[Samba] php script to migrate other attributes after running classicupgrade
mourik jan heupink
heupink at merit.unu.edu
Thu Jan 23 02:43:50 MST 2014
Hi,
I have written a php script to upgrade a fresh s4 AD with more details
from a (s3) ldap server. I am no programmer AT ALL, so I guess this is
very dirty and un-elegant, but it does the trick.
We had multiple "mail" attributes in openldap, and since AD only allows
1 mail attribute, additional mail addresses are migrated to
"otherMailbox" AD attributes.
Perhaps someone else finds it useful as well. It should be easy to
adjust for your own needs.
It requires apache2, php5 and php5-ldap.
Here it is:
<?php
ini_set('display_errors', 'Off');
error_reporting(E_ALL);
$samba3_server = "s3_server_ip";
$samba3_port = 389;
$samba3_dn = 'ou=users,dc=example,dc=com';
$samba3_filter="(uid=*)";
$samba4_server = 'ldap://s4_server_ip';
$samba4_user = 'Administrator at REALM';
$samba4_pass = 'very_secret';
$samba4_port = 389;
$samba4_dn = 'CN=users,DC=smb,DC=domain';
$samba4_realm = 'SMB.DOMAIN';
// samba 3 init, accessed anonymously
$samba3 = ldap_connect($samba3_server, $samba3_port)
or die('Cannot Connect to $samba3_server');
ldap_set_option($samba3, LDAP_OPT_PROTOCOL_VERSION, 3);
$samba3Bind = ldap_bind($samba3);
if (!$samba3Bind) {die('Cannot Bind to samba3 ldap');}
// samba 4 init, bind with a password, non-ssl
$samba4 = ldap_connect($samba4_server, $samba4_port)
or die('Cannot Connect to $samba4_server');
ldap_set_option($samba4, LDAP_OPT_PROTOCOL_VERSION, 3);
ldap_set_option($samba4, LDAP_OPT_REFERRALS, 0);
$samba4Bind = ldap_bind($samba4, $samba4_user, $samba4_pass);
if (!$samba4Bind) {die('Cannot Bind to $samba4_server');}
$s3_search_result=ldap_search($samba3, $samba3_dn, $samba3_filter);
$s3_count = ldap_count_entries($samba3, $s3_search_result);
echo "Total number of ldap records found: $s3_count<br />";
$uid = ldap_first_entry($samba3, $s3_search_result);
//actual work is done below
while ($uid) {
$s3_uid = ldap_get_values($samba3, $uid, 'uid');
$s3_mail = ldap_get_values($samba3, $uid, 'mail');
$s3_homedirectory = ldap_get_values($samba3, $uid, 'homeDirectory');
$s3_givenName = @ldap_get_values($samba3, $uid, 'givenName');
$s3_sn = ldap_get_values($samba3, $uid, 'sn');
$s3_description = @ldap_get_values($samba3, $uid, 'description');
$s3_initials = @ldap_get_values($samba3, $uid, 'initials');
$s3_sambahomepath = @ldap_get_values($samba3, $uid, 'sambaHomePath');
$s3_sambahomedrive = @ldap_get_values($samba3, $uid,
'sambaHomedrive');
$s3_sambalogonscript = @ldap_get_values($samba3, $uid,
'sambaLogonScript');
$s3_gecos = @ldap_get_values($samba3, $uid, 'gecos');
$s3_displayname = @ldap_get_values($samba3, $uid, 'displayName');
$hoeveel_mail = $s3_mail["count"];
$hoeveel_uid = $s3_uid["count"];
echo "This uid: $s3_uid[0], how many addresses defined:
$hoeveel_mail | ";
// find matching AD account
$samba4_filter="(sAMAccountName=$s3_uid[0])";
$s4_search_result=ldap_search($samba4, $samba4_dn, $samba4_filter);
$s4_count = ldap_count_entries($samba4, $s4_search_result);
$s4_entry = ldap_get_entries($samba4, $s4_search_result);
$s4_dn = $s4_entry[0]["dn"];
echo " || Samba4 dn: $s4_dn | ";
$info["otherMailbox"] = array();
$info["mail"] = array();
// below we fill the $info array with values from samba3
$info["userPrincipalName"] = ($s3_uid[0] . '@' . $samba4_realm);
$info["sn"] = $s3_sn[0];
$info["uid"] = $s3_uid[0];
$info["msSFU30Name"] = $s3_uid[0];
$info["unixHomeDirectory"] = $s3_homedirectory[0];
$info["homeDirectory"] = $s3_sambahomepath[0];
$info["homeDrive"] = $s3_sambahomedrive[0];
$info["scriptPath"] = $s3_sambalogonscript[0];
// below fields are not always filled
if(isset($s3_givenName[0])) { $info["givenName"] = $s3_givenName[0]; }
if(isset($s3_initials[0])) { $info["initials"] = $s3_initials[0]; }
if(isset($s3_mail[0])) { $info["mail"] = $s3_mail[0]; }
if(isset($s3_description[0])) { $info["description"] =
$s3_description[0]; }
if(isset($s3_gecos[0])) { $info["gecos"] = $s3_gecos[0]; }
if(isset($s3_displayname[0])) { $info["displayName"] =
$s3_displayname[0]; }
echo "Has the following additional mail fields: ";
for ($i=1; $i < $hoeveel_mail; $i++) {
echo ($i. ": ") . $s3_mail[$i]. ", ";
$info["otherMailbox"][$i-1] = $s3_mail[$i];
}
echo "<br />";
// put $info array in the AD
ldap_mod_replace($samba4, $s4_dn, $info);
// and proceed with the next samba3 record
$uid = ldap_next_entry($samba3, $uid);
}
ldap_close($samba4);
ldap_close($samba3);
?>
More information about the samba
mailing list