3 # Populate a LDAP base for Samba-LDAP usage
5 # This code was developped by IDEALX (http://IDEALX.org/) and
6 # contributors (their names can be found in the CONTRIBUTORS file).
8 # Copyright (C) 2001-2002 IDEALX
10 # This program is free software; you can redistribute it and/or
11 # modify it under the terms of the GNU General Public License
12 # as published by the Free Software Foundation; either version 2
13 # of the License, or (at your option) any later version.
15 # This program is distributed in the hope that it will be useful,
16 # but WITHOUT ANY WARRANTY; without even the implied warranty of
17 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 # GNU General Public License for more details.
20 # You should have received a copy of the GNU General Public License
21 # along with this program; if not, write to the Free Software
22 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
26 # . Create an initial LDAP database suitable for Samba 2.2
27 # . For lazy people, replace ldapadd (with only an ldif parameter)
37 # objectclass of the suffix
39 "ou" => "organizationalUnit",
40 "o" => "organization",
47 my $ok = getopts('a:b:?', \%Options);
48 if ( (!$ok) || ($Options{'?'}) ) {
49 print "Usage: $0 [-ab?] [ldif]\n";
50 print " -a administrator login name (default: Administrator)\n";
51 print " -b guest login name (default: nobody)\n";
52 print " -? show this help message\n";
53 print " ldif file to add to ldap (default: suffix, Groups,";
54 print " Users, Computers and builtin users )\n";
61 $_ldifName = $ARGV[0];
64 my $adminName = $Options{'a'};
65 if (!defined($adminName)) {
66 $adminName = "Administrator";
69 my $guestName = $Options{'b'};
70 if (!defined($guestName)) {
71 $guestName = "nobody";
74 if (!defined($_ldifName)) {
79 if ($suffix =~ m/([^=]+)=([^,]+)/) {
82 $objcl = $oc{$attr} if (exists $oc{$attr});
83 if (!defined($objcl)) {
84 $objcl = "myhardcodedobjectclass";
87 die "can't extract first attr and value from suffix $suffix";
89 #print "$attr=$val\n";
90 my ($organisation,$ext) = ($suffix =~ m/dc=(\w+),dc=(\w+)$/);
93 my $FILE="|$ldapadd -c";
94 open (FILE, $FILE) || die "$!\n";
99 objectclass: organization
104 objectClass: organizationalUnit
108 objectClass: organizationalUnit
112 objectClass: organizationalUnit
115 dn: uid=$adminName,$usersdn
118 objectClass: inetOrgPerson
119 objectClass: sambaSAMAccount
120 objectClass: posixAccount
124 homeDirectory: $_userHomePrefix
127 sambaLogoffTime: 2147483647
128 sambaKickoffTime: 2147483647
130 sambaPwdMustChange: 2147483647
131 sambaHomePath: $_userSmbHome
132 sambaHomeDrive: $_userHomeDrive
133 sambaProfilePath: $_userProfile
134 sambaPrimaryGroupSID: 512
138 sambaSID: $smbldap_conf::SID-2996
139 loginShell: /bin/false
140 gecos: Netbios Domain Administrator
142 dn: uid=$guestName,$usersdn
145 objectClass: inetOrgPerson
146 objectClass: sambaSAMAccount
147 objectClass: posixAccount
151 homeDirectory: /dev/null
154 sambaLogoffTime: 2147483647
155 sambaKickoffTime: 2147483647
157 sambaPwdMustChange: 2147483647
158 sambaHomePath: $_userSmbHome
159 sambaHomeDrive: $_userHomeDrive
160 sambaProfilePath: $_userProfile
161 sambaPrimaryGroupSID: $smbldap_conf::SID-514
162 sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
163 sambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
164 sambaAcctFlags: [NU ]
165 sambaSID: $smbldap_conf::SID-2998
166 loginShell: /bin/false
168 dn: cn=Domain Admins,$groupsdn
169 objectClass: posixGroup
172 memberUid: $adminName
173 description: Netbios Domain Administrators (need smb.conf configuration)
175 dn: cn=Domain Users,$groupsdn
176 objectClass: posixGroup
179 description: Netbios Domain Users (not implemented yet)
181 dn: cn=Domain Guests,$groupsdn
182 objectClass: posixGroup
185 description: Netbios Domain Guests Users (not implemented yet)
187 dn: cn=Administrators,$groupsdn
188 objectClass: posixGroup
191 description: Netbios Domain Members can fully administer the computer/sambaDomainName (not implemented yet)
193 dn: cn=Users,$groupsdn
194 objectClass: posixGroup
197 description: Netbios Domain Ordinary users (not implemented yet)
199 dn: cn=Guests,$groupsdn
200 objectClass: posixGroup
203 memberUid: $guestName
204 description: Netbios Domain Users granted guest access to the computer/sambaDomainName (not implemented yet)
207 dn: cn=Power Users,$groupsdn
208 objectClass: posixGroup
211 description: Netbios Domain Members can share directories and printers (not implemented yet)
213 dn: cn=Account Operators,$groupsdn
214 objectClass: posixGroup
216 cn: Account Operators
217 description: Netbios Domain Users to manipulate users accounts (not implemented yet)
219 dn: cn=Server Operators,$groupsdn
220 objectClass: posixGroup
223 description: Netbios Domain Server Operators (need smb.conf configuration)
225 dn: cn=Print Operators,$groupsdn
226 objectClass: posixGroup
229 description: Netbios Domain Print Operators (need smb.conf configuration)
231 dn: cn=Backup Operators,$groupsdn
232 objectClass: posixGroup
235 description: Netbios Domain Members can bypass file security to back up files (not implemented yet)
237 dn: cn=Replicator,$groupsdn
238 objectClass: posixGroup
241 description: Netbios Domain Supports file replication in a sambaDomainName (not implemented yet)
243 dn: cn=Domain Computers,$groupsdn
244 objectClass: posixGroup
247 description: Netbios Domain Computers accounts
254 exec "$ldapadd < $_ldifName";
260 ########################################
264 smbldap-populate.pl - Populate your LDAP database
268 smbldap-populate.pl [ldif-file]
272 The smbldap-populate.pl command helps to populate an LDAP server
273 by adding the necessary entries : base suffix (doesn't abort
274 if already there), organizational units for users, groups and
275 computers, builtin users : Administrator and guest, builtin
276 groups (though posixAccount only, no SambaTNG support).
278 -a name Your local administrator login name (default: Administrator)
279 -b name Your local guest login name (default: nobody)
281 If you give an extra parameter, it is assumed to be the ldif
282 file to use instead of the builtin one. Options -a and -b
283 will be ignored. This usage mode makes the command behave
284 like ldapadd(1) with extra parameters taken from the smbldap-tools
285 config (smbldap_conf.pm).
289 /usr/lib/perl5/site-perl/smbldap_conf.pm : Global parameters.