smbldap-migrate-accounts.pl [plain text]
use strict;
use Getopt::Std;
use FindBin;
use FindBin qw($RealBin);
use lib "$RealBin/";
use smbldap_tools;
use smbldap_conf;
sub modify_account
{
my ($login, $basedn, $lmpwd, $ntpwd, $gecos, $homedir) = @_;
my $ldap_master=connect_ldap_master();
my $modify = $ldap_master->modify ("uid=$login,$basedn",
changes => [
replace => [sambaLMPassword => "$lmpwd"],
replace => [sambaNTpassword => "$ntpwd"],
replace => [gecos => "$gecos"],
replace => [sambaHomePath => "$homedir"]
]
);
$modify->code && die "failed to modify entry: ", $modify->error ;
$ldap_master->unbind;
}
my %Options;
my $ok = getopts('awA:CUW:?h', \%Options);
if ( (!$ok) || ($Options{'?'}) || ($Options{'h'}) ) {
print "Usage: $0 [-awAWCU?]\n";
print " -a process only people, ignore computers\n";
print " -w process only computers, ignore persons\n";
print " -A <opts> option string passed verbatim to smbldap-useradd for persons\n";
print " -W <opts> option string passed verbatim to smbldap-useradd for computers\n";
print " -C if entry not found, don't create it and log it to stdout (default: create it)\n";
print " -U if entry found, don't update it and log it to stdout (default: update it)\n";
print " -?|-h show this help message\n";
exit (1);
}
my %processed = ( 'user' => 0, 'machine' => 0);
my %created = ( 'user' => 0, 'machine' => 0);
my %updated = ( 'user' => 0, 'machine' => 0);
my %logged = ( 'user' => 0, 'machine' => 0);
my %errors = ( 'user' => 0, 'machine' => 0);
my %existing = ( 'user' => 0, 'machine' => 0);
my $specialskipped = 0;
while (<>) {
my ($login, $rid, $lmpwd, $ntpwd, $gecos, $homedir, $b) = split(/:/, $_);
my $usertype;
my $userbasedn;
my $entry_type = 'user';
if ($login =~ m/.*\$$/ ) { $processed{'machine'}++;
$entry_type = 'machine';
if (defined($Options{'a'})) {
print STDERR "ignoring $login\n";
next;
}
$usertype = "-w $Options{'W'}";
$userbasedn = $computersdn;
} else { $processed{'user'}++;
if (defined($Options{'w'})) {
print STDERR "ignoring $login\n";
next;
}
if ($rid < 1000) {
$specialskipped++;
print STDERR "$login seems to be a special Win account (rid=$rid), skipping\n";
next;
}
$usertype = "-a $Options{'A'}";
$userbasedn = $usersdn;
}
$homedir = $_userSmbHome;
if (!($gecos eq "")) {
$gecos =~ tr/ÁÀÂÄáàâäÇçÉÈÊËÆéèêëæÍÌÏÎíìîÏÑñÓÒÔÖóòôöÚÙÜÛúùüûÝýÿ/AAAAaaaaCcEEEEEeeeeeIIIIiiiiNnOOOOooooUUUUuuuuYyy/;
} else {
$gecos = $_userGecos;
}
my $user_exists = is_samba_user($login);
if (!$user_exists) {
if (!defined($Options{'C'})) {
my $addcmd = "/usr/local/sbin/smbldap-useradd.pl $usertype $login > /dev/null";
print STDERR "$addcmd\n";
my $r = system "$addcmd";
if ($r != 0) {
print STDERR "error adding $login, skipping\n";
next;
}
if ($entry_type eq "user") {
modify_account($login, $userbasedn, $lmpwd, $ntpwd, $gecos, $homedir);
}
$created{$entry_type}++;
} else { print "$_";
$logged{$entry_type}++;
}
} else { $existing{$entry_type}++;
if (!defined($Options{'U'})) { modify_account($login, $userbasedn, $lmpwd, $ntpwd, $gecos, $homedir);
$updated{$entry_type}++;
} else { print "$_";
$logged{$entry_type}++;
}
}
}
my $sum;
$sum = $processed{'user'} + $processed{'machine'};
print STDERR "processed: all=$sum user=$processed{'user'} machine=$processed{'machine'}\n";
$sum = $existing{'user'} + $existing{'machine'};
print STDERR "existing: all=$sum user=$existing{'user'} machine=$existing{'machine'}\n";
$sum = $created{'user'} + $created{'machine'};
print STDERR "created: all=$sum user=$created{'user'} machine=$created{'machine'}\n";
$sum = $updated{'user'} + $updated{'machine'};
print STDERR "updated: all=$sum user=$updated{'user'} machine=$updated{'machine'}\n";
$sum = $logged{'user'} + $logged{'machine'};
print STDERR "logged: all=$sum user=$logged{'user'} machine=$logged{'machine'}\n";
print STDERR "special users skipped: $specialskipped\n";
=head1 NAME
smbldap-migrate.pl - Migrate NT accounts to LDAP
=head1 SYNOPSIS
smbldap-migrate.pl [-a] [-w] [-A opts] [-W opts] [-C] [-U] [-?]
=head1 DESCRIPTION
This command reads from stdin account entries as created by pwdump,
a tool to dump an user database on NT.
Depending of the options, some account entries may be output on
stdout. All errors and informations are sent to stderr.
-a process only people, ignore computers
-w process only computers, ignore persons
-A opts
a string containing arguments to pass verbatim to
smbldap-useradd when adding users, eg "-m -x".
You don't have to specify -a in this string.
-W opts
a string containing arguments to pass verbatim to
smbldap-useradd when adding computers, eg "-m -x".
You don't have to specify -w in this string.
-C if NT account not found in LDAP, don't create it and log it to stdout
(default: create it)
-U if NT account found in LDAP, don't update it and log it to stdout
(default: update it)
-? show the help message
=cut