#include "ldb/include/ldb_private.h"
#include "ldb/modules/ldb_map.h"
-/* TODO:
- * - objectclass hint in ldb_map_attribute
- * for use when multiple remote attributes (independant of each other)
- * map to one local attribute. E.g.: (uid, gidNumber) -> unixName
- * (use MAP_GENERATE instead ?)
+/*
+ * - map_message_outgoing() should:
+ * - modify: not worry about anything simply map and hope everything
+ * will be ok.
+ * - make a list of remote objectclasses that will be used
+ * given the attributes that are available
+ * - only add attribute to the remote message if
+ * it is allowed by the objectclass
+ *
*/
/*
}
if ((*fb)->num_elements == 0) {
- /* No elements, discard.. */
- talloc_free(*fb);
- *fb = NULL;
- } else {
ldb_msg_add_string(module->ldb, *fb, "isMapped", "TRUE");
}
struct ldb_dn *n_olddn, *n_newdn;
int ret;
- ret = ldb_next_rename_record(module, olddn, newdn);
-
+ ret = ldb_next_rename_record(module, n_olddn, n_newdn);
+
n_olddn = map_local_dn(module, module, olddn);
n_newdn = map_local_dn(module, module, newdn);
newdn = map_local_dn(module, module, dn);
- ret = ldb_delete(privdat->mapped_ldb, newdn);
+ ldb_delete(privdat->mapped_ldb, newdn);
talloc_free(newdn);
if (!map_is_mappable(privdat, msg))
return ldb_next_modify_record(module, msg);
-
if (ldb_map_message_outgoing(module, msg, &fb, &mp) == -1)
return -1;
samba3.policy.bad_lockout_minutes, samba3.policy.disconnect_time,
samba3.policy.refuse_machine_password_change
);
-
+
return ldif;
}
-function upgrade_sam_account(acc,domaindn)
+function upgrade_sam_account(ldb,acc,domaindn,domainsid)
{
- var ldb = ldb_init();
+ if (acc.nt_username == undefined) {
+ acc.nt_username = acc.username;
+ }
+
+ if (acc.nt_username == "") {
+ acc.nt_username = acc.username;
+ }
+
+ if (acc.fullname == undefined) {
+ var pw = nss.getpwnam(acc.fullname);
+ acc.fullname = pw.pw_gecos;
+ }
+
+ var pts = split(',', acc.fullname);
+ acc.fullname = pts[0];
+
+ assert(acc.fullname != undefined);
+ assert(acc.nt_username != undefined);
+
var ldif = sprintf(
"dn: cn=%s,%s
+objectClass: top
objectClass: user
lastLogon: %d
lastLogoff: %d
unixName: %s
name: %s
+sAMAccountName: %s
cn: %s
description: %s
primaryGroupID: %d
samba3PassLastSetTime: %d
samba3PassCanChangeTime: %d
samba3PassMustChangeTime: %d
-samba3Rid: %d
+objectSid: %s-%d
ntPwdHash:: %s
lmPwdHash:: %s
-", acc.fullname, domaindn, acc.logon_time, acc.logoff_time, acc.username, acc.nt_username,
+", acc.fullname, domaindn, acc.logon_time, acc.logoff_time, acc.username, acc.nt_username, acc.nt_username,
+
acc.fullname, acc.acct_desc, acc.group_rid, acc.bad_password_count, acc.logon_count,
acc.domain, acc.dir_drive, acc.munged_dial, acc.homedir, acc.logon_script,
acc.profile_path, acc.workstations, acc.kickoff_time, acc.bad_password_time,
-acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, acc.user_rid,
+acc.pass_last_set_time, acc.pass_can_change_time, acc.pass_must_change_time, domainsid, acc.user_rid,
ldb.encode(acc.lm_pw), ldb.encode(acc.nt_pw));
return ldif;
function upgrade_sam_group(grp,domaindn)
{
+ var nss = nss_init();
+
+ var gr;
+ if (grp.sid_name_use == 5) { // Well-known group
+ return undefined;
+ }
+
+ if (grp.nt_name == "Domain Guests" ||
+ grp.nt_name == "Domain Users" ||
+ grp.nt_name == "Domain Admins") {
+ return undefined;
+ }
+
+ if (grp.gid == -1) {
+ gr = nss.getgrnam(grp.nt_name);
+ } else {
+ gr = nss.getgrgid(grp.gid);
+ }
+
+ if (gr == undefined) {
+ grp.unixname = "UNKNOWN";
+ } else {
+ grp.unixname = gr.gr_name;
+ }
+
+ assert(grp.unixname != undefined);
+
var ldif = sprintf(
"dn: cn=%s,%s
objectClass: top
description: %s
cn: %s
objectSid: %s
-unixName: FIXME
+unixName: %s
samba3SidNameUse: %d
", grp.nt_name, domaindn,
-grp.comment, grp.nt_name, grp.sid, grp.sid_name_use);
+grp.comment, grp.nt_name, grp.sid, grp.unixname, grp.sid_name_use);
return ldif;
}
message("Importing users\n");
for (var i in samba3.samaccounts) {
var msg = "... " + samba3.samaccounts[i].username;
- var ldif = upgrade_sam_account(samba3.samaccounts[i],subobj.BASEDN);
+ var ldif = upgrade_sam_account(samdb,samba3.samaccounts[i],subobj.BASEDN,subobj.DOMAINSID);
ok = samdb.add(ldif);
- if (!ok) {
+ if (!ok && samdb.errstring() != "Record exists") {
msg = msg + "... error: " + samdb.errstring();
ret = ret + 1;
}
for (var i in samba3.groupmappings) {
var msg = "... " + samba3.groupmappings[i].nt_name;
var ldif = upgrade_sam_group(samba3.groupmappings[i],subobj.BASEDN);
- ok = samdb.add(ldif);
- if (!ok) {
- msg = msg + "... error: " + samdb.errstring();
- ret = ret + 1;
+ if (ldif != undefined) {
+ ok = samdb.add(ldif);
+ if (!ok && samdb.errstring() != "Record exists") {
+ msg = msg + "... error: " + samdb.errstring();
+ ret = ret + 1;
+ }
}
message(msg + "\n");
}
for (var j in ldif) {
var msg = "... ... " + j;
ok = regdb.add(ldif[j]);
- if (!ok) {
+ if (!ok && regdb.errstring() != "Record exists") {
msg = msg + "... error: " + regdb.errstring();
ret = ret + 1;
}
ok = samdb.add(ldif);
assert(ok);
- ok = samdb.modify("dn: @MODULES
+ ok = samdb.modify("
+dn: @MODULES
+changetype: modify
replace: @LIST
-@LIST: samldb,timestamps,objectguid,rdn_name,samba3sam");
- assert(ok);
+@LIST: samldb,timestamps,objectguid,rdn_name,samba3sam
+");
+ if (!ok) {
+ message("Error enabling samba3sam module: " + samdb.errstring() + "\n");
+ ret = ret + 1;
+ }
}
return ret;
var ok = samldb.connect(paths.samdb);
assert(ok);
+
+ for (var i in samba3.samaccounts) {
+ var msg = samldb.search("(&(sAMAccountName=" + samba3.samaccounts[i].nt_username + ")(objectclass=user))");
+ assert(msg.length >= 1);
+ }
// FIXME
}
git.samba.org / jelmer / samba4-debian.git / commitdiff