oh my goodness! He's gone an done it now! :-)

Playing with LDAP support for 2.2 (non disruptively
of course).

Initial ideas of storing smbpasswd in LDAP and then having
a cron job to export it every so often....

I even thought of possibly something like

	smb passwd file = |export_smbpasswd.pl

and having the smbpasswd file generate on the fly :-)

The point is that the full sam-db for accounts is a long ways off
in theory.  This will make some people happy.  The OIDs used in
the schema are ours.


jerry

2 files changed, 102 insertions, 0 deletions

diff --git a/examples/LDAP/import_smbpasswd.pl b/examples/LDAP/import_smbpasswd.pl
new file mode 100644
index 00000000000..f1fc33c6319
--- /dev/null
+++ b/examples/LDAP/import_smbpasswd.pl
@@ -0,0 +1,66 @@
+#!/usr/bin/perl
+##
+## Example script og how you could import and smbpasswd file into an LDAP
+## directory using the Mozilla PerLDAP module.
+##
+## wrriten by jerry@samba.org
+##
+
+use Mozilla::LDAP::Conn;
+use Mozilla::LDAP::Entry;
+
+$DN="ou=people,dc=plainjoe,dc=org";
+$ROOTDN="cn=Manager,dc=plainjoe,dc=org";
+$rootpw = "secret";
+$LDAPSERVER="localhost";
+
+
+print "Connecting to $LDAPSERVER...";
+$conn = new Mozilla::LDAP::Conn ("$LDAPSERVER", "389", $ROOTDN, $rootpw );
+die "Unable to connect to LDAP server $LDAPSERVER" unless $conn;
+print "connected!\n";
+
+if ("$ARGV[0]") {
+	open (SMBPASSFILE, "$ARGV[0]") || die $!;
+	$infile = SMBPASSFILE;
+}
+else {
+	$infile = STDIN;
+}
+
+while ( $string = <$infile> ) {
+	chop ($string);
+
+	## get the account information
+	@smbentry = split (/:/, $string);
+
+	## scheck for the existence of the posixAccount first
+	$result = $conn->search ("$DN", "sub", "(&(uid=$smbentry[0])(objectclass=posixAccount))");
+	if ( ! $result ) {
+		print STDERR "uid=$smbentry[0] does not have a posixAccount entry in the directory!\n";
+		next;
+	}
+
+	print "Updating [" . $result->getDN() . "]\n";
+
+	## Do we need to add the 'objectclass: smbPasswordEntry' attribute?
+	if (! $result->hasValue("objectclass", "smbPasswordEntry")) {
+		$result->addValue("objectclass", "smbPasswordEntry");
+	}
+	
+	## Set other attribute values
+	$result->setValues ("lmPassword", $smbentry[2]);
+	$result->setValues ("ntPassword", $smbentry[3]);
+	$result->setValues ("acctFlags",  $smbentry[4]);
+	$result->setValues ("pwdLastSet", substr($smbentry[5],4));
+
+	if (! $conn->update($result)) {
+		print "Error updating!\n";
+	}
+
+	## $result->printLDIF();
+}
+
+close ($infile);
+$conn->close();
+exit 0;
diff --git a/examples/LDAP/samba.schema b/examples/LDAP/samba.schema
new file mode 100644
index 00000000000..8d26cc5612c
--- /dev/null
+++ b/examples/LDAP/samba.schema
@@ -0,0 +1,36 @@
+##
+## schema file for OpenLDAP 2.0.x
+## Schema for storing Samba's smbpasswd file in LDAP
+## OIDs are owned by the Samba Team
+##
+## Prerequisite schemas - uid & uidNumber (nis.schema)
+##
+## 1.3.1.5.1.4.1.7165.2.1.x - attributetypes
+## 1.3.1.5.1.4.1.7165.2.2.x - objectclasses
+##
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword'
+	DESC 'LanManager Passwd'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword'
+	DESC 'NT Passwd'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet'
+	DESC 'NT pwdLastSet'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{8} )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags'
+	DESC 'Account Flags'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} )
+
+objectclass ( 1.3.1.5.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY
+	DESC 'Samba smbpasswd entry'
+	MUST ( uid $ uidNumber ) 
+	MAY  ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags ))
+