $ldap->search ( base => $groupsdn,
+ scope => $scope,
+ filter => "(&(objectclass=posixgroup)(cn=$group))"
+ );
+ $mesg->code && die $mesg->error;
+ foreach my $entry ($mesg->all_entries){
+ foreach my $attr ($entry->attributes){
+ if ($attr=~/\bmemberUid\b/){
+ foreach my $ent($entry->get_value($attr)) { push (@resultat,$ent); }
+ }
+ }
+ }
+ return @resultat;
+ }
sub file_write {
- my ($filename, $filecontent) = @_;
- local *FILE;
- open (FILE, "> $filename") ||
- die "Cannot open «$filename» for writing: $!\n";
- print FILE $filecontent;
- close FILE;
+ my ($filename, $filecontent) = @_;
+ local *FILE;
+ open (FILE, "> $filename") ||
+ die "Cannot open $filename for writing: $!\n";
+ print FILE $filecontent;
+ close FILE;
}
# wrapper for ldapadd
sub do_ldapadd2
-{
- my $ldif = shift;
+ {
+ my $ldif = shift;
+ my $tempfile = "/tmp/smbldapadd.$$";
+ file_write($tempfile, $ldif);
- my $tempfile = "/tmp/smbldapadd.$$";
- file_write($tempfile, $ldif);
-
- my $rc = system "$ldapadd < $tempfile >/dev/null";
- unlink($tempfile);
- return $rc;
-}
+ my $rc = system "$ldapadd < $tempfile >/dev/null";
+ unlink($tempfile);
+ return $rc;
+ }
sub do_ldapadd
-{
- my $ldif = shift;
-
- my $FILE = "|$ldapadd >/dev/null";
- open (FILE, $FILE) || die "$!\n";
- print FILE <<EOF;
+ {
+ my $ldif = shift;
+ my $FILE = "|$ldapadd >/dev/null";
+ open (FILE, $FILE) || die "$!\n";
+ print FILE <<EOF;
$ldif
EOF
- ;
- close FILE;
- my $rc = $?;
- return $rc;
-}
+ ;
+ close FILE;
+ my $rc = $?;
+ return $rc;
+ }
# wrapper for ldapmodify
sub do_ldapmodify2
-{
- my $ldif = shift;
-
- my $tempfile = "/tmp/smbldapmod.$$";
- file_write($tempfile, $ldif);
-
- my $rc = system "$ldapmodify -r < $tempfile >/dev/null";
- unlink($tempfile);
- return $rc;
-}
+ {
+ my $ldif = shift;
+ my $tempfile = "/tmp/smbldapmod.$$";
+ file_write($tempfile, $ldif);
+ my $rc = system "$ldapmodify -r < $tempfile >/dev/null";
+ unlink($tempfile);
+ return $rc;
+ }
sub do_ldapmodify
-{
- my $ldif = shift;
-
- my $FILE = "|$ldapmodify -r >/dev/null";
- open (FILE, $FILE) || die "$!\n";
- print FILE <<EOF;
+ {
+ my $ldif = shift;
+ my $FILE = "|$ldapmodify -r >/dev/null";
+ open (FILE, $FILE) || die "$!\n";
+ print FILE <<EOF;
$ldif
EOF
- ;
- close FILE;
- my $rc = $?;
-
- return $rc;
-}
-
-
+ ;
+ close FILE;
+ my $rc = $?;
+ return $rc;
+ }
1;
git.samba.org / gd / samba / .git / commitdiff