📄 smbldap-populate

📁 samba-3.0.22.tar.gz 编译smb服务器的源码
💻
字号:
#!/usr/bin/perl -w# Populate a LDAP base for Samba-LDAP usage## $Id: smbldap-populate,v 1.26 2005/05/27 14:21:00 jtournier Exp $#  This code was developped by IDEALX (http://IDEALX.org/) and#  contributors (their names can be found in the CONTRIBUTORS file).##                 Copyright (C) 2001-2002 IDEALX##  This program is free software; you can redistribute it and/or#  modify it under the terms of the GNU General Public License#  as published by the Free Software Foundation; either version 2#  of the License, or (at your option) any later version.##  This program is distributed in the hope that it will be useful,#  but WITHOUT ANY WARRANTY; without even the implied warranty of#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the#  GNU General Public License for more details.##  You should have received a copy of the GNU General Public License#  along with this program; if not, write to the Free Software#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,#  USA.#  Purpose :#       . Create an initial LDAP database suitable for Samba 2.2#       . For lazy people, replace ldapadd (with only an ldif parameter)use strict;use FindBin;use FindBin qw($RealBin);use lib "$RealBin/";use smbldap_tools;use Getopt::Std;use Net::LDAP::LDIF;use vars qw(%oc);# objectclass of the suffix%oc = (       "ou" => "organizationalUnit",       "o" => "organization",       "dc" => "dcObject",      );my %Options;my $ok = getopts('a:b:e:i:k:l:m:u:g:?', \%Options);if ( (!$ok) || ($Options{'?'}) ) {  print_banner;  print "Usage: $0 [-abeiklug?] [ldif]\n";  print "  -u uidNumber	first uidNumber to allocate (default: 1000)\n";  print "  -g gidNumber	first uidNumber to allocate (default: 1000)\n";  print "  -a user	administrator login name (default: root)\n";  print "  -b user	guest login name (default: nobody)\n";  print "  -k uidNumber	administrator's uidNumber (default: 0)\n";  print "  -l uidNumber	guest's uidNumber (default: 999)\n";  print "  -m gidNumber	administrator's gidNumber (default: 0)\n";  print "  -e file	export ldif file\n";  print "  -i file	import ldif file\n";  print "  -?		show this help message\n";  exit (1);}# sanity checksmy $domain = $config{sambaDomain};if (! defined $domain) {  print STDERR "error: domain name not found !\n";  print STDERR "possible reasons are:\n";  print STDERR ". incorrect 'sambaDomain' parameter in smbldap.conf\n";  print STDERR ". incorrect 'samba_conf' definition in smbldap_tools.pm\n";  die;}#$config{sambaUnixIdPooldn}="sambaDomainName=$domain,$config{suffix}";my $firstuidNumber=$Options{'u'};if (!defined($firstuidNumber)) {  $firstuidNumber=1000;}my $firstgidNumber=$Options{'g'};if (!defined($firstgidNumber)) {  $firstgidNumber=1000;}my $tmp_ldif_file=$Options{'e'};if (!defined($tmp_ldif_file)) {  $tmp_ldif_file="/tmp/$$.ldif";}my $adminName = $Options{'a'};if (!defined($adminName)) {  $adminName = "root";}my $guestName = $Options{'b'};if (!defined($guestName)) {  $guestName = "nobody";}my $adminUidNumber=$Options{'k'};my $adminrid;if (!defined($adminUidNumber)) {  $adminUidNumber = "0";  $adminrid= "500";} else {  $adminrid=(2*$adminUidNumber+ 1000)}my $guestUidNumber=$Options{'l'};if (!defined($guestUidNumber)) {  $guestUidNumber = "999";}my $adminGidNumber=$Options{'m'};if (!defined($adminGidNumber)) {  $adminGidNumber = "0";}my $_ldifName = $Options{'i'};my $exportFile = $Options{'e'};if (!defined($exportFile)) {  $exportFile = "base.ldif";}print "Populating LDAP directory for domain $domain ($config{SID})\n";if (!defined($_ldifName)) {  my $attr;  my $val;  my $objcl;  print "(using builtin directory structure)\n\n";  if ($config{suffix} =~ m/([^=]+)=([^,]+)/) {    $attr = $1;    $val = $2;    $objcl = $oc{$attr} if (exists $oc{$attr});    if (!defined($objcl)) {      $objcl = "myhardcodedobjectclass";    }  } else {    die "can't extract first attr and value from suffix $config{suffix}";  }  #print "$attr=$val\n";  my ($type,$ou_users,$ou_groups,$ou_computers,$ou_idmap,$cnsambaUnixIdPool);  ($type,$ou_users)=($config{usersdn}=~/(.*)=(.*),$config{suffix}/);  ($type,$ou_groups)=($config{groupsdn}=~/(.*)=(.*),$config{suffix}/);  ($type,$ou_computers)=($config{computersdn}=~/(.*)=(.*),$config{suffix}/);  if (defined $config{idmapdn}) {	($type,$ou_idmap)=($config{idmapdn}=~/(.*)=(.*),$config{suffix}/);  }  ($type,$cnsambaUnixIdPool)=($config{sambaUnixIdPooldn}=~/(.*)=(.*),$config{suffix}/);  my $org;  my ($organisation,$ext);  if ($config{suffix} =~ m/dc=([^=]+),dc=(.*)$/) {	($organisation,$ext) = ($config{suffix} =~ m/dc=([^=]+),dc=(.*)$/);  } elsif ($config{suffix} =~ m/dc=(.*)$/) {        $organisation=$1;  }  if ($organisation ne '') {    $org = "\nobjectclass: organization\no: $organisation";  }  #my $FILE="|cat";  my $entries="dn: $config{suffix}objectClass: $objcl$org$attr: $valdn: $config{usersdn}objectClass: organizationalUnitou: $ou_usersdn: $config{groupsdn}objectClass: organizationalUnitou: $ou_groupsdn: $config{computersdn}objectClass: organizationalUnitou: $ou_computers\n";if (defined $config{idmapdn}) {	$entries.="\ndn: $config{idmapdn}objectClass: organizationalUnitou: $ou_idmap\n";}$entries.="\ndn: uid=$adminName,$config{usersdn}cn: $adminNamesn: $adminNameobjectClass: inetOrgPersonobjectClass: sambaSAMAccountobjectClass: posixAccountobjectClass: shadowAccountgidNumber: $adminGidNumberuid: $adminNameuidNumber: $adminUidNumber\n";  if (defined $config{userHome} and $config{userHome} ne "") {    my $userHome=$config{userHome};    $userHome=~s/\%U/$adminName/;    $entries.="homeDirectory: $userHome\n";  } else {    $entries.="homeDirectory: /dev/null\n";  }  $entries.="sambaPwdLastSet: 0sambaLogonTime: 0sambaLogoffTime: 2147483647sambaKickoffTime: 2147483647sambaPwdCanChange: 0sambaPwdMustChange: 2147483647\n";  if (defined $config{userSmbHome} and $config{userSmbHome} ne "") {    my $userSmbHome=$config{userSmbHome};    $userSmbHome=~s/\%U/$adminName/;    $entries.="sambaHomePath: $userSmbHome\n";  }  if (defined $config{userHomeDrive} and $config{userHomeDrive} ne "") {    $entries.="sambaHomeDrive: $config{userHomeDrive}\n";  }  if (defined $config{userProfile} and $config{userProfile} ne "") {    my $userProfile=$config{userProfile};    $userProfile=~s/\%U/$adminName/;    $entries.="sambaProfilePath: $userProfile\n";	  }  $entries.="sambaPrimaryGroupSID: $config{SID}-512sambaLMPassword: XXXsambaNTPassword: XXXsambaAcctFlags: [U          ]sambaSID: $config{SID}-$adminridloginShell: /bin/falsegecos: Netbios Domain Administratordn: uid=$guestName,$config{usersdn}cn: $guestNamesn: $guestNameobjectClass: inetOrgPersonobjectClass: sambaSAMAccountobjectClass: posixAccountobjectClass: shadowAccountgidNumber: 514uid: $guestNameuidNumber: $guestUidNumberhomeDirectory: /dev/nullsambaPwdLastSet: 0sambaLogonTime: 0sambaLogoffTime: 2147483647sambaKickoffTime: 2147483647sambaPwdCanChange: 0sambaPwdMustChange: 2147483647\n";  if (defined $config{userSmbHome} and $config{userSmbHome} ne "") {    my $userSmbHome=$config{userSmbHome};    $userSmbHome=~s/\%U/$guestName/;    $entries.="sambaHomePath: $userSmbHome\n";  }  if (defined $config{userHomeDrive} and $config{userHomeDrive} ne "") {    $entries.="sambaHomeDrive: $config{userHomeDrive}\n";  }  if (defined $config{userProfile} and $config{userProfile} ne "") {    my $userProfile=$config{userProfile};    $userProfile=~s/\%U/$guestName/;    $entries.="sambaProfilePath: $userProfile\n";  }  $entries.="sambaPrimaryGroupSID: $config{SID}-514sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXXsambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX# account disabled by defaultsambaAcctFlags: [NUD        ]sambaSID: $config{SID}-2998loginShell: /bin/falsedn: cn=Domain Admins,$config{groupsdn}objectClass: posixGroupobjectClass: sambaGroupMappinggidNumber: 512cn: Domain AdminsmemberUid: $adminNamedescription: Netbios Domain AdministratorssambaSID: $config{SID}-512sambaGroupType: 2displayName: Domain Adminsdn: cn=Domain Users,$config{groupsdn}objectClass: posixGroupobjectClass: sambaGroupMappinggidNumber: 513cn: Domain Usersdescription: Netbios Domain UserssambaSID: $config{SID}-513sambaGroupType: 2displayName: Domain Usersdn: cn=Domain Guests,$config{groupsdn}objectClass: posixGroupobjectClass: sambaGroupMappinggidNumber: 514cn: Domain Guestsdescription: Netbios Domain Guests UserssambaSID: $config{SID}-514sambaGroupType: 2displayName: Domain Guestsdn: cn=Domain Computers,$config{groupsdn}objectClass: posixGroupobjectClass: sambaGroupMappinggidNumber: 515cn: Domain Computersdescription: Netbios Domain Computers accountssambaSID: $config{SID}-515sambaGroupType: 2displayName: Domain Computersdn: cn=Administrators,$config{groupsdn}objectClass: posixGroupobjectClass: sambaGroupMappinggidNumber: 544cn: Administratorsdescription: Netbios Domain Members can fully administer the computer/sambaDomainNamesambaSID: S-1-5-32-544sambaGroupType: 5displayName: Administrators#dn: cn=Users,$config{groupsdn}#objectClass: posixGroup#objectClass: sambaGroupMapping#gidNumber: 545#cn: Users#description: Netbios Domain Ordinary users#sambaSID: S-1-5-32-545#sambaGroupType: 5#displayName: users#dn: cn=Guests,$config{groupsdn}#objectClass: posixGroup#objectClass: sambaGroupMapping#gidNumber: 546#cn: Guests#memberUid: $guestName#description: Netbios Domain Users granted guest access to the computer/sambaDomainName#sambaSID: S-1-5-32-546#sambaGroupType: 5#displayName: Guests#dn: cn=Power Users,$config{groupsdn}#objectClass: posixGroup#objectClass: sambaGroupMapping#gidNumber: 547#cn: Power Users#description: Netbios Domain Members can share directories and printers#sambaSID: S-1-5-32-547#sambaGroupType: 5#displayName: Power Usersdn: cn=Account Operators,$config{groupsdn}objectClass: posixGroupobjectClass: sambaGroupMappinggidNumber: 548cn: Account Operatorsdescription: Netbios Domain Users to manipulate users accountssambaSID: S-1-5-32-548sambaGroupType: 5displayName: Account Operators#dn: cn=System Operators,$config{groupsdn}#objectClass: posixGroup#objectClass: sambaGroupMapping#gidNumber: 549#cn: System Operators#description: Netbios Domain System Operators#sambaSID: S-1-5-32-549#sambaGroupType: 5#displayName: System Operatorsdn: cn=Print Operators,$config{groupsdn}objectClass: posixGroupobjectClass: sambaGroupMappinggidNumber: 550cn: Print Operatorsdescription: Netbios Domain Print OperatorssambaSID: S-1-5-32-550sambaGroupType: 5displayName: Print Operatorsdn: cn=Backup Operators,$config{groupsdn}objectClass: posixGroupobjectClass: sambaGroupMappinggidNumber: 551cn: Backup Operatorsdescription: Netbios Domain Members can bypass file security to back up filessambaSID: S-1-5-32-551sambaGroupType: 5displayName: Backup Operatorsdn: cn=Replicators,$config{groupsdn}objectClass: posixGroupobjectClass: sambaGroupMappinggidNumber: 552cn: Replicatorsdescription: Netbios Domain Supports file replication in a sambaDomainNamesambaSID: S-1-5-32-552sambaGroupType: 5displayName: Replicators";  if ("sambaDomainName=$domain,$config{suffix}" eq $config{sambaUnixIdPooldn}) {    $entries.="dn: sambaDomainName=$domain,$config{suffix}objectClass: sambaDomainobjectClass: sambaUnixIdPoolsambaDomainName: $domainsambaSID: $config{SID}uidNumber: $firstuidNumbergidNumber: $firstgidNumber";  } else {    $entries.="dn: $config{sambaUnixIdPooldn}objectClass: inetOrgPersonobjectClass: sambaUnixIdPooluidNumber: $firstuidNumbergidNumber: $firstgidNumbercn: $cnsambaUnixIdPoolsn: $cnsambaUnixIdPool";  }  open (FILE, ">$tmp_ldif_file") || die "Can't open file $tmp_ldif_file: $!\n";  print FILE <<EOF;$entriesEOF  close FILE;} else {  $tmp_ldif_file=$_ldifName;}if (!defined $Options{'e'}) {  my $ldap_master=connect_ldap_master();  my $ldif = Net::LDAP::LDIF->new($tmp_ldif_file, "r", onerror => 'undef' );  while ( not $ldif->eof() ) {    my $entry = $ldif->read_entry();    if ( $ldif->error() ) {      print "Error msg: ",$ldif->error(),"\n";      print "Error lines:\n",$ldif->error_lines(),"\n";    } else {      my $dn = $entry->dn;      # we first check if the entry exist      my $mesg = $ldap_master->search (				       base => "$dn",				       scope => "base",				       filter => "objectclass=*"				      );      $mesg->code;      my $nb=$mesg->count;      if ($nb == 1 ) {	print "entry $dn already exist. ";	if ($dn eq $config{sambaUnixIdPooldn}) {	  print "Updating it...\n";	  my @mods;	  foreach my $attr_tmp ($entry->attributes) {	    push(@mods,$attr_tmp=>[$entry->get_value("$attr_tmp")]);	  }	  my $modify = $ldap_master->modify ( "$dn",					      'replace' => { @mods },					    );	  $modify->code && warn "failed to modify entry: ", $modify->error ;	} else {	  print "\n";	}      } else {	print "adding new entry: $dn\n";	my $result=$ldap_master->add($entry);	$result->code && warn "failed to add entry: ", $result->error ;      }    }  }  $ldap_master->unbind;  if (!defined $Options{'i'}) {    system "rm -f $tmp_ldif_file";  }  # secure the admin account  print "\nPlease provide a password for the domain $adminName: \n";  system("$RealBin/smbldap-passwd $adminName");} else {  print "exported ldif file: $tmp_ldif_file\n";}exit(0);########################################=head1 NAMEsmbldap-populate - Populate your LDAP database=head1 SYNOPSISsmbldap-populate [ldif-file]=head1 DESCRIPTIONThe smbldap-populate command helps to populate an LDAP server by adding the necessary entries : base suffix (doesn't abort if already there), organizational units for users, groups and computers, builtin users : Administrator and guest, builtin groups (though posixAccount only, no SambaTNG support).-a name Your local administrator login name (default: Administrator)-b name Your local guest login name (default: nobody)-e file export an ldif file-i file import an ldif file (Options -a and -b will be ignored)=head1 FILES       /etc/opt/IDEALX/smbldap-tools/smbldap.conf : main configuration       /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf : credentials for binding to the directory=head1 SEE ALSO       smb.conf(5)=cut#'# - The End
💿 文件大小 17132 K
👤 上传用户 albert333
📂 所属分类网络
🏷️ 相关标签

#samba #tar #smb #22
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -