diff options
author | Gerald Carter <jerry@samba.org> | 2001-06-29 18:44:19 +0000 |
---|---|---|
committer | Gerald Carter <jerry@samba.org> | 2001-06-29 18:44:19 +0000 |
commit | bec801b0386026959ba9900dc80f0c436a8ea34d (patch) | |
tree | 607a4e19453e0df768769e198c5dfaf25556e7d0 | |
parent | 1b32d27182b0569ee0e77702b8f1a34a32bc4203 (diff) | |
download | samba-bec801b0386026959ba9900dc80f0c436a8ea34d.tar.gz samba-bec801b0386026959ba9900dc80f0c436a8ea34d.tar.xz samba-bec801b0386026959ba9900dc80f0c436a8ea34d.zip |
oh my goodness! He's gone an done it now! :-)
Playing with LDAP support for 2.2 (non disruptively
of course).
Initial ideas of storing smbpasswd in LDAP and then having
a cron job to export it every so often....
I even thought of possibly something like
smb passwd file = |export_smbpasswd.pl
and having the smbpasswd file generate on the fly :-)
The point is that the full sam-db for accounts is a long ways off
in theory. This will make some people happy. The OIDs used in
the schema are ours.
jerry
-rw-r--r-- | examples/LDAP/import_smbpasswd.pl | 66 | ||||
-rw-r--r-- | examples/LDAP/samba.schema | 36 |
2 files changed, 102 insertions, 0 deletions
diff --git a/examples/LDAP/import_smbpasswd.pl b/examples/LDAP/import_smbpasswd.pl new file mode 100644 index 00000000000..f1fc33c6319 --- /dev/null +++ b/examples/LDAP/import_smbpasswd.pl @@ -0,0 +1,66 @@ +#!/usr/bin/perl +## +## Example script og how you could import and smbpasswd file into an LDAP +## directory using the Mozilla PerLDAP module. +## +## wrriten by jerry@samba.org +## + +use Mozilla::LDAP::Conn; +use Mozilla::LDAP::Entry; + +$DN="ou=people,dc=plainjoe,dc=org"; +$ROOTDN="cn=Manager,dc=plainjoe,dc=org"; +$rootpw = "secret"; +$LDAPSERVER="localhost"; + + +print "Connecting to $LDAPSERVER..."; +$conn = new Mozilla::LDAP::Conn ("$LDAPSERVER", "389", $ROOTDN, $rootpw ); +die "Unable to connect to LDAP server $LDAPSERVER" unless $conn; +print "connected!\n"; + +if ("$ARGV[0]") { + open (SMBPASSFILE, "$ARGV[0]") || die $!; + $infile = SMBPASSFILE; +} +else { + $infile = STDIN; +} + +while ( $string = <$infile> ) { + chop ($string); + + ## get the account information + @smbentry = split (/:/, $string); + + ## scheck for the existence of the posixAccount first + $result = $conn->search ("$DN", "sub", "(&(uid=$smbentry[0])(objectclass=posixAccount))"); + if ( ! $result ) { + print STDERR "uid=$smbentry[0] does not have a posixAccount entry in the directory!\n"; + next; + } + + print "Updating [" . $result->getDN() . "]\n"; + + ## Do we need to add the 'objectclass: smbPasswordEntry' attribute? + if (! $result->hasValue("objectclass", "smbPasswordEntry")) { + $result->addValue("objectclass", "smbPasswordEntry"); + } + + ## Set other attribute values + $result->setValues ("lmPassword", $smbentry[2]); + $result->setValues ("ntPassword", $smbentry[3]); + $result->setValues ("acctFlags", $smbentry[4]); + $result->setValues ("pwdLastSet", substr($smbentry[5],4)); + + if (! $conn->update($result)) { + print "Error updating!\n"; + } + + ## $result->printLDIF(); +} + +close ($infile); +$conn->close(); +exit 0; diff --git a/examples/LDAP/samba.schema b/examples/LDAP/samba.schema new file mode 100644 index 00000000000..8d26cc5612c --- /dev/null +++ b/examples/LDAP/samba.schema @@ -0,0 +1,36 @@ +## +## schema file for OpenLDAP 2.0.x +## Schema for storing Samba's smbpasswd file in LDAP +## OIDs are owned by the Samba Team +## +## Prerequisite schemas - uid & uidNumber (nis.schema) +## +## 1.3.1.5.1.4.1.7165.2.1.x - attributetypes +## 1.3.1.5.1.4.1.7165.2.2.x - objectclasses +## + +attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword' + DESC 'LanManager Passwd' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword' + DESC 'NT Passwd' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet' + DESC 'NT pwdLastSet' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{8} ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags' + DESC 'Account Flags' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} ) + +objectclass ( 1.3.1.5.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY + DESC 'Samba smbpasswd entry' + MUST ( uid $ uidNumber ) + MAY ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags )) + |