3 # This code was developped by IDEALX (http://IDEALX.org/) and
4 # contributors (their names can be found in the CONTRIBUTORS file).
6 # Copyright (C) 2001-2002 IDEALX
8 # This program is free software; you can redistribute it and/or
9 # modify it under the terms of the GNU General Public License
10 # as published by the Free Software Foundation; either version 2
11 # of the License, or (at your option) any later version.
13 # This program is distributed in the hope that it will be useful,
14 # but WITHOUT ANY WARRANTY; without even the implied warranty of
15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 # GNU General Public License for more details.
18 # You should have received a copy of the GNU General Public License
19 # along with this program; if not, write to the Free Software
20 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
23 # Purpose of smbldap-usermod : user (posix,shadow,samba) modification
36 my $ok = getopts('A:B:C:D:E:F:H:IJxme:f:u:g:G:d:l:s:c:ok:?', \%Options);
37 if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) ) {
38 print "Usage: $0 [-awmugdsckxABCDEFGHI?] username\n";
40 print " -d home directory\n";
41 #print " -m move home directory\n";
42 #print " -e expire date (YYYY-MM-DD)\n";
43 #print " -f inactive days\n";
45 print " -o uid can be non unique\n";
47 print " -G supplementary groups (comma separated)\n";
48 print " -l login name\n";
50 print " -x creates rid and primaryGroupID in hex instead of decimal (for Samba 2.2.2 unpatched only)\n";
51 print " -A can change password ? 0 if no, 1 if yes\n";
52 print " -B must change password ? 0 if no, 1 if yes\n";
53 print " -C sambaHomePath (SMB home share, like '\\\\PDC-SRV\\homes')\n";
54 print " -D sambaHomeDrive (letter associated with home share, like 'H:')\n";
55 print " -E sambaLogonScript (DOS script to execute on login)\n";
56 print " -F sambaProfilePath (profile directory, like '\\\\PDC-SRV\\profiles\\foo')\n";
57 print " -H sambaAcctFlags (samba account control bits like '[NDHTUMWSLKI]')\n";
58 print " -I disable an user. Can't be used with -H or -J\n";
59 print " -J enable an user. Can't be used with -H or -I\n";
60 print " -? show this help message\n";
65 print "You must be root to modify an user\n";
69 # Read only first @ARGV
73 my $lines = read_user($user);
74 if (!defined($lines)) {
75 print "$0: user $user doesn't exist\n";
81 if ( $lines =~ /(^dn: .*)/ ) {
88 if ($lines =~ m/objectClass: sambaAccount/) {
101 if (defined($tmp = $Options{'u'})) {
102 if (defined($Options{'o'})) {
103 $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";
105 if ($nscd_status == 0) {
106 system "/etc/init.d/nscd stop > /dev/null 2>&1";
109 if (getpwuid($tmp)) {
110 if ($nscd_status == 0) {
111 system "/etc/init.d/nscd start > /dev/null 2>&1";
114 print "$0: uid number $tmp exists\n";
117 if ($nscd_status == 0) {
118 system "/etc/init.d/nscd start > /dev/null 2>&1";
122 $_userUidNumber = $tmp;
123 # as rid we use 2 * uid + 1000
124 my $_userRid = 2 * $_userUidNumber + 1000;
125 if (defined($Options{'x'})) {
126 $_userRid= sprint("%x", $_userRid);
128 $mods .= "uidNumber: $_userUidNumber\n";
130 $mods .= "rid: $_userRid\n";
138 if (defined($tmp = $Options{'g'})) {
139 $_userGidNumber = parse_group($tmp);
140 if ($_userGidNumber < 0) {
141 print "$0: group $tmp doesn't exist\n";
144 # as grouprid we use 2 * gid + 1001
145 my $_userGroupRid = 2 * $_userGidNumber + 1001;
146 if (defined($Options{'x'})) {
147 $_userGroupRid = sprint("%x", $_userGroupRid);
149 $mods .= "gidNumber: $_userGidNumber\n";
151 $mods .= "primaryGroupID: $_userGroupRid\n";
158 if (defined($tmp = $Options{'s'})) {
159 $_userLoginShell = $tmp;
160 $mods .= "loginShell: $_userLoginShell\n";
166 if (defined($tmp = $Options{'c'})) {
168 $mods .= "gecos: $_userGecos\n";
174 if (defined($tmp = $Options{'d'})) {
176 $mods .= "homeDirectory: $newhomedir\n";
177 $changed_homedir = 1;
181 if (defined($tmp = $Options{'G'})) {
183 # remove user from old groups
184 my $groups = find_groups_of $user;
185 my @grplines = split(/\n/, $groups);
188 foreach $grp (@grplines) {
190 if ( $grp =~ /dn: cn=([^,]+),/) {
192 #print "xx $gname\n";
195 group_remove_member($gname, $user);
199 # add user to new groups
200 add_grouplist_user($tmp, $user);
204 # A : sambaPwdCanChange
205 # B : sambaPwdMustChange
208 # E : sambaLogonScript
209 # F : sambaProfilePath
213 my $winmagic = 2147483647;
215 if (defined($tmp = $Options{'A'})) {
216 $attr = "sambaPwdCanChange";
218 $mods .= "$attr: 0\n";
220 $mods .= "$attr: $winmagic\n";
224 if (defined($tmp = $Options{'B'})) {
225 $attr = "sambaPwdMustChange";
227 $mods .= "$attr: 0\n";
229 $mods .= "$attr: $winmagic\n";
233 if (defined($tmp = $Options{'C'})) {
234 $attr = "sambaHomePath";
235 #$tmp =~ s/\\/\\\\/g;
236 $mods .= "$attr: $tmp\n";
239 if (defined($tmp = $Options{'D'})) {
240 $attr = "sambaHomeDrive";
241 $tmp = $tmp.":" unless ($tmp =~ /:/);
242 $mods .= "$attr: $tmp\n";
245 if (defined($tmp = $Options{'E'})) {
246 $attr = "sambaLogonScript";
247 #$tmp =~ s/\\/\\\\/g;
248 $mods .= "$attr: $tmp\n";
251 if (defined($tmp = $Options{'F'})) {
252 $attr = "sambaProfilePath";
253 #$tmp =~ s/\\/\\\\/g;
254 $mods .= "$attr: $tmp\n";
257 if (defined($tmp = $Options{'H'})) {
258 $attr = "sambaAcctFlags";
259 #$tmp =~ s/\\/\\\\/g;
260 $mods .= "$attr: $tmp\n";
261 } elsif (defined($tmp = $Options{'I'})) {
264 if ( $lines =~ /^sambaAcctFlags: (.*)/m ) {
270 if ( !($flags =~ /D/) ) {
272 if ($flags =~ /(\w+)/) {
275 $mods .= "sambaAcctFlags: \[D$letters\]\n";
277 } elsif (defined($tmp = $Options{'J'})) {
280 if ( $lines =~ /^sambaAcctFlags: (.*)/m ) {
286 if ( $flags =~ /D/ ) {
288 if ($flags =~ /(\w+)/) {
292 $mods .= "sambaAcctFlags: \[$letters\]\n";
297 #print "----\n$dn_line\n$mods\n----\n";
305 die "$0: error while modifying user $user\n"
306 unless (do_ldapmodify($tmpldif) == 0);
311 $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";
313 if ($nscd_status == 0) {
314 system "/etc/init.d/nscd restart > /dev/null 2>&1";
318 ############################################################
322 smbldap-usermod.pl - Modify a user account
326 smbldap-usermod.pl [-c comment] [-d home_dir]
327 [-g initial_group] [-G group[,...]]
328 [-l login_name] [-p passwd]
329 [-s shell] [-u uid [ -o]] [-x]
330 [-A canchange] [-B mustchange] [-C smbhome]
331 [-D homedrive] [-E scriptpath] [-F profilepath]
336 The smbldap-usermod.pl command modifies the system account files
337 to reflect the changes that are specified on the command line.
338 The options which apply to the usermod command are
341 The new value of the user's comment field (gecos).
344 The user's new login directory.
347 The group name or number of the user's new initial login group.
348 The group name must exist. A group number must refer to an
349 already existing group. The default group number is 1.
352 A list of supplementary groups which the user is also a member
353 of. Each group is separated from the next by a comma, with no
354 intervening whitespace. The groups are subject to the same
355 restrictions as the group given with the -g option. If the user
356 is currently a member of a group which is not listed, the user
357 will be removed from the group
360 The name of the user will be changed from login to login_name.
361 Nothing else is changed. In particular, the user's home direcĀ
362 tory name should probably be changed to reflect the new login
366 The name of the user's new login shell. Setting this field to
367 blank causes the system to select the default login shell.
369 -u uid The numerical value of the user's ID. This value must be
370 unique, unless the -o option is used. The value must be non-
371 negative. Any files which the user owns and which are
372 located in the directory tree rooted at the user's home direcĀ
373 tory will have the file user ID changed automatically. Files
374 outside of the user's home directory must be altered manually.
376 -x Creates rid and primaryGroupID in hex instead of decimal (for
377 Samba 2.2.2 unpatched only - higher versions always use decimal)
379 -A can change password ? 0 if no, 1 if yes
381 -B must change password ? 0 if no, 1 if yes
383 -C sambaHomePath (SMB home share, like '\\\\PDC-SRV\\homes')
385 -D sambaHomeDrive (letter associated with home share, like 'H:')
387 -E sambaLogonScript, relative to the [netlogon] share (DOS script to execute on login, like 'foo.bat')
389 -F sambaProfilePath (profile directory, like '\\\\PDC-SRV\\profiles\\foo')
391 -H sambaAcctFlags, spaces and trailing bracket are ignored (samba account control bits like '[NDHTUMWSLKI]')
393 -I disable user. Can't be used with -H or -J
395 -J enable user. Can't be used with -H or -I