/[smeserver]/rpms/e-smith-ldap/sme8/e-smith-ldap-5.2.0-simple-ldap-update.patch
ViewVC logotype

Annotation of /rpms/e-smith-ldap/sme8/e-smith-ldap-5.2.0-simple-ldap-update.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (hide annotations) (download)
Mon Nov 8 18:58:26 2010 UTC (13 years, 11 months ago) by slords
Branch: MAIN
CVS Tags: e-smith-ldap-5_2_0-79_el5_sme, e-smith-ldap-5_2_0-81_el5_sme, e-smith-ldap-5_2_0-72_el5_sme, e-smith-ldap-5_2_0-80_el5_sme, e-smith-ldap-5_2_0-76_el5_sme, e-smith-ldap-5_2_0-71_el5_sme, e-smith-ldap-5_2_0-74_el5_sme, e-smith-ldap-5_2_0-77_el5_sme, e-smith-ldap-5_2_0-65_el5_sme, e-smith-ldap-5_2_0-75_el5_sme, e-smith-ldap-5_2_0-78_el5_sme, e-smith-ldap-5_2_0-66_el5_sme, e-smith-ldap-5_2_0-63_el5_sme, e-smith-ldap-5_2_0-70_el5_sme, e-smith-ldap-5_2_0-73_el5_sme, e-smith-ldap-5_2_0-69_el5_sme, e-smith-ldap-5_2_0-68_el5_sme, e-smith-ldap-5_2_0-67_el5_sme, e-smith-ldap-5_2_0-64_el5_sme, HEAD
* Mon Nov 8 2010 Shad L. Lords <slords@mail.com> 5.2.0-63.sme
- Simplify ldap-update for most events [SME: 6354]

1 slords 1.1 diff -up e-smith-ldap-5.2.0/createlinks.simple-ldap-update e-smith-ldap-5.2.0/createlinks
2     --- e-smith-ldap-5.2.0/createlinks.simple-ldap-update 2010-11-08 11:48:06.000000000 -0700
3     +++ e-smith-ldap-5.2.0/createlinks 2010-11-08 11:48:42.000000000 -0700
4     @@ -14,26 +14,27 @@ templates2events("/etc/openldap/$_",
5     ));
6     }
7    
8     -event_link("ldap-update", "group-create", "95");
9     +event_link("ldap-update-simple", "group-create", "95");
10     +event_link("ldap-update-simple", "group-modify", "95");
11     event_link("ldap-delete", "group-delete", "55");
12     -event_link("ldap-update", "user-create", "95");
13     +
14     +event_link("ldap-update-simple", "user-create", "95");
15     +event_link("ldap-update-simple", "user-modify", "95");
16     +event_link("ldap-update-simple", "user-modify-admin", "95");
17     event_link("ldap-delete", "user-delete", "55");
18     -event_link("ldap-update", "user-lock", "55");
19    
20     -event_link("ldap-update", "user-modify", "95");
21     -event_link("ldap-update", "user-modify-admin", "95");
22     -event_link("ldap-update", "group-modify", "95");
23     -event_link("ldap-update", "password-modify", "95");
24     +event_link("ldap-update-simple", "password-modify", "95");
25     +event_link("ldap-update-simple", "user-lock", "55");
26    
27     -event_link("ldap-update", "ibay-create", "95");
28     -event_link("ldap-update", "ibay-modify", "95");
29     +event_link("ldap-update-simple", "ibay-create", "95");
30     +event_link("ldap-update-simple", "ibay-modify", "95");
31     event_link("ldap-delete", "ibay-delete", "55");
32    
33     +event_link("ldap-update-simple", "machine-account-create", "95");
34     +
35     event_link("ldap-update", "bootstrap-ldap-save", "25");
36     event_link("cleanup-unix-user-group", "bootstrap-ldap-save", "98");
37    
38     -event_link("ldap-update", "machine-account-create", "95");
39     -
40     event_link("ldap-dump", "pre-backup", "30");
41    
42     event_link("ldap-update", "ldap-update", "80");
43     diff -up e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update.simple-ldap-update e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update
44     --- e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update.simple-ldap-update 2010-11-08 11:48:06.000000000 -0700
45     +++ e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update 2010-11-08 11:48:42.000000000 -0700
46     @@ -120,7 +120,7 @@ my ($dc,undef) = split (/\./, $domain);
47     my $o = $l->prop('defaultCompany') || $domain;
48    
49     # Try and find base record
50     -my %seen;
51     +my $seen;
52     my @objects = qw(top organization dcObject);
53     my $result = $ldap->search( base => $base, filter => '(objectClass=*)', scope => 'base' );
54     if ($result->code == 32)
55     @@ -134,8 +134,8 @@ elsif ($result->code)
56     else
57     {
58     # Don't overwrite objectClass (just update if necessary)
59     - %seen = ();
60     - @objects = grep { ! $seen{$_} ++ } (@objects, $result->entry(0)->get_value('objectClass') );
61     + $seen = ();
62     + @objects = grep { ! $seen->{$_} ++ } (@objects, $result->entry(0)->get_value('objectClass') );
63     $ldap->modify( $base, replace => { dc => $dc, o => $o, objectClass => \@objects } );
64     }
65     warn "failed to add/update entry $base: ", $result->error if $result->code;
66     @@ -156,8 +156,8 @@ foreach my $obj ( qw(Users Groups Comput
67     else
68     {
69     # Don't overwrite objectClass (just update if necessary)
70     - %seen = ();
71     - @objects = grep { ! $seen{$_} ++ } (@objects, $result->entry(0)->get_value('objectClass') );
72     + $seen = ();
73     + @objects = grep { ! $seen->{$_} ++ } (@objects, $result->entry(0)->get_value('objectClass') );
74     $result = $ldap->modify( "ou=$obj,$base", replace => { ou => $obj, objectClass => \@objects } );
75     }
76     warn "failed to add/update entry ou=$obj,$base: ", $result->error if $result->code;
77     @@ -175,6 +175,7 @@ foreach my $user (qw/www/){
78    
79     # Read information from getent passwd
80     @{$updates->{$dn}}{'uid','userPassword','uidNumber','gidNumber','junk','junk','gecos','homeDirectory','loginShell'} = getpwnam($user);
81     + $updates->{$dn}->{userPassword} = "!*" if $updates->{$dn}->{userPassword} eq '!!';
82     $updates->{$dn}->{userPassword} =~ s/^/{CRYPT}/ unless $updates->{$dn}->{userPassword} =~ m/^{/;
83     $updates->{$dn}->{cn} = $updates->{$dn}->{gecos};
84    
85     @@ -197,6 +198,16 @@ foreach my $user (qw/www/){
86     }
87     push @{$updates->{$dn}->{objectClass}}, 'sambaSamAccount';
88     }
89     + else
90     + {
91     + $updates->{$dn}->{sambaLMPassword} = [];
92     + $updates->{$dn}->{sambaNTPassword} = [];
93     + $updates->{$dn}->{sambaSID} = [];
94     + $updates->{$dn}->{displayName} = [];
95     + $updates->{$dn}->{sambaPrimaryGroupSID} = [];
96     + $updates->{$dn}->{sambaAcctFlags} = [];
97     + $updates->{$dn}->{sambaPwdLastSet} = [];
98     + }
99     }
100     }
101     endpwent();
102     @@ -217,12 +228,21 @@ foreach my $group (qw/nobody shared www/
103     }
104    
105     # Samba parameters if we find the samba.schema
106     - if ( -f "$schema" and exists $groupmap->{$group} )
107     - {
108     - push @{$updates->{$dn}->{objectClass}}, 'sambaGroupMapping';
109     - $updates->{$dn}->{displayName} = $groupmap->{$group}->{name};
110     - $updates->{$dn}->{sambaSID} = $groupmap->{$group}->{sid};
111     - $updates->{$dn}->{sambaGroupType} = '2';
112     + if ( -f "$schema" )
113     + {
114     + if ( exists $groupmap->{$group} )
115     + {
116     + push @{$updates->{$dn}->{objectClass}}, 'sambaGroupMapping';
117     + $updates->{$dn}->{displayName} = $groupmap->{$group}->{name};
118     + $updates->{$dn}->{sambaSID} = $groupmap->{$group}->{sid};
119     + $updates->{$dn}->{sambaGroupType} = '2';
120     + }
121     + else
122     + {
123     + $updates->{$dn}->{displayName} = [];
124     + $updates->{$dn}->{sambaSID} = [];
125     + $updates->{$dn}->{sambaGroupType} = [];
126     + }
127     }
128     }
129     endgrent();
130     @@ -260,6 +280,7 @@ foreach my $acct (@accounts)
131     delete $updates->{$dn};
132     next;
133     }
134     + $updates->{$dn}->{userPassword} = "!*" if $updates->{$dn}->{userPassword} eq '!!';
135     $updates->{$dn}->{userPassword} =~ s/^/{CRYPT}/ unless $updates->{$dn}->{userPassword} =~ m/^{/;
136     $desc = $updates->{$dn}->{cn} = $updates->{$dn}->{gecos};
137    
138     @@ -300,6 +321,16 @@ foreach my $acct (@accounts)
139     }
140     push @{$updates->{$dn}->{objectClass}}, 'sambaSamAccount';
141     }
142     + else
143     + {
144     + $updates->{$dn}->{sambaLMPassword} = [];
145     + $updates->{$dn}->{sambaNTPassword} = [];
146     + $updates->{$dn}->{sambaSID} = [];
147     + $updates->{$dn}->{displayName} = [];
148     + $updates->{$dn}->{sambaPrimaryGroupSID} = [];
149     + $updates->{$dn}->{sambaAcctFlags} = [];
150     + $updates->{$dn}->{sambaPwdLastSet} = [];
151     + }
152     }
153    
154     #------------------------------------------------------------
155     @@ -322,20 +353,27 @@ foreach my $acct (@accounts)
156     }
157    
158     # Samba parameters if we find the samba.schema
159     - if ( -f "$schema" and exists $groupmap->{$key} )
160     + if ( -f "$schema" )
161     {
162     - push @{$updates->{$dn}->{objectClass}}, 'sambaGroupMapping';
163     - $updates->{$dn}->{displayName} = $groupmap->{$key}->{name};
164     - $updates->{$dn}->{sambaSID} = $groupmap->{$key}->{sid};
165     - $updates->{$dn}->{sambaGroupType} = '2';
166     + if ( exists $groupmap->{$key} )
167     + {
168     + push @{$updates->{$dn}->{objectClass}}, 'sambaGroupMapping';
169     + $updates->{$dn}->{displayName} = $groupmap->{$key}->{name};
170     + $updates->{$dn}->{sambaSID} = $groupmap->{$key}->{sid};
171     + $updates->{$dn}->{sambaGroupType} = '2';
172     + }
173     + else
174     + {
175     + $updates->{$dn}->{displayName} = [];
176     + $updates->{$dn}->{sambaSID} = [];
177     + $updates->{$dn}->{sambaGroupType} = [];
178     + }
179     }
180     -
181     }
182     }
183     endpwent();
184     endgrent();
185    
186     -
187     #------------------------------------------------------------
188     # Update LDAP database entry.
189     #------------------------------------------------------------
190     @@ -423,8 +461,12 @@ foreach my $dn (keys %$updates)
191     else
192     {
193     # Don't overwrite objectClass (just remove person if existing)
194     - %seen = ( person => 1 );
195     - @{$updates->{$dn}->{objectClass}} = grep { ! $seen{$_}++ } (@{$updates->{$dn}->{objectClass}}, @objectClass );
196     + $seen = { person => 1 };
197     +
198     + # Remove samba objectClasses if removing samba attributes
199     + @{$seen}{'sambaSamAccount','sambaGroupMapping'} = (1,1) if ref($updates->{$dn}->{sambaSID}) eq 'ARRAY';
200     +
201     + @{$updates->{$dn}->{objectClass}} = grep { ! $seen->{$_}++ } (@{$updates->{$dn}->{objectClass}}, @objectClass );
202    
203     $result = $ldap->modify( $dn, replace => $updates->{$dn});
204     $result->code && warn "failed to modify entry $dn: ", $result->error;
205     diff -up e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update-simple.simple-ldap-update e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update-simple
206     --- e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update-simple.simple-ldap-update 2010-11-08 11:48:53.000000000 -0700
207     +++ e-smith-ldap-5.2.0/root/etc/e-smith/events/actions/ldap-update-simple 2010-11-08 11:48:42.000000000 -0700
208     @@ -0,0 +1,245 @@
209     +#!/usr/bin/perl -w
210     +
211     +package esmith;
212     +
213     +use strict;
214     +use Errno;
215     +use esmith::ConfigDB;
216     +use esmith::AccountsDB;
217     +use esmith::util;
218     +use Net::LDAP;
219     +use Date::Parse;
220     +
221     +my $c = esmith::ConfigDB->open_ro;
222     +my $a = esmith::AccountsDB->open_ro;
223     +
224     +my $l = $c->get('ldap');
225     +my $status = $l->prop('status') || "disabled";
226     +unless ($status eq "enabled" )
227     +{
228     + warn "Not running action script $0, LDAP service not enabled!\n";
229     + exit(0);
230     +}
231     +
232     +exit(0) if ($c->get('ldap')->prop('Authentication') || 'disabled') eq 'enabled';
233     +
234     +my $domain = $c->get('DomainName')
235     + || die("Couldn't determine domain name");
236     +$domain = $domain->value;
237     +
238     +my $schema = '/etc/openldap/schema/samba.schema';
239     +
240     +my $event = shift || die "Event name must be specified";
241     +
242     +my @name = @ARGV;
243     +die "Account name argument missing." unless scalar (@name) >= 1;
244     +
245     +#------------------------------------------------------------
246     +# Update LDAP database entry.
247     +#------------------------------------------------------------
248     +my $base = esmith::util::ldapBase ($domain);
249     +my $pw = esmith::util::LdapPassword();
250     +
251     +my $ldap = Net::LDAP->new('localhost')
252     + or die "$@";
253     +
254     +$ldap->bind(
255     + dn => "cn=root,$base",
256     + password => $pw
257     +);
258     +
259     +my @accounts;
260     +my $account;
261     +foreach my $name (@name)
262     +{
263     + $account = $a->get($name);
264     + die "Account $name not found.\n" unless defined $account;
265     + my $type = $account->prop('type') || "unknown";
266     +
267     + die "Account $name is not a user, group, ibay, machine account; update LDAP entry failed.\n"
268     + unless ($type =~ m{^(?:user|group|ibay|machine)$} or $name eq 'admin');
269     +
270     + push @accounts, $account;
271     +}
272     +
273     +#------------------------------------------------------------
274     +# Read all samba groups (can't do individual lookups)
275     +#------------------------------------------------------------
276     +
277     +my $groupmap = ();
278     +
279     +# Only do if schema is found
280     +if ( -f "$schema" and -x '/usr/bin/net' )
281     +{
282     + foreach (`/usr/bin/net groupmap list 2> /dev/null`){
283     + chomp;
284     + next if m{\(S-1-5-32-\d+\)};
285     + $groupmap->{$3} = { name => "$1", sid => "$2" } if (/^(.*) \((S-.*-\d+)\) -> (.*)$/);
286     + }
287     +}
288     +
289     +#------------------------------------------------------------
290     +# Create a list of updates that need to happen
291     +#------------------------------------------------------------
292     +
293     +my $updates;
294     +foreach my $acct (@accounts)
295     +{
296     + my $key = $acct->key;
297     + my $type = $acct->prop('type');
298     + my $desc = undef;
299     + my $dn;
300     +
301     + if ($type =~ m{^(?:user|group|ibay|machine)$} or $key eq 'admin')
302     + {
303     + #------------------------------------------------------------
304     + # Do the user portion
305     + #------------------------------------------------------------
306     + if ($type eq 'machine')
307     + {
308     + $dn = "uid=$key,ou=Computers,$base";
309     + }
310     + else
311     + {
312     + $dn = "uid=$key,ou=Users,$base";
313     + }
314     + utf8::upgrade($dn);
315     +
316     + # Read information from getent passwd
317     + @{$updates->{$dn}}{'uid','userPassword'} = getpwnam($key);
318     + unless ($updates->{$dn}->{uid})
319     + {
320     + delete $updates->{$dn};
321     + next;
322     + }
323     + $updates->{$dn}->{userPassword} = "!*" if $updates->{$dn}->{userPassword} eq '!!';
324     + $updates->{$dn}->{userPassword} =~ s/^/{CRYPT}/ unless $updates->{$dn}->{userPassword} =~ m/^{/;
325     +
326     + # Samba parameters if we find the samba.schema
327     + if ( -f "$schema" and -x '/usr/bin/pdbedit' )
328     + {
329     + my $line = `/usr/bin/pdbedit -wu '$key' 2> /dev/null`;
330     + chomp($line);
331     + if ($line)
332     + {
333     + @{$updates->{$dn}}{'junk','junk','sambaLMPassword','sambaNTPassword'} = split(/:/,$line);
334     + foreach $line (`/usr/bin/pdbedit -vu '$key' 2> /dev/null`)
335     + {
336     + chomp($line);
337     + $updates->{$dn}->{sambaSID} = $1 if $line =~ m{User SID:\s+(S-.*)$};
338     + $updates->{$dn}->{displayName} = $1 if $line =~ m{Full Name:\s+(.*)$};
339     + $updates->{$dn}->{sambaPrimaryGroupSID} = $1 if $line =~ m{Primary Group SID:\s+(S-.*)$};
340     + $updates->{$dn}->{sambaAcctFlags} = $1 if $line =~ m{Account Flags:\s+(.*)$};
341     + $updates->{$dn}->{sambaPwdLastSet} = str2time($1) if $line =~ m{Password last set:\s+(.*)$};
342     + }
343     + push @{$updates->{$dn}->{objectClass}}, 'sambaSamAccount';
344     + }
345     + else
346     + {
347     + $updates->{$dn}->{sambaLMPassword} = [];
348     + $updates->{$dn}->{sambaNTPassword} = [];
349     + $updates->{$dn}->{sambaSID} = [];
350     + $updates->{$dn}->{displayName} = [];
351     + $updates->{$dn}->{sambaPrimaryGroupSID} = [];
352     + $updates->{$dn}->{sambaAcctFlags} = [];
353     + $updates->{$dn}->{sambaPwdLastSet} = [];
354     + }
355     + }
356     + }
357     +}
358     +endpwent();
359     +
360     +#------------------------------------------------------------
361     +# Do the group portion (only if we have samba)
362     +#------------------------------------------------------------
363     +if ( -f "$schema" )
364     +{
365     + foreach my $group ( (map { $_->key } $a->users), (map { $_->key } $a->groups), qw/admin nobody shared/ ){
366     + my $dn = "cn=$group,ou=Groups,$base";
367     + utf8::upgrade($dn);
368     +
369     + if ( exists $groupmap->{$group} )
370     + {
371     + push @{$updates->{$dn}->{objectClass}}, 'sambaGroupMapping';
372     + $updates->{$dn}->{displayName} = $groupmap->{$group}->{name};
373     + $updates->{$dn}->{sambaSID} = $groupmap->{$group}->{sid};
374     + $updates->{$dn}->{sambaGroupType} = '2';
375     + }
376     + else
377     + {
378     + $updates->{$dn}->{displayName} = [];
379     + $updates->{$dn}->{sambaSID} = [];
380     + $updates->{$dn}->{sambaGroupType} = [];
381     + }
382     + }
383     +}
384     +
385     +#------------------------------------------------------------
386     +# Update LDAP database entry.
387     +#------------------------------------------------------------
388     +foreach my $dn (keys %$updates)
389     +{
390     + # Try and find record
391     + my $result = $ldap->search( base => $dn, filter => '(objectClass=*)', scope => 'base' );
392     + warn "failed looking up entry $dn: ", $result->error if $result->code && $result->code != 32;
393     + my $code = $result->code;
394     + my @objectClass = $code == 32 ? () : $result->entry(0)->get_value('objectClass');
395     +
396     + # Clean up attributes and convert to utf8
397     + delete $updates->{$dn}->{'junk'};
398     + foreach my $attr ( keys %{$updates->{$dn}} )
399     + {
400     + if ( ref($updates->{$dn}->{$attr}) eq 'ARRAY' )
401     + {
402     + if ( $code == 32 and scalar(@{$updates->{$dn}->{$attr}}) == 0 )
403     + {
404     + delete $updates->{$dn}->{$attr};
405     + }
406     + else
407     + {
408     + for (my $c = 0; $c < scalar(@{$updates->{$dn}->{$attr}}); $c++)
409     + {
410     + utf8::upgrade($updates->{$dn}->{$attr}[$c]);
411     + }
412     + }
413     + }
414     + else
415     + {
416     + if ($updates->{$dn}->{$attr} !~ /^\s*$/)
417     + {
418     + utf8::upgrade($updates->{$dn}->{$attr});
419     + }
420     + elsif ( $code == 32 )
421     + {
422     + delete $updates->{$dn}->{$attr};
423     + }
424     + else
425     + {
426     + $updates->{$dn}->{$attr} = [];
427     + }
428     + }
429     + }
430     +
431     + # Perform insert or update
432     + if ( $code == 32 )
433     + {
434     + $result = $ldap->add( $dn, attrs => [ %{$updates->{$dn}} ] );
435     + $result->code && warn "failed to add entry $dn: ", $result->error;
436     + }
437     + else
438     + {
439     + # Don't overwrite objectClass (just update if necessary)
440     + my $seen = ();
441     +
442     + # Remove samba objectClasses if removing samba attributes
443     + @{$seen}{'sambaSamAccount','sambaGroupMapping'} = (1,1) if ref($updates->{$dn}->{sambaSID}) eq 'ARRAY';
444     +
445     + @{$updates->{$dn}->{objectClass}} = grep { ! $seen->{$_}++ } (@{$updates->{$dn}->{objectClass}}, @objectClass );
446     +
447     + $result = $ldap->modify( $dn, replace => $updates->{$dn});
448     + $result->code && warn "failed to modify entry $dn: ", $result->error;
449     + }
450     +}
451     +$ldap->unbind;
452     +
453     +exit (0);

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed