4 # Copyright (c) 1999 Jason Gunthorpe <jgg@debian.org>
5 # Copyright (c) 2003 James Troup <troup@debian.org>
6 # Copyright (c) 2004 Joey Schulze <joey@debian.org>
8 # This program is free software; you can redistribute it and/or modify
9 # it under the terms of the GNU General Public License as published by
10 # the Free Software Foundation; either version 2 of the License, or
11 # (at your option) any later version.
13 # This program is distributed in the hope that it will be useful,
14 # but WITHOUT ANY WARRANTY; without even the implied warranty of
15 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 # GNU General Public License for more details.
18 # You should have received a copy of the GNU General Public License
19 # along with this program; if not, write to the Free Software
20 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
22 # Imports passwd, shadow and group files into the directory.
23 # You should cleanse the files of anything you do not want to add to the
26 # The first step is to call this script to import the passwd file and
27 # create all the new entries. This should be done on an empty freshly
28 # initialized directory with the rootdn/password set in the server.
29 # The command to execute is
30 # ldapimport -a -p ~/passwd
31 # The -a tells the script to add all the entries it finds, it should be
34 # The next step is to import the shadow file and group, no clensing need be
36 # this as any entries that do not exist will be ignored (silently)
37 # ldapimport -s /etc/shadow -g /etc/group
40 import re, time, ldap, getopt, sys;
41 from userdir_ldap import *;
49 # This parses a gecos field and returns a tuple containing the new normalized
50 # field and the first, middle and last name of the user. Gecos is formed
51 # in the standard debian manner with 5 feilds seperated by commas
52 def ParseGecos(Field):
53 Gecos = re.split("[,:]",Field);
58 (cn,mn,sn) = NameSplit(Gecos[0]);
60 # Normalize the gecos field
64 while (len(Gecos) < 5):
67 Gecos = ["","","","",""];
69 # Reconstruct the gecos after mauling it
70 Field = Gecos[0] + "," + Gecos[1] + "," + Gecos[2] + "," + \
71 Gecos[3] + "," + Gecos[4];
72 return (Field,cn,mn,sn);
74 # Read the passwd file into the database
75 def DoPasswd(l,Passwd):
76 # Read the passwd file and import it
77 Passwd = open(Passwd,"r");
80 Line = Passwd.readline();
84 Split = re.split("[:\n]",Line);
85 (Split[4],cn,mn,sn) = ParseGecos(Split[4]);
86 # This just tests whether these are integers and throws an
90 Rec = [("uid",Split[0]),
91 ("uidNumber",Split[2]),
92 ("gidNumber",Split[3]),
94 ("homeDirectory",Split[5]),
95 ("loginShell",Split[6]),
99 # Avoid schema check complaints when mn is empty
101 Rec.append(("mn",mn))
103 Dn = "uid=" + Split[0] + "," + BaseDn;
104 print "Importing", Dn
112 AddRec.append(("objectClass", UserObjectClasses))
116 except ldap.ALREADY_EXISTS:
120 # Send the modify request
121 ModRec = [(ldap.MOD_REPLACE, k[0], k[1]) for k in Rec]
123 Outstanding = Outstanding + 1;
124 Outstanding = FlushOutstanding(l,Outstanding,1);
127 FlushOutstanding(l,Outstanding);
129 # Read the shadow file into the database
130 def DoShadow(l,Shadow):
131 # Read the passwd file and import it
132 Shadow = open(Shadow,"r");
135 Line = Shadow.readline();
139 Split = re.split("[:\n]",Line);
141 # Ignore system accounts with no password, they do not belong in the
143 if (Split[1] == 'x' or Split[1] == '*'):
144 print "Ignoring system account,",Split[0];
150 Rec = [(ldap.MOD_REPLACE,"shadowLastChange",Split[2]),
151 (ldap.MOD_REPLACE,"shadowMin",Split[3]),
152 (ldap.MOD_REPLACE,"shadowMax",Split[4]),
153 (ldap.MOD_REPLACE,"shadowWarning",Split[5])]
155 # Avoid schema violations
157 Rec.append((ldap.MOD_REPLACE,"shadowInactive",Split[6]))
160 Rec.append((ldap.MOD_REPLACE,"shadowExpire",Split[7]))
162 if (WritePasses == 1):
163 Rec.append((ldap.MOD_REPLACE,"userPassword","{crypt}"+Split[1]));
165 Dn = "uid=" + Split[0] + "," + BaseDn;
166 print "Importing",Dn,
169 # Send the modify request
171 Outstanding = Outstanding + 1;
173 Outstanding = FlushOutstanding(l,Outstanding,1);
174 FlushOutstanding(l,Outstanding);
176 # Read the group file into the database
177 def DoGroup(l,Group):
178 # Read the passwd file and import it
179 Group = open(Group,"r");
182 Line = Group.readline();
186 # Split up the group information
187 Split = re.split("[:\n]",Line);
188 Members = re.split("[, ]*",Split[3]);
191 # Iterate over the membership list and add the membership information
193 Rec = [(ldap.MOD_ADD,"supplementaryGid",Split[0])];
199 Dn = "uid=" + x + "," + BaseDn;
200 print "Adding",Dn,"to group",Split[0];
203 # Send the modify request
205 Outstanding = Outstanding + 1;
206 Outstanding = FlushOutstanding(l,Outstanding,1);
211 Rec = [(ldap.MOD_REPLACE,"gid",Split[0]),
212 (ldap.MOD_REPLACE,"gidNumber",Split[2])];
214 Dn = "gid=" + Split[0] + "," + BaseDn;
215 print "Importing",Dn,
218 # Unfortunately add_s does not take the same args as modify :|
221 l.add_s(Dn,[("gid",Split[0]),
222 ("objectClass", GroupObjectClasses)])
223 except ldap.ALREADY_EXISTS:
226 # Send the modify request
228 Outstanding = Outstanding + 1;
231 FlushOutstanding(l,Outstanding);
234 (options, arguments) = getopt.getopt(sys.argv[1:], "ap:s:g:xu:")
235 for (switch, val) in options:
240 elif (switch == '-p'):
242 elif (switch == '-s'):
244 elif (switch == '-g'):
246 elif (switch == '-u'):
249 # Main program starts here
251 # Connect to the ldap server
252 l = passwdAccessLDAP(BaseDn, AdminUser)