From efc48e4f01ce7f402a4c793727bf776bcf083c05 Mon Sep 17 00:00:00 2001
From: Mark Hymers <mark@hymers.org.uk>
Date: Wed, 26 Dec 2007 17:57:58 +0000
Subject: [PATCH] * ud-userimport, ud-groupadd, ud-roleadd, ud-useradd,
 userdir_ldap.py:   Update ud-userimport to use the same objectClasses as  
 ud-{user,group,role}add and abstract them out into userdir_ldap.py

---
 debian/changelog |  8 +++++-
 ud-groupadd      |  2 +-
 ud-roleadd       |  3 +--
 ud-useradd       |  5 ++--
 ud-userimport    | 65 ++++++++++++++++++++++++++++--------------------
 userdir_ldap.py  |  5 ++++
 6 files changed, 54 insertions(+), 34 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index fd610c2..382e859 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,6 @@
 userdir-ldap (0.3.15+xxx) XXunstable; urgency=low
 
+  [ Peter Palfrader ]
   * Ship userdir-ldap.schema with the package, add a note that it is
     now version-controlled in bzr on top of the file.
   * Get rid of debian/conffiles, wich only listed files in /etc anyway.
@@ -11,7 +12,12 @@ userdir-ldap (0.3.15+xxx) XXunstable; urgency=low
   * ud-roleadd: Do not try to make role accounts of objectClass
     inetOrgPerson, that doesn't work.
 
- -- Peter Palfrader <weasel@debian.org>  Tue, 25 Dec 2007 13:08:50 +0100
+  [ Mark Hymers ]
+  * ud-userimport, ud-groupadd, ud-roleadd, ud-useradd, userdir_ldap.py:
+    Update ud-userimport to use the same objectClasses as
+    ud-{user,group,role}add and abstract them out into userdir_ldap.py
+
+ -- Mark Hymers <mhy@debian.org>  Wed, 26 Dec 2007 17:56:28 +0000
 
 userdir-ldap (0.3.15) unstable; urgency=low
 
diff --git a/ud-groupadd b/ud-groupadd
index 13f1b8a..b462b89 100755
--- a/ud-groupadd
+++ b/ud-groupadd
@@ -74,4 +74,4 @@ print "Updating LDAP directory..",
 sys.stdout.flush();
 l.add_s(Dn,[("gid",Group),
             ("gidNumber",str(Id)),
-            ("objectClass",("top", "debianGroup"))]);
+            ("objectClass", GroupObjectClasses)])
diff --git a/ud-roleadd b/ud-roleadd
index 5dea2dc..a3dc1b5 100755
--- a/ud-roleadd
+++ b/ud-roleadd
@@ -95,8 +95,7 @@ print "Updating LDAP directory..",
 sys.stdout.flush()
 
 Details = [("uid",account),
-           ("objectClass",
-            ("top","debianAccount","shadowAccount","debianRoleAccount")),
+           ("objectClass", RoleObjectClasses),
            ("uidNumber",str(uidNumber)),
            ("gidNumber",str(gidNumber)),
            ("gecos",cn+",,,,"),
diff --git a/ud-useradd b/ud-useradd
index e128a9b..e0c30e9 100755
--- a/ud-useradd
+++ b/ud-useradd
@@ -248,8 +248,7 @@ sys.stdout.flush();
 if Update == 0:
    # New account
    Details = [("uid",account),
-              ("objectClass",
-               ("top","inetOrgPerson","debianAccount","shadowAccount","debianDeveloper")),
+              ("objectClass", UserObjectClasses),
               ("uidNumber",str(uidNumber)),
               ("gidNumber",str(gidNumber)),
               ("gecos",FullName+",,,,"),
@@ -271,7 +270,7 @@ if Update == 0:
    #Add user group if needed, then the actual user:
    if UserGroup == 1:
       Dn = "gid=" + account + "," + BaseDn;
-      l.add_s(Dn,[("gid",account), ("gidNumber",str(gidNumber)), ("objectClass",("top", "debianGroup"))]);
+      l.add_s(Dn,[("gid",account), ("gidNumber",str(gidNumber)), ("objectClass", GroupObjectClasses)])
 
    l.add_s(Dn,Details);
 else:
diff --git a/ud-userimport b/ud-userimport
index 90a8de6..4a21daf 100755
--- a/ud-userimport
+++ b/ud-userimport
@@ -90,37 +90,43 @@ def DoPasswd(l,Passwd):
       (Split[4],cn,mn,sn) = ParseGecos(Split[4]);
       CheckNumber(Split[2]);
       CheckNumber(Split[3]);
-      Rec = [(ldap.MOD_REPLACE,"uid",Split[0]),
-             (ldap.MOD_REPLACE,"uidNumber",Split[2]),
-             (ldap.MOD_REPLACE,"gidNumber",Split[3]),
-             (ldap.MOD_REPLACE,"gecos",Split[4]),
-             (ldap.MOD_REPLACE,"homeDirectory",Split[5]),
-             (ldap.MOD_REPLACE,"loginShell",Split[6]),
-	     (ldap.MOD_REPLACE,"cn",cn),
-	     (ldap.MOD_REPLACE,"mn",mn),
-	     (ldap.MOD_REPLACE,"sn",sn)];
+      Rec = [("uid",Split[0]),
+             ("uidNumber",Split[2]),
+             ("gidNumber",Split[3]),
+             ("gecos",Split[4]),
+             ("homeDirectory",Split[5]),
+             ("loginShell",Split[6]),
+             ("cn",cn),
+             ("sn",sn)];
+
+      # Avoid schema check complaints when mn is empty
+      if (mn):
+          Rec.append(("mn",mn))
 
       Dn = "uid=" + Split[0] + "," + BaseDn;
-      print "Importing",Dn,
+      print "Importing", Dn
       sys.stdout.flush();
 
-      # Unfortunately add_s does not take the same args as modify :|
+      DoModify = True
+
       if (DoAdd == 1):
          try:
-            l.add_s(Dn,[("uid",Split[0]),
-                        ("objectClass","top"),
-                        ("objectClass","account"),
-                        ("objectClass","posixAccount"),
-                        ("objectClass","shadowAccount"),
-                        ("objectClass","debiandeveloper")]);
+            AddRec = Rec
+            Rec.append(("objectClass", UserObjectClasses))
+            l.add_s(Dn,AddRec)
+            DoModify = False
+
          except ldap.ALREADY_EXISTS:
             print "exists",;
 
-      # Send the modify request
-      l.modify(Dn,Rec);
-      Outstanding = Outstanding + 1;
-      Outstanding = FlushOutstanding(l,Outstanding,1);
-      print "done";
+      if (DoModify):
+          # Send the modify request
+          ModRec = [(ldap.MOD_REPLACE, k[0], k[1]) for k in Rec]
+          l.modify(Dn,ModRec);
+          Outstanding = Outstanding + 1;
+          Outstanding = FlushOutstanding(l,Outstanding,1);
+          print "done";
+
    FlushOutstanding(l,Outstanding);
 
 # Read the shadow file into the database
@@ -147,9 +153,15 @@ def DoShadow(l,Shadow):
       Rec = [(ldap.MOD_REPLACE,"shadowLastChange",Split[2]),
              (ldap.MOD_REPLACE,"shadowMin",Split[3]),
              (ldap.MOD_REPLACE,"shadowMax",Split[4]),
-             (ldap.MOD_REPLACE,"shadowWarning",Split[5]),
-             (ldap.MOD_REPLACE,"shadowInactive",Split[6]),
-             (ldap.MOD_REPLACE,"shadowExpire",Split[7])];
+             (ldap.MOD_REPLACE,"shadowWarning",Split[5])]
+
+      # Avoid schema violations
+      if (Split[6]):
+         Rec.append((ldap.MOD_REPLACE,"shadowInactive",Split[6]))
+
+      if (Split[7]):
+         Rec.append((ldap.MOD_REPLACE,"shadowExpire",Split[7]))
+
       if (WritePasses == 1):
          Rec.append((ldap.MOD_REPLACE,"userPassword","{crypt}"+Split[1]));
 
@@ -210,8 +222,7 @@ def DoGroup(l,Group):
       if (DoAdd == 1):
          try:
             l.add_s(Dn,[("gid",Split[0]),
-                        ("objectClass","top"),
-                        ("objectClass","posixGroup")]);
+                        ("objectClass", GroupObjectClasses)])
          except ldap.ALREADY_EXISTS:
             print "exists",;
 
diff --git a/userdir_ldap.py b/userdir_ldap.py
index c2b864d..1b4299c 100644
--- a/userdir_ldap.py
+++ b/userdir_ldap.py
@@ -54,6 +54,11 @@ DebianGroups = {
    "nogroup": 65534
    }
 
+# ObjectClasses for different object types
+UserObjectClasses = ("top", "inetOrgPerson", "debianAccount", "shadowAccount", "debianDeveloper")
+RoleObjectClasses = ("top", "debianAccount", "shadowAccount", "debianRoleAccount")
+GroupObjectClasses = ("top", "debianGroup")
+
 # SSH Key splitting. The result is:
 # (options,size,modulous,exponent,comment)
 SSHAuthSplit = re.compile('^(.* )?(\d+) (\d+) (\d+) ?(.+)$');
-- 
2.20.1