📄 smbldap-groupmod
字号:
#!/usr/bin/perl -w# $Id: smbldap-groupmod,v 1.10 2005/01/08 12:04:45 jtournier Exp $## This code was developped by IDEALX (http://IDEALX.org/) and# contributors (their names can be found in the CONTRIBUTORS file).## Copyright (C) 2001-2002 IDEALX## This program is free software; you can redistribute it and/or# modify it under the terms of the GNU General Public License# as published by the Free Software Foundation; either version 2# of the License, or (at your option) any later version.## This program is distributed in the hope that it will be useful,# but WITHOUT ANY WARRANTY; without even the implied warranty of# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the# GNU General Public License for more details.## You should have received a copy of the GNU General Public License# along with this program; if not, write to the Free Software# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,# USA.# Purpose of smbldap-groupmod : group (posix) modificationuse strict;use FindBin;use FindBin qw($RealBin);use lib "$RealBin/";use smbldap_tools;#####################use Getopt::Std;my %Options;my $ok = getopts('ag:n:m:or:s:t:x:?', \%Options);if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) ) { print_banner; print "Usage: $0 [-a] [-g gid [-o]] [-n name] [-m members(,)] [-x members (,)] [-r rid] [-s sid] [-t type] groupname\n"; print " -a add automatic group mapping entry\n"; print " -g new gid\n"; print " -o gid is not unique\n"; print " -n new group name\n"; print " -m add members (comma delimited)\n"; print " -r group-rid\n"; print " -s group-sid\n"; print " -t group-type\n"; print " -x delete members (comma delimted)\n"; print " -? show this help message\n"; exit (1);}my $groupName = $ARGV[0];my $group_entry;my $ldap_master=connect_ldap_master();if (! ($group_entry = read_group_entry($groupName))) { print "$0: group $groupName doesn't exist\n"; exit (6);}my $newname = $Options{'n'};my $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";if ($nscd_status == 0) { system "/etc/init.d/nscd restart > /dev/null 2>&1";}my $gid = getgrnam($groupName);unless (defined ($gid)) { print "$0: group $groupName not found!\n"; exit(6);}my $tmp;if (defined($tmp = $Options{'g'}) and $tmp =~ /\d+/) { if (!defined($Options{'o'})) { if (defined(getgrgid($tmp))) { print "$0: gid $tmp exists\n"; exit (6); } } if (!($gid == $tmp)) { my $modify = $ldap_master->modify ( "cn=$groupName,$config{groupsdn}", changes => [ replace => [gidNumber => $tmp] ] ); $modify->code && die "failed to modify entry: ", $modify->error ; }}if (defined($newname)) { my $modify = $ldap_master->moddn ( "cn=$groupName,$config{groupsdn}", newrdn => "cn=$newname", deleteoldrdn => "1", newsuperior => "$config{groupsdn}" ); $modify->code && die "failed to modify entry: ", $modify->error ; # take down session}# Add membersif (defined($Options{'m'})) { my $members = $Options{'m'}; my @members = split( /,/, $members ); my $member; foreach $member ( @members ) { my $group_entry=read_group_entry($groupName); $config{groupsdn}=$group_entry->dn; if (is_unix_user($member)) { if (is_group_member($config{groupsdn},$member)) { print "User $member already in the group\n"; } else { print "adding user $member to group $groupName\n"; my $modify = $ldap_master->modify ($config{groupsdn}, changes => [ add => [memberUid => $member] ] ); $modify->code && warn "failed to add entry: ", $modify->error ; } } else { print "User $member does not exist: create it first !\n"; } }}# Delete membersif (defined($Options{'x'})) { my $members = $Options{'x'}; my @members = split( /,/, $members ); my $member; foreach $member ( @members ) { my $user_entry=read_user_entry($member); my $group_entry=read_group_entry($groupName); $config{groupsdn}=$group_entry->dn; if (is_group_member("$config{groupsdn}",$member)) { if ($group_entry->get_value('sambaSID') ne $user_entry->get_value('sambaPrimaryGroupSID')) { print "deleting user $member from group $groupName\n"; my $modify = $ldap_master->modify ($config{groupsdn}, changes => [ delete => [memberUid => $member] ] ); $modify->code && warn "failed to delete entry: ", $modify->error ; } else { print "Cannot delete user ($member) from his primary group ($groupName)\n"; } } else { print "User $member is not in the group $groupName!\n"; } }}my $group_sid;if ($tmp= $Options{'s'}) { if ($tmp =~ /^S-(?:\d+-)+\d+$/) { $group_sid = $tmp; } else { print "$0: illegal group-rid $tmp\n"; exit(7); }} elsif ($Options{'r'} || $Options{'a'}) { my $group_rid; if ($tmp= $Options{'r'}) { if ($tmp =~ /^\d+$/) { $group_rid = $tmp; } else { print "$0: illegal group-rid $tmp\n"; exit(7); } } else { # algorithmic mapping $group_rid = 2*$gid+1001; } $group_sid = $config{SID}.'-'.$group_rid;}if ($group_sid) { my @adds; my @mods; push(@mods, 'sambaSID' => $group_sid); if ($tmp= $Options{'t'}) { my $group_type; if (defined($group_type = &group_type_by_name($tmp))) { push(@mods, 'sambaGroupType' => $group_type); } else { print "$0: unknown group type $tmp\n"; exit(8); } } else { if (! defined($group_entry->get_value('sambaGroupType'))) { push(@mods, 'sambaGroupType' => group_type_by_name('domain')); } } my @oc = $group_entry->get_value('objectClass'); unless (grep($_ =~ /^sambaGroupMapping$/i, @oc)) { push (@adds, 'objectClass' => 'sambaGroupMapping'); } my $modify = $ldap_master->modify ( "cn=$groupName,$config{groupsdn}", changes => [ 'add' => [ @adds ], 'replace' => [ @mods ] ] ); $modify->code && warn "failed to delete entry: ", $modify->error ;}$nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";if ($nscd_status == 0) { system "/etc/init.d/nscd restart > /dev/null 2>&1";}# take down session$ldap_master->unbind;exit (0);############################################################=head1 NAMEsmbldap-groupmod - Modify a group=head1 SYNOPSISsmbldap-groupmod [-g gid [-o]] [-a] [-r rid] [-s sid] [-t group type] [-n group_name ] [-m members(,)] [-x members (,)] group=head1 DESCRIPTIONThe smbldap-groupmod command modifies the system account files toreflect the changes that are specified on the command line.The options which apply to the smbldap-groupmod command are-g gid The numerical value of the group's ID. This value must be unique, unless the -o option is used. The value must be non- negative. Any files which the old group ID is the file group ID must have the file group ID changed manually.-n group_name The name of the group will be changed from group to group_name.-m members The members to be added to the group in comma-delimeted form.-x members The members to be removed from the group in comma-delimted form.-a add an automatic Security ID for the group (SID). The rid of the group is calculated from the gidNumber of the group as rid=2*gidNumber+1001. Thus the resulted SID of the group is $SID-$rid where $SID and $rid are the domain SID and the group rid-s sid set the group SID. The SID must be unique and defined with the domain Security ID ($SID) like sid=$SID-rid where rid is the group rid.-r rid set the group rid. The SID is then calculated as sid=$SID-rid where $SID is the domain Security ID.-t group type set the NT Group type for the new group. Available values are 2 (domain group), 4 (local group) and 5 (builtin group). The default group type is 2.=head1 EXAMPLESsmbldap-groupmod -g 253 development This will change the GID of the 'development' group to '253'.smbldap-groupmod -n Idiots Managers This will change the name of the 'Managers' group to 'Idiots'.smbldap-groupmod -m "jdoe,jsmith" "Domain Admins" This will add 'jdoe' and 'jsmith' to the 'Domain Admins' group.smbldap-groupmod -x "jdoe,jsmith" "Domain Admins" This will remove 'jdoe' and 'jsmith' from the 'Domain Admins' group.=head1 SEE ALSO groupmod(1)=cut#'⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -