Mon Jun 16 16:04:25 2008 UTC ()
Importing smbldap-tools version 0.9.5. It has still experimental phase.
Smbldap-tools is a set of scripts designed to help integrate Samba and
a LDAP directory. They target both users and administrators of unix
systems.
Users can change their password in a way similar to the standard
`passwd' command.
Administrators can perform user and group management command line
actions and synchronise Samba account management consistently.
A version of these tools are bundled with samba, but this set is from
the master development site and is generally more up to date.
Status:
Vendor Tag: TNF
Release Tags: pkgsrc-base
(taca)
diff -r0 -r1.1.1.1 pkgsrc/sysutils/smbldap-tools/PLIST
diff -r0 -r1.1.1.1 pkgsrc/sysutils/smbldap-tools/MESSAGE
diff -r0 -r1.1.1.1 pkgsrc/sysutils/smbldap-tools/Makefile
diff -r0 -r1.1.1.1 pkgsrc/sysutils/smbldap-tools/DESCR
diff -r0 -r1.1.1.1 pkgsrc/sysutils/smbldap-tools/distinfo
diff -r0 -r1.1.1.1 pkgsrc/sysutils/smbldap-tools/patches/patch-aa
diff -r0 -r1.1.1.1 pkgsrc/sysutils/smbldap-tools/patches/patch-ab
diff -r0 -r1.1.1.1 pkgsrc/sysutils/smbldap-tools/patches/patch-ac
diff -r0 -r1.1.1.1 pkgsrc/sysutils/smbldap-tools/patches/patch-ad
diff -r0 -r1.1.1.1 pkgsrc/sysutils/smbldap-tools/patches/patch-ae
diff -r0 -r1.1.1.1 pkgsrc/sysutils/smbldap-tools/patches/patch-af
diff -r0 -r1.1.1.1 pkgsrc/sysutils/smbldap-tools/patches/patch-ag
diff -r0 -r1.1.1.1 pkgsrc/sysutils/smbldap-tools/patches/patch-ah
diff -r0 -r1.1.1.1 pkgsrc/sysutils/smbldap-tools/patches/patch-ai
@comment $NetBSD: PLIST,v 1.1.1.1 2008/06/16 16:04:25 taca Exp $
bin/smbldap-passwd
${PERL5_SUB_INSTALLVENDORLIB}/smbldap_tools.pm
sbin/smbldap-groupadd
sbin/smbldap-groupdel
sbin/smbldap-groupmod
sbin/smbldap-groupshow
sbin/smbldap-useradd
sbin/smbldap-userdel
sbin/smbldap-userinfo
sbin/smbldap-usermod
sbin/smbldap-usershow
sbin/smbldap-tools/configure.pl
sbin/smbldap-tools/smbldap-populate
sbin/smbldap-tools/smbldap-migrate-pwdump-accounts
sbin/smbldap-tools/smbldap-migrate-pwdump-groups
sbin/smbldap-tools/smbldap-migrate-unix-accounts
sbin/smbldap-tools/smbldap-migrate-unix-groups
share/doc/smbldap-tools/smbldap-tools.html
share/doc/smbldap-tools/smbldap-tools.pdf
share/examples/smbldap-tools/slapd.conf
share/examples/smbldap-tools/smb.conf
share/examples/smbldap-tools/smbldap.conf
share/examples/smbldap-tools/smbldap_bind.conf
@dirrm share/examples/smbldap-tools
@dirrm share/doc/smbldap-tools
@dirrm sbin/smbldap-tools
===========================================================================
$NetBSD: MESSAGE,v 1.1.1.1 2008/06/16 16:04:25 taca Exp $
Please use this package with caution since it includes experimental
patches.
===========================================================================
# $NetBSD: Makefile,v 1.1.1.1 2008/06/16 16:04:25 taca Exp $
DISTNAME= smbldap-tools-0.9.5
CATEGORIES= sysutils net databases
MASTER_SITES= http://download.gna.org/smbldap-tools/packages/
EXTRACT_SUFX= .tgz
MAINTAINER= pkgsrc-users@NetBSD.org
HOMEPAGE= https://gna.org/projects/smbldap-tools/
COMMENT= Set of ldap administration scripts for samba
DEPENDS+= samba>=3.0.22:../../net/samba
DEPENDS+= p5-perl-ldap>=0.33:../../databases/p5-perl-ldap
DEPENDS+= p5-Crypt-SmbHash>=0.12:../../security/p5-Crypt-SmbHash
DEPENDS+= p5-Digest-SHA1>=2.11:../../security/p5-Digest-SHA1
DEPENDS+= p5-Unicode-MapUTF8-[0-9]*:../../converters/p5-Unicode-MapUTF8
NO_BUILD= yes
USE_TOOLS+= perl:run
WRKSRC= ${WRKDIR}/smbldap-tools-0.9.5
SMBLDAP_CONF= smbldap.conf smbldap_bind.conf
SMBLDAP_DOCS= doc/smbldap-tools.html doc/smbldap-tools.pdf
SMBLDAP_EG= doc/slapd.conf doc/smb.conf
SMBLDAP_LIBS= smbldap_tools.pm
SMBLDAP_PASSWD= smbldap-passwd
SMBLDAP_TOOLS= smbldap-groupadd smbldap-groupdel smbldap-groupmod \
smbldap-groupshow \
smbldap-useradd smbldap-userdel smbldap-userinfo \
smbldap-usermod smbldap-usershow
SMBLDAP_UTILS= configure.pl smbldap-populate \
doc/migration_scripts/smbldap-migrate-pwdump-accounts \
doc/migration_scripts/smbldap-migrate-pwdump-groups \
doc/migration_scripts/smbldap-migrate-unix-accounts \
doc/migration_scripts/smbldap-migrate-unix-groups
REPLACE_PERL= ${SMBLDAP_LIBS} ${SMBLDAP_PASSWD} ${SMBLDAP_TOOLS} \
${SMBLDAP_UTILS}
SUBST_CLASSES+= path
SUBST_STAGE.path= pre-install
SUBST_FILES.path= configure.pl doc/slapd.conf doc/smb.conf
SUBST_FILES.path+= smbldap_tools.pm smbldap.conf
SUBST_SED.path= -e "s,@PREFIX@,${PREFIX},g"
SUBST_SED.path+= -e "s,@OPENLDAP_VARDIR@,${OPENLDAP_VARDIR},g"
SUBST_SED.path+= -e "s,@PKG_SYSCONFDIR@,${PKG_SYSCONFDIR},g"
SUBST_SED.path+= -e "s,@SAMBA_PIDDIR@,${SAMBA_PIDDIR},g"
SUBST_CLASSES+= conf
SUBST_STAGE.conf= pre-install
SUBST_FILES.conf= configure.pl
SUBST_SED.conf+= -e '/\$$Source: /home/ryo/public_nerv/netbsd/pkgsrc/cvsroot/pkgsrc/sysutils/smbldap-tools/Makefile,v $$]//g'
SUBST_SED.conf+= -e '/\$$Id: Makefile,v 1.1.1.1 2008/06/16 16:04:25 taca Exp $$]//g'
EGDIR= share/examples/smbldap-tools
CONF_FILES+= ${EGDIR}/smbldap.conf ${PKG_SYSCONFDIR}/smbldap.conf
CONF_FILES_PERMS+= ${EGDIR}/smbldap_bind.conf \
${PKG_SYSCONFDIR}/smbldap_bind.conf \
${BINOWN} ${BINGRP} 0600
BUILD_DEFS= VARBASE
INSTALLATION_DIRS= bin sbin/smbldap-tools share/doc/smbldap-tools ${EGDIR}
.include "../../mk/bsd.prefs.mk"
PKG_SYSCONFSUBDIR?= smbldap-tools
OPENLDAP_VARDIR?= ${VARBASE}/openldap
SAMBA_PIDDIR?= ${VARBASE}/run
do-install:
.for f in ${SMBLDAP_LIBS}
${INSTALL_DATA} ${WRKSRC}/${f} ${DESTDIR}${PERL5_INSTALLVENDORLIB}
.endfor
.for f in ${SMBLDAP_PASSWD}
${INSTALL_SCRIPT} ${WRKSRC}/${f} ${DESTDIR}${PREFIX}/bin
.endfor
.for f in ${SMBLDAP_TOOLS}
${INSTALL_SCRIPT} ${WRKSRC}/${f} ${DESTDIR}${PREFIX}/sbin
.endfor
.for f in ${SMBLDAP_UTILS}
${INSTALL_SCRIPT} ${WRKSRC}/${f} ${DESTDIR}${PREFIX}/sbin/smbldap-tools
.endfor
.for f in ${SMBLDAP_CONF} ${SMBLDAP_EG}
${INSTALL_DATA} ${WRKSRC}/${f} \
${DESTDIR}${PREFIX}/share/examples/smbldap-tools
.endfor
.for f in ${SMBLDAP_DOCS}
${INSTALL_DATA} ${WRKSRC}/${f} \
${DESTDIR}${PREFIX}/share/doc/smbldap-tools
.endfor
.include "../../lang/perl5/vars.mk"
.include "../../mk/bsd.pkg.mk"
Smbldap-tools is a set of scripts designed to help integrate Samba and
a LDAP directory. They target both users and administrators of unix
systems.
Users can change their password in a way similar to the standard
`passwd' command.
Administrators can perform user and group management command line
actions and synchronise Samba account management consistently.
A version of these tools are bundled with samba, but this set is from
the master development site and is generally more up to date.
$NetBSD: distinfo,v 1.1.1.1 2008/06/16 16:04:25 taca Exp $
SHA1 (smbldap-tools-0.9.5.tgz) = 05534385b6f7d031d0721d64f339bf8d166a68f5
RMD160 (smbldap-tools-0.9.5.tgz) = 055d7dc059d19ad153412c449d1448858c1fe42c
Size (smbldap-tools-0.9.5.tgz) = 303131 bytes
SHA1 (patch-aa) = f49e131afbead61baafef55bc5d8a5dd700bbf7d
SHA1 (patch-ab) = f785d67107435cc94ed202de84249aa4f95dd7fd
SHA1 (patch-ac) = db681d57c9eb1b6195e77bd7d58431f3bb773421
SHA1 (patch-ad) = ec00520ae444ed7842e6139bf592b855e0de491f
SHA1 (patch-ae) = b9909ba4c29aa894c133d21fdd73183b51fbc0de
SHA1 (patch-af) = 3eedae8c4fa29736231ffa0a6885a3f416f58d04
SHA1 (patch-ag) = f8b0f27ab3938f82b22df01c126f75d196157099
SHA1 (patch-ah) = cd2e2b15061e0f1c0c2d0cf9aedf9d90a106342a
SHA1 (patch-ai) = ed9f750eeb5985846df3fa6652cc8796f1d7736b
$NetBSD: patch-aa,v 1.1.1.1 2008/06/16 16:04:25 taca Exp $
--- configure.pl.orig 2008-04-22 17:13:29.000000000 +0900
+++ configure.pl
@@ -31,6 +31,7 @@
use strict;
use File::Basename;
+use FileHandle;
# we need to be root to configure the scripts
if ($< != 0) {
@@ -49,16 +50,19 @@ Before starting, check
print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n";
# we first check if Samba is up and running
-my $test_smb=`pidof smbd`;
-chomp($test_smb);
+my $test_smb;
+$test_smb = read_pidfile('@SAMBA_PIDDIR@/smbd.pid');
+if (not defined $test_smb) {
+ $test_smb =`pidof smbd`;
+ chomp($test_smb);
+}
+
die "\nSamba need to be started first !\n" if ($test_smb eq "" || not defined $test_smb);
print "Looking for configuration files...\n\n";
my $smb_conf="";
-if (-e "/etc/samba/smb.conf") {
- $smb_conf="/etc/samba/smb.conf";
-} elsif (-e "/usr/local/samba/lib/smb.conf") {
- $smb_conf="/usr/local/samba/lib/smb.conf";
+if (-e "@PREFIX@/etc/samba/smb.conf") {
+ $smb_conf="@PREFIX@/etc/samba/smb.conf";
}
print "Samba Configuration File Path [$smb_conf] > ";
chomp(my $config_smb=<STDIN>);
@@ -66,14 +70,7 @@ if ($config_smb ne "") {
$smb_conf=$config_smb;
}
-my $conf_dir;
-if (-d "/etc/opt/IDEALX/smbldap-tools") {
- $conf_dir="/etc/opt/IDEALX/smbldap-tools/";
-} elsif (-d "/etc/smbldap-tools") {
- $conf_dir="/etc/smbldap-tools/";
-} else {
- $conf_dir="/etc/opt/IDEALX/smbldap-tools/";
-}
+my $conf_dir = '@PKG_SYSCONFDIR@';
print "\nThe default directory in which the smbldap configuration files are stored is shown.\n";
print "If you need to change this, enter the full directory path, then press enter to continue.\n";
@@ -304,7 +301,7 @@ my $default_user_gidnumber=read_entry(".
my $default_computer_gidnumber=read_entry(". default computer gidNumber","","515",0);
-my $userLoginShell=read_entry(". default login shell","","/bin/bash",0);
+my $userLoginShell=read_entry(". default login shell","","/bin/csh",0);
my $skeletonDir=read_entry(". default skeleton directory","","/etc/skel",0);
@@ -528,12 +525,12 @@ mailDomain=\"$mailDomain\"
# Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but
# prefer Crypt::SmbHash library
with_smbpasswd=\"0\"
-smbpasswd=\"/usr/bin/smbpasswd\"
+smbpasswd=\"@PREFIX@/bin/smbpasswd\"
# Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)
# but prefer Crypt:: libraries
with_slappasswd=\"0\"
-slappasswd=\"/usr/sbin/slappasswd\"
+slappasswd=\"@PREFIX@/sbin/slappasswd\"
# comment out the following line to get rid of the default banner
# no_banner=\"1\"
@@ -574,5 +571,15 @@ print " $smbldap_bind_conf done.\n";
$mode=0600;
chmod $mode,"$smbldap_bind_conf","$smbldap_bind_conf.old";
-
-
+sub read_pidfile {
+ my($file) = @_;
+ my($fh, $line);
+
+ $fh = new FileHandle $file;
+ if (defined $fh) {
+ $line = $fh->getline;
+ chomp($line);
+ $fh->close;
+ }
+ return $line;
+}
$NetBSD: patch-ab,v 1.1.1.1 2008/06/16 16:04:25 taca Exp $
--- doc/slapd.conf.orig 2008-04-22 17:13:30.000000000 +0900
+++ doc/slapd.conf
@@ -2,11 +2,11 @@
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
-include /etc/openldap/schema/core.schema
-include /etc/openldap/schema/cosine.schema
-include /etc/openldap/schema/inetorgperson.schema
-include /etc/openldap/schema/nis.schema
-include /etc/openldap/schema/samba.schema
+include @PREFIX@/etc/openldap/schema/core.schema
+include @PREFIX@/etc/openldap/schema/cosine.schema
+include @PREFIX@/etc/openldap/schema/inetorgperson.schema
+include @PREFIX@/etc/openldap/schema/nis.schema
+include @PREFIX@/etc/openldap/schema/samba.schema
schemacheck on
@@ -17,11 +17,11 @@ allow bind_v2
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
-pidfile /var/run/slapd.pid
-argsfile /var/run/slapd.args
+pidfile @OPENLDAP_VARDIR@/run/slapd.pid
+argsfile @OPENLDAP_VARDIR@/run/slapd.args
# Load dynamic backend modules:
-# modulepath /usr/sbin/openldap
+# modulepath @PREFIX@/lib/openldap
# moduleload back_bdb.la
# moduleload back_ldap.la
# moduleload back_ldbm.la
@@ -33,9 +33,9 @@ argsfile /var/run/slapd.args
# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
# slapd.pem so that the ldap user or group can read it. Your client software
# may balk at self-signed certificates, however.
-#TLSCertificateFile /etc/openldap/ldap.company.com.pem
-#TLSCertificateKeyFile /etc/openldap/ldap.company.com.key
-#TLSCACertificateFile /etc/openldap/ca.pem
+#TLSCertificateFile @PREFIX@/etc/openldap/ldap.example.com.pem
+#TLSCertificateKeyFile @PREFIX@/etc/openldap/ldap.example.com.key
+#TLSCACertificateFile @PREFIX@/etc/openldap/ca.pem
#TLSCipherSuite :SSLv3
# Sample security restrictions
@@ -70,8 +70,8 @@ argsfile /var/run/slapd.args
#######################################################################
database bdb
-suffix "dc=company,dc=com"
-rootdn "cn=Manager,dc=company,dc=com"
+suffix "dc=example,dc=com"
+rootdn "cn=Manager,dc=example,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoided. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
@@ -81,7 +81,7 @@ rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
-directory /var/lib/ldap
+directory @OPENLDAP_VARDIR@/openldap-data
lastmod on
# Indices to maintain for this database
@@ -102,7 +102,7 @@ index default sub
# users can authenticate and change their password
access to attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdMustChange,sambaPwdLastSet
- by dn="cn=Manager,dc=company,dc=com" write
+ by dn="cn=Manager,dc=example,dc=com" write
by self write
by anonymous auth
by * none
@@ -110,7 +110,7 @@ access to attrs=userPassword,sambaNTPass
# those 2 parameters must be world readable for password aging to work correctly
# (or use a priviledge account in /etc/ldap.conf to bind to the directory)
access to attrs=shadowLastChange,shadowMax
- by dn="cn=Manager,dc=company,dc=com" write
+ by dn="cn=Manager,dc=example,dc=com" write
by self write
by * read
@@ -119,7 +119,7 @@ access to *
by * read
# Replicas of this database
-#replogfile /var/lib/ldap/openldap-master-replog
+#replogfile @OPENLDAP_VARDIR@/openldap-data/openldap-master-replog
#replica host=ldap-1.example.com:389 starttls=critical
# bindmethod=sasl saslmech=GSSAPI
# authcId=host/ldap-master.example.com@EXAMPLE.COM
$NetBSD: patch-ac,v 1.1.1.1 2008/06/16 16:04:25 taca Exp $
--- doc/smb.conf.orig 2008-04-22 17:13:30.000000000 +0900
+++ doc/smb.conf
@@ -5,7 +5,7 @@
security = user
enable privileges = yes
#interfaces = 192.168.5.11
- #username map = /etc/samba/smbusers
+ #username map = @PREFIX@/etc/samba/smbusers
server string = Samba Server %v
#security = ads
encrypt passwords = Yes
@@ -20,13 +20,13 @@
# method 2:
unix password sync = yes
ldap passwd sync = no
- passwd program = /usr/sbin/smbldap-passwd -u "%u"
+ passwd program = @PREFIX@/sbin/smbldap-passwd -u "%u"
passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n"
log level = 0
syslog = 0
- log file = /var/log/samba/log.%U
- max log size = 100000
+ #log file = /var/log/samba/log.%U
+ #max log size = 100000
time server = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
@@ -45,22 +45,22 @@
wins support = yes
# passdb backend = ldapsam:"ldap://ldap1.company.com ldap://ldap2.company.com"
passdb backend = ldapsam:ldap://127.0.0.1/
- ldap admin dn = cn=Manager,dc=company,dc=com
- #ldap admin dn = cn=samba,ou=DSA,dc=company,dc=com
- ldap suffix = dc=company,dc=com
+ ldap admin dn = cn=Manager,dc=example,dc=com
+ #ldap admin dn = cn=samba,ou=DSA,dc=example,dc=com
+ ldap suffix = dc=example,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
#ldap idmap suffix = ou=Idmap
- add user script = /usr/sbin/smbldap-useradd -m "%u"
+ add user script = @PREFIX@/sbin/smbldap-useradd -m "%u"
#ldap delete dn = Yes
- delete user script = /usr/sbin/smbldap-userdel "%u"
- add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
- add group script = /usr/sbin/smbldap-groupadd -p "%g"
- #delete group script = /usr/sbin/smbldap-groupdel "%g"
- add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
- delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
- set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
+ delete user script = @PREFIX@/sbin/smbldap-userdel "%u"
+ add machine script = @PREFIX@/sbin/smbldap-useradd -t 0 -w "%u"
+ add group script = @PREFIX@/sbin/smbldap-groupadd -p "%g"
+ #delete group script = @PREFIX@/sbin/smbldap-groupdel "%g"
+ add user to group script = @PREFIX@/sbin/smbldap-groupmod -m "%u" "%g"
+ delete user from group script = @PREFIX@/sbin/smbldap-groupmod -x "%u" "%g"
+ set primary group script = @PREFIX@/sbin/smbldap-usermod -g '%g' '%u'
# printers configuration
#printer admin = @"Print Operators"
$NetBSD: patch-ad,v 1.1.1.1 2008/06/16 16:04:25 taca Exp $
--- smbldap-passwd.orig 2008-04-22 17:13:29.000000000 +0900
+++ smbldap-passwd
@@ -99,6 +99,17 @@ if ($< != 0) {
system "/bin/stty echo" if (-t STDIN);
print "\n";
+ { # Check if user dn is stored in subtree.
+ my $test_conn = connect_ldap_master();
+ my $usersdn = &get_user_dn($user);
+ if ($usersdn && $usersdn =~ /^dn: uid=(.+?)(,(.*))?$config{usersdn}/) {
+ my ($uid,$subtree) = ("","");
+ $uid = $1; $subtree = defined($3)?$3 : "";
+ $config{usersdn} = $subtree . $config{usersdn};
+ }
+ $test_conn->unbind;
+ }
+
$config{masterDN}="uid=$user,$config{usersdn}";
$config{masterPw}="$oldpass";
$ldap_master=connect_ldap_master();
@@ -228,7 +239,7 @@ if ( $samba and $update_samba_passwd ) {
my $winmagic = 2147483647;
my $valacctflags = "[U]";
push(@mods, 'sambaPwdMustChange' => 0);
- push(@mods, 'sambaPwdLastSet' => 0);
+ push(@mods, 'sambaPwdLastSet' => $date);
push(@mods, 'sambaAcctFlags' => $valacctflags);
}
# Let's change nt/lm passwords
$NetBSD: patch-ae,v 1.1.1.1 2008/06/16 16:04:25 taca Exp $
--- smbldap-populate.orig 2008-04-22 17:13:29.000000000 +0900
+++ smbldap-populate
@@ -214,7 +214,7 @@ uidNumber: $adminUidNumber\n";
$userHome=~s/\%U/$adminName/;
$entries.="homeDirectory: $userHome\n";
} else {
- $entries.="homeDirectory: /dev/null\n";
+ $entries.="homeDirectory: /nonexistent\n";
}
$entries.="sambaPwdLastSet: 0
sambaLogonTime: 0
@@ -240,7 +240,7 @@ sambaLMPassword: XXX
sambaNTPassword: XXX
sambaAcctFlags: [U ]
sambaSID: $config{SID}-$adminrid
-loginShell: /bin/false
+loginShell: /sbin/nologin
gecos: Netbios Domain Administrator
dn: uid=$guestName,$config{usersdn}
@@ -256,7 +256,7 @@ objectClass: shadowAccount
gidNumber: 514
uid: $guestName
uidNumber: $guestUidNumber
-homeDirectory: /dev/null
+homeDirectory: /nonexistent
sambaPwdLastSet: 0
sambaLogonTime: 0
sambaLogoffTime: 2147483647
@@ -282,7 +282,7 @@ sambaNTPassword: NO PASSWORDXXXXXXXXXXXX
# account disabled by default
sambaAcctFlags: [NUD ]
sambaSID: $config{SID}-2998
-loginShell: /bin/false
+loginShell: /sbin/nologin
dn: cn=Domain Admins,$config{groupsdn}
objectClass: top
$NetBSD: patch-af,v 1.1.1.1 2008/06/16 16:04:25 taca Exp $
--- smbldap-useradd.orig 2008-04-22 17:13:29.000000000 +0900
+++ smbldap-useradd
@@ -467,7 +467,7 @@ if ( defined( $tmp = $Options{'m'} ) ) {
system "mkdir $userHomeDirectory 2>/dev/null";
}
system
-"chown -R $userName:$userGidNumber $userHomeDirectory 2>/dev/null";
+"chown -R $userUidNumber:$userGidNumber $userHomeDirectory 2>/dev/null";
if ( defined $config{userHomeDirectoryMode} ) {
system
"chmod $config{userHomeDirectoryMode} $userHomeDirectory 2>/dev/null";
$NetBSD: patch-ag,v 1.1.1.1 2008/06/16 16:04:25 taca Exp $
--- smbldap-usermod.orig 2008-04-22 17:13:29.000000000 +0900
+++ smbldap-usermod
@@ -626,7 +626,7 @@ if ( defined( $tmp = $Options{'B'} ) ) {
$_sambaAcctFlags = "\[$letters\]";
push( @mods, 'sambaAcctFlags' => $_sambaAcctFlags );
}
- push( @mods, 'sambaPwdLastSet' => '0' );
+ push( @mods, 'sambaPwdLastSet' => time );
}
else {
$_sambaPwdMustChange = $winmagic;
$NetBSD: patch-ah,v 1.1.1.1 2008/06/16 16:04:25 taca Exp $
--- smbldap.conf.orig 2008-04-22 17:13:29.000000000 +0900
+++ smbldap.conf
@@ -58,7 +58,7 @@ sambaDomain="DOMSMB"
# Slave LDAP server
# Ex: slaveLDAP=127.0.0.1
# If not defined, parameter is set to "127.0.0.1"
-slaveLDAP="ldap.iallanis.info"
+slaveLDAP="ldap.example.info"
# Slave LDAP port
# If not defined, parameter is set to "389"
@@ -67,7 +67,7 @@ slavePort="389"
# Master LDAP server: needed for write operations
# Ex: masterLDAP=127.0.0.1
# If not defined, parameter is set to "127.0.0.1"
-masterLDAP="ldap.iallanis.info"
+masterLDAP="ldap.example.info"
# Master LDAP port
# If not defined, parameter is set to "389"
@@ -92,19 +92,19 @@ verify="require"
# CA certificate
# see "man Net::LDAP" in start_tls section for more details
-cafile="/etc/smbldap-tools/ca.pem"
+cafile="@PKG_SYSCONFDIR@/ca.pem"
# certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
-clientcert="/etc/smbldap-tools/smbldap-tools.iallanis.info.pem"
+clientcert="@PKG_SYSCONFDIR@/smbldap-tools.example.info.pem"
# key certificate to use to connect to the ldap server
# see "man Net::LDAP" in start_tls section for more details
-clientkey="/etc/smbldap-tools/smbldap-tools.iallanis.info.key"
+clientkey="@PKG_SYSCONFDIR@/smbldap-tools.example.info.key"
# LDAP Suffix
# Ex: suffix=dc=IDEALX,dc=ORG
-suffix="dc=iallanis,dc=info"
+suffix="dc=example,dc=info"
# Where are stored Users
# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
@@ -121,6 +121,14 @@ computersdn="ou=Computers,${suffix}"
# Warning: if 'suffix' is not set here, you must set the full dn for groupsdn
groupsdn="ou=Groups,${suffix}"
+# Groups objectclasses, as a space-separated list
+# Ex: groupsclasses="top posixGroup"
+groupsclasses="posixGroup groupOfNames"
+
+# Groups default member (rfc2307bis prohibit empty groups)
+# Ex: groupsdefaultmember="cn=default,${suffix}"
+groupsdefaultmember="cn=default,ou=roles,${suffix}"
+
# Where are stored Idmap entries (used if samba is a domain member server)
# Ex: groupsdn="ou=Idmap,dc=IDEALX,dc=ORG"
# Warning: if 'suffix' is not set here, you must set the full dn for idmapdn
@@ -151,8 +159,8 @@ crypt_salt_format="%s"
# Login defs
# Default Login Shell
-# Ex: userLoginShell="/bin/bash"
-userLoginShell="/bin/bash"
+# Ex: userLoginShell="/bin/csh"
+userLoginShell="/bin/csh"
# Home directory
# Ex: userHome="/home/%U"
@@ -210,7 +218,7 @@ userScript="logon.bat"
# Domain appended to the users "mail"-attribute
# when smbldap-useradd -M is used
# Ex: mailDomain="idealx.com"
-mailDomain="iallanis.info"
+mailDomain="example.info"
##############################################################################
#
@@ -221,12 +229,12 @@ mailDomain="iallanis.info"
# Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but
# prefer Crypt::SmbHash library
with_smbpasswd="0"
-smbpasswd="/usr/bin/smbpasswd"
+smbpasswd="@PREFIX@/bin/smbpasswd"
# Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)
# but prefer Crypt:: libraries
with_slappasswd="0"
-slappasswd="/usr/sbin/slappasswd"
+slappasswd="@PREFIX@/sbin/slappasswd"
# comment out the following line to get rid of the default banner
# no_banner="1"
$NetBSD: patch-ai,v 1.1.1.1 2008/06/16 16:04:25 taca Exp $
--- smbldap_tools.pm.orig 2008-04-22 17:13:29.000000000 +0900
+++ smbldap_tools.pm
@@ -27,28 +27,9 @@ use Net::LDAP;
use Crypt::SmbHash;
use Unicode::MapUTF8 qw(to_utf8 from_utf8);
-my $smbldap_conf;
-if ( -e "/etc/smbldap-tools/smbldap.conf" ) {
- $smbldap_conf = "/etc/smbldap-tools/smbldap.conf";
-}
-else {
- $smbldap_conf = "/etc/opt/IDEALX/smbldap-tools/smbldap.conf";
-}
-
-my $smbldap_bind_conf;
-if ( -e "/etc/smbldap-tools/smbldap_bind.conf" ) {
- $smbldap_bind_conf = "/etc/smbldap-tools/smbldap_bind.conf";
-}
-else {
- $smbldap_bind_conf = "/etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf";
-}
-my $samba_conf;
-if ( -e "/etc/samba/smb.conf" ) {
- $samba_conf = "/etc/samba/smb.conf";
-}
-else {
- $samba_conf = "/usr/local/samba/lib/smb.conf";
-}
+my $smbldap_conf = "@PKG_SYSCONFDIR@/smbldap.conf";
+my $smbldap_bind_conf = "@PKG_SYSCONFDIR@/smbldap_bind.conf";
+my $samba_conf = "@PREFIX@/etc/samba/smb.conf";
use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
use Exporter;
@@ -267,6 +248,15 @@ $config{groupsdn} = get_parameter( "ldap
if ( $config{groupsdn} !~ m/,/ ) {
$config{groupsdn} = $config{groupsdn} . "," . $config{suffix};
}
+if ( ! defined $config{groupsclasses} ) {
+ $config{groupsclasses} = "top posixGroup";
+}
+if ( defined $config{groupsdefaultmember} ) {
+ if ( $config{groupsdefaultmember} !~ m/,/ ) {
+ $config{groupsdefaultmember} =
+ $config{groupsdefaultmember} . "," . $config{suffix};
+ }
+}
$config{computersdn} = get_parameter( "ldap machine suffix", "computersdn" );
if ( $config{computersdn} !~ m/,/ ) {
$config{computersdn} = $config{computersdn} . "," . $config{suffix};
@@ -606,8 +596,8 @@ sub add_posix_machine {
'uid' => "$user",
'uidNumber' => "$uid",
'gidNumber' => "$gid",
- 'homeDirectory' => '/dev/null',
- 'loginShell' => '/bin/false',
+ 'homeDirectory' => '/nonexistent',
+ 'loginShell' => '/sbin/nologin',
'description' => 'Computer',
'gecos' => 'Computer',
]
@@ -764,15 +754,22 @@ sub group_add {
if ( $nscd_status == 0 ) {
system "/etc/init.d/nscd start > /dev/null 2>&1";
}
- my $modify = $ldap->add(
- "cn=$gname,$config{groupsdn}",
- attrs => [
- objectClass => [ 'top', 'posixGroup' ],
- cn => "$gname",
- gidNumber => "$gid"
- ]
+
+ my $entry = Net::LDAP::Entry->new();
+ $entry->dn("cn=$gname,$config{groupsdn}");
+ $entry->add(
+ objectClass => [ split(' ', $config{groupsclasses}) ],
+ cn => "$gname",
+ gidNumber => "$gid"
);
+ if ($config{groupsdefaultmember}) {
+ $entry->add(
+ member => $config{groupsdefaultmember}
+ );
+ }
+ my $modify = $ldap->add($entry);
+
$modify->code && die "failed to add entry: ", $modify->error;
return $gid;
}
@@ -1159,6 +1156,22 @@ sub get_next_id($$) {
my $found = 0;
my $next_uid_mesg;
my $nextuid;
+
+ # retry number
+ my $retrv = 5;
+ # lock directory path
+ my $lockdir = "/tmp/smbldap-useradd";
+ # wait time
+ my $wtime = 3;
+ # create the lockdir
+ while (!mkdir($lockdir,0755)) {
+ if (--$retrv <= 0) {
+ die "System busy and failed to add entry";
+ }
+ # if exist the lockdir, wait x second
+ sleep($wtime);
+ }
+
if ( $ldap_base_dn =~ m/$config{usersdn}/i ) {
# when adding a new user, we'll check if the uidNumber available is not
@@ -1198,9 +1211,14 @@ sub get_next_id($$) {
# now, look if the id or gid is not already used in /etc/passwd or /etc/group
if ( !getpwuid($nextuid) ) {
$found = 1;
+
+ # remove the lockdir
+ rmdir($lockdir);
return $nextuid;
}
}
+ # remove the lockdir
+ rmdir($lockdir);
$tries++;
print
"Cannot confirm $attribute $nextuid is free: checking for the next one\n";