4 # Copyright (c) 1999 Jason Gunthorpe <jgg@debian.org>
5 # Copyright (c) 2003 James Troup <troup@debian.org>
6 # Copyright (c) 2004 Joey Schulze <joey@debian.org>
8 # This program is free software; you can redistribute it and/or modify
9 # it under the terms of the GNU General Public License as published by
10 # the Free Software Foundation; either version 2 of the License, or
11 # (at your option) any later version.
13 # This program is distributed in the hope that it will be useful,
14 # but WITHOUT ANY WARRANTY; without even the implied warranty of
15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 # GNU General Public License for more details.
18 # You should have received a copy of the GNU General Public License
19 # along with this program; if not, write to the Free Software
20 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 # Imports passwd, shadow and group files into the directory.
23 # You should cleanse the files of anything you do not want to add to the
26 # The first step is to call this script to import the passwd file and
27 # create all the new entries. This should be done on an empty freshly
28 # initialized directory with the rootdn/password set in the server.
29 # The command to execute is
30 # ldapimport -a -p ~/passwd
31 # The -a tells the script to add all the entries it finds, it should be
34 # The next step is to import the shadow file and group, no clensing need be
36 # this as any entries that do not exist will be ignored (silently)
37 # ldapimport -s /etc/shadow -g /etc/group
40 import re, time, ldap, getopt, sys;
41 from userdir_ldap import *;
49 # This parses a gecos field and returns a tuple containing the new normalized
50 # field and the first, middle and last name of the user. Gecos is formed
51 # in the standard debian manner with 5 feilds seperated by commas
52 def ParseGecos(Field):
53 Gecos = re.split("[,:]",Field);
58 (cn,mn,sn) = NameSplit(Gecos[0]);
60 # Normalize the gecos field
64 while (len(Gecos) < 5):
67 Gecos = ["","","","",""];
69 # Reconstruct the gecos after mauling it
70 Field = Gecos[0] + "," + Gecos[1] + "," + Gecos[2] + "," + \
71 Gecos[3] + "," + Gecos[4];
72 return (Field,cn,mn,sn);
74 # Read the passwd file into the database
75 def DoPasswd(l,Passwd):
76 # Read the passwd file and import it
77 Passwd = open(Passwd,"r");
80 Line = Passwd.readline();
84 Split = re.split("[:\n]",Line);
85 (Split[4],cn,mn,sn) = ParseGecos(Split[4]);
86 Split[2] = int(Split[2])
87 Split[3] = int(Split[3])
88 Rec = [("uid",Split[0]),
89 ("uidNumber",Split[2]),
90 ("gidNumber",Split[3]),
92 ("homeDirectory",Split[5]),
93 ("loginShell",Split[6]),
97 # Avoid schema check complaints when mn is empty
101 Dn = "uid=" + Split[0] + "," + BaseDn;
102 print "Importing", Dn
110 Rec.append(("objectClass", UserObjectClasses))
114 except ldap.ALREADY_EXISTS:
118 # Send the modify request
119 ModRec = [(ldap.MOD_REPLACE, k[0], k[1]) for k in Rec]
121 Outstanding = Outstanding + 1;
122 Outstanding = FlushOutstanding(l,Outstanding,1);
125 FlushOutstanding(l,Outstanding);
127 # Read the shadow file into the database
128 def DoShadow(l,Shadow):
129 # Read the passwd file and import it
130 Shadow = open(Shadow,"r");
133 Line = Shadow.readline();
137 Split = re.split("[:\n]",Line);
139 # Ignore system accounts with no password, they do not belong in the
141 if (Split[1] == 'x' or Split[1] == '*'):
142 print "Ignoring system account,",Split[0];
146 Split[x] = int(Split[x])
148 Rec = [(ldap.MOD_REPLACE,"shadowLastChange",Split[2]),
149 (ldap.MOD_REPLACE,"shadowMin",Split[3]),
150 (ldap.MOD_REPLACE,"shadowMax",Split[4]),
151 (ldap.MOD_REPLACE,"shadowWarning",Split[5])]
153 # Avoid schema violations
155 Rec.append((ldap.MOD_REPLACE,"shadowInactive",Split[6]))
158 Rec.append((ldap.MOD_REPLACE,"shadowExpire",Split[7]))
160 if (WritePasses == 1):
161 Rec.append((ldap.MOD_REPLACE,"userPassword","{crypt}"+Split[1]));
163 Dn = "uid=" + Split[0] + "," + BaseDn;
164 print "Importing",Dn,
167 # Send the modify request
169 Outstanding = Outstanding + 1;
171 Outstanding = FlushOutstanding(l,Outstanding,1);
172 FlushOutstanding(l,Outstanding);
174 # Read the group file into the database
175 def DoGroup(l,Group):
176 # Read the passwd file and import it
177 Group = open(Group,"r");
180 Line = Group.readline();
184 # Split up the group information
185 Split = re.split("[:\n]",Line);
186 Members = re.split("[, ]*",Split[3]);
187 Split[2] = int(Split[2])
189 # Iterate over the membership list and add the membership information
191 Rec = [(ldap.MOD_ADD,"supplementaryGid",Split[0])];
197 Dn = "uid=" + x + "," + BaseDn;
198 print "Adding",Dn,"to group",Split[0];
201 # Send the modify request
203 Outstanding = Outstanding + 1;
204 Outstanding = FlushOutstanding(l,Outstanding,1);
209 Rec = [(ldap.MOD_REPLACE,"gid",Split[0]),
210 (ldap.MOD_REPLACE,"gidNumber",Split[2])];
212 Dn = "gid=" + Split[0] + "," + BaseDn;
213 print "Importing",Dn,
216 # Unfortunately add_s does not take the same args as modify :|
219 l.add_s(Dn,[("gid",Split[0]),
220 ("objectClass", GroupObjectClasses)])
221 except ldap.ALREADY_EXISTS:
224 # Send the modify request
226 Outstanding = Outstanding + 1;
229 FlushOutstanding(l,Outstanding);
232 (options, arguments) = getopt.getopt(sys.argv[1:], "ap:s:g:xu:")
233 for (switch, val) in options:
238 elif (switch == '-p'):
240 elif (switch == '-s'):
242 elif (switch == '-g'):
244 elif (switch == '-u'):
247 # Main program starts here
249 # Connect to the ldap server
250 l = passwdAccessLDAP(LDAPServer, BaseDn, AdminUser)