From bec801b0386026959ba9900dc80f0c436a8ea34d Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 29 Jun 2001 18:44:19 +0000 Subject: oh my goodness! He's gone an done it now! :-) Playing with LDAP support for 2.2 (non disruptively of course). Initial ideas of storing smbpasswd in LDAP and then having a cron job to export it every so often.... I even thought of possibly something like smb passwd file = |export_smbpasswd.pl and having the smbpasswd file generate on the fly :-) The point is that the full sam-db for accounts is a long ways off in theory. This will make some people happy. The OIDs used in the schema are ours. jerry --- examples/LDAP/import_smbpasswd.pl | 66 +++++++++++++++++++++++++++++++++++++++ examples/LDAP/samba.schema | 36 +++++++++++++++++++++ 2 files changed, 102 insertions(+) create mode 100644 examples/LDAP/import_smbpasswd.pl create mode 100644 examples/LDAP/samba.schema (limited to 'examples') diff --git a/examples/LDAP/import_smbpasswd.pl b/examples/LDAP/import_smbpasswd.pl new file mode 100644 index 00000000000..f1fc33c6319 --- /dev/null +++ b/examples/LDAP/import_smbpasswd.pl @@ -0,0 +1,66 @@ +#!/usr/bin/perl +## +## Example script og how you could import and smbpasswd file into an LDAP +## directory using the Mozilla PerLDAP module. +## +## wrriten by jerry@samba.org +## + +use Mozilla::LDAP::Conn; +use Mozilla::LDAP::Entry; + +$DN="ou=people,dc=plainjoe,dc=org"; +$ROOTDN="cn=Manager,dc=plainjoe,dc=org"; +$rootpw = "secret"; +$LDAPSERVER="localhost"; + + +print "Connecting to $LDAPSERVER..."; +$conn = new Mozilla::LDAP::Conn ("$LDAPSERVER", "389", $ROOTDN, $rootpw ); +die "Unable to connect to LDAP server $LDAPSERVER" unless $conn; +print "connected!\n"; + +if ("$ARGV[0]") { + open (SMBPASSFILE, "$ARGV[0]") || die $!; + $infile = SMBPASSFILE; +} +else { + $infile = STDIN; +} + +while ( $string = <$infile> ) { + chop ($string); + + ## get the account information + @smbentry = split (/:/, $string); + + ## scheck for the existence of the posixAccount first + $result = $conn->search ("$DN", "sub", "(&(uid=$smbentry[0])(objectclass=posixAccount))"); + if ( ! $result ) { + print STDERR "uid=$smbentry[0] does not have a posixAccount entry in the directory!\n"; + next; + } + + print "Updating [" . $result->getDN() . "]\n"; + + ## Do we need to add the 'objectclass: smbPasswordEntry' attribute? + if (! $result->hasValue("objectclass", "smbPasswordEntry")) { + $result->addValue("objectclass", "smbPasswordEntry"); + } + + ## Set other attribute values + $result->setValues ("lmPassword", $smbentry[2]); + $result->setValues ("ntPassword", $smbentry[3]); + $result->setValues ("acctFlags", $smbentry[4]); + $result->setValues ("pwdLastSet", substr($smbentry[5],4)); + + if (! $conn->update($result)) { + print "Error updating!\n"; + } + + ## $result->printLDIF(); +} + +close ($infile); +$conn->close(); +exit 0; diff --git a/examples/LDAP/samba.schema b/examples/LDAP/samba.schema new file mode 100644 index 00000000000..8d26cc5612c --- /dev/null +++ b/examples/LDAP/samba.schema @@ -0,0 +1,36 @@ +## +## schema file for OpenLDAP 2.0.x +## Schema for storing Samba's smbpasswd file in LDAP +## OIDs are owned by the Samba Team +## +## Prerequisite schemas - uid & uidNumber (nis.schema) +## +## 1.3.1.5.1.4.1.7165.2.1.x - attributetypes +## 1.3.1.5.1.4.1.7165.2.2.x - objectclasses +## + +attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword' + DESC 'LanManager Passwd' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword' + DESC 'NT Passwd' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet' + DESC 'NT pwdLastSet' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{8} ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags' + DESC 'Account Flags' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} ) + +objectclass ( 1.3.1.5.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY + DESC 'Samba smbpasswd entry' + MUST ( uid $ uidNumber ) + MAY ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags )) + -- cgit