e-smith-ldap/sme8/e-smith-ldap-5.2.0-code_cleanup.patch

diff -up e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update.code_cleanup e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update
diff -up e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update.code_cleanup e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update
diff -up e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update.code_cleanup e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update
diff -up e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update.code_cleanup e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update
diff -up e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update.code_cleanup e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update
diff -up e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update.code_cleanup e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update
--- e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update.code_cleanup 2010-09-24 10:58:52.000000000 -0600
+++ e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update      2010-09-25 02:13:08.000000000 -0600
@@ -30,6 +30,7 @@ use esmith::ConfigDB;
 use esmith::AccountsDB;
 use esmith::util;
 use Net::LDAP;
+use Date::Parse;
 
 my $c = esmith::ConfigDB->open_ro;
 my $a = esmith::AccountsDB->open_ro;
@@ -44,11 +45,21 @@ unless ($status eq "enabled" )
 
 my $hostname = $c->get('SystemName')
     || die("Couldn't determine system name");
- $hostname = $hostname->value;
+$hostname = $hostname->value;
 
 my $domain = $c->get('DomainName')
     || die("Couldn't determine domain name");
- $domain = $domain->value;
+$domain = $domain->value;
+
+my $schema = '/etc/openldap/schema/samba.schema';
+my $map = { 'FirstName' => 'givenName',
+           'LastName' => 'sn',
+           'Phone' => 'telephoneNumber',
+           'Company' => 'o',
+           'Department' => 'ou',
+           'City' => 'l',
+           'Street' => 'street',
+         };
 
 my @accounts;
 my $account;
@@ -69,73 +80,32 @@ else
 
     exit (0) if ($type eq 'ibay');
 
-    die "Account $userName is not a user or group account; " .
-           "update LDAP entry failed.\n"
+    die "Account $userName is not a user or group account; update LDAP entry failed.\n"
        unless (($type eq 'user') || ($type eq 'group') || ($userName eq 'admin'));
     @accounts = ($account);
 }
 
 #------------------------------------------------------------
-# Update LDAP directory entry. First read LDAP password
+# Read all samba groups (can't do individual lookups)
 #------------------------------------------------------------
-my $pw = esmith::util::LdapPassword();
-my %passwd;
-my %uid;
-my %gid;
-my %home;
-my %shell;
-
-while(my ($key,$pwd,$uid,$gid,
-          undef,undef,undef,
-          $home,$shell) = getpwent()) {
-
-    $passwd{$key} = "{CRYPT}$pwd";
-    $uid{$key} = $uid;
-    $gid{$key} = $gid;
-    $home{$key} = $home;
-    $shell{$key} = $shell;
-}
-endpwent();
 
-# Now parse samba info
-# We want to copy all this into LDAP
-# so it'll be easier to switch to real LDAP auth later
-my %lmpass;
-my %ntpass;
-my %smbflag;
-my %smblct;
-my %smbsid;
-my %smbpgsid;
-
-# First, parse users data
-foreach my $line (`/usr/bin/pdbedit -Lw`){
-    my ($key,undef,$lmpass,$ntpass,$smbflag,$smblct) = split(/:/,$line);
-    $lmpass{$key} = $lmpass;
-    $ntpass{$key} = $ntpass;
-    $smbflag{$key} = $smbflag;
-    $smblct =~ s/LCT\-//;
-    $smblct{$key} = hex($smblct);
-    foreach my $info (`/usr/bin/pdbedit -v $key`){
-        $smbsid{$key} = $1 if ($info =~ m/User SID:\s+(S-.*)/);
-        $smbpgsid{$key} = $1 if ($info =~ m/Primary Group SID:\s+(S-.*)/);
-    }
-}
+my $groupmap = ();
 
-# Now, parse groupmaps data
-foreach (`/usr/bin/net groupmap list`){
-    chomp;
-    next unless (/^(.*?) \((S-.*-\d+)\) -> (.*)$/);
-    my ($desc, $smbsid, $key) = ($1, $2, $3);
-    # We only want group sid
-    my $account = $a->get($key) || next;
-    next unless ($account->prop('type') eq 'group');
-    $smbsid{$key} = $smbsid;
+# Only do if schema is found
+if ( -f "$schema" and -x '/usr/bin/net' )
+{
+    foreach (`/usr/bin/net groupmap list 2> /dev/null`){
+       chomp;
+       next if m{\(S-1-5-32-\d+\)};
+       $groupmap->{$3} = { name => "$1", sid => "$2" } if (/^(.*) \((S-.*-\d+)\) -> (.*)$/);
+    }
 }
 
 #------------------------------------------------------------
 # Update LDAP database entry.
 #------------------------------------------------------------
 my $base = esmith::util::ldapBase ($domain);
+my $pw = esmith::util::LdapPassword();
 
 my $ldap = Net::LDAP->new('localhost')
     or die "$@";
@@ -145,109 +115,155 @@ $ldap->bind(
     password => $pw
 );
 
-my $phone = $l->prop('defaultTelephoneNumber') || '';
-my $company = $l->prop('defaultCompany') || '';
-my $dept = $l->prop('defaultDepartment') || '';
-my $city = $l->prop('defaultCity') || '';
-my $street = $l->prop('defaultStreet') || '';
+my $updates;
 foreach my $acct (@accounts)
 {
     my $key = $acct->key;
     my $type = $acct->prop('type');
-    next unless ($type eq 'user' || $key eq 'admin' || $type eq 'group');
-    my @attrs = ();
-    my $dn = $base;
-    if (($type eq 'user') || ($key eq 'admin'))
-    {
-       $dn = "uid=$key,ou=Users,$base";
-       my $name = $acct->prop('FirstName') . " " . $acct->prop('LastName');
-       utf8::upgrade($name);
-       my $first = $acct->prop('FirstName') || '';
-       utf8::upgrade($first);
-       my $last = $acct->prop('LastName') || '';
-       utf8::upgrade($last);
-       my $phone = $acct->prop('Phone') || '';
-       my $company = $acct->prop('Company') || '';
-       utf8::upgrade($company);
-       my $dept = $acct->prop('Dept') || '';
-       utf8::upgrade($dept);
-       my $city = $acct->prop('City') || '';
-       utf8::upgrade($city);
-       my $street = $acct->prop('Street') || '';
-       utf8::upgrade($street);
-       my $password = $passwd{$key} || '';
-       utf8::upgrade($password);
-       my $uid = $uid{$key} || '';
-       my $gid = $gid{$key} || '';
-       my $home = $home{$key} || '';
-       my $shell = $shell{$key} || '';
-       my $lmpass = $lmpass{$key} || '';
-       my $ntpass = $ntpass{$key} || '';
-       my $smbflag = $smbflag{$key} || '';
-       my $smblct = $smblct{$key} || '';
-       my $smbsid = $smbsid{$key} || '';
-       my $smbpgsid = $smbpgsid{$key} || '';
-
-       push @attrs, (objectClass => ['inetOrgPerson', 'posixAccount', 'sambaSamAccount']);
-       push @attrs, (uid => $key);
-
-       push @attrs, (cn => $name) unless ($name =~ /^\s*$/);
-       push @attrs, (givenName => $first) unless $first =~ /^\s*$/;
-       push @attrs, (sn => $last) unless $last =~ /^\s*$/;
-       push @attrs, (mail => "$key\@$domain");
-       push @attrs, (telephoneNumber => $phone) unless $phone =~ /^\s*$/;
-       push @attrs, (o => $company) unless $company =~ /^\s*$/;
-       push @attrs, (ou => $dept) unless $dept =~ /^\s*$/;
-       push @attrs, (l => $city) unless $city =~ /^\s*$/;
-       push @attrs, (street => $street) unless $street =~ /^\s*$/;
-       push @attrs, (userPassword => $password) unless $password =~ /^\s*$/;
-       push @attrs, (uidNumber => $uid) unless $uid =~ /^\s*$/;
-       push @attrs, (gidNumber => $gid) unless $gid =~ /^\s*$/;
-       push @attrs, (homeDirectory => $home) unless $home =~ /^\s*$/;
-       push @attrs, (loginShell => $shell) unless $shell =~ /^\s*$/;
-       push @attrs, (sambaLMPassword => $lmpass) unless $lmpass =~ /^\s*$/;
-       push @attrs, (sambaNTPassword => $ntpass) unless $ntpass =~ /^\s*$/;
-       push @attrs, (sambaAcctFlags => $smbflag) unless $smbflag =~ /^\s*$/;
-       push @attrs, (sambaPwdLastSet => $smblct) unless $smblct =~ /^\s*$/;
-       push @attrs, (sambaSID => $smbsid) unless $smbsid =~ /^\s*$/;
-       push @attrs, (sambaPrimaryGroupSID => $smbpgsid) unless $smbpgsid =~ /^\s*$/;
-    }
-    elsif ($type eq 'group')
+    my $desc = undef;
+
+    if ($type =~ m{^(?:user|group)$} or $key eq 'admin')
     {
+       #------------------------------------------------------------
+       # Do the user portion
+       #------------------------------------------------------------
+       my $dn = "uid=$key,ou=Users,$base";
+       $updates->{$dn}->{objectClass} = ['posixAccount', 'shadowAccount', 'account'];
+
+       # Read information from getent passwd
+       @{$updates->{$dn}}{'uid','userPassword','uidNumber','gidNumber','junk','junk','gecos','homeDirectory','loginShell'} = getpwnam($key);
+       $updates->{$dn}->{userPassword} =~ s/^/{CRYPT}/ unless $updates->{$dn}->{userPassword} =~ m/^{/;
+       $desc = $updates->{$dn}->{cn} = $updates->{$dn}->{gecos};
+
+       # Load values from db record
+       foreach my $attr ( keys %$map )
+       {
+           my $val = $acct->prop($attr);
+           $updates->{$dn}->{$map->{$attr}} = $val if defined $val;
+       }
+
+       # Ensure users have the needed properties
+       if ($type eq 'user')
+       {
+           push @{$updates->{$dn}->{objectClass}}, 'inetOrgPerson';
+           $updates->{$dn}->{mail} = "$key\@$domain";
+
+           # Samba parameters if we find the samba.schema
+           if ( -f "$schema" and -x '/usr/bin/pdbedit' )
+           {
+               my $line = `/usr/bin/pdbedit -wu '$key' 2> /dev/null`;
+               chomp($line);
+               if ($line)
+               {
+                   @{$updates->{$dn}}{'junk','junk','sambaLMPassword','sambaNTPassword'} = split(/:/,$line);
+                   foreach $line (`/usr/bin/pdbedit -vu '$key' 2> /dev/null`)
+                   {
+                       chomp($line);
+                       $updates->{$dn}->{sambaSID} = $1 if $line =~ m{User SID:\s+(S-.*)$};
+                       $updates->{$dn}->{displayName} = $1 if $line =~ m{Full Name:\s+(.*)$};
+                       $updates->{$dn}->{sambaPrimaryGroupSID} = $1 if $line =~ m{Primary Group SID:\s+(S-.*)$};
+                       $updates->{$dn}->{sambaAcctFlags} = $1 if $line =~ m{Account Flags:\s+(.*)$};
+                       $updates->{$dn}->{sambaPwdLastSet} = str2time($1) if $line =~ m{Password last set:\s+(.*)$};
+                   }
+                   push @{$updates->{$dn}->{objectClass}}, 'sambaSamAccount';
+               }
+           }
+       }
+    
+       #------------------------------------------------------------
+       # Do the group portion
+       #------------------------------------------------------------
        $dn = "cn=$key,ou=Groups,$base";
-       my $key = $acct->key;
-       my $desc = $acct->prop('Description') || '';
-       utf8::upgrade($desc);
-       my @members = split(/,/,($acct->prop('Members') || ''));
-       my $gid = $acct->prop('Gid');
-       my $smbsid = $smbsid{$key};
-
-       push @attrs, (objectClass => ['posixGroup','mailboxRelatedObject','sambaGroupMapping']);
-       push @attrs, (cn => $key);
-       push @attrs, (mail => "$key\@$domain");
-       push @attrs, (gidNumber => $gid);
-       push @attrs, (description => $desc) unless $desc =~ /^\s*$/;
-       push @attrs, (memberUid => \@members) 
-           unless ((scalar @members == 0) && ($event eq 'group-create'));
-       # Samba requires the displayName attribute
-       push @attrs, (displayName => $desc) unless $desc =~ /^\s*$/;
-       push @attrs, (sambaGroupType => '2');
-       push @attrs, (sambaSID => $smbsid);
+       $updates->{$dn}->{objectClass} = ['posixGroup'];
+
+       # Read information from getent group
+       @{$updates->{$dn}}{'cn','userPassword','gidNumber','memberUid'} = getgrnam($key);
+       $updates->{$dn}->{userPassword} =~ s/^/{CRYPT}/ unless $updates->{$dn}->{userPassword} =~ m/^{/;
+       $updates->{$dn}->{description} = $desc if $desc;
+       $updates->{$dn}->{memberUid} = [ split /\s+/, $updates->{$dn}->{memberUid} ];
+
+       # Ensure groups have the needed properties
+       if ($type eq 'group')
+       {
+           push @{$updates->{$dn}->{objectClass}}, 'mailboxRelatedObject';
+           $updates->{$dn}->{mail} = "$key\@$domain";
+       }
+
+       # Samba parameters if we find the samba.schema
+       if ( -f "$schema" and exists $groupmap->{$key} )
+       {
+           push @{$updates->{$dn}->{objectClass}}, 'sambaGroupMapping';
+           $updates->{$dn}->{displayName} = $groupmap->{$key}->{name};
+           $updates->{$dn}->{sambaSID} = $groupmap->{$key}->{sid};
+           $updates->{$dn}->{sambaGroupType} = '2';
+       }
+
+    }
+}
+endpwent();
+
+# Fix attributes and update ldap
+foreach my $dn (keys %$updates)
+{
+    # Try and find record
+    my ($filter, $searchbase) = split /,/, $dn, 2;
+    my $result = $ldap->search( base => $searchbase, filter => "($filter)" );
+    if ( $result->code )
+    {
+       warn "failed looking up entry for $dn: ", $result->error;
+       next;
     }
-    if (($event eq 'user-create') || ($event eq 'group-create'))
+    my $cnt = scalar $result->entries();
+    
+    # Clean up attributes and convert to utf8
+    delete $updates->{$dn}->{'junk'};
+    foreach my $attr ( keys %{$updates->{$dn}} )
     {
-       my $result = $ldap->add ($dn, attr => \@attrs);
+       if ( ref($updates->{$dn}->{$attr}) eq 'ARRAY' )
+       {
+           if ( $cnt == 0 and scalar(@{$updates->{$dn}->{$attr}}) == 0 )
+           {
+               delete $updates->{$dn}->{$attr};
+           }
+           else
+           {
+               for (my $c = 0; $c < scalar(@{$updates->{$dn}->{$attr}}); $c++)
+               {
+                   utf8::upgrade($updates->{$dn}->{$attr}[$c]);
+               }
+           }
+       }
+       else
+       {
+           if ($updates->{$dn}->{$attr} !~ /^\s*$/)
+           {
+               utf8::upgrade($updates->{$dn}->{$attr});
+           }
+           elsif ( $cnt == 0 )
+           {
+               delete $updates->{$dn}->{$attr};
+           }
+           else
+           {
+               $updates->{$dn}->{$attr} = [];
+           }
+       }
+    }
 
-       $result->code &&
-           warn "failed to add entry for $dn: ", $result->error ;
+    # Perform insert or update
+    if ( $cnt == 0 )
+    {
+       $result = $ldap->add ($dn, attrs => [ %{$updates->{$dn}} ] );
+       $result->code && warn "failed to add entry for $dn: ", $result->error;
+    }
+    elsif ( $cnt == 1 )
+    {
+       $result = $ldap->modify ($dn, replace => $updates->{$dn});
+       $result->code && warn "failed to modify entry for $dn: ", $result->error;
     }
     else
     {
-       my %attrs = @attrs;
-       my $result = $ldap->modify ($dn, replace => \%attrs);
-
-       $result->code &&
-           warn "failed to modify entry for $dn: ", $result->error ;
+       warn "failed looking up entry for $dn: found $cnt results";
     }
 }
 $ldap->unbind;
1	slords	1.1	diff -up e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update.code_cleanup e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update
2			diff -up e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update.code_cleanup e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update
3			diff -up e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update.code_cleanup e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update
4			diff -up e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update.code_cleanup e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update
5			diff -up e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update.code_cleanup e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update
6			diff -up e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update.code_cleanup e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update
7			--- e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update.code_cleanup 2010-09-24 10:58:52.000000000 -0600
8			+++ e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update 2010-09-25 02:13:08.000000000 -0600
9			@@ -30,6 +30,7 @@ use esmith::ConfigDB;
10			use esmith::AccountsDB;
11			use esmith::util;
12			use Net::LDAP;
13			+use Date::Parse;
14
15			my $c = esmith::ConfigDB->open_ro;
16			my $a = esmith::AccountsDB->open_ro;
17			@@ -44,11 +45,21 @@ unless ($status eq "enabled" )
18
19			my $hostname = $c->get('SystemName')
20			\|\| die("Couldn't determine system name");
21			- $hostname = $hostname->value;
22			+$hostname = $hostname->value;
23
24			my $domain = $c->get('DomainName')
25			\|\| die("Couldn't determine domain name");
26			- $domain = $domain->value;
27			+$domain = $domain->value;
28			+
29			+my $schema = '/etc/openldap/schema/samba.schema';
30			+my $map = { 'FirstName' => 'givenName',
31			+ 'LastName' => 'sn',
32			+ 'Phone' => 'telephoneNumber',
33			+ 'Company' => 'o',
34			+ 'Department' => 'ou',
35			+ 'City' => 'l',
36			+ 'Street' => 'street',
37			+ };
38
39			my @accounts;
40			my $account;
41			@@ -69,73 +80,32 @@ else
42
43			exit (0) if ($type eq 'ibay');
44
45			- die "Account $userName is not a user or group account; " .
46			- "update LDAP entry failed.\n"
47			+ die "Account $userName is not a user or group account; update LDAP entry failed.\n"
48			unless (($type eq 'user') \|\| ($type eq 'group') \|\| ($userName eq 'admin'));
49			@accounts = ($account);
50			}
51
52			#------------------------------------------------------------
53			-# Update LDAP directory entry. First read LDAP password
54			+# Read all samba groups (can't do individual lookups)
55			#------------------------------------------------------------
56			-my $pw = esmith::util::LdapPassword();
57			-my %passwd;
58			-my %uid;
59			-my %gid;
60			-my %home;
61			-my %shell;
62			-
63			-while(my ($key,$pwd,$uid,$gid,
64			- undef,undef,undef,
65			- $home,$shell) = getpwent()) {
66			-
67			- $passwd{$key} = "{CRYPT}$pwd";
68			- $uid{$key} = $uid;
69			- $gid{$key} = $gid;
70			- $home{$key} = $home;
71			- $shell{$key} = $shell;
72			-}
73			-endpwent();
74
75			-# Now parse samba info
76			-# We want to copy all this into LDAP
77			-# so it'll be easier to switch to real LDAP auth later
78			-my %lmpass;
79			-my %ntpass;
80			-my %smbflag;
81			-my %smblct;
82			-my %smbsid;
83			-my %smbpgsid;
84			-
85			-# First, parse users data
86			-foreach my $line (`/usr/bin/pdbedit -Lw`){
87			- my ($key,undef,$lmpass,$ntpass,$smbflag,$smblct) = split(/:/,$line);
88			- $lmpass{$key} = $lmpass;
89			- $ntpass{$key} = $ntpass;
90			- $smbflag{$key} = $smbflag;
91			- $smblct =~ s/LCT\-//;
92			- $smblct{$key} = hex($smblct);
93			- foreach my $info (`/usr/bin/pdbedit -v $key`){
94			- $smbsid{$key} = $1 if ($info =~ m/User SID:\s+(S-.*)/);
95			- $smbpgsid{$key} = $1 if ($info =~ m/Primary Group SID:\s+(S-.*)/);
96			- }
97			-}
98			+my $groupmap = ();
99
100			-# Now, parse groupmaps data
101			-foreach (`/usr/bin/net groupmap list`){
102			- chomp;
103			- next unless (/^(.?) \((S-.-\d+)\) -> (.*)$/);
104			- my ($desc, $smbsid, $key) = ($1, $2, $3);
105			- # We only want group sid
106			- my $account = $a->get($key) \|\| next;
107			- next unless ($account->prop('type') eq 'group');
108			- $smbsid{$key} = $smbsid;
109			+# Only do if schema is found
110			+if ( -f "$schema" and -x '/usr/bin/net' )
111			+{
112			+ foreach (`/usr/bin/net groupmap list 2> /dev/null`){
113			+ chomp;
114			+ next if m{\(S-1-5-32-\d+\)};
115			+ $groupmap->{$3} = { name => "$1", sid => "$2" } if (/^(.) \((S-.-\d+)\) -> (.*)$/);
116			+ }
117			}
118
119			#------------------------------------------------------------
120			# Update LDAP database entry.
121			#------------------------------------------------------------
122			my $base = esmith::util::ldapBase ($domain);
123			+my $pw = esmith::util::LdapPassword();
124
125			my $ldap = Net::LDAP->new('localhost')
126			or die "$@";
127			@@ -145,109 +115,155 @@ $ldap->bind(
128			password => $pw
129			);
130
131			-my $phone = $l->prop('defaultTelephoneNumber') \|\| '';
132			-my $company = $l->prop('defaultCompany') \|\| '';
133			-my $dept = $l->prop('defaultDepartment') \|\| '';
134			-my $city = $l->prop('defaultCity') \|\| '';
135			-my $street = $l->prop('defaultStreet') \|\| '';
136			+my $updates;
137			foreach my $acct (@accounts)
138			{
139			my $key = $acct->key;
140			my $type = $acct->prop('type');
141			- next unless ($type eq 'user' \|\| $key eq 'admin' \|\| $type eq 'group');
142			- my @attrs = ();
143			- my $dn = $base;
144			- if (($type eq 'user') \|\| ($key eq 'admin'))
145			- {
146			- $dn = "uid=$key,ou=Users,$base";
147			- my $name = $acct->prop('FirstName') . " " . $acct->prop('LastName');
148			- utf8::upgrade($name);
149			- my $first = $acct->prop('FirstName') \|\| '';
150			- utf8::upgrade($first);
151			- my $last = $acct->prop('LastName') \|\| '';
152			- utf8::upgrade($last);
153			- my $phone = $acct->prop('Phone') \|\| '';
154			- my $company = $acct->prop('Company') \|\| '';
155			- utf8::upgrade($company);
156			- my $dept = $acct->prop('Dept') \|\| '';
157			- utf8::upgrade($dept);
158			- my $city = $acct->prop('City') \|\| '';
159			- utf8::upgrade($city);
160			- my $street = $acct->prop('Street') \|\| '';
161			- utf8::upgrade($street);
162			- my $password = $passwd{$key} \|\| '';
163			- utf8::upgrade($password);
164			- my $uid = $uid{$key} \|\| '';
165			- my $gid = $gid{$key} \|\| '';
166			- my $home = $home{$key} \|\| '';
167			- my $shell = $shell{$key} \|\| '';
168			- my $lmpass = $lmpass{$key} \|\| '';
169			- my $ntpass = $ntpass{$key} \|\| '';
170			- my $smbflag = $smbflag{$key} \|\| '';
171			- my $smblct = $smblct{$key} \|\| '';
172			- my $smbsid = $smbsid{$key} \|\| '';
173			- my $smbpgsid = $smbpgsid{$key} \|\| '';
174			-
175			- push @attrs, (objectClass => ['inetOrgPerson', 'posixAccount', 'sambaSamAccount']);
176			- push @attrs, (uid => $key);
177			-
178			- push @attrs, (cn => $name) unless ($name =~ /^\s*$/);
179			- push @attrs, (givenName => $first) unless $first =~ /^\s*$/;
180			- push @attrs, (sn => $last) unless $last =~ /^\s*$/;
181			- push @attrs, (mail => "$key\@$domain");
182			- push @attrs, (telephoneNumber => $phone) unless $phone =~ /^\s*$/;
183			- push @attrs, (o => $company) unless $company =~ /^\s*$/;
184			- push @attrs, (ou => $dept) unless $dept =~ /^\s*$/;
185			- push @attrs, (l => $city) unless $city =~ /^\s*$/;
186			- push @attrs, (street => $street) unless $street =~ /^\s*$/;
187			- push @attrs, (userPassword => $password) unless $password =~ /^\s*$/;
188			- push @attrs, (uidNumber => $uid) unless $uid =~ /^\s*$/;
189			- push @attrs, (gidNumber => $gid) unless $gid =~ /^\s*$/;
190			- push @attrs, (homeDirectory => $home) unless $home =~ /^\s*$/;
191			- push @attrs, (loginShell => $shell) unless $shell =~ /^\s*$/;
192			- push @attrs, (sambaLMPassword => $lmpass) unless $lmpass =~ /^\s*$/;
193			- push @attrs, (sambaNTPassword => $ntpass) unless $ntpass =~ /^\s*$/;
194			- push @attrs, (sambaAcctFlags => $smbflag) unless $smbflag =~ /^\s*$/;
195			- push @attrs, (sambaPwdLastSet => $smblct) unless $smblct =~ /^\s*$/;
196			- push @attrs, (sambaSID => $smbsid) unless $smbsid =~ /^\s*$/;
197			- push @attrs, (sambaPrimaryGroupSID => $smbpgsid) unless $smbpgsid =~ /^\s*$/;
198			- }
199			- elsif ($type eq 'group')
200			+ my $desc = undef;
201			+
202			+ if ($type =~ m{^(?:user\|group)$} or $key eq 'admin')
203			{
204			+ #------------------------------------------------------------
205			+ # Do the user portion
206			+ #------------------------------------------------------------
207			+ my $dn = "uid=$key,ou=Users,$base";
208			+ $updates->{$dn}->{objectClass} = ['posixAccount', 'shadowAccount', 'account'];
209			+
210			+ # Read information from getent passwd
211			+ @{$updates->{$dn}}{'uid','userPassword','uidNumber','gidNumber','junk','junk','gecos','homeDirectory','loginShell'} = getpwnam($key);
212			+ $updates->{$dn}->{userPassword} =~ s/^/{CRYPT}/ unless $updates->{$dn}->{userPassword} =~ m/^{/;
213			+ $desc = $updates->{$dn}->{cn} = $updates->{$dn}->{gecos};
214			+
215			+ # Load values from db record
216			+ foreach my $attr ( keys %$map )
217			+ {
218			+ my $val = $acct->prop($attr);
219			+ $updates->{$dn}->{$map->{$attr}} = $val if defined $val;
220			+ }
221			+
222			+ # Ensure users have the needed properties
223			+ if ($type eq 'user')
224			+ {
225			+ push @{$updates->{$dn}->{objectClass}}, 'inetOrgPerson';
226			+ $updates->{$dn}->{mail} = "$key\@$domain";
227			+
228			+ # Samba parameters if we find the samba.schema
229			+ if ( -f "$schema" and -x '/usr/bin/pdbedit' )
230			+ {
231			+ my $line = `/usr/bin/pdbedit -wu '$key' 2> /dev/null`;
232			+ chomp($line);
233			+ if ($line)
234			+ {
235			+ @{$updates->{$dn}}{'junk','junk','sambaLMPassword','sambaNTPassword'} = split(/:/,$line);
236			+ foreach $line (`/usr/bin/pdbedit -vu '$key' 2> /dev/null`)
237			+ {
238			+ chomp($line);
239			+ $updates->{$dn}->{sambaSID} = $1 if $line =~ m{User SID:\s+(S-.*)$};
240			+ $updates->{$dn}->{displayName} = $1 if $line =~ m{Full Name:\s+(.*)$};
241			+ $updates->{$dn}->{sambaPrimaryGroupSID} = $1 if $line =~ m{Primary Group SID:\s+(S-.*)$};
242			+ $updates->{$dn}->{sambaAcctFlags} = $1 if $line =~ m{Account Flags:\s+(.*)$};
243			+ $updates->{$dn}->{sambaPwdLastSet} = str2time($1) if $line =~ m{Password last set:\s+(.*)$};
244			+ }
245			+ push @{$updates->{$dn}->{objectClass}}, 'sambaSamAccount';
246			+ }
247			+ }
248			+ }
249			+
250			+ #------------------------------------------------------------
251			+ # Do the group portion
252			+ #------------------------------------------------------------
253			$dn = "cn=$key,ou=Groups,$base";
254			- my $key = $acct->key;
255			- my $desc = $acct->prop('Description') \|\| '';
256			- utf8::upgrade($desc);
257			- my @members = split(/,/,($acct->prop('Members') \|\| ''));
258			- my $gid = $acct->prop('Gid');
259			- my $smbsid = $smbsid{$key};
260			-
261			- push @attrs, (objectClass => ['posixGroup','mailboxRelatedObject','sambaGroupMapping']);
262			- push @attrs, (cn => $key);
263			- push @attrs, (mail => "$key\@$domain");
264			- push @attrs, (gidNumber => $gid);
265			- push @attrs, (description => $desc) unless $desc =~ /^\s*$/;
266			- push @attrs, (memberUid => \@members)
267			- unless ((scalar @members == 0) && ($event eq 'group-create'));
268			- # Samba requires the displayName attribute
269			- push @attrs, (displayName => $desc) unless $desc =~ /^\s*$/;
270			- push @attrs, (sambaGroupType => '2');
271			- push @attrs, (sambaSID => $smbsid);
272			+ $updates->{$dn}->{objectClass} = ['posixGroup'];
273			+
274			+ # Read information from getent group
275			+ @{$updates->{$dn}}{'cn','userPassword','gidNumber','memberUid'} = getgrnam($key);
276			+ $updates->{$dn}->{userPassword} =~ s/^/{CRYPT}/ unless $updates->{$dn}->{userPassword} =~ m/^{/;
277			+ $updates->{$dn}->{description} = $desc if $desc;
278			+ $updates->{$dn}->{memberUid} = [ split /\s+/, $updates->{$dn}->{memberUid} ];
279			+
280			+ # Ensure groups have the needed properties
281			+ if ($type eq 'group')
282			+ {
283			+ push @{$updates->{$dn}->{objectClass}}, 'mailboxRelatedObject';
284			+ $updates->{$dn}->{mail} = "$key\@$domain";
285			+ }
286			+
287			+ # Samba parameters if we find the samba.schema
288			+ if ( -f "$schema" and exists $groupmap->{$key} )
289			+ {
290			+ push @{$updates->{$dn}->{objectClass}}, 'sambaGroupMapping';
291			+ $updates->{$dn}->{displayName} = $groupmap->{$key}->{name};
292			+ $updates->{$dn}->{sambaSID} = $groupmap->{$key}->{sid};
293			+ $updates->{$dn}->{sambaGroupType} = '2';
294			+ }
295			+
296			+ }
297			+}
298			+endpwent();
299			+
300			+# Fix attributes and update ldap
301			+foreach my $dn (keys %$updates)
302			+{
303			+ # Try and find record
304			+ my ($filter, $searchbase) = split /,/, $dn, 2;
305			+ my $result = $ldap->search( base => $searchbase, filter => "($filter)" );
306			+ if ( $result->code )
307			+ {
308			+ warn "failed looking up entry for $dn: ", $result->error;
309			+ next;
310			}
311			- if (($event eq 'user-create') \|\| ($event eq 'group-create'))
312			+ my $cnt = scalar $result->entries();
313			+
314			+ # Clean up attributes and convert to utf8
315			+ delete $updates->{$dn}->{'junk'};
316			+ foreach my $attr ( keys %{$updates->{$dn}} )
317			{
318			- my $result = $ldap->add ($dn, attr => \@attrs);
319			+ if ( ref($updates->{$dn}->{$attr}) eq 'ARRAY' )
320			+ {
321			+ if ( $cnt == 0 and scalar(@{$updates->{$dn}->{$attr}}) == 0 )
322			+ {
323			+ delete $updates->{$dn}->{$attr};
324			+ }
325			+ else
326			+ {
327			+ for (my $c = 0; $c < scalar(@{$updates->{$dn}->{$attr}}); $c++)
328			+ {
329			+ utf8::upgrade($updates->{$dn}->{$attr}[$c]);
330			+ }
331			+ }
332			+ }
333			+ else
334			+ {
335			+ if ($updates->{$dn}->{$attr} !~ /^\s*$/)
336			+ {
337			+ utf8::upgrade($updates->{$dn}->{$attr});
338			+ }
339			+ elsif ( $cnt == 0 )
340			+ {
341			+ delete $updates->{$dn}->{$attr};
342			+ }
343			+ else
344			+ {
345			+ $updates->{$dn}->{$attr} = [];
346			+ }
347			+ }
348			+ }
349
350			- $result->code &&
351			- warn "failed to add entry for $dn: ", $result->error ;
352			+ # Perform insert or update
353			+ if ( $cnt == 0 )
354			+ {
355			+ $result = $ldap->add ($dn, attrs => [ %{$updates->{$dn}} ] );
356			+ $result->code && warn "failed to add entry for $dn: ", $result->error;
357			+ }
358			+ elsif ( $cnt == 1 )
359			+ {
360			+ $result = $ldap->modify ($dn, replace => $updates->{$dn});
361			+ $result->code && warn "failed to modify entry for $dn: ", $result->error;
362			}
363			else
364			{
365			- my %attrs = @attrs;
366			- my $result = $ldap->modify ($dn, replace => \%attrs);
367			-
368			- $result->code &&
369			- warn "failed to modify entry for $dn: ", $result->error ;
370			+ warn "failed looking up entry for $dn: found $cnt results";
371			}
372			}
373			$ldap->unbind;