smbldap-migrate-accounts.pl [plain text]
use strict;
use Getopt::Std;
use smbldap_tools;
use smbldap_conf;
sub modify_account
{
my ($login, $basedn, $lmpwd, $ntpwd, $gecos, $homedir) = @_;
my $tmpldif =
"dn: uid=$login,$basedn
changetype: modify
lmpassword: $lmpwd
ntpassword: $ntpwd
gecos: $gecos
sambaHomePath: $homedir
";
die "$0: error while modifying user $login\n"
unless (do_ldapmodify($tmpldif) == 0);
undef $tmpldif;
}
my %Options;
my $ok = getopts('awA:CUW:?', \%Options);
if ( (!$ok) || ($Options{'?'}) ) {
print "Usage: $0 [-awAWCU?]\n";
print " -a process only people, ignore computers\n";
print " -w process only computers, ignore persons\n";
print " -A <opts> option string passed verbatim to smbldap-useradd for persons\n";
print " -W <opts> option string passed verbatim to smbldap-useradd for computers\n";
print " -C if entry not found, don't create it and log it to stdout (default: create it)\n";
print " -U if entry found, don't update it and log it to stdout (default: update it)\n";
print " -? show this help message\n";
exit (1);
}
my %processed = ( 'user' => 0, 'machine' => 0);
my %created = ( 'user' => 0, 'machine' => 0);
my %updated = ( 'user' => 0, 'machine' => 0);
my %logged = ( 'user' => 0, 'machine' => 0);
my %errors = ( 'user' => 0, 'machine' => 0);
my %existing = ( 'user' => 0, 'machine' => 0);
my $specialskipped = 0;
while (<>)
{
my ($login, $rid, $lmpwd, $ntpwd, $gecos, $homedir, $b) = split(/:/, $_);
my $usertype;
my $userbasedn;
my $entry_type = 'user';
if ($login =~ m/.*\$$/ ) { $processed{'machine'}++;
$entry_type = 'machine';
if (defined($Options{'a'})) {
print STDERR "ignoring $login\n";
next;
}
$usertype = "-w $Options{'W'}";
$userbasedn = $computersdn;
}
else { $processed{'user'}++;
if (defined($Options{'w'})) {
print STDERR "ignoring $login\n";
next;
}
if ($rid < 1000) {
$specialskipped++;
print STDERR "$login seems to be a special Win account (rid=$rid), skipping\n";
next;
}
$usertype = "-a $Options{'A'}";
$userbasedn = $usersdn;
}
$homedir = $_userSmbHome;
if (!($gecos eq "")) {
$gecos =~ tr/ÁÀÂÄáàâäÇçÉÈÊËÆéèêëæÍÌÏÎíìîÏÑñÓÒÔÖóòôöÚÙÜÛúùüûÝýÿ/AAAAaaaaCcEEEEEeeeeeIIIIiiiiNnOOOOooooUUUUuuuuYyy/;
} else {
$gecos = $_userGecos;
}
my $user_exists = is_samba_user($login);
if (!$user_exists) {
if (!defined($Options{'C'})) {
my $addcmd = "/usr/local/sbin/smbldap-useradd.pl $usertype $login > /dev/null";
print STDERR "$addcmd\n";
my $r = system "$addcmd";
if ($r != 0) {
print STDERR "error adding $login, skipping\n";
next;
}
if ($entry_type eq "user")
{
modify_account($login, $userbasedn, $lmpwd, $ntpwd, $gecos, $homedir);
}
$created{$entry_type}++;
}
else { print "$_";
$logged{$entry_type}++;
}
}
else { $existing{$entry_type}++;
if (!defined($Options{'U'})) { modify_account($login, $userbasedn, $lmpwd, $ntpwd, $gecos, $homedir);
$updated{$entry_type}++;
}
else { print "$_";
$logged{$entry_type}++;
}
}
}
my $sum;
$sum = $processed{'user'} + $processed{'machine'};
print STDERR "processed: all=$sum user=$processed{'user'} machine=$processed{'machine'}\n";
$sum = $existing{'user'} + $existing{'machine'};
print STDERR "existing: all=$sum user=$existing{'user'} machine=$existing{'machine'}\n";
$sum = $created{'user'} + $created{'machine'};
print STDERR "created: all=$sum user=$created{'user'} machine=$created{'machine'}\n";
$sum = $updated{'user'} + $updated{'machine'};
print STDERR "updated: all=$sum user=$updated{'user'} machine=$updated{'machine'}\n";
$sum = $logged{'user'} + $logged{'machine'};
print STDERR "logged: all=$sum user=$logged{'user'} machine=$logged{'machine'}\n";
print STDERR "special users skipped: $specialskipped\n";
=head1 NAME
smbldap-migrate.pl - Migrate NT accounts to LDAP
=head1 SYNOPSIS
smbldap-migrate.pl [-a] [-w] [-A opts] [-W opts] [-C] [-U] [-?]
=head1 DESCRIPTION
This command reads from stdin account entries as created by pwdump,
a tool to dump an user database on NT.
Depending of the options, some account entries may be output on
stdout. All errors and informations are sent to stderr.
-a process only people, ignore computers
-w process only computers, ignore persons
-A opts
a string containing arguments to pass verbatim to
smbldap-useradd when adding users, eg "-m -x".
You don't have to specify -a in this string.
-W opts
a string containing arguments to pass verbatim to
smbldap-useradd when adding computers, eg "-m -x".
You don't have to specify -w in this string.
-C if NT account not found in LDAP, don't create it and log it to stdout
(default: create it)
-U if NT account found in LDAP, don't update it and log it to stdout
(default: update it)
-? show the help message
=cut