From 09a3db0ffcbbe578788d3dd5ee7540d27cc7c09a Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vlendec@samba.org>
Date: Sun, 23 Mar 2003 11:50:16 +0000
Subject: This does two things:

* pdbedit -i -e sets all SAM_ACCOUNT elements
  to CHANGED to satisfy the new pdb_ldap.c handling

* pdbedit -g transfers group mappings. I made this
  separate from the user database, as current installations
  have to live with a split backend.

  So, if you are running 3_0 alphas with LDAP as a backend
  and upgrade to the next 3_0 alpha, you should call

  pdbedit -i tdbsam -e ldapsam -g

  to transfer your group mapping database to LDAP.

  You certainly have to have all your groups as posixGroup
  objects in LDAP and adapt the LDAP schema before this
  call.

Volker
---
 docs/docbook/manpages/pdbedit.8.sgml | 13 ++++++++++++
 source/utils/pdbedit.c               | 38 +++++++++++++++++++++++++++++++++++-
 2 files changed, 50 insertions(+), 1 deletion(-)

diff --git a/docs/docbook/manpages/pdbedit.8.sgml b/docs/docbook/manpages/pdbedit.8.sgml
index 1484bfec9a8..2457d899de0 100644
--- a/docs/docbook/manpages/pdbedit.8.sgml
+++ b/docs/docbook/manpages/pdbedit.8.sgml
@@ -31,6 +31,7 @@
 		<arg choice="opt">-x</arg>	
 		<arg choice="opt">-i passdb-backend</arg>	
 		<arg choice="opt">-e passdb-backend</arg>   
+		<arg choice="opt">-g</arg>   
 		<arg choice="opt">-b passdb-backend</arg>
 		<arg choice="opt">-d debuglevel</arg>
 		<arg choice="opt">-s configfile</arg>
@@ -265,6 +266,18 @@
 		</listitem>
 		</varlistentry>
 
+		<varlistentry>
+		<term>-g</term>
+		<listitem><para>If you specify <parameter>-g</parameter>,
+		then <parameter>-i in-backend -e out-backend</parameter>
+		applies to the group mapping instead of the user database.
+
+		<para>This option will ease migration from one passdb backend to
+		another and will ease backing up.</para>
+		
+		</listitem>
+		</varlistentry>
+
 		<varlistentry>
 		<term>-b passdb-backend</term>
 		<listitem><para>Use a different default passdb backend. </para>
diff --git a/source/utils/pdbedit.c b/source/utils/pdbedit.c
index 265bda1e5d4..4c97903f51f 100644
--- a/source/utils/pdbedit.c
+++ b/source/utils/pdbedit.c
@@ -69,6 +69,12 @@ static int export_database (struct pdb_context *in, struct pdb_context *out) {
 	}
 
 	while (NT_STATUS_IS_OK(in->pdb_getsampwent(in, user))) {
+		int i;
+
+		for (i=0; i<PDB_COUNT; i++) {
+			pdb_set_init_flags(user, i, PDB_CHANGED);
+		}
+
 		out->pdb_add_sam_account(out, user);
 		if (!NT_STATUS_IS_OK(pdb_reset_sam(user))){
 			fprintf(stderr, "Can't reset SAM_ACCOUNT!\n");
@@ -81,6 +87,30 @@ static int export_database (struct pdb_context *in, struct pdb_context *out) {
 	return 0;
 }
 
+/*********************************************************
+ Add all currently available group mappings to another db
+ ********************************************************/
+
+static int export_groups (struct pdb_context *in, struct pdb_context *out) {
+	GROUP_MAP *maps = NULL;
+	int i, entries = 0;
+
+	if (NT_STATUS_IS_ERR(in->pdb_enum_group_mapping(in, SID_NAME_UNKNOWN,
+							&maps, &entries,
+							False, False))) {
+		fprintf(stderr, "Can't get group mappings!\n");
+		return 1;
+	}
+
+	for (i=0; i<entries; i++) {
+		out->pdb_add_group_mapping_entry(out, &(maps[i]));
+	}
+
+	SAFE_FREE(maps);
+
+	return 0;
+}
+
 /*********************************************************
  Print info from sam structure
 **********************************************************/
@@ -478,6 +508,7 @@ int main (int argc, char **argv)
 	static char *backend = NULL;
 	static char *backend_in = NULL;
 	static char *backend_out = NULL;
+	static BOOL transfer_groups = False;
 	static char *logon_script = NULL;
 	static char *profile_path = NULL;
 	static char *account_control = NULL;
@@ -507,6 +538,7 @@ int main (int argc, char **argv)
 		{"backend",	'b', POPT_ARG_STRING, &backend, 0, "use different passdb backend as default backend", NULL},
 		{"import",	'i', POPT_ARG_STRING, &backend_in, 0, "import user accounts from this backend", NULL},
 		{"export",	'e', POPT_ARG_STRING, &backend_out, 0, "export user accounts to this backend", NULL},
+		{"group",	'g', POPT_ARG_NONE, &transfer_groups, 0, "use -i and -e for groups", NULL},
 		{"account-policy",	'P', POPT_ARG_STRING, &account_policy, 0,"value of an account policy (like maximum password age)",NULL},
 		{"value",       'V', POPT_ARG_LONG, &account_policy_value, 'V',"set the account policy to this value", NULL},
 		{"account-control",	'c', POPT_ARG_STRING, &account_control, 0, "Values of account control", NULL},
@@ -621,7 +653,11 @@ int main (int argc, char **argv)
 		} else {
 			bout = bdef;
 		}
-		return export_database(bin, bout);
+		if (transfer_groups) {
+			return export_groups(bin, bout);
+		} else {
+			return export_database(bin, bout);
+		}
 	}
 
 	/* if BIT_USER is defined but nothing else then threat it as -l -u for compatibility */
-- 
cgit