- move the migration script

author: Nalin Dahyabhai <nalin.dahyabhai@pobox.com> 2008-06-04 20:45:30 -0400
committer: Nalin Dahyabhai <nalin.dahyabhai@pobox.com> 2008-06-04 20:45:30 -0400
commit: 8cca6ecf1a5ebf7385bd304ce826a81bb501e3ec (patch)
tree: afeb8d714499e80529f1955fa415f801917aabd7 /doc/migrate-nis.sh
parent: e2991a959ffa5ed6c3545ec0ad0b0f4f4b1b072e (diff)
download: slapi-nis-8cca6ecf1a5ebf7385bd304ce826a81bb501e3ec.tar.gz
slapi-nis-8cca6ecf1a5ebf7385bd304ce826a81bb501e3ec.tar.xz
slapi-nis-8cca6ecf1a5ebf7385bd304ce826a81bb501e3ec.zip
1 files changed, 383 insertions, 0 deletions
diff --git a/doc/migrate-nis.sh b/doc/migrate-nis.sh
new file mode 100755
index 0000000..5f77b41
--- /dev/null
+++ b/doc/migrate-nis.sh
@@ -0,0 +1,383 @@
+#!/bin/sh
+
+domain=`domainname`
+server=`ypwhich -d $domain`
+suffix=dc=example,dc=com
+people=cn=Users
+groups=cn=Group
+ipa=false
+realm=`echo "$domain" | tr '[a-z]' '[A-Z]'`
+rfc2307bis=false
+mergegroups=true
+maps=
+automap=false
+help=false
+mail=
+containers=false
+entries=true
+
+object_from_attr()
+{
+	case "$1" in
+	cn)
+		containerobject=nsContainer
+		;;
+	dc)
+		containerobject=domain
+		;;
+	ou)
+		containerobject=organizationalUnit
+		;;
+	*)
+		containerobject=extensibleObject
+		;;
+	esac
+	echo $containerobject
+}
+
+migrate_passwd() {
+	if $containers ; then
+		nameattr=`echo "$people" | cut -f1 -d=`
+		nameval=`echo "$people" | cut -f2- -d=`
+		containerclass=`object_from_attr "$nameattr"`
+		grep -v '^$' <<- EOF
+		dn: $people,$suffix
+		${nameattr}: ${nameval}
+		objectClass: $containerclass
+		EOF
+		echo
+	fi
+	while read key value ; do
+		if ! $entries ; then
+			continue
+		fi
+		uid=`echo "$value" | cut -d: -f1`
+		userpassword=`echo "$value" | cut -d: -f2`
+		uidnumber=`echo "$value" | cut -d: -f3`
+		gidnumber=`echo "$value" | cut -d: -f4`
+		gecos=`echo "$value" | cut -d: -f5`
+		homedirectory=`echo "$value" | cut -d: -f6`
+		loginshell=`echo "$value" | cut -d: -f7`
+		cn=`echo "$gecos" | cut -d, -f1`
+		givenname=`echo "$gecos" | awk '{print $1}'`
+		sn=`echo "$gecos" | awk '{print $NF}'`
+		grep -v '^$' <<- EOF
+			dn: uid=$uid,$people,$suffix
+			objectClass: posixAccount
+			uid: $uid
+			uidNumber: $uidnumber
+			gidNumber: $gidnumber
+			homeDirectory: $homedirectory
+			${userpassword:+userPassword: "{CRYPT}"$userpassword}
+			${loginshell:+loginShell: $loginshell}
+		EOF
+		if $rfc2307bis || $ipa ; then
+			grep -v '^$' <<- EOF
+			objectClass: inetOrgPerson
+			objectClass: inetUser
+			objectClass: organizationalPerson
+			objectClass: person
+			cn: ${cn:-$uid}
+			sn: ${sn:-$uid}
+			givenName: ${givenname:-$uid}
+			EOF
+		fi
+		if $ipa ; then
+			grep -v '^$' <<- EOF
+				objectClass: krbprincipalaux
+				krbPrincipalName: $uid@$realm
+			EOF
+		fi
+		echo
+	done
+}
+
+migrate_group() {
+	if $containers ; then
+		nameattr=`echo "$groups" | cut -f1 -d=`
+		nameval=`echo "$groups" | cut -f2- -d=`
+		containerclass=`object_from_attr "$nameattr"`
+		grep -v '^$' <<- EOF
+		dn: $groups,$suffix
+		${nameattr}: ${nameval}
+		objectClass: $containerclass
+		EOF
+		echo
+	fi
+	while read key value ; do
+		if ! $entries ; then
+			continue
+		fi
+		gid=`echo "$value" | cut -d: -f1`
+		userpassword=`echo "$value" | cut -d: -f2`
+		gidnumber=`echo "$value" | cut -d: -f3`
+		members=`echo "$value" | cut -d: -f4`
+		grep -v '^$' <<- EOF
+			dn: cn=$gid,$groups,$suffix
+			objectClass: posixGroup
+			cn: $gid
+			gidNumber: $gidnumber
+			${userpassword:+userPassword: "{CRYPT}"$userpassword}
+		EOF
+		if $rfc2307bis || $ipa ; then
+			grep -v '^$' <<- EOF
+				objectClass: groupOfNames
+			EOF
+			for member in `echo "$members" | sed 's:,: :g'` ; do
+				echo member: uid=$member,$people,$suffix
+			done
+		else
+			for member in `echo "$members" | sed 's:,: :g'` ; do
+				echo memberUid: $member
+			done
+		fi
+		echo
+	done
+}
+
+migrate_automount() {
+	if $containers ; then
+		grep -v '^$' <<- EOF
+			dn: automountMapName=$1,$suffix
+			objectClass: automountMap
+			automountMapName: $1
+		EOF
+		echo
+	fi
+	while read key value ; do
+		if ! $entries ; then
+			continue
+		fi
+		grep -v '^$' <<- EOF
+			dn: automountKey=$key,automountMap=$1,$suffix
+			objectClass: automount
+			automountKey: $key
+			automountInformation: $value
+		EOF
+		echo
+	done
+}
+
+migrate_nis() {
+	if $containers ; then
+		grep -v '^$' <<- EOF
+			dn: nisMapName=$1,$suffix
+			objectClass: nisMap
+			automountMapName: $1
+		EOF
+		echo
+	fi
+	while read key value ; do
+		if ! $entries ; then
+			continue
+		fi
+		grep -v '^$' <<- EOF
+			dn: cn=$key,automountMap=$1,$suffix
+			objectClass: nisObject
+			nisMapName: $1
+			cn: $key
+			nisEntry: $value
+		EOF
+		echo
+	done
+}
+
+mergegroups() {
+	if $mergegroups ; then
+		awk -F: '
+		BEGIN { OFS=":" }
+		{ 
+			if ((length(NAMES[$3]) == 0) ||
+			    (length(NAMES[$3]) > length($1))) {
+				NAMES[$3] = $1
+			}
+			GIDS[$3] = $3
+			PASS[$3] = $2
+			if (length(MEMBERS[$3]) > 0) {
+				MEMBERS[$3] = MEMBERS[$3] "," $4
+			} else {
+				MEMBERS[$3] = $4
+			}
+		}
+		END {
+			for (GID in GIDS) {
+				print NAMES[GID],PASS[GID],GID,MEMBERS[GID]
+			}
+		}'
+	else
+		cat
+	fi
+}
+
+get_map() {
+	case "$1" in
+	passwd*)
+		ypcat -k ${server:+-h $server} ${domain:+-d $domain} passwd.byname | sort
+		;;
+	group*)
+		ypcat -k ${server:+-h $server} ${domain:+-d $domain} group.byname | mergegroups | sort
+		;;
+	*)
+		ypcat -k ${server:+-h $server} ${domain:+-d $domain} "$1" | sort
+		;;
+	esac
+}
+
+migrate_map() {
+	case "$1" in
+	passwd*)
+		$entries && get_map "$1" || echo | migrate_passwd
+		;;
+	group*)
+		$entries && get_map "$1" || echo | migrate_group
+		;;
+	auto.*|auto_*)
+		$entries && get_map "$1" || echo | migrate_automount "$1"
+		;;
+	*)
+		$entries && get_map "$1" || echo | migrate_nis "$1"
+		;;
+	esac
+}
+
+while test $# -gt 0 ; do
+	case "$1" in
+	--domain=*)
+		domain=`echo "$1" | cut -f2- -d=`
+		automap=false
+		;;
+	--domain)
+		shift
+		domain="$1"
+		automap=false
+		;;
+	--server=*)
+		server=`echo "$1" | cut -f2- -d=`
+		automap=false
+		;;
+	--server)
+		shift
+		server="$1"
+		automap=false
+		;;
+	--suffix=*)
+		suffix=`echo "$1" | cut -f2- -d=`
+		;;
+	--suffix)
+		shift
+		suffix="$1"
+		;;
+	--people=*)
+		people=`echo "$1" | cut -f2- -d=`
+		;;
+	--people)
+		shift
+		people="$1"
+		;;
+	--groups=*)
+		groups=`echo "$1" | cut -f2- -d=`
+		;;
+	--groups)
+		shift
+		groups="$1"
+		;;
+	--nomergegroups)
+		mergegroups=false
+		;;
+	--rfc2307bis)
+		rfc2307bis=true
+		;;
+	--ipa)
+		ipa=true
+		;;
+	--realm=*)
+		realm=`echo "$1" | cut -f2- -d= | tr '[a-z]' '[A-Z]'`
+		automap=false
+		;;
+	--realm)
+		shift
+		realm=`echo "$1"                | tr '[a-z]' '[A-Z]'`
+		automap=false
+		;;
+	-a|--all)
+		automap=true
+		;;
+	--containers)
+		containers=true
+		;;
+	--just-containers)
+		containers=true
+		entries=false
+		;;
+	-*|-h|--help)
+		help=true
+		;;
+	*)
+		maps="${maps:+$maps }$1"
+		;;
+	esac
+	shift
+done
+
+if $automap && test "$maps" = "" ; then
+	maps=`./ypmaplist.py`
+fi
+if $help || test "$maps" = "" ; then
+	echo `basename $0`: create LDIF from NIS maps
+	echo Usage: `basename $0` "[options] [mapname [...]]"
+	cat <<- EOF
+	Options:
+	-h --help		Print this text.
+	--domain		Query maps for a non-default domain (default is
+	 			"$domain").
+	--server		Query a non-default server (default is
+	 			"$server").
+	--suffix		Store entries under a non-default suffix (default is
+	 			"$suffix").
+	--people		Store account entries under a non-default container
+	 			under the suffix (default is "$people").
+	--groups		Store group entries under a non-default container
+	 			under the suffix (default is "$groups").
+	--nomergegroups		Don't merge group entries which have the same GID.
+	--rfc2307bis		Use groupOfNames groups, create user account
+	 			entries which are also inetOrgPerson entries.
+	--ipa			Use groupOfNames groups, create user account
+	 			entries which are also inetOrgPerson and Kerberos
+	 			user entries.
+	--realm			Use a non-default Kerberos realm name (default is
+	 			"$realm").
+	--email			Add email addresses by default (default domain for
+	 			mail addresses is "$domain").
+	-a --all		Attempt to migrate all maps in the local domain.
+	 			(Can not be used with either the --server or
+	 			the --domain options.)
+	--containers		Create containers for maps in addition to entries.
+	--just-containers	Create containers for maps, but not for entries.
+	EOF
+else
+	seen_passwd=false
+	seen_group=false
+	for map in $maps ; do
+		seen_before=false
+		case "$map" in
+		*.by*)
+			base=`echo "$map" | sed 's,\.by.*,,g'`
+			case $base in
+			passwd)
+				if $seen_passwd ; then
+					seen_before=true
+				fi
+				seen_passwd=true
+				;;
+			group)
+				if $seen_group ; then
+					seen_before=true
+				fi
+				seen_group=true
+				;;
+			esac
+			;;
+		esac
+		$seen_before || migrate_map "$map"
+	done
+fi
author	Nalin Dahyabhai <nalin.dahyabhai@pobox.com>	2008-06-04 20:45:30 -0400
committer	Nalin Dahyabhai <nalin.dahyabhai@pobox.com>	2008-06-04 20:45:30 -0400
commit	8cca6ecf1a5ebf7385bd304ce826a81bb501e3ec (patch)
tree	afeb8d714499e80529f1955fa415f801917aabd7 /doc/migrate-nis.sh
parent	e2991a959ffa5ed6c3545ec0ad0b0f4f4b1b072e (diff)
download	slapi-nis-8cca6ecf1a5ebf7385bd304ce826a81bb501e3ec.tar.gz slapi-nis-8cca6ecf1a5ebf7385bd304ce826a81bb501e3ec.tar.xz slapi-nis-8cca6ecf1a5ebf7385bd304ce826a81bb501e3ec.zip