source: branches/samba-3.0/examples/LDAP/smbldap-tools-0.9.2/doc/smbldap-migrate-pwdump-accounts

Last change on this file was 1, checked in by Paul Smedley, 18 years ago

Initial code import
File size: 7.2 KB
Line 
1#!/usr/bin/perl -w
2
3# $Id: smbldap-migrate-pwdump-accounts,v 1.1 2005/03/08 09:29:47 jtournier Exp $
4#
5# This code was developped by IDEALX (http://IDEALX.org/) and
6# contributors (their names can be found in the CONTRIBUTORS file).
7#
8# Copyright (C) 2002 IDEALX
9#
10# This program is free software; you can redistribute it and/or
11# modify it under the terms of the GNU General Public License
12# as published by the Free Software Foundation; either version 2
13# of the License, or (at your option) any later version.
14#
15# This program is distributed in the hope that it will be useful,
16# but WITHOUT ANY WARRANTY; without even the implied warranty of
17# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18# GNU General Public License for more details.
19#
20# You should have received a copy of the GNU General Public License
21# along with this program; if not, write to the Free Software
22# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
23# USA.
24
25# Purpose of smbldap-migrate-accounts : add NT sam entries from pwdump
26# to ldap
27
28use strict;
29use Getopt::Std;
30use FindBin;
31use FindBin qw($RealBin);
32use lib "$RealBin/";
33use smbldap_tools;
34
35# smbldap-migrate (-? or -h for help)
36#
37# Read pwdump entries on stdin, and add them to the ldap server.
38# Output uncreated/unmodified entries (see parameters -C -U)
39# in pwdump format to stdout.
40# Errors, debug and stats are output to stderr.
41
42sub modify_account
43 {
44 my ($login, $basedn, $lmpwd, $ntpwd, $gecos, $homedir) = @_;
45 # bind to a directory with dn and password
46 my $ldap_master=connect_ldap_master();
47 my $modify = $ldap_master->modify ("uid=$login,$basedn",
48 changes => [
49 replace => [sambaLMPassword => "$lmpwd"],
50 replace => [sambaNTPassword => "$ntpwd"],
51 replace => [gecos => "$gecos"],
52 replace => [sambaHomePath => "$homedir"]
53 ]
54 );
55 $modify->code && die "failed to modify entry: ", $modify->error ;
56 # take down the session
57 $ldap_master->unbind;
58 }
59
60#####################
61
62
63my %Options;
64
65my $ok = getopts('awA:CUW:?h', \%Options);
66
67if ( (!$ok) || ($Options{'?'}) || ($Options{'h'}) ) {
68 print "Usage: $0 [-awAWCU?]\n";
69 print " -a process only people, ignore computers\n";
70 print " -w process only computers, ignore persons\n";
71 print " -A <opts> option string passed verbatim to smbldap-useradd for persons\n";
72 print " -W <opts> option string passed verbatim to smbldap-useradd for computers\n";
73 print " -C if entry not found, don't create it and log it to stdout (default: create it)\n";
74 print " -U if entry found, don't update it and log it to stdout (default: update it)\n";
75 print " -?|-h show this help message\n";
76 exit (1);
77}
78
79my %processed = ( 'user' => 0, 'machine' => 0);
80my %created = ( 'user' => 0, 'machine' => 0);
81my %updated = ( 'user' => 0, 'machine' => 0);
82my %logged = ( 'user' => 0, 'machine' => 0);
83my %errors = ( 'user' => 0, 'machine' => 0);
84my %existing = ( 'user' => 0, 'machine' => 0);
85my $specialskipped = 0;
86
87while (<>) {
88 my ($login, $rid, $lmpwd, $ntpwd, $gecos, $homedir, $b) = split(/:/, $_);
89 my $usertype;
90 my $userbasedn;
91
92 my $entry_type = 'user';
93
94 if ($login =~ m/.*\$$/ ) { # computer
95 $processed{'machine'}++;
96 $entry_type = 'machine';
97 if (defined($Options{'a'})) {
98 print STDERR "ignoring $login\n";
99 next;
100 }
101
102 $usertype = "-w $Options{'W'}";
103 $userbasedn = $config{computersdn};
104 } else { # people
105 $processed{'user'}++;
106 if (defined($Options{'w'})) {
107 print STDERR "ignoring $login\n";
108 next;
109 }
110 if ($rid < 1000) {
111 $specialskipped++;
112 print STDERR "$login seems to be a special Win account (rid=$rid), skipping\n";
113 next;
114 }
115
116 $usertype = "-a $Options{'A'}";
117 $userbasedn = $config{usersdn};
118 }
119
120 # normalize homedir
121 # uncomment to replace configured share with share from pwdump
122 # if ($homedir eq "") {
123 $homedir = $config{userSmbHome};
124 # }
125
126 # normalize gecos
127 if (!($gecos eq "")) {
128 $gecos =~ tr/ÁÀÂÄáàâäÇçÉÈÊËÆéèêëæÍÌÏÎíìîÏÑñÓÒÔÖóòôöÚÙÜÛúùüûÝýÿ/AAAAaaaaCcEEEEEeeeeeIIIIiiiiNnOOOOooooUUUUuuuuYyy/;
129 } else {
130 $gecos = $config{userGecos};
131 }
132
133 my $user_exists = is_samba_user($login);
134
135 if (!$user_exists) {
136 if (!defined($Options{'C'})) {
137 # uid doesn't exist and we want to create it
138 my $addcmd = "/usr/local/sbin/smbldap-useradd $usertype $login > /dev/null";
139 print STDERR "$addcmd\n";
140 my $r = system "$addcmd";
141 if ($r != 0) {
142 print STDERR "error adding $login, skipping\n";
143 next;
144 }
145 # lem modif... a retirer si pb
146 if ($entry_type eq "user") {
147 modify_account($login, $userbasedn, $lmpwd, $ntpwd, $gecos, $homedir);
148 }
149
150 $created{$entry_type}++;
151 } else { # uid doesn't exist and no create => log
152 print "$_";
153 $logged{$entry_type}++;
154 }
155 } else { # account exists
156 $existing{$entry_type}++;
157 if (!defined($Options{'U'})) { # exists and modify
158 modify_account($login, $userbasedn, $lmpwd, $ntpwd, $gecos, $homedir);
159 $updated{$entry_type}++;
160 } else { # exists and log
161 print "$_";
162 $logged{$entry_type}++;
163 }
164 }
165}
166
167my $sum;
168
169$sum = $processed{'user'} + $processed{'machine'};
170print STDERR "processed: all=$sum user=$processed{'user'} machine=$processed{'machine'}\n";
171
172$sum = $existing{'user'} + $existing{'machine'};
173print STDERR "existing: all=$sum user=$existing{'user'} machine=$existing{'machine'}\n";
174
175$sum = $created{'user'} + $created{'machine'};
176print STDERR "created: all=$sum user=$created{'user'} machine=$created{'machine'}\n";
177
178$sum = $updated{'user'} + $updated{'machine'};
179print STDERR "updated: all=$sum user=$updated{'user'} machine=$updated{'machine'}\n";
180
181$sum = $logged{'user'} + $logged{'machine'};
182print STDERR "logged: all=$sum user=$logged{'user'} machine=$logged{'machine'}\n";
183
184print STDERR "special users skipped: $specialskipped\n";
185
186
187########################################
188
189=head1 NAME
190
191smbldap-migrate - Migrate NT accounts to LDAP
192
193=head1 SYNOPSIS
194
195 smbldap-migrate [-a] [-w] [-A opts] [-W opts] [-C] [-U] [-?]
196
197=head1 DESCRIPTION
198
199 This command reads from stdin account entries as created by pwdump,
200 a tool to dump an user database on NT.
201 Depending of the options, some account entries may be output on
202 stdout. All errors and informations are sent to stderr.
203
204 -a process only people, ignore computers
205
206 -w process only computers, ignore persons
207
208 -A opts
209 a string containing arguments to pass verbatim to
210 smbldap-useradd when adding users, eg "-m -x".
211 You don't have to specify -a in this string.
212
213 -W opts
214 a string containing arguments to pass verbatim to
215 smbldap-useradd when adding computers, eg "-m -x".
216 You don't have to specify -w in this string.
217
218 -C if NT account not found in LDAP, don't create it and log it to stdout
219 (default: create it)
220
221 -U if NT account found in LDAP, don't update it and log it to stdout
222 (default: update it)
223
224 -? show the help message
225
226=cut
227
228#'
229
230# The End
231
Note: See TracBrowser for help on using the repository browser.