sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Code
62b976057f
samba-mirror/examples/LDAP/convertSambaAccount
Gerald Carter 3886d6a7a1 added note about stripping comments from LDIF; bug 642 
(This used to be commit 3f67b2bbfd)
2003-11-05 04:17:21 +00:00

234 lines
5.7 KiB
Perl
Executable File
Raw Blame History

#!/usr/bin/perl -w
##
## Convert an LDIF file containing sambaAccount entries
## to the new sambaSamAccount objectclass
##
## Copyright Gerald (Jerry) Carter 2003
##
## Usage: convertSambaAccount --sid=<Domain SID> \
## --input=<input ldif> --output=<output ldif> \
## --changetype=[modify|add]
##
## You can generate an input ldif file using:
## $ ldapsearch -LL -x -h ldapsrv -D cn=root,dc=company,dc=com \
## -b dc=copmany,dc=com > /tmp/samba3.alpha23.ldif
##
## Note the "-LL" so no additional comments are generated
##
use strict;
use Net::LDAP::LDIF;
use Getopt::Long;
##############################################################################
## local variables
my ( $domain, $domsid, $changetype );
my ( $ldif, $ldif2 );
my ( $entry, @objclasses, $obj );
my ( $is_samba_account, $is_samba_group );
my ( %attr_map, %group_attr_map, $key );
my ( @dels, $deletion, @adds, $addition );
my ( $result, %options );
##############################################################################
## Print the option usage
sub usage {
print "convertSambaAccount <options>\n";
print "Options:\n";
print " --help print this help message\n";
print " --input input LDIF filename\n";
print " --output output LDIF filename\n";
print " --sid domain SID\n";
print " --changetype [modify|add] (default is 'add')\n";
}
##############################################################################
## MAIN DRIVER ##
##############################################################################
##
## hashes to map old attribute names to new ones
##
%attr_map = (
lmPassword => 'sambaLMPassword',
ntPassword => 'sambaNTPassword',
pwdLastSet => 'sambaPwdLastSet',
pwdMustChange => 'sambaPwdMustChange',
pwdCanChange => 'sambaPwdCanChange',
homeDrive => 'sambaHomeDrive',
smbHome => 'sambaHomePath',
scriptPath => 'sambaLogonScript',
profilePath => 'sambaProfilePath',
kickoffTime => 'sambaKickoffTime',
logonTime => 'sambaLogonTime',
logoffTime => 'sambaLogoffTime',
userWorkstations => 'sambaUserWorkstations',
domain => 'sambaDomainName',
acctFlags => 'sambaAcctFlags',
);
%group_attr_map = (
ntSid => 'sambaSID',
ntGroupType => 'sambaGroupType',
);
##
## process command line args
##
$result = GetOptions(\%options,
"help",
"input=s",
"output=s",
"sid=s",
"changetype=s");
if (!$result && ($#ARGV != -1)) {
usage();
exit 1;
}
if ( defined($options{'help'}) ) {
usage();
exit 0;
}
if ( !defined( $options{'sid'} ) ) {
print "You must provide a domain sid\n";
exit 1;
}
$domsid = $options{'sid'};
$changetype = 'add';
if ( defined( $options{'changetype'} ) ) {
$changetype = $options{'changetype'};
}
##
## open files
##
$ldif = Net::LDAP::LDIF->new ($options{'input'}, "r") or die $!;
if ( "$changetype" eq "add" ) {
$ldif2 = Net::LDAP::LDIF->new ($options{'output'}, "w") or die $!;
}
elsif ( "$changetype" eq "modify" ) {
open( OUTPUT, ">$options{'output'}" ) or die $!;
}
else {
print "Bad changetype!\n";
exit 1;
}
##
## process LDIF
##
while ( !$ldif->eof ) {
undef ( $entry );
$entry = $ldif->read_entry();
## skip entry if we find an error
if ( $ldif->error() ) {
print "Error msg: ",$ldif->error(),"\n";
print "Error lines:\n",$ldif->error_lines(),"\n";
next;
}
##
## check to see if we have anything to do on this
## entry. If not just write it out
##
@objclasses = $entry->get_value( "objectClass" );
undef ( $is_samba_account );
undef ( $is_samba_group );
@adds = ();
@dels = ();
foreach $obj ( @objclasses ) {
if ( "$obj" eq "sambaAccount" ) {
$is_samba_account = 1;
} elsif ( "$obj" eq "sambaGroupMapping" ) {
$is_samba_group = 1;
}
}
if ( defined ( $is_samba_account ) ) {
##
## start editing the sambaAccount
##
@dels = ( 'objectclass: sambaAccount', 'rid' );
@adds = ('objectclass: sambaSamAccount', "sambaSID: " . ${domsid} . "-" . ${entry}->get_value( 'rid' ) );
$entry->delete( 'objectclass' => [ 'sambaAccount' ] );
$entry->add( 'objectclass' => 'sambaSamAccount' );
$entry->add( 'sambaSID' => $domsid."-".$entry->get_value( "rid" ) );
$entry->delete( 'rid' );
if ( defined($entry->get_value( "primaryGroupID" )) ) {
push @adds, "sambaPrimaryGroupSID: " . $domsid."-".$entry->get_value( "primaryGroupID" );
push @dels, "primaryGroupID";
$entry->add( 'sambaPrimaryGroupSID' => $domsid."-".$entry->get_value( "primaryGroupID" ) );
$entry->delete( 'primaryGroupID' );
}
foreach $key ( keys %attr_map ) {
if ( defined($entry->get_value($key)) ) {
push @adds, "$attr_map{$key}: " . $entry->get_value($key);
push @dels, "$key";
$entry->add( $attr_map{$key} => $entry->get_value($key) );
$entry->delete( $key );
}
}
} elsif ( defined ( $is_samba_group ) ) {
foreach $key ( keys %group_attr_map ) {
if ( defined($entry->get_value($key)) ) {
push @adds, "$group_attr_map{$key}: " . $entry->get_value($key);
push @dels, "$key";
$entry->add( $group_attr_map{$key} => $entry->get_value($key) );
$entry->delete( $key );
}
}
}
## see if we should write full entries or only the changes
if ( "$changetype" eq "add" ) {
$ldif2->write_entry( $entry );
}
else {
if ( defined ( $is_samba_account ) || defined ( $is_samba_group ) ){
if ( @adds + @dels > 0 ) {
print OUTPUT "dn: " . $entry->dn . "\n";
foreach $addition (@adds) {
$addition =~ /(^\w+):/;
print OUTPUT "add: " . $1 . "\n";
print OUTPUT "$addition\n-\n";
}
foreach $deletion (@dels) {
if ( $deletion =~ /^(\w+):\s(.*)/ ) {
print OUTPUT "delete: $1\n$1: $2\n-\n";
} else {
print OUTPUT "delete: $deletion\n-\n"
}
}
print OUTPUT "\n"
}
}
}
}
View Git Blame Copy Permalink