diff options
author | Nalin Dahyabhai <nalin.dahyabhai@pobox.com> | 2008-06-04 20:45:30 -0400 |
---|---|---|
committer | Nalin Dahyabhai <nalin.dahyabhai@pobox.com> | 2008-06-04 20:45:30 -0400 |
commit | 8cca6ecf1a5ebf7385bd304ce826a81bb501e3ec (patch) | |
tree | afeb8d714499e80529f1955fa415f801917aabd7 /doc/migrate-nis.sh | |
parent | e2991a959ffa5ed6c3545ec0ad0b0f4f4b1b072e (diff) | |
download | slapi-nis-8cca6ecf1a5ebf7385bd304ce826a81bb501e3ec.tar.gz slapi-nis-8cca6ecf1a5ebf7385bd304ce826a81bb501e3ec.tar.xz slapi-nis-8cca6ecf1a5ebf7385bd304ce826a81bb501e3ec.zip |
- move the migration script
Diffstat (limited to 'doc/migrate-nis.sh')
-rwxr-xr-x | doc/migrate-nis.sh | 383 |
1 files changed, 383 insertions, 0 deletions
diff --git a/doc/migrate-nis.sh b/doc/migrate-nis.sh new file mode 100755 index 0000000..5f77b41 --- /dev/null +++ b/doc/migrate-nis.sh @@ -0,0 +1,383 @@ +#!/bin/sh + +domain=`domainname` +server=`ypwhich -d $domain` +suffix=dc=example,dc=com +people=cn=Users +groups=cn=Group +ipa=false +realm=`echo "$domain" | tr '[a-z]' '[A-Z]'` +rfc2307bis=false +mergegroups=true +maps= +automap=false +help=false +mail= +containers=false +entries=true + +object_from_attr() +{ + case "$1" in + cn) + containerobject=nsContainer + ;; + dc) + containerobject=domain + ;; + ou) + containerobject=organizationalUnit + ;; + *) + containerobject=extensibleObject + ;; + esac + echo $containerobject +} + +migrate_passwd() { + if $containers ; then + nameattr=`echo "$people" | cut -f1 -d=` + nameval=`echo "$people" | cut -f2- -d=` + containerclass=`object_from_attr "$nameattr"` + grep -v '^$' <<- EOF + dn: $people,$suffix + ${nameattr}: ${nameval} + objectClass: $containerclass + EOF + echo + fi + while read key value ; do + if ! $entries ; then + continue + fi + uid=`echo "$value" | cut -d: -f1` + userpassword=`echo "$value" | cut -d: -f2` + uidnumber=`echo "$value" | cut -d: -f3` + gidnumber=`echo "$value" | cut -d: -f4` + gecos=`echo "$value" | cut -d: -f5` + homedirectory=`echo "$value" | cut -d: -f6` + loginshell=`echo "$value" | cut -d: -f7` + cn=`echo "$gecos" | cut -d, -f1` + givenname=`echo "$gecos" | awk '{print $1}'` + sn=`echo "$gecos" | awk '{print $NF}'` + grep -v '^$' <<- EOF + dn: uid=$uid,$people,$suffix + objectClass: posixAccount + uid: $uid + uidNumber: $uidnumber + gidNumber: $gidnumber + homeDirectory: $homedirectory + ${userpassword:+userPassword: "{CRYPT}"$userpassword} + ${loginshell:+loginShell: $loginshell} + EOF + if $rfc2307bis || $ipa ; then + grep -v '^$' <<- EOF + objectClass: inetOrgPerson + objectClass: inetUser + objectClass: organizationalPerson + objectClass: person + cn: ${cn:-$uid} + sn: ${sn:-$uid} + givenName: ${givenname:-$uid} + EOF + fi + if $ipa ; then + grep -v '^$' <<- EOF + objectClass: krbprincipalaux + krbPrincipalName: $uid@$realm + EOF + fi + echo + done +} + +migrate_group() { + if $containers ; then + nameattr=`echo "$groups" | cut -f1 -d=` + nameval=`echo "$groups" | cut -f2- -d=` + containerclass=`object_from_attr "$nameattr"` + grep -v '^$' <<- EOF + dn: $groups,$suffix + ${nameattr}: ${nameval} + objectClass: $containerclass + EOF + echo + fi + while read key value ; do + if ! $entries ; then + continue + fi + gid=`echo "$value" | cut -d: -f1` + userpassword=`echo "$value" | cut -d: -f2` + gidnumber=`echo "$value" | cut -d: -f3` + members=`echo "$value" | cut -d: -f4` + grep -v '^$' <<- EOF + dn: cn=$gid,$groups,$suffix + objectClass: posixGroup + cn: $gid + gidNumber: $gidnumber + ${userpassword:+userPassword: "{CRYPT}"$userpassword} + EOF + if $rfc2307bis || $ipa ; then + grep -v '^$' <<- EOF + objectClass: groupOfNames + EOF + for member in `echo "$members" | sed 's:,: :g'` ; do + echo member: uid=$member,$people,$suffix + done + else + for member in `echo "$members" | sed 's:,: :g'` ; do + echo memberUid: $member + done + fi + echo + done +} + +migrate_automount() { + if $containers ; then + grep -v '^$' <<- EOF + dn: automountMapName=$1,$suffix + objectClass: automountMap + automountMapName: $1 + EOF + echo + fi + while read key value ; do + if ! $entries ; then + continue + fi + grep -v '^$' <<- EOF + dn: automountKey=$key,automountMap=$1,$suffix + objectClass: automount + automountKey: $key + automountInformation: $value + EOF + echo + done +} + +migrate_nis() { + if $containers ; then + grep -v '^$' <<- EOF + dn: nisMapName=$1,$suffix + objectClass: nisMap + automountMapName: $1 + EOF + echo + fi + while read key value ; do + if ! $entries ; then + continue + fi + grep -v '^$' <<- EOF + dn: cn=$key,automountMap=$1,$suffix + objectClass: nisObject + nisMapName: $1 + cn: $key + nisEntry: $value + EOF + echo + done +} + +mergegroups() { + if $mergegroups ; then + awk -F: ' + BEGIN { OFS=":" } + { + if ((length(NAMES[$3]) == 0) || + (length(NAMES[$3]) > length($1))) { + NAMES[$3] = $1 + } + GIDS[$3] = $3 + PASS[$3] = $2 + if (length(MEMBERS[$3]) > 0) { + MEMBERS[$3] = MEMBERS[$3] "," $4 + } else { + MEMBERS[$3] = $4 + } + } + END { + for (GID in GIDS) { + print NAMES[GID],PASS[GID],GID,MEMBERS[GID] + } + }' + else + cat + fi +} + +get_map() { + case "$1" in + passwd*) + ypcat -k ${server:+-h $server} ${domain:+-d $domain} passwd.byname | sort + ;; + group*) + ypcat -k ${server:+-h $server} ${domain:+-d $domain} group.byname | mergegroups | sort + ;; + *) + ypcat -k ${server:+-h $server} ${domain:+-d $domain} "$1" | sort + ;; + esac +} + +migrate_map() { + case "$1" in + passwd*) + $entries && get_map "$1" || echo | migrate_passwd + ;; + group*) + $entries && get_map "$1" || echo | migrate_group + ;; + auto.*|auto_*) + $entries && get_map "$1" || echo | migrate_automount "$1" + ;; + *) + $entries && get_map "$1" || echo | migrate_nis "$1" + ;; + esac +} + +while test $# -gt 0 ; do + case "$1" in + --domain=*) + domain=`echo "$1" | cut -f2- -d=` + automap=false + ;; + --domain) + shift + domain="$1" + automap=false + ;; + --server=*) + server=`echo "$1" | cut -f2- -d=` + automap=false + ;; + --server) + shift + server="$1" + automap=false + ;; + --suffix=*) + suffix=`echo "$1" | cut -f2- -d=` + ;; + --suffix) + shift + suffix="$1" + ;; + --people=*) + people=`echo "$1" | cut -f2- -d=` + ;; + --people) + shift + people="$1" + ;; + --groups=*) + groups=`echo "$1" | cut -f2- -d=` + ;; + --groups) + shift + groups="$1" + ;; + --nomergegroups) + mergegroups=false + ;; + --rfc2307bis) + rfc2307bis=true + ;; + --ipa) + ipa=true + ;; + --realm=*) + realm=`echo "$1" | cut -f2- -d= | tr '[a-z]' '[A-Z]'` + automap=false + ;; + --realm) + shift + realm=`echo "$1" | tr '[a-z]' '[A-Z]'` + automap=false + ;; + -a|--all) + automap=true + ;; + --containers) + containers=true + ;; + --just-containers) + containers=true + entries=false + ;; + -*|-h|--help) + help=true + ;; + *) + maps="${maps:+$maps }$1" + ;; + esac + shift +done + +if $automap && test "$maps" = "" ; then + maps=`./ypmaplist.py` +fi +if $help || test "$maps" = "" ; then + echo `basename $0`: create LDIF from NIS maps + echo Usage: `basename $0` "[options] [mapname [...]]" + cat <<- EOF + Options: + -h --help Print this text. + --domain Query maps for a non-default domain (default is + "$domain"). + --server Query a non-default server (default is + "$server"). + --suffix Store entries under a non-default suffix (default is + "$suffix"). + --people Store account entries under a non-default container + under the suffix (default is "$people"). + --groups Store group entries under a non-default container + under the suffix (default is "$groups"). + --nomergegroups Don't merge group entries which have the same GID. + --rfc2307bis Use groupOfNames groups, create user account + entries which are also inetOrgPerson entries. + --ipa Use groupOfNames groups, create user account + entries which are also inetOrgPerson and Kerberos + user entries. + --realm Use a non-default Kerberos realm name (default is + "$realm"). + --email Add email addresses by default (default domain for + mail addresses is "$domain"). + -a --all Attempt to migrate all maps in the local domain. + (Can not be used with either the --server or + the --domain options.) + --containers Create containers for maps in addition to entries. + --just-containers Create containers for maps, but not for entries. + EOF +else + seen_passwd=false + seen_group=false + for map in $maps ; do + seen_before=false + case "$map" in + *.by*) + base=`echo "$map" | sed 's,\.by.*,,g'` + case $base in + passwd) + if $seen_passwd ; then + seen_before=true + fi + seen_passwd=true + ;; + group) + if $seen_group ; then + seen_before=true + fi + seen_group=true + ;; + esac + ;; + esac + $seen_before || migrate_map "$map" + done +fi |