diff -ruN e-smith-ldap-5.2.0.ldap-init/root/etc/e-smith/events/actions/ldap-update e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update --- e-smith-ldap-5.2.0.ldap-init/root/etc/e-smith/events/actions/ldap-update 2010-12-01 11:12:30.000000000 -0700 +++ e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update 2010-12-01 12:08:29.000000000 -0700 @@ -1,4 +1,4 @@ -#!/usr/bin/perl -w +#!/bin/bash #---------------------------------------------------------------------- # copyright (C) 1999, 2000 e-smith, inc. @@ -22,456 +22,4 @@ # call us on 1 888 ESMITH 1 (US/Canada toll free) or +1 613 564 8000 #---------------------------------------------------------------------- -package esmith; - -use strict; -use Errno; -use esmith::ConfigDB; -use esmith::AccountsDB; -use esmith::util; -use Net::LDAP; -use Date::Parse; - -my $c = esmith::ConfigDB->open_ro; -my $a = esmith::AccountsDB->open_ro; - -my $l = $c->get('ldap'); -my $status = $l->prop('status') || "disabled"; -unless ($status eq "enabled" ) -{ - warn "Not running action script $0, LDAP service not enabled!\n"; - exit(0); -} - -my $hostname = $c->get('SystemName') - || die("Couldn't determine system name"); -$hostname = $hostname->value; - -my $domain = $c->get('DomainName') - || die("Couldn't determine domain name"); -$domain = $domain->value; - -my $schema = '/etc/openldap/schema/samba.schema'; -my $map = { 'FirstName' => 'givenName', - 'LastName' => 'sn', - 'Phone' => 'telephoneNumber', - 'Company' => 'o', - 'Dept' => 'ou', - 'City' => 'l', - 'Street' => 'street', - }; - -my @accounts; -my $account; -my $event = shift || die "Event name must be specified"; -if ($event eq 'ldap-update' or $event eq 'bootstrap-ldap-save') -{ - @accounts = ($a->users, $a->groups, $a->ibays, $a->get_all_by_prop(type => 'machine')); - push(@accounts, $a->get('admin')); -} -else -{ - my @name = @ARGV; - die "Account name argument missing." unless scalar (@name) >= 1; - - foreach my $name (@name) - { - $account = $a->get($name); - die "Account $name not found.\n" unless defined $account; - my $type = $account->prop('type') || "unknown"; - - die "Account $name is not a user, group, ibay, machine account; update LDAP entry failed.\n" - unless ($type =~ m{^(?:user|group|ibay|machine)$} or $name eq 'admin'); - push @accounts, $account; - } -} - -#------------------------------------------------------------ -# Read all samba groups (can't do individual lookups) -#------------------------------------------------------------ - -my $groupmap = (); - -# Only do if schema is found -if ( -f "$schema" and -x '/usr/bin/net' ) -{ - foreach (`/usr/bin/net groupmap list 2> /dev/null`){ - chomp; - next if m{\(S-1-5-32-\d+\)}; - $groupmap->{$3} = { name => "$1", sid => "$2" } if (/^(.*) \((S-.*-\d+)\) -> (.*)$/); - } -} - -#------------------------------------------------------------ -# Update LDAP database entry. -#------------------------------------------------------------ -my $base = esmith::util::ldapBase ($domain); -my $pw = esmith::util::LdapPassword(); - -my $ldap = Net::LDAP->new('localhost') - or die "$@"; - -$ldap->bind( - dn => "cn=root,$base", - password => $pw -); - -my ($dc,undef) = split (/\./, $domain); -my $o = $l->prop('defaultCompany') || $domain; - -# Try and find base record -my $seen; -my @objects = qw(top organization dcObject); -my $result = $ldap->search( base => $base, filter => '(objectClass=*)', scope => 'base' ); -if ($result->code == 32) -{ - $result = $ldap->add( $base, attr => [ dc => $dc, o => $o, objectClass => \@objects ] ); -} -elsif ($result->code) -{ - warn "failed checking base entry $base: ", $result->error; -} -else -{ - # Don't overwrite objectClass (just update if necessary) - $seen = (); - @objects = grep { ! $seen->{$_} ++ } (@objects, $result->entry(0)->get_value('objectClass') ); - $ldap->modify( $base, replace => { dc => $dc, o => $o, objectClass => \@objects } ); -} -warn "failed to add/update entry $base: ", $result->error if $result->code; - -# Try and find container records -foreach my $obj ( qw(Users Groups Computers) ) -{ - @objects = qw(top organizationalUnit); - $result = $ldap->search( base => "ou=$obj,$base", filter => '(objectClass=*)', scope => 'base' ); - if ($result->code == 32) - { - $result = $ldap->add( "ou=$obj,$base", attr => [ ou => $obj, objectClass => \@objects ] ); - } - elsif ($result->code) - { - warn "failed checking base entry ou=$obj,$base: ", $result->error; - } - else - { - # Don't overwrite objectClass (just update if necessary) - $seen = (); - @objects = grep { ! $seen->{$_} ++ } (@objects, $result->entry(0)->get_value('objectClass') ); - $result = $ldap->modify( "ou=$obj,$base", replace => { ou => $obj, objectClass => \@objects } ); - } - warn "failed to add/update entry ou=$obj,$base: ", $result->error if $result->code; -} - -my $updates; - -#------------------------------------------------------------ -# Ensure nobody, shared, www objects are there -#------------------------------------------------------------ -foreach my $user (qw/www/){ - my $dn = "uid=$user,ou=Users,$base"; - utf8::upgrade($dn); - $updates->{$dn}->{objectClass} = ['account', 'posixAccount', 'shadowAccount']; - - # Read information from getent passwd - @{$updates->{$dn}}{'uid','userPassword','uidNumber','gidNumber','junk','junk','gecos','homeDirectory','loginShell'} = getpwnam($user); - $updates->{$dn}->{userPassword} = "!*" if $updates->{$dn}->{userPassword} eq '!!'; - $updates->{$dn}->{userPassword} =~ s/^/{CRYPT}/ unless $updates->{$dn}->{userPassword} =~ m/^{/; - $updates->{$dn}->{cn} = $updates->{$dn}->{gecos}; - - # Samba parameters if we find the samba.schema - if ( -f "$schema" and -x '/usr/bin/pdbedit' ) - { - my $line = `/usr/bin/pdbedit -wu '$user' 2> /dev/null`; - chomp($line); - if ($line) - { - @{$updates->{$dn}}{'junk','junk','sambaLMPassword','sambaNTPassword'} = split(/:/,$line); - foreach $line (`/usr/bin/pdbedit -vu '$user' 2> /dev/null`) - { - chomp($line); - $updates->{$dn}->{sambaSID} = $1 if $line =~ m{User SID:\s+(S-.*)$}; - $updates->{$dn}->{displayName} = $1 if $line =~ m{Full Name:\s+(.*)$}; - $updates->{$dn}->{sambaPrimaryGroupSID} = $1 if $line =~ m{Primary Group SID:\s+(S-.*)$}; - $updates->{$dn}->{sambaAcctFlags} = $1 if $line =~ m{Account Flags:\s+(.*)$}; - $updates->{$dn}->{sambaPwdLastSet} = str2time($1) if $line =~ m{Password last set:\s+(.*)$}; - } - push @{$updates->{$dn}->{objectClass}}, 'sambaSamAccount'; - } - else - { - $updates->{$dn}->{sambaLMPassword} = []; - $updates->{$dn}->{sambaNTPassword} = []; - $updates->{$dn}->{sambaSID} = []; - $updates->{$dn}->{displayName} = []; - $updates->{$dn}->{sambaPrimaryGroupSID} = []; - $updates->{$dn}->{sambaAcctFlags} = []; - $updates->{$dn}->{sambaPwdLastSet} = []; - } - } -} -endpwent(); - -foreach my $group (qw/nobody shared www/){ - my $dn = "cn=$group,ou=Groups,$base"; - utf8::upgrade($dn); - $updates->{$dn}->{objectClass} = ['posixGroup']; - - # Read information from getent group - @{$updates->{$dn}}{'cn','junk','gidNumber','memberUid'} = getgrnam($group); - $updates->{$dn}->{memberUid} = [ split /\s+/, $updates->{$dn}->{memberUid} ]; - - # Ensure groups have the needed properties - if ($group eq 'shared'){ - push @{$updates->{$dn}->{objectClass}}, 'mailboxRelatedObject'; - $updates->{$dn}->{mail} = "everyone\@$domain"; - } - - # Samba parameters if we find the samba.schema - if ( -f "$schema" ) - { - if ( exists $groupmap->{$group} ) - { - push @{$updates->{$dn}->{objectClass}}, 'sambaGroupMapping'; - $updates->{$dn}->{displayName} = $groupmap->{$group}->{name}; - $updates->{$dn}->{sambaSID} = $groupmap->{$group}->{sid}; - $updates->{$dn}->{sambaGroupType} = '2'; - } - else - { - $updates->{$dn}->{displayName} = []; - $updates->{$dn}->{sambaSID} = []; - $updates->{$dn}->{sambaGroupType} = []; - } - } -} -endgrent(); - -#------------------------------------------------------------ -# Create a list of updates that need to happen -#------------------------------------------------------------ -foreach my $acct (@accounts) -{ - my $key = $acct->key; - my $type = $acct->prop('type'); - my $desc = undef; - my $dn; - - if ($type =~ m{^(?:user|group|ibay|machine)$} or $key eq 'admin') - { - #------------------------------------------------------------ - # Do the user portion - #------------------------------------------------------------ - if ($type eq 'machine') - { - $dn = "uid=$key,ou=Computers,$base"; - } - else - { - $dn = "uid=$key,ou=Users,$base"; - } - utf8::upgrade($dn); - $updates->{$dn}->{objectClass} = ['posixAccount', 'shadowAccount']; - - # Read information from getent passwd - @{$updates->{$dn}}{'uid','userPassword','uidNumber','gidNumber','junk','junk','gecos','homeDirectory','loginShell'} = getpwnam($key); - unless ($updates->{$dn}->{uid}) - { - delete $updates->{$dn}; - next; - } - $updates->{$dn}->{userPassword} = "!*" if $updates->{$dn}->{userPassword} eq '!!'; - $updates->{$dn}->{userPassword} =~ s/^/{CRYPT}/ unless $updates->{$dn}->{userPassword} =~ m/^{/; - $desc = $updates->{$dn}->{cn} = $updates->{$dn}->{gecos}; - - # Load values from db record - foreach my $attr ( keys %$map ) - { - my $val = $acct->prop($attr); - $updates->{$dn}->{$map->{$attr}} = $val if defined $val; - } - - # Ensure users have the needed properties - if ($type eq 'user' or $key eq 'admin') - { - push @{$updates->{$dn}->{objectClass}}, 'inetOrgPerson'; - $updates->{$dn}->{mail} = "$key\@$domain"; - } - else - { - push @{$updates->{$dn}->{objectClass}}, 'account'; - } - - # Samba parameters if we find the samba.schema - if ( -f "$schema" and -x '/usr/bin/pdbedit' ) - { - my $line = `/usr/bin/pdbedit -wu '$key' 2> /dev/null`; - chomp($line); - if ($line) - { - @{$updates->{$dn}}{'junk','junk','sambaLMPassword','sambaNTPassword'} = split(/:/,$line); - foreach $line (`/usr/bin/pdbedit -vu '$key' 2> /dev/null`) - { - chomp($line); - $updates->{$dn}->{sambaSID} = $1 if $line =~ m{User SID:\s+(S-.*)$}; - $updates->{$dn}->{displayName} = $1 if $line =~ m{Full Name:\s+(.*)$}; - $updates->{$dn}->{sambaPrimaryGroupSID} = $1 if $line =~ m{Primary Group SID:\s+(S-.*)$}; - $updates->{$dn}->{sambaAcctFlags} = $1 if $line =~ m{Account Flags:\s+(.*)$}; - $updates->{$dn}->{sambaPwdLastSet} = str2time($1) if $line =~ m{Password last set:\s+(.*)$}; - } - push @{$updates->{$dn}->{objectClass}}, 'sambaSamAccount'; - } - else - { - $updates->{$dn}->{sambaLMPassword} = []; - $updates->{$dn}->{sambaNTPassword} = []; - $updates->{$dn}->{sambaSID} = []; - $updates->{$dn}->{displayName} = []; - $updates->{$dn}->{sambaPrimaryGroupSID} = []; - $updates->{$dn}->{sambaAcctFlags} = []; - $updates->{$dn}->{sambaPwdLastSet} = []; - } - } - - #------------------------------------------------------------ - # Do the group portion - #------------------------------------------------------------ - $dn = "cn=$key,ou=Groups,$base"; - utf8::upgrade($dn); - $updates->{$dn}->{objectClass} = ['posixGroup']; - - # Read information from getent group - @{$updates->{$dn}}{'cn','junk','gidNumber','memberUid'} = getgrnam($key); - $updates->{$dn}->{memberUid} = [ split /\s+/, $updates->{$dn}->{memberUid} ]; - - # Ensure groups have the needed properties - if ($type eq 'group') - { - push @{$updates->{$dn}->{objectClass}}, 'mailboxRelatedObject'; - $updates->{$dn}->{mail} = "$key\@$domain"; - $updates->{$dn}->{description} = $desc if $desc; - } - - # Samba parameters if we find the samba.schema - if ( -f "$schema" ) - { - if ( exists $groupmap->{$key} ) - { - push @{$updates->{$dn}->{objectClass}}, 'sambaGroupMapping'; - $updates->{$dn}->{displayName} = $groupmap->{$key}->{name}; - $updates->{$dn}->{sambaSID} = $groupmap->{$key}->{sid}; - $updates->{$dn}->{sambaGroupType} = '2'; - } - else - { - $updates->{$dn}->{displayName} = []; - $updates->{$dn}->{sambaSID} = []; - $updates->{$dn}->{sambaGroupType} = []; - } - } - } -} -endpwent(); -endgrent(); - -#------------------------------------------------------------ -# Update LDAP database entry. -#------------------------------------------------------------ -foreach my $dn (keys %$updates) -{ - # Try and find record - $result = $ldap->search( base => $dn, filter => '(objectClass=*)', scope => 'base' ); - warn "failed looking up entry $dn: ", $result->error if $result->code && $result->code != 32; - my $code = $result->code; - my @objectClass = $code == 32 ? () : $result->entry(0)->get_value('objectClass'); - - # Clean up attributes and convert to utf8 - delete $updates->{$dn}->{'junk'}; - foreach my $attr ( keys %{$updates->{$dn}} ) - { - if ( ref($updates->{$dn}->{$attr}) eq 'ARRAY' ) - { - if ( $code == 32 and scalar(@{$updates->{$dn}->{$attr}}) == 0 ) - { - delete $updates->{$dn}->{$attr}; - } - else - { - for (my $c = 0; $c < scalar(@{$updates->{$dn}->{$attr}}); $c++) - { - utf8::upgrade($updates->{$dn}->{$attr}[$c]); - } - } - } - else - { - if ($updates->{$dn}->{$attr} !~ /^\s*$/) - { - utf8::upgrade($updates->{$dn}->{$attr}); - } - elsif ( $code == 32 ) - { - delete $updates->{$dn}->{$attr}; - } - else - { - $updates->{$dn}->{$attr} = []; - } - } - } - - # Try and find old record (sme7) - my ($oldfilter, undef, $oldsearchbase) = split /,/, $dn, 3; - my $oldresult = $ldap->search( base => "$oldfilter,$oldsearchbase", filter => '(objectClass=*)', scope => 'base' ); - if ($oldresult->code) - { - warn "failed looking up old entry $oldfilter,$oldsearchbase: ", $result->error if $oldresult->code != 32; - } - else - { - if ($code == 32) - { - my ($newdn, $newbase) = split /,/, $dn, 2; - - # Ensure key entry exist in old record before renaming - $result = $ldap->modify( "$oldfilter,$oldsearchbase", replace => { split('=', $newdn) } ); - warn "failed to add attributes to old entry $oldfilter,$oldsearchbase: ", $result->error if $result->code; - - # Move old record to new location - $result = $ldap->moddn( "$oldfilter,$oldsearchbase", newrdn => $newdn, newsuperior => $newbase, deleteoldrdn => 1 ); - warn "failed to rename old entry $oldfilter,$oldsearchbase: ", $result->error if $result->code; - - # Set things up as if we had found the new entry - $code = $oldresult->code; - @objectClass = $oldresult->entry(0)->get_value('objectClass'); - } - else - { - $result = $ldap->delete( "$oldfilter,$oldsearchbase" ); - warn "failed to remove old entry $oldfilter,$oldsearchbase: ", $result->error if $result->code; - } - } - - # Perform insert or update - if ( $code == 32 ) - { - $result = $ldap->add( $dn, attrs => [ %{$updates->{$dn}} ] ); - $result->code && warn "failed to add entry $dn: ", $result->error; - } - else - { - # Don't overwrite objectClass (just remove person if existing) - $seen = { person => 1 }; - - # Remove samba objectClasses if removing samba attributes - @{$seen}{'sambaSamAccount','sambaGroupMapping'} = (1,1) if ref($updates->{$dn}->{sambaSID}) eq 'ARRAY'; - - @{$updates->{$dn}->{objectClass}} = grep { ! $seen->{$_}++ } (@{$updates->{$dn}->{objectClass}}, @objectClass ); - - $result = $ldap->modify( $dn, replace => $updates->{$dn}); - $result->code && warn "failed to modify entry $dn: ", $result->error; - } -} -$ldap->unbind; - -exit (0); +/var/service/ldap/ldif-fix --update diff -ruN e-smith-ldap-5.2.0.ldap-init/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/20ldif e-smith-ldap-5.2.0/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/20ldif --- e-smith-ldap-5.2.0.ldap-init/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/20ldif 2010-12-01 11:12:30.000000000 -0700 +++ e-smith-ldap-5.2.0/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/20ldif 1969-12-31 17:00:00.000000000 -0700 @@ -1,20 +0,0 @@ -{ - foreach my $dn (keys %$ldif) - { - delete $ldif->{$dn}->{'junk'}; - $OUT .= "dn: $dn\n"; - foreach my $attr ( keys %{$ldif->{$dn}} ) - { - if (ref($ldif->{$dn}->{$attr}) eq 'ARRAY') - { - my %seen = (); - $OUT .= "$attr: $_\n" foreach grep { ! $seen{$_}++ } @{$ldif->{$dn}->{$attr}}; - } - else - { - $OUT .= "$attr: ".$ldif->{$dn}->{$attr}."\n" if $ldif->{$dn}->{$attr}; - } - } - $OUT .= "\n"; - } -} diff -ruN e-smith-ldap-5.2.0.ldap-init/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/template-begin e-smith-ldap-5.2.0/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/template-begin --- e-smith-ldap-5.2.0.ldap-init/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/template-begin 2010-12-01 11:12:30.000000000 -0700 +++ e-smith-ldap-5.2.0/root/etc/e-smith/templates/home/e-smith/db/ldap/ldif/template-begin 1969-12-31 17:00:00.000000000 -0700 @@ -1,207 +0,0 @@ -{ - use esmith::AccountsDB; - use esmith::util; - use Date::Parse; - - my $schema = '/etc/openldap/schema/samba.schema'; - - $a = esmith::AccountsDB->open_ro; - $ldapBase = esmith::util::ldapBase ($DomainName); - - local ($dn, $dc, $obj, $attr, $account, $type); - ($dc) = split (/\./, $DomainName); - - $ldif = (); - - # Top domain object - utf8::upgrade($ldapBase); - $ldif->{$ldapBase}->{objectClass} = [ qw(top organization dcObject) ]; - $ldif->{$ldapBase}->{dc} = $dc; - $ldif->{$ldapBase}->{o} = $ldap{defaultCompany} || $DomainName; - - # Top level groups - foreach $obj ( qw(Users Groups Computers) ) - { - $dn = "ou=$obj,$ldapBase"; - utf8::upgrade($dn); - - $ldif->{$dn}->{objectClass} = [ qw(top organizationalUnit) ]; - $ldif->{$dn}->{ou} = $obj; - } - - local $dnmap = (); - - # Read in user details - while(my ($key,$pwd,$uid,$gid,undef,undef,$gecos,$dir,$shell) = getpwent()) - { - # skip non sme users - $account = $a->get($key) || next; - $type = $account->prop('type') || 'unknown'; - next unless ($type =~ m{^(?:user|group|ibay|machine)$} or $key eq 'admin'); - - if ($type eq 'machine') - { - $dn = "uid=$key,ou=Computers,$ldapBase"; - utf8::upgrade($dn); - } - else - { - $dn = "uid=$key,ou=Users,$ldapBase"; - utf8::upgrade($dn); - } - - $dnmap->{$key}->{user} = $dn; - - $ldif->{$dn}->{objectClass} = [ qw(posixAccount shadowAccount) ]; - $ldif->{$dn}->{uid} = $key; - $pwd = "!*" if $pwd eq '!!'; - $ldif->{$dn}->{userPassword} = ($pwd =~ m/^\{/) ? $pwd : "\{CRYPT\}$pwd"; - $ldif->{$dn}->{uidNumber} = $uid; - $ldif->{$dn}->{gidNumber} = $gid; - $ldif->{$dn}->{gecos} = $gecos || ''; - $ldif->{$dn}->{cn} = $gecos || ''; - $ldif->{$dn}->{homeDirectory} = $dir; - $ldif->{$dn}->{loginShell} = $shell; - - if ($type eq 'user' or $key eq 'admin') - { - push @{$ldif->{$dn}->{objectClass}}, 'inetOrgPerson'; - $ldif->{$dn}->{mail} = "$key\@$DomainName"; - $ldif->{$dn}->{givenName} = $account->prop('FirstName') || ''; - $ldif->{$dn}->{sn} = $account->prop('LastName') || ''; - $ldif->{$dn}->{telephoneNumber} = $account->prop('Phone') || ''; - $ldif->{$dn}->{o} = $account->prop('Company') || ''; - $ldif->{$dn}->{ou} = $account->prop('Dept') || ''; - $ldif->{$dn}->{l} = $account->prop('City') || ''; - $ldif->{$dn}->{street} = $account->prop('Street') || ''; - } - else - { - push @{$ldif->{$dn}->{objectClass}}, 'account'; - } - } - endpwent(); - - # www is a special user for all accounts - foreach my $user (qw/www/) - { - $dn = "uid=$user,ou=Users,$ldapBase"; - utf8::upgrade($dn); - - $dnmap->{$user}->{user} = $dn; - - $ldif->{$dn}->{objectClass} = [ qw(account posixAccount shadowAccount) ]; - @{$ldif->{$dn}}{'uid','userPassword','uidNumber','gidNumber','junk','junk','gecos','homeDirectory','loginShell'} = getpwnam($user); - $ldif->{$dn}->{userPassword} = "!*" if $ldif->{$dn}->{userPassword} eq '!!'; - $ldif->{$dn}->{userPassword} =~ s/^/{CRYPT}/ unless $ldif->{$dn}->{userPassword} =~ m/^\{/; - $ldif->{$dn}->{cn} = $ldif->{$dn}->{gecos} || ''; - } - endpwent(); - - # Read in group details - while(my ($key,undef,$gid,$members) = getgrent()) - { - # skip non sme groups - $account = $a->get($key) || next; - $type = $account->prop('type') || 'unknown'; - next unless ($type =~ m{^(?:user|group|ibay|machine)$} or $key eq 'admin'); - - $dn = "cn=$key,ou=Groups,$ldapBase"; - utf8::upgrade($dn); - - $dnmap->{$key}->{group} = $dn; - - $ldif->{$dn}->{objectClass} = [ qw(posixGroup) ]; - $ldif->{$dn}->{cn} = $key; - $ldif->{$dn}->{gidNumber} = $gid; - $ldif->{$dn}->{memberUid} = [ split /\s+/, $members ]; - - if ($type eq 'group') - { - push @{$ldif->{$dn}->{objectClass}}, 'mailboxRelatedObject'; - $ldif->{$dn}->{mail} = "$key\@$DomainName"; - $ldif->{$dn}->{description} = $ldif->{$dnmap->{$key}->{user}}->{cn} if exists $ldif->{$dnmap->{$key}->{user}}->{cn}; - } - } - endgrent(); - - # Nobody and shared are special groups used by samba - foreach my $group (qw/nobody shared www/) - { - $dn = "cn=$group,ou=Groups,$ldapBase"; - utf8::upgrade($dn); - - $dnmap->{$group}->{group} = $dn; - - $ldif->{$dn}->{objectClass} = [ qw(posixGroup) ]; - @{$ldif->{$dn}}{'cn','junk','gidNumber','memberUid'} = getgrnam($group); - $ldif->{$dn}->{memberUid} = [ split /\s+/, $ldif->{$dn}->{memberUid} ]; - - if ($group eq 'shared'){ - push @{$ldif->{$dn}->{objectClass}}, 'mailboxRelatedObject'; - $ldif->{$dn}->{mail} = "everyone\@$DomainName"; - } - } - endgrent(); - - # Read in samba user details - if ( -f "$schema" and -x '/usr/bin/pdbedit' ) - { - foreach my $line (`/usr/bin/pdbedit -Lw 2> /dev/null`) - { - my ($key,undef,$lmpass,$ntpass) = split(/:/,$line); - next unless exists $dnmap->{$key}; - - push @{$ldif->{$dnmap->{$key}->{user}}->{objectClass}}, 'sambaSamAccount'; - $ldif->{$dnmap->{$key}->{user}}->{sambaLMPassword} = $lmpass; - $ldif->{$dnmap->{$key}->{user}}->{sambaNTPassword} = $ntpass; - - foreach my $info (`/usr/bin/pdbedit -v '$key' 2> /dev/null`){ - $ldif->{$dnmap->{$key}->{user}}->{sambaSID} = $1 if $info =~ m{User SID:\s+(S-.*)$}; - $ldif->{$dnmap->{$key}->{user}}->{displayName} = $1 if $info =~ m{Full Name:\s+(.*)$}; - $ldif->{$dnmap->{$key}->{user}}->{sambaPrimaryGroupSID} = $1 if $info =~ m{Primary Group SID:\s+(S-.*)$}; - $ldif->{$dnmap->{$key}->{user}}->{sambaAcctFlags} = $1 if $info =~ m{Account Flags:\s+(.*)$}; - $ldif->{$dnmap->{$key}->{user}}->{sambaPwdLastSet} = str2time($1) if $info =~ m{Password last set:\s+(.*)$}; - } - } - } - - # Read in samba group mappings - if ( -f "$schema" and -x '/usr/bin/net' ) - { - foreach (`/usr/bin/net groupmap list 2> /dev/null`){ - chomp; - next if m{\(S-1-5-32-\d+\)}; - if (/^(.*) \((S-.*-\d+)\) -> (.*)$/) - { - next unless exists $dnmap->{$3}; - - push @{$ldif->{$dnmap->{$3}->{group}}->{objectClass}}, 'sambaGroupMapping'; - $ldif->{$dnmap->{$3}->{group}}->{displayName} = $1; - $ldif->{$dnmap->{$3}->{group}}->{sambaSID} = $2; - $ldif->{$dnmap->{$3}->{group}}->{sambaGroupType} = '2'; - } - } - } - - # Ensure that attributes are utf8 - foreach $dn (keys %$ldif) - { - foreach $attr ( keys %{$ldif->{$dn}} ) - { - if ( ref($ldif->{$dn}->{$attr}) eq 'ARRAY' ) - { - for (my $c = 0; $c < scalar(@{$ldif->{$dn}->{$attr}}); $c++) - { - utf8::upgrade($ldif->{$dn}->{$attr}[$c]); - } - } - else - { - utf8::upgrade($ldif->{$dn}->{$attr}); - } - } - } - - $OUT = ""; -} diff -ruN e-smith-ldap-5.2.0.ldap-init/root/var/service/ldap/convert_ldif e-smith-ldap-5.2.0/root/var/service/ldap/convert_ldif --- e-smith-ldap-5.2.0.ldap-init/root/var/service/ldap/convert_ldif 2010-12-01 11:12:29.000000000 -0700 +++ e-smith-ldap-5.2.0/root/var/service/ldap/convert_ldif 1969-12-31 17:00:00.000000000 -0700 @@ -1,67 +0,0 @@ -#! /usr/bin/perl - -use strict; -use warnings; - - -use Net::LDAP::LDIF; -use esmith::util; - -my $olddomain = shift; -my $newdomain = shift; - -my $ldif = Net::LDAP::LDIF->new( "/dev/stdin", "r", onerror => 'undef' ); -my $writer = Net::LDAP::LDIF->new("/dev/stdout", "w", onerror => 'undef' ); - -my $new = esmith::util::ldapBase($newdomain); -my $old = esmith::util::ldapBase($olddomain); - -while( not $ldif->eof()) -{ - my $entry = $ldif->read_entry(); - if ($ldif->error()) - { - print "Error msg: ", $ldif->error(), "\n"; - print "Error lines:\n", $ldif->error_lines(), "\n"; - next; - } - next unless $entry; - my $dn = $entry->dn; - my @object_classes = $entry->get_value('objectClass'); - my %object_classes = map { $_ => 1 } @object_classes; - if ($dn eq $old) - { - # this is the domain container object - objectClasses will be - # 'top' and 'domain' - my $dc = $new; - $dc =~ s/,.*//g; - $dc =~ s/^dc=//; - $entry->replace(dc => $dc); - } - if ($object_classes{group}) - { - # We used to create group entries with invalid objectClass group - # - fix these if we find them - # possibly not required any more, but harmless - @object_classes = grep { $_ ne 'group' } @object_classes; - $entry->replace(objectClass => [ @object_classes, 'posixGroup' ] ); - } - # do any other object transformations - - # Update the mail attributes - if ($entry->exists('mail')){ - my @newmails = (); - foreach ($entry->get_value('mail')){ - $_ =~ s/\@$olddomain$/\@$newdomain/; - push (@newmails,$_); - } - $entry->replace(mail => [ @newmails ]); - } - - # Update basedb suffix - $dn =~ s/$old$/$new/; - $entry->dn($dn); - $writer->write($entry); -} -$ldif->done( ); - diff -ruN e-smith-ldap-5.2.0.ldap-init/root/var/service/ldap/ldif-fix e-smith-ldap-5.2.0/root/var/service/ldap/ldif-fix --- e-smith-ldap-5.2.0.ldap-init/root/var/service/ldap/ldif-fix 1969-12-31 17:00:00.000000000 -0700 +++ e-smith-ldap-5.2.0/root/var/service/ldap/ldif-fix 2010-12-01 12:09:24.000000000 -0700 @@ -0,0 +1,414 @@ +#!/usr/bin/perl -T + +use strict; +use warnings; +use Net::LDAP; +use Net::LDAP::LDIF; +use Date::Parse; +use esmith::ConfigDB; +use esmith::AccountsDB; +use esmith::util; +use Getopt::Long qw(:config bundling); + +$ENV{'PATH'} = '/bin:/usr/bin:/sbin:/usr/sbin'; +$ENV{'LANG'} = 'C'; + +sub dnsort { + my %type = ( add => 1, modrdn => 2, moddn => 2, modify => 3, delete => 4); + my %attr = ( dc => 1, ou => 2, cn => 3, uid => 4); + + my ($oa) = ($a->get_value('newrdn') || $a->dn) =~ /^([^=]+)=/; + my ($ob) = ($b->get_value('newrdn') || $b->dn) =~ /^([^=]+)=/; + my ($ua, $ub) = map { my $tu = $_->get_value('uidnumber'); defined $tu && $tu ne '' ? $tu : -1 } ($a, $b); + my ($ga, $gb) = map { my $tg = $_->get_value('gidnumber'); defined $tg && $tg ne '' ? $tg : -1 } ($a, $b); + + ($attr{$oa} || 9) <=> ($attr{$ob} || 9) || ($type{$a->changetype} || 9) <=> ($type{$b->changetype} || 9) || + $ua <=> $ub || $ga <=> $gb || ($a->get_value('newrdn') || $a->dn) cmp ($b->get_value('newrdn') || $b->dn); +} + +my $c = esmith::ConfigDB->open_ro; +my $a = esmith::AccountsDB->open_ro; + +my $auth = $c->get('ldap')->prop('Authentication') || 'disabled'; +my $schema = '/etc/openldap/schema/samba.schema'; + +my $domain = $c->get('DomainName')->value; +my $basedn = esmith::util::ldapBase($domain); + +my $userou = 'ou=Users'; +my $groupou = 'ou=Groups'; +my $compou = 'ou=Computers'; + +my ($dc) = split /\./, $domain; +my $company = $c->get_prop('ldap', 'defaultCompany') || $domain; + +my %opt; +GetOptions ( \%opt, "diff|d", "update|u", "input|i=s", "output|o=s" ); +$opt{input} = '/usr/sbin/slapcat -c 2> /dev/null|' unless $opt{input} && ($opt{input} eq '-' || -f "$opt{input}" || -c "$opt{input}"); +$opt{diff} = 1 if $opt{update}; +if ( $opt{output} && $opt{output} =~ m{^([-\w/.]+)$}) { + $opt{output} = $1; +} else { + $opt{output} = '-'; +} + +my ($data, $dn); + +# Top object (base) +$data->{$basedn} = { + objectclass => [qw/organization dcObject top/], + dc => $dc, + o => $company, +}; + +# Top containers for users/groups/computers +foreach (qw/Users Groups Computers/) { + $data->{"ou=$_,$basedn"} = { + objectclass => [qw/organizationalUnit top/], + ou => $_, + }; +} + +# Common accounts needed for SME to work properly +$data->{"cn=nobody,$groupou,$basedn"}->{objectclass} = [ qw/posixGroup/ ]; +$data->{"uid=www,$userou,$basedn"}->{objectclass} = [ qw/account/ ]; +$data->{"cn=www,$groupou,$basedn"} = { objectclass => [ qw/posixGroup/ ], memberuid => [ qw/admin/ ] }; +$data->{"cn=shared,$groupou,$basedn"} = { + objectclass => [ qw/posixGroup mailboxRelatedObject/ ], + mail => "everyone\@$domain", + memberuid => [ qw/www/ ] +}; + +# Read in accounts database information +foreach my $acct ($a->get('admin'), $a->users, $a->groups, $a->ibays, $a->get_all_by_prop(type => 'machine')) { + my $key = $acct->key; + my $type = $acct->prop('type'); + + next if $key eq 'Primary'; + + $dn = "uid=$key,".($type eq 'machine' ? $compou : $userou).",$basedn"; + if ($type =~ /^(?:user|group|machine|ibay)$/ || $key eq 'admin') { + if ($type eq 'user' || $key eq 'admin') { + # Allow removal of obsolete person objectclass and samba attributes + push @{$data->{$dn}->{_delete}->{objectclass}}, 'person'; + + + push @{$data->{$dn}->{objectclass}}, 'inetOrgPerson'; + $data->{$dn}->{mail} = "$key\@$domain"; + @{$data->{$dn}}{qw/givenname sn telephonenumber o ou l street/} = + map { $acct->prop($_) || [] } qw/FirstName LastName Phone Company Dept City Street/; + $data->{$dn}->{cn} = $data->{$dn}->{gecos} = $acct->prop('FirstName').' '.$acct->prop('LastName'); + } + else { + push @{$data->{$dn}->{objectclass}}, 'account'; + } + + # users/ibays need to be a member of shared + push @{$data->{"cn=shared,$groupou,$basedn"}->{memberuid}}, $key if $type =~ /^(user|ibay)$/ || $key eq 'admin'; + + if ($auth ne 'enabled') { + # Allow removal of shadow properties + push @{$data->{$dn}->{_delete}->{objectclass}}, 'shadowAccount'; + $data->{$dn}->{_delete}->{lc($_)} = 1 foreach qw/userPassword shadowLastChange shadowMin shadowMax + shadowWarning shadowInactive shadowExpire shadowFlag/; + + if ( -f "$schema" ) { + # If we will be adding samba properties then allow removal + push @{$data->{$dn}->{_delete}->{objectclass}}, 'sambaSamAccount'; + $data->{$dn}->{_delete}->{lc($_)} = 1 foreach qw/displayName sambaAcctFlags sambaLMPassword sambaNTPassword + sambaNTPassword sambaPrimaryGroupSID sambaPwdLastSet sambaSID/; + } + } + } + + $dn = "cn=$key,$groupou,$basedn"; + push @{$data->{$dn}->{objectclass}}, 'posixGroup'; + if ($type eq 'group') { + # Allways replace memberuid with new set + $data->{$dn}->{_delete}->{memberuid} = 1; + + push @{$data->{$dn}->{objectclass}}, 'mailboxRelatedObject'; + + $data->{$dn}->{mail} = "$key\@$domain"; + $data->{$dn}->{description} = $acct->prop('Description') || []; + push @{$data->{$dn}->{memberuid}}, split /,/, ($acct->prop('Members') || ''); + + # www needs to be a memeber of every group + push @{$data->{$dn}->{memberuid}}, 'www'; + + if ($auth ne 'enabled' && -f "$schema" ) { + # If we will be adding samba properties then allow removal + push @{$data->{$dn}->{_delete}->{objectclass}}, 'sambaGroupMapping'; + $data->{$dn}->{_delete}->{lc($_)} = 1 foreach qw/displayName sambaGroupType sambaSID/; + } + } + elsif ($type eq 'ibay') { + $dn = "cn=".$acct->prop('Group').",$groupou,$basedn"; + push @{$data->{$dn}->{memberuid}}, $acct->key; + } +} + +if ($auth ne 'enabled') { + # Read in information from unix (passwd) system + open PASSWD, '/etc/passwd'; + while () { + chomp; + my @passwd = split /:/, $_; + next unless scalar @passwd == 7; + + $dn = "uid=$passwd[0],".($passwd[0] =~ /\$$/ ? $compou : $userou).",$basedn"; + next unless exists $data->{$dn}; + + push @{$data->{$dn}->{objectclass}}, 'posixAccount'; + @{$data->{$dn}}{qw/cn uid uidnumber gidnumber homedirectory loginshell gecos/} = + map { $passwd[$_] ? $passwd[$_] : [] } (4,0,2,3,5,6,4); + } + close (PASSWD); + + # Shadow file defaults (pulled from cpu.conf) + my %shadow_def = ( 1 => [], 2 => 11192, 3 => -1, 4 => 99999, 5 => 7, 6 => -1, 7 => -1, 8 => 134538308 ); + + # Read in information from unix (shadow) system + open SHADOW, '/etc/shadow'; + while () { + chomp; + my @shadow = split /:/, $_; + next unless scalar @shadow >= 6; + $shadow[1] = '!*' if $shadow[1] eq '!!'; + $shadow[1] = "{CRYPT}$shadow[1]" unless $shadow[1] =~ /^\{/; + + $dn = "uid=$shadow[0],".($shadow[0] =~ /\$$/ ? $compou : $userou).",$basedn"; + next unless exists $data->{$dn}; + + push @{$data->{$dn}->{objectclass}}, 'shadowAccount'; + @{$data->{$dn}}{ map { lc($_) } qw/userPassword shadowLastChange shadowMin shadowMax shadowWarning shadowInactive + shadowExpire shadowFlag/} = map { $shadow[$_] ? $shadow[$_] : $shadow_def{$_} } (1..8); + } + close (SHADOW); + + # Read in information from unix (group) system + open GROUP, '/etc/group'; + while () { + chomp; + my @group = split /:/, $_; + next unless scalar @group >= 3; + $group[3] = [ split /,/, ($group[3] || '') ]; + + $dn = "cn=$group[0],$groupou,$basedn"; + next unless exists $data->{$dn}; + + push @{$data->{$dn}->{objectclass}}, 'posixGroup'; + @{$data->{$dn}}{qw/cn gidnumber/} = map { $group[$_] ? $group[$_] : [] } (0,2); + push @{$data->{$dn}->{memberuid}}, @{$group[3]}; + } + close (GROUP); + + my %smbprop = ( + 'User SID' => 'sambasid', + 'Account Flags' => 'sambaacctflags', + 'Primary Group SID' => 'sambaprimarygroupsid', + 'Full Name' => 'displayname', + 'Password last set' => 'sambapwdlastset', + ); + + # Read in information from unix (smbpasswd) system + if ( -f "$schema" && -x '/usr/bin/pdbedit' ) { + $dn = undef; + open SMBDETAIL, '/usr/bin/pdbedit -vL 2> /dev/null|'; + while () { + chomp; + + $dn = ("uid=$1,".($1 =~ /\$$/ ? $compou : $userou).",$basedn") if m/^Unix username:\s+(\S.*)$/; + next unless $dn && exists $data->{$dn}; + + # Map the samba account properties that we care about + $data->{$dn}->{$smbprop{$1}} = ($2 ? str2time($2) : (defined $3 ? $3 : [])) + if m/^(.+):\s+(?:(\S.*\d{4} \d{2}:\d{2}:\d{2}.*)|(.*))$/ && exists $smbprop{$1}; + } + close (SMBDETAIL); + + open SMBPASSWD, '/usr/bin/pdbedit -wL 2> /dev/null|'; + while () { + chomp; + my @smbpasswd = split /:/, $_; + next unless scalar @smbpasswd >= 6; + + $dn = "uid=$smbpasswd[0],".($smbpasswd[0] =~ /\$$/ ? $compou : $userou).",$basedn"; + next unless exists $data->{$dn} && exists $data->{$dn}->{uidnumber} && $data->{$dn}->{uidnumber} eq $smbpasswd[1]; + + push @{$data->{$dn}->{objectclass}}, 'sambaSamAccount'; + @{$data->{$dn}}{qw/sambalmpassword sambantpassword/} = map { $smbpasswd[$_] ? $smbpasswd[$_] : [] } (2,3); + } + close (SMBPASSWD); + } + + if ( -f "$schema" && -x '/usr/bin/net' ) { + open GROUPMAP, '/usr/bin/net groupmap list 2> /dev/null|'; + while () { + chomp; + + if (m/^(.+) \((.+)\) -> (.+)$/) { + # Skip local machine accounts + next if $2 =~ /S-1-5-32-\d+/; + + $dn = "cn=$3,$groupou,$basedn"; + next unless exists $data->{$dn}; + + push @{$data->{$dn}->{objectclass}}, 'sambaGroupMapping'; + @{$data->{$dn}}{qw/displayname sambasid sambagrouptype/} = ($1, $2, 2); + } + } + close (GROUPMAP); + } +} + +my @ldif; + +# Loop through ldap data and update as necessary +my $reader = Net::LDAP::LDIF->new( $opt{input}, 'r', onerror => 'undef' ); +while( not $reader->eof()) { + my $entry = $reader->read_entry() || next; + $dn = $entry->dn; + + # Ensure the basedn is correct + $dn = "$1$basedn" if $dn =~ /^((?:(?!dc=)[^,]+,)*)dc=/; + + # Ensure correct ou is part of user/groups/computers + if ($dn =~ /^(uid=([^,\$]+)(\$)?),((?:(?!dc=)[^,]+,)*)dc=/) { + if ( defined $3 && $3 eq '$') { + $dn = "$1,$compou,$basedn"; + } + elsif (grep /posixGroup/, @{$entry->get_value('objectclass', asref => 1) || []}) { + $dn = "cn=$2,$groupou,$basedn"; + + # Cleanup attributes that the modrdn will perform + $entry->add(cn => $2); + $entry->delete(uid => [$2]); + } + else { + $dn = "$1,$userou,$basedn"; + } + } + elsif ($dn =~ /^(cn=[^,]+),((?:(?!dc=)[^,]+,)*)dc=/) { + $dn = "$1,$groupou,$basedn" unless $2 =~ /^ou=auto\./; + } + + # Don't process records twice + next if $data->{$dn}->{_done}; + + # Rename existing entry into place if we can + if ($dn ne $entry->dn) { + my $rdn = Net::LDAP::Entry->new; + $rdn->dn($entry->dn); + $rdn->changetype('modrdn'); + my ($newdn, $newbase) = split /,/, $dn, 2; + $rdn->add(newrdn => $newdn, deleteoldrdn => 1, newsuperior => $newbase); + push @ldif, $rdn; + + # Now we can change the entry to new dn + $entry->dn($dn); + } + + # Change type to modify so that we can keep track of changes we make + $entry->changetype('modify'); + + # Hack to make upgrades work (add calEntry if calFGUrl attributes exists) + if ($entry->exists('calFBURL') && -f "/etc/openldap/schema/rfc2739.schema") { + push @{$data->{$dn}->{objectclass}}, 'calEntry'; + } + + my %attributes = (); + @attributes{ keys %{$data->{$dn}}, exists $data->{$dn}->{_delete} ? map { lc($_) } keys %{$data->{$dn}->{_delete}} : () } = (); + + foreach my $attr (sort keys %attributes) { + # Skip the pseudo attributes + next if $attr =~ /^_/; + + my @l = @{$entry->get_value($attr, asref => 1) || []}; + my @u = exists $data->{$dn}->{$attr} ? (ref $data->{$dn}->{$attr} ? @{$data->{$dn}->{$attr}} : ($data->{$dn}->{$attr})) : (); + + # Figure out differences between attributes + my (@lonly, @uonly, @donly, %lseen, %useen, %dseen) = () x 6; + + # Unique lists of what is in ldap and what needs to be in ldap + @lseen{@l} = (); + @useen{@u} = (); + + # Create list of attributes that aren't in the other + @uonly = grep { ! exists $lseen{$_} } keys %useen; + @lonly = grep { ! exists $useen{$_} } keys %lseen; + + # Determine which of the ldap only attributes we need to remove + if ((keys %useen == 1 && keys %lseen == 1) || (keys %useen == 0 && exists $data->{$dn}->{$attr})) { + # Replacing a single entry or erasing entire entry + @donly = @lonly; + } + elsif ($data->{$dn}->{_delete} && $data->{$dn}->{_delete}->{$attr}) { + if (my $ref = ref($data->{$dn}->{_delete}->{$attr})) { + # Map hash keys or array elemts to valid values to delete + @dseen{$ref eq 'HASH' ? keys %{$data->{$dn}->{_delete}->{$attr}} : @{$data->{$dn}->{_delete}->{$attr}}} = (); + @donly = grep { exists $dseen{$_} } @lonly; + } + else { + # Permission to remove all values + @donly = @lonly; + } + } + + if (@donly && @donly == @lonly) { + # If we are removing all ldap only attributes do a remove or full delete + if (@uonly) { + $entry->replace($attr => [ @uonly ]); + } + else { + $entry->delete($attr => [ @donly == keys %lseen ? () : @donly ]); + } + } + else { + $entry->delete($attr => [ @donly ]) if @donly; + $entry->add($attr => [ @uonly ]) if @uonly; + } + } + + $data->{$dn}->{_done} = 1; + push @ldif, $entry; +} +$reader->done(); + +# Add missing records that didn't exist in ldap yet +foreach $dn (grep { ! exists $data->{$_}->{_done} } sort keys %$data) { + my $entry = Net::LDAP::Entry->new; + $entry->dn($dn); + + foreach my $attr (sort keys %{$data->{$dn}}) { + # Skip the pseudo attributes + next if $attr =~ /^_/; + + my %seen = (); + @seen{ref $data->{$dn}->{$attr} ? @{$data->{$dn}->{$attr}} : ($data->{$dn}->{$attr})} = (); + $entry->add($attr => [ sort keys %seen ]) if keys %seen != 0; + } + + push @ldif, $entry; +} + +#------------------------------------------------------------ +# Update LDAP database entry. +#------------------------------------------------------------ +my $ldap; +if ($opt{update}) { + $ldap = Net::LDAP->new('localhost') or die "$@"; + $ldap->bind( dn => "cn=root,$basedn", password => esmith::util::LdapPassword() ); +} + +my $writer = Net::LDAP::LDIF->new( $opt{output}, 'w', onerror => 'undef', wrap => 0, sort => 1, change => $opt{diff} ); +foreach my $entry (sort dnsort @ldif) { + if ($opt{update} && ($entry->changetype ne 'modify' || @{$entry->{changes}}) ) { + my $result = $entry->update($ldap); + warn "Failure to ",$entry->changetype," ",$entry->dn,": ",$result->error,"\n" if $result->code; + } + + if ($writer->{change} || $entry->changetype !~ /modr?dn/) { + $writer->write_entry($entry); + } +} diff -ruN e-smith-ldap-5.2.0.ldap-init/root/var/service/ldap/run e-smith-ldap-5.2.0/root/var/service/ldap/run --- e-smith-ldap-5.2.0.ldap-init/root/var/service/ldap/run 2010-12-01 11:12:29.000000000 -0700 +++ e-smith-ldap-5.2.0/root/var/service/ldap/run 2010-12-01 12:08:53.000000000 -0700 @@ -2,27 +2,22 @@ exec 2>&1 -domain=$(/sbin/e-smith/config get DomainName) -old_domain=$(readlink ldif) - -loglevel=$(/sbin/e-smith/config getprop ldap LogLevel || echo 256) - ./control/1 -if [ -n "$old_domain" ] -then - old_domain=$(basename $old_domain | sed s/.ldif//) - old_ldif="/home/e-smith/db/ldap/$old_domain.ldif" -fi - +domain=$(/sbin/e-smith/config get DomainName) ldif="/home/e-smith/db/ldap/$domain.ldif" -if [ "$old_domain" != "$domain" ] +if [ -e ldif ] then - # The domain name has changed, so we need to delete - # the old directory contents. We still have the old - # dump. - find /var/lib/ldap -type f | xargs rm -f + old_ldif=$(readlink ldif) + if [ "$old_ldif" != "$ldif" ] + then + # The domain name has changed, so we need to delete + # the old directory contents. We still have the old + # dump. + mv -f $old_ldif $ldif + find /var/lib/ldap -type f | xargs rm -f + fi fi if [ -f /var/lib/ldap/nextid.dbb ] @@ -44,19 +39,15 @@ # Prime directory if required if [ \! -f /var/lib/ldap/id2entry.bdb ] then - if [ -e "$old_ldif" ] + if [ -e ldif ] then - grep -q "objectClass: dcObject" "$ldif" || /sbin/e-smith/expand-template /home/e-smith/db/ldap/ldif - perl ./convert_ldif $old_domain $domain < $old_ldif | \ - setuidgid ldap slapadd -c + ./ldif-fix -i ldif | setuidgid ldap slapadd -c else - if [ \! -e "$ldif" ] - then - /sbin/e-smith/expand-template /home/e-smith/db/ldap/ldif - fi - setuidgid ldap slapadd -c < $ldif + ./ldif-fix -i /dev/null | setuidgid ldap slapadd -c fi fi +loglevel=$(/sbin/e-smith/config getprop ldap LogLevel || echo 256) + # Now run daemon exec /usr/sbin/slapd -4 -u ldap -d $loglevel -s 0 -h "ldap:/// ldaps:/// ldapi:///"