1 |
diff -up e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update.code_cleanup e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update |
diff -up e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update.code_cleanup e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update |
2 |
diff -up e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update.code_cleanup e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update |
--- e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update.code_cleanup 2010-09-25 12:07:10.000000000 -0600 |
3 |
diff -up e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update.code_cleanup e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update |
+++ e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update 2010-09-25 12:07:30.000000000 -0600 |
|
diff -up e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update.code_cleanup e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update |
|
|
diff -up e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update.code_cleanup e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update |
|
|
diff -up e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update.code_cleanup e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update |
|
|
--- e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update.code_cleanup 2010-09-24 10:58:52.000000000 -0600 |
|
|
+++ e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update 2010-09-25 02:13:08.000000000 -0600 |
|
4 |
@@ -30,6 +30,7 @@ use esmith::ConfigDB; |
@@ -30,6 +30,7 @@ use esmith::ConfigDB; |
5 |
use esmith::AccountsDB; |
use esmith::AccountsDB; |
6 |
use esmith::util; |
use esmith::util; |
119 |
|
|
120 |
my $ldap = Net::LDAP->new('localhost') |
my $ldap = Net::LDAP->new('localhost') |
121 |
or die "$@"; |
or die "$@"; |
122 |
@@ -145,109 +115,155 @@ $ldap->bind( |
@@ -145,109 +115,169 @@ $ldap->bind( |
123 |
password => $pw |
password => $pw |
124 |
); |
); |
125 |
|
|
128 |
-my $dept = $l->prop('defaultDepartment') || ''; |
-my $dept = $l->prop('defaultDepartment') || ''; |
129 |
-my $city = $l->prop('defaultCity') || ''; |
-my $city = $l->prop('defaultCity') || ''; |
130 |
-my $street = $l->prop('defaultStreet') || ''; |
-my $street = $l->prop('defaultStreet') || ''; |
131 |
|
+#------------------------------------------------------------ |
132 |
|
+# Create a list of updates that need to happen |
133 |
|
+#------------------------------------------------------------ |
134 |
+my $updates; |
+my $updates; |
135 |
foreach my $acct (@accounts) |
foreach my $acct (@accounts) |
136 |
{ |
{ |
203 |
+ # Do the user portion |
+ # Do the user portion |
204 |
+ #------------------------------------------------------------ |
+ #------------------------------------------------------------ |
205 |
+ my $dn = "uid=$key,ou=Users,$base"; |
+ my $dn = "uid=$key,ou=Users,$base"; |
206 |
+ $updates->{$dn}->{objectClass} = ['posixAccount', 'shadowAccount', 'account']; |
+ $updates->{$dn}->{objectClass} = ['posixAccount', 'shadowAccount']; |
207 |
+ |
+ |
208 |
+ # Read information from getent passwd |
+ # Read information from getent passwd |
209 |
+ @{$updates->{$dn}}{'uid','userPassword','uidNumber','gidNumber','junk','junk','gecos','homeDirectory','loginShell'} = getpwnam($key); |
+ @{$updates->{$dn}}{'uid','userPassword','uidNumber','gidNumber','junk','junk','gecos','homeDirectory','loginShell'} = getpwnam($key); |
210 |
|
+ unless ($updates->{$dn}->{uid}) |
211 |
|
+ { |
212 |
|
+ delete $updates->{$dn}; |
213 |
|
+ next; |
214 |
|
+ } |
215 |
+ $updates->{$dn}->{userPassword} =~ s/^/{CRYPT}/ unless $updates->{$dn}->{userPassword} =~ m/^{/; |
+ $updates->{$dn}->{userPassword} =~ s/^/{CRYPT}/ unless $updates->{$dn}->{userPassword} =~ m/^{/; |
216 |
+ $desc = $updates->{$dn}->{cn} = $updates->{$dn}->{gecos}; |
+ $desc = $updates->{$dn}->{cn} = $updates->{$dn}->{gecos}; |
217 |
+ |
+ |
223 |
+ } |
+ } |
224 |
+ |
+ |
225 |
+ # Ensure users have the needed properties |
+ # Ensure users have the needed properties |
226 |
+ if ($type eq 'user') |
+ if ($type eq 'user' or $key eq 'admin') |
227 |
+ { |
+ { |
228 |
+ push @{$updates->{$dn}->{objectClass}}, 'inetOrgPerson'; |
+ push @{$updates->{$dn}->{objectClass}}, 'inetOrgPerson'; |
229 |
+ $updates->{$dn}->{mail} = "$key\@$domain"; |
+ $updates->{$dn}->{mail} = "$key\@$domain"; |
230 |
|
+ } |
231 |
|
+ else |
232 |
|
+ { |
233 |
|
+ push @{$updates->{$dn}->{objectClass}}, 'account'; |
234 |
|
+ } |
235 |
+ |
+ |
236 |
+ # Samba parameters if we find the samba.schema |
+ # Samba parameters if we find the samba.schema |
237 |
+ if ( -f "$schema" and -x '/usr/bin/pdbedit' ) |
+ if ( -f "$schema" and -x '/usr/bin/pdbedit' ) |
238 |
|
+ { |
239 |
|
+ my $line = `/usr/bin/pdbedit -wu '$key' 2> /dev/null`; |
240 |
|
+ chomp($line); |
241 |
|
+ if ($line) |
242 |
+ { |
+ { |
243 |
+ my $line = `/usr/bin/pdbedit -wu '$key' 2> /dev/null`; |
+ @{$updates->{$dn}}{'junk','junk','sambaLMPassword','sambaNTPassword'} = split(/:/,$line); |
244 |
+ chomp($line); |
+ foreach $line (`/usr/bin/pdbedit -vu '$key' 2> /dev/null`) |
|
+ if ($line) |
|
245 |
+ { |
+ { |
246 |
+ @{$updates->{$dn}}{'junk','junk','sambaLMPassword','sambaNTPassword'} = split(/:/,$line); |
+ chomp($line); |
247 |
+ foreach $line (`/usr/bin/pdbedit -vu '$key' 2> /dev/null`) |
+ $updates->{$dn}->{sambaSID} = $1 if $line =~ m{User SID:\s+(S-.*)$}; |
248 |
+ { |
+ $updates->{$dn}->{displayName} = $1 if $line =~ m{Full Name:\s+(.*)$}; |
249 |
+ chomp($line); |
+ $updates->{$dn}->{sambaPrimaryGroupSID} = $1 if $line =~ m{Primary Group SID:\s+(S-.*)$}; |
250 |
+ $updates->{$dn}->{sambaSID} = $1 if $line =~ m{User SID:\s+(S-.*)$}; |
+ $updates->{$dn}->{sambaAcctFlags} = $1 if $line =~ m{Account Flags:\s+(.*)$}; |
251 |
+ $updates->{$dn}->{displayName} = $1 if $line =~ m{Full Name:\s+(.*)$}; |
+ $updates->{$dn}->{sambaPwdLastSet} = str2time($1) if $line =~ m{Password last set:\s+(.*)$}; |
|
+ $updates->{$dn}->{sambaPrimaryGroupSID} = $1 if $line =~ m{Primary Group SID:\s+(S-.*)$}; |
|
|
+ $updates->{$dn}->{sambaAcctFlags} = $1 if $line =~ m{Account Flags:\s+(.*)$}; |
|
|
+ $updates->{$dn}->{sambaPwdLastSet} = str2time($1) if $line =~ m{Password last set:\s+(.*)$}; |
|
|
+ } |
|
|
+ push @{$updates->{$dn}->{objectClass}}, 'sambaSamAccount'; |
|
252 |
+ } |
+ } |
253 |
|
+ push @{$updates->{$dn}->{objectClass}}, 'sambaSamAccount'; |
254 |
+ } |
+ } |
255 |
+ } |
+ } |
256 |
+ |
+ |
257 |
+ #------------------------------------------------------------ |
+ #------------------------------------------------------------ |
258 |
+ # Do the group portion |
+ # Do the group portion |
259 |
+ #------------------------------------------------------------ |
+ #------------------------------------------------------------ |
300 |
+ $updates->{$dn}->{sambaGroupType} = '2'; |
+ $updates->{$dn}->{sambaGroupType} = '2'; |
301 |
+ } |
+ } |
302 |
+ |
+ |
303 |
+ } |
} |
304 |
|
- if (($event eq 'user-create') || ($event eq 'group-create')) |
305 |
+} |
+} |
306 |
+endpwent(); |
+endpwent(); |
307 |
+ |
+ |
308 |
+# Fix attributes and update ldap |
+#------------------------------------------------------------ |
309 |
|
+# Update LDAP database entry. |
310 |
|
+#------------------------------------------------------------ |
311 |
+foreach my $dn (keys %$updates) |
+foreach my $dn (keys %$updates) |
312 |
+{ |
+{ |
313 |
+ # Try and find record |
+ # Try and find record |
314 |
+ my ($filter, $searchbase) = split /,/, $dn, 2; |
+ my ($filter, $searchbase) = split /,/, $dn, 2; |
315 |
+ my $result = $ldap->search( base => $searchbase, filter => "($filter)" ); |
+ my $result = $ldap->search( base => $searchbase, filter => "($filter)" ); |
316 |
+ if ( $result->code ) |
+ if ( $result->code ) |
317 |
+ { |
{ |
318 |
+ warn "failed looking up entry for $dn: ", $result->error; |
- my $result = $ldap->add ($dn, attr => \@attrs); |
319 |
|
+ warn "failed looking up entry $dn: ", $result->error; |
320 |
+ next; |
+ next; |
321 |
} |
+ } |
322 |
- if (($event eq 'user-create') || ($event eq 'group-create')) |
+ my $cnt = $result->count; |
323 |
+ my $cnt = scalar $result->entries(); |
+ |
|
+ |
|
324 |
+ # Clean up attributes and convert to utf8 |
+ # Clean up attributes and convert to utf8 |
325 |
+ delete $updates->{$dn}->{'junk'}; |
+ delete $updates->{$dn}->{'junk'}; |
326 |
+ foreach my $attr ( keys %{$updates->{$dn}} ) |
+ foreach my $attr ( keys %{$updates->{$dn}} ) |
327 |
{ |
+ { |
|
- my $result = $ldap->add ($dn, attr => \@attrs); |
|
328 |
+ if ( ref($updates->{$dn}->{$attr}) eq 'ARRAY' ) |
+ if ( ref($updates->{$dn}->{$attr}) eq 'ARRAY' ) |
329 |
+ { |
+ { |
330 |
+ if ( $cnt == 0 and scalar(@{$updates->{$dn}->{$attr}}) == 0 ) |
+ if ( $cnt == 0 and scalar(@{$updates->{$dn}->{$attr}}) == 0 ) |
361 |
+ # Perform insert or update |
+ # Perform insert or update |
362 |
+ if ( $cnt == 0 ) |
+ if ( $cnt == 0 ) |
363 |
+ { |
+ { |
364 |
+ $result = $ldap->add ($dn, attrs => [ %{$updates->{$dn}} ] ); |
+ $result = $ldap->add( $dn, attrs => [ %{$updates->{$dn}} ] ); |
365 |
+ $result->code && warn "failed to add entry for $dn: ", $result->error; |
+ $result->code && warn "failed to add entry $dn: ", $result->error; |
366 |
+ } |
+ } |
367 |
+ elsif ( $cnt == 1 ) |
+ elsif ( $cnt == 1 ) |
368 |
+ { |
+ { |
369 |
+ $result = $ldap->modify ($dn, replace => $updates->{$dn}); |
+ $result = $ldap->modify( $dn, replace => $updates->{$dn}); |
370 |
+ $result->code && warn "failed to modify entry for $dn: ", $result->error; |
+ $result->code && warn "failed to modify entry $dn: ", $result->error; |
371 |
} |
} |
372 |
else |
else |
373 |
{ |
{ |
376 |
- |
- |
377 |
- $result->code && |
- $result->code && |
378 |
- warn "failed to modify entry for $dn: ", $result->error ; |
- warn "failed to modify entry for $dn: ", $result->error ; |
379 |
+ warn "failed looking up entry for $dn: found $cnt results"; |
+ warn "failed looking up entry $dn: found $cnt results"; |
380 |
} |
} |
381 |
} |
} |
382 |
$ldap->unbind; |
$ldap->unbind; |