📄 psa-chapter06.txt
字号:
close(DATA);
-------
#*
#* import data from our machine database directly into an LDAP server
#*
use Net::LDAP;
use Net::LDAP::Entry;
$datafile = "database";
$recordsep = "-=-";
$server = $ARGV[0];
$port = getservbyname("ldap","tcp") || "389";
$suffix = "ou=data, ou=systems, dc=ccs, dc=hogwarts, dc=edu";
$rootdn = "cn=Manager, o=University of Michigan, c=US";
$pw = "secret";
$c = new Net::LDAP($server,port => $port) or
die "Unable to init for $server: $@\n";
$c->bind(dn => $rootdn,password => $pw) or die "Error in bind: $@\n";
open(DATA,$datafile) or die "unable to open $datafile:$!\n";
while (<DATA>) {
chomp;
# at the start of a new record, create a new entry object instance
if (/^name:\s*(.*)/){
$dn="cn=$1, $suffix";
$entry = new Net::LDAP::Entry;
$entry->add("cn",$1);
next;
}
# special case for multi-valued attribute
if (s/^aliases:\s*//){
$entry->add('aliases',[split()]);
next;
}
# if we have hit the end of the record, add it to the server
if ($_ eq $recordsep){}
$entry->add("objectclass",["top","machine"]);
$entry->dn($dn);
$res = $c->add($entry);
warn "Error in add for " . $entry->dn() . ": error code " .
$res->code."\n" if $res->code();
undef $entry;
next;
}
# add all of the other attributes
$entry->add(split(':\s*')); # assume single valued attributes
}
close(DATA);
$c->unbind();
-------
#*
#* generate a hosts file from data on an LDAP server
#*
use Mozilla::LDAP;
# <bind step here>
$entry = $c->search($basedn,'one','(objectclass=machine)',0,
'cn','address','aliases');
die "Error in search:". $c->getErrorString()."\n" if $c->getErrorCode();
if ($entry){
print "#\n\# host file - GENERATED BY $0\n
# DO NOT EDIT BY HAND!\n#\n";
while($entry){
print $entry->{address}[0],"\t",
$entry->{cn}[0]," ",
join(' ',@{$entry->{aliases}}),"\n";
$entry = $c->nextEntry();
};
}
$c->close();
-------
#*
#* find all of the machines in the LDAP directory made by Apple
#*
use Net::LDAP;
# <bind step here>
$searchobj = $c->search(base => $basedn,
filter => "(manufacturer=Apple)",
scope => 'one', attrs => ['cn']);
die "Error in search: ".$searchobj->error()."\n" if ($searchobj->code());
if ($searchobj){
for ($searchobj->entries){
print $_->get('cn'),"\n";
}
}
$c->unbind();
-------
#*
#* generate a list of machine owners
#*
use Mozilla::LDAP;
use Net::LDAP;
# <bind step here>
$entry = $c->search($basedn,'one','(objectclass=machine)',0,
'cn','owner');
die "Error in search:". $c->getErrorString()."\n" if $c->getErrorCode();
if ($entry){
while($entry){
push(@{$owners{$entry->{owner}[0]}},$entry->{cn}[0]);
$entry = $c->nextEntry();
};
}
$c->close();
for (sort keys %owners){
print $_.":\t".join(' ',@{$owners{$_}})."\n";
}
-------
#*
#* Check to see if the current user ID is the owner of the current UNIX
#* machine (pseudo-authentication)
#*
use Mozilla::LDAP::Conn;
use Sys::Hostname;
$user = (getpwuid($<))[6];
$hostname = hostname;
$hostname =~ s/^([^.]+)\..*/$1/; # strip domain name off of host
# <bind step here>
$entry = $c->search("cn=$hostname,$suffix",'base',"(owner=$user)",1,'');
if ($entry){
print "Owner ($user) logged on to machine $hostname.\n";
}
else {
print "$user is not the owner of this machine ($hostname)\n.";
}
$c->close();
-------
#*
#* determing if an ADSI object is a container object
#*
use Win32::OLE;
use Win32::OLE::Enum;
eval {$enobj = Win32::OLE::Enum->new($adsobj)};
print "object is " . ($@ ? "not " : "") . "a container\n";
-------
#*
#* querying the class of an ADSI object and the location of the schema for it
#*
use Win32::OLE;
$ADsPath = "WinNT://BEESKNEES,computer";
$adsobj = Win32::OLE->GetObject($ADsPath) or
die "Unable to retrieve the object for $ADsPath\n";
print "This is a ".$adsobj->{Class}."object, schema is at:\n".
$adsobj->{Schema},"\n";
-------
#*
#* show the schema interface properties of an ADSI computer object
#*
use Win32::OLE;
$ADsPath = "WinNT://BEESKNEES,computer";
$adsobj = Win32::OLE->GetObject($ADsPath) or
die "Unable to retrieve the object for $ADsPath\n";
$schmobj = Win32::OLE->GetObject($adsobj->{Schema}) or
die "Unable to retrieve the object for $ADsPath\n";
print join("\n",@{$schmobj->{MandatoryProperties}},
@{$schmobj->{OptionalProperties}}),"\n";
-------
#*
#* the two different ways of retrieving/setting properties based on type
#*
# retrieving and setting INTERFACE properties
$value = $obj->{property};
$obj->{property} = $value;
# retrieving and setting SCHEMA properties
$value = $obj->Get("property");
$obj->Put("property","value");
-------
#*
#* searching in ADSI using ADO
#*
use Win32::OLE 'in';
# get ADO object, set the provider, open the connection
$c = Win32::OLE->new("ADODB.Connection");
$c->{Provider} = "ADsDSOObject";
$c->Open("ADSI Provider");
die Win32::OLE->LastError() if Win32::OLE->LastError();
# prepare and then execute the query
$ADsPath = "LDAP://ldapserver/dc=example,dc=com";
$rs = $c->Execute("<$ADsPath>;(objectClass=Group);Name;SubTree");
die Win32::OLE->LastError() if Win32::OLE->LastError();
until ($rs->EOF){
print $rs->Fields(0)->{Value},"\n";
$rs->MoveNext;
}
$rs->Close;
$c->Close;
-------
#*
#* display the list of users in a domain using ADSI
#*
use Win32::OLE 'in';
$AdsPath = "WinNT://DomainName/PDCName,computer";
$c = Win32::OLE->GetObject($ADsPath) or die "Unable to get $ADsPath\n";
foreach $adsobj (in $c){
print $adsobj->{Name},"\n" if ($adsobj->{Class} eq "User");
}
-------
#*
#* create a user and set her/his Full Name using ADSI
#*
use Win32::OLE;
$ADsPath="WinNT://DomainName/ComputerName,computer";
$c = Win32::OLE->GetObject($ADsPath) or die "Unable to get $ADsPath\n";
# create and return a User object
$u = $c->Create("user",$username);
$u->SetInfo(); # we have to create the user before we modify it
# no space between "Full" and "Name" allowed with WinNT: namespace
$u->{FullName} = $fullname;
$u->SetInfo();
-------
#*
#* create a local user and set her/his Full Name using ADSI (LDAP namespace)
#*
use Win32::OLE;
$AdsPath = "LDAP://ldapserver,CN=Users,dc=example,dc=com";
$c = Win32::OLE->GetObject($ADsPath) or die "Unable to get $ADsPath\n";
# create and return a User object
$u=$c->Create("user","cn=".$commonname);
$u->{samAccountName} = $username;
# we have to create the user in the dir before we modify it
$u->SetInfo();
# space between "Full" and "Name" required with LDAP: namespace, sigh
$u->{'Full Name'} = $fullname;
$u->SetInfo();
-------
#*
#* delete a user using ADSI
#*
use Win32::OLE;
$AdsPath = "WinNT://DomainName/ComputerName,computer";
$c = Win32::OLE->GetObject($ADsPath) or die "Unable to get $ADsPath\n";
# delete the User object, note that we are bound to the container object
$c->Delete("user",$username);
$u->SetInfo();
-------
#*
#* change a user's passwords using ADSI
#*
use Win32::OLE;
$AdsPath = "WinNT://DomainName/ComputerName/".$username;
$u = Win32::OLE->GetObject($ADsPath) or die "Unable to get $ADsPath\n";
$u->ChangePasssword($oldpassword,$newpassword);
$u->SetInfo();
-------
#*
#* display the list of groups in a domain using ADSI
#*
use Win32::OLE 'in';
$AdsPath = "WinNT://DomainName/PDCName,computer";
$c = Win32::OLE->GetObject($ADsPath) or die "Unable to get $ADsPath\n";
foreach $adsobj (in $c){
print $adsobj->{Name},"\n" if ($adsobj->{Class} eq "Group");
}
-------
#*
#* create a group using ADSI
#*
use Win32::OLE;
$ADsPath="WinNT://DomainName/ComputerName,computer";
$c = Win32::OLE->GetObject($ADsPath) or die "Unable to get $ADsPath\n";
# create and return a User object
$g = $c->Create("group",$groupname);
$g->SetInfo();
-------
#*
#* delete a group using ADSI
#*
use Win32::OLE;
$ADsPath="WinNT://DomainName/ComputerName,computer";
$c = Win32::OLE->GetObject($ADsPath) or die "Unable to get $ADsPath\n";
# create and return a User object
$c->Remove($userADsPath);
$c->SetInfo();
-------
#*
#* add a user to a group using ADSI
#*
use Win32::OLE;
$AdsPath = "WinNT://DomainName/GroupName,group";
$g = Win32::OLE->GetObject($ADsPath) or die "Unable to get $ADsPath\n";
# this uses the AdsPath to a specific user object
$g->Add($userADsPath);
$g->SetInfo();
-------
#*
#*
#*
use Win32::OLE;
$AdsPath = "WinNT://ComputerName/lanmanserver";
$c = Win32::OLE->GetObject($ADsPath) or die "Unable to get $ADsPath\n";
$s = $c->Create("fileshare",$sharename);
$s->{path} = 'C:\directory';
$s->{description} = "This is a Perl created share";
$s->SetInfo();
-------
#*
#* list print queues and info using ADSI
#*
use Win32::OLE 'in';
$ADsPath="WinNT://DomainName/PrintServerName,computer";
$c = Win32::OLE->GetObject($ADsPath) or die "Unable to get $ADsPath\n";
foreach $adsobj (in $c){
print $adsobj->{Name}.":".$adsobj->{Model}."\n"
if ($adsobj->{Class} eq "PrintQueue");
}
-------
#*
#* show printer queue status using ADSI
#*
use Win32::OLE 'in';
# this table comes from this section in the ADSI 2.5 SDK:
# 'Active Directory Service Interfaces 2.5->ADSI Reference->
# ADSI Interfaces->Dynamic Object Interfaces->IADsPrintQueueOperations->
# IADsPrintQueueOperations Property Methods' (phew)
%status =
(0x00000001 => 'PAUSED', 0x00000002 => 'PENDING_DELETION',
0x00000003 => 'ERROR' , 0x00000004 => 'PAPER_JAM',
0x00000005 => 'PAPER_OUT', 0x00000006 => 'MANUAL_FEED',
0x00000007 => 'PAPER_PROBLEM', 0x00000008 => 'OFFLINE',
0x00000100 => 'IO_ACTIVE', 0x00000200 => 'BUSY',
0x00000400 => 'PRINTING', 0x00000800 => 'OUTPUT_BIN_FULL',
0x00001000 => 'NOT_AVAILABLE', 0x00002000 => 'WAITING',
0x00004000 => 'PROCESSING', 0x00008000 => 'INITIALIZING',
0x00010000 => 'WARMING_UP', 0x00020000 => 'TONER_LOW',
0x00040000 => 'NO_TONER', 0x00080000 => 'PAGE_PUNT',
0x00100000 => 'USER_INTERVENTION', 0x00200000 => 'OUT_OF_MEMORY',
0x00400000 => 'DOOR_OPEN', 0x00800000 => 'SERVER_UNKNOWN',
0x01000000 => 'POWER_SAVE');
$ADsPath = "WinNT://PrintServerName/PrintQueueName";
$p = Win32::OLE->GetObject($ADsPath) or die "Unable to get $ADsPath\n";
print "The printer status for " . $c->{Name} . " is " .
((exists $p->{status}) ? $status{$c->{status}} : "NOT ACTIVE") . "\n";
-------
#*
#* show the jobs in a particular print queue using ADSI
#*
use Win32::OLE 'in';
# this table comes from this section in the ADSI 2.5 SDK:
# 'Active Directory Service Interfaces 2.5->ADSI Reference->
# ADSI Interfaces->Dynamic Object Interfaces->IADsPrintJobOperations->
# IADsPrintJobOperations Property Methods' (double phew)
%status = (0x00000001 => 'PAUSED', 0x00000002 => 'ERROR',
0x00000004 => 'DELETING',0x00000010 => 'PRINTING',
0x00000020 => 'OFFLINE', 0x00000040 => 'PAPEROUT',
0x00000080 => 'PRINTED', 0x00000100 => 'DELETED');
$ADsPath = "WinNT://PrintServerName/PrintQueueName";
$p = Win32::OLE->GetObject($ADsPath) or die "Unable to get $ADsPath\n";
$jobs = $p->PrintJobs();
foreach $job (in $jobs){
print $job->{User} . "\t" . $job->{Description} . "\t" .
$status{$job->{status}} . "\n";
}
-------
#*
#* show the services on a machine and their current status
#*
use Win32::OLE 'in';
# this table comes from this section in the ADSI 2.5 SDK:
# 'Active Directory Service Interfaces 2.5->ADSI Reference->
# ADSI Interfaces->Dynamic Object Interfaces->IADsServiceOperations->
# IADsServiceOperations Property Methods'
%status =
(0x00000001 => 'STOPPED', 0x00000002 => 'START_PENDING',
0x00000003 => 'STOP_PENDING', 0x00000004 => 'RUNNING',
0x00000005 => 'CONTINUE_PENDING',0x00000006 => 'PAUSE_PENDING',
0x00000007 => 'PAUSED', 0x00000008 => 'ERROR');
$ADsPath = "WinNT://DomainName/ComputerName,computer";
$c = Win32::OLE->GetObject($ADsPath) or die "Unable to get $ADsPath\n";
foreach $adsobj (in $c){
print $adsobj->{DisplayName} . ":" . $status{$adsobj->{status}} . "\n"
if ($adsobj->{Class} eq "Service");
}
-------
#*
#* two ways to start the W32Time service using ADSI
#*
use Win32::OLE;
$ADsPath = "WinNT://DomainName/ComputerName/W32Time,service";
$s = Win32::OLE->GetObject($ADsPath) or die "Unable to get $ADsPath\n";
$s->Start();
# may wish to check status at this point, looping until it is started
### OR ###
use Win32::OLE;
$d = Win32::OLE->GetObject("WinNT://Domain");
$c = $d->GetObject("Computer", $computername);
$s = $c->GetObject("Service", "W32Time");
$s->Start();
# may wish to check status at this point, looping until it is started
-------
#*
#* stopping the W32Time service using ADSI
#*
use Win32::OLE;
$d = Win32::OLE->GetObject("WinNT://Domain");
$c = $d->GetObject("Computer", $computername);
$s = $c->GetObject("Service", "W32Time");
$s->Stop();
# may wish to check status at this point, looping until it is stopped
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -