[Samba] php script to migrate other attributes after running classicupgrade

mourik jan heupink heupink at merit.unu.edu
Thu Jan 23 02:43:50 MST 2014 

Hi,

I have written a php script to upgrade a fresh s4 AD with more details 
from a (s3) ldap server. I am no programmer AT ALL, so I guess this is 
very dirty and un-elegant, but it does the trick.

We had multiple "mail" attributes in openldap, and since AD only allows 
1 mail attribute, additional mail addresses are migrated to 
"otherMailbox" AD attributes.

Perhaps someone else finds it useful as well. It should be easy to 
adjust for your own needs.

It requires apache2, php5 and php5-ldap.

Here it is:


<?php

ini_set('display_errors', 'Off');
error_reporting(E_ALL);

$samba3_server = "s3_server_ip";
$samba3_port = 389;
$samba3_dn = 'ou=users,dc=example,dc=com';
$samba3_filter="(uid=*)";

$samba4_server = 'ldap://s4_server_ip';
$samba4_user = 'Administrator at REALM';
$samba4_pass = 'very_secret';
$samba4_port = 389;
$samba4_dn = 'CN=users,DC=smb,DC=domain';
$samba4_realm = 'SMB.DOMAIN';

// samba 3 init, accessed anonymously
$samba3 = ldap_connect($samba3_server, $samba3_port)
  or die('Cannot Connect to $samba3_server');
  ldap_set_option($samba3, LDAP_OPT_PROTOCOL_VERSION, 3);
$samba3Bind = ldap_bind($samba3);
   if (!$samba3Bind) {die('Cannot Bind to samba3 ldap');}

// samba 4 init, bind with a password, non-ssl
$samba4 = ldap_connect($samba4_server, $samba4_port)
  or die('Cannot Connect to $samba4_server');
  ldap_set_option($samba4, LDAP_OPT_PROTOCOL_VERSION, 3);
  ldap_set_option($samba4, LDAP_OPT_REFERRALS, 0);
$samba4Bind = ldap_bind($samba4, $samba4_user, $samba4_pass);
   if (!$samba4Bind) {die('Cannot Bind to $samba4_server');}

$s3_search_result=ldap_search($samba3, $samba3_dn, $samba3_filter);

$s3_count = ldap_count_entries($samba3, $s3_search_result);
echo "Total number of ldap records found: $s3_count<br />";

$uid = ldap_first_entry($samba3, $s3_search_result);

//actual work is done below
while ($uid) {
     $s3_uid = ldap_get_values($samba3, $uid, 'uid');
     $s3_mail = ldap_get_values($samba3, $uid, 'mail');
     $s3_homedirectory =  ldap_get_values($samba3, $uid, 'homeDirectory');
     $s3_givenName = @ldap_get_values($samba3, $uid, 'givenName');
     $s3_sn = ldap_get_values($samba3, $uid, 'sn');
     $s3_description = @ldap_get_values($samba3, $uid, 'description');
     $s3_initials = @ldap_get_values($samba3, $uid, 'initials');
     $s3_sambahomepath =  @ldap_get_values($samba3, $uid, 'sambaHomePath');
     $s3_sambahomedrive =  @ldap_get_values($samba3, $uid, 
'sambaHomedrive');
     $s3_sambalogonscript =  @ldap_get_values($samba3, $uid, 
'sambaLogonScript');
     $s3_gecos = @ldap_get_values($samba3, $uid, 'gecos');
     $s3_displayname = @ldap_get_values($samba3, $uid, 'displayName');

     $hoeveel_mail = $s3_mail["count"];
     $hoeveel_uid = $s3_uid["count"];
         echo "This uid: $s3_uid[0], how many addresses defined: 
$hoeveel_mail | ";

// find matching AD account
     $samba4_filter="(sAMAccountName=$s3_uid[0])";
     $s4_search_result=ldap_search($samba4, $samba4_dn, $samba4_filter);
     $s4_count = ldap_count_entries($samba4, $s4_search_result);
     $s4_entry = ldap_get_entries($samba4, $s4_search_result);
     $s4_dn = $s4_entry[0]["dn"];

     echo "  || Samba4 dn: $s4_dn | ";

     $info["otherMailbox"] = array();
     $info["mail"] = array();

// below we fill the $info array with values from samba3
     $info["userPrincipalName"] = ($s3_uid[0] . '@' . $samba4_realm);
     $info["sn"] = $s3_sn[0];
     $info["uid"] = $s3_uid[0];
     $info["msSFU30Name"] = $s3_uid[0];
     $info["unixHomeDirectory"] = $s3_homedirectory[0];
     $info["homeDirectory"] = $s3_sambahomepath[0];
     $info["homeDrive"] = $s3_sambahomedrive[0];
     $info["scriptPath"] = $s3_sambalogonscript[0];
// below fields are not always filled
     if(isset($s3_givenName[0])) { $info["givenName"] = $s3_givenName[0]; }
     if(isset($s3_initials[0])) { $info["initials"] = $s3_initials[0]; }
     if(isset($s3_mail[0])) { $info["mail"] = $s3_mail[0]; }
     if(isset($s3_description[0])) { $info["description"] = 
$s3_description[0]; }
     if(isset($s3_gecos[0])) { $info["gecos"] = $s3_gecos[0]; }
     if(isset($s3_displayname[0])) { $info["displayName"] = 
$s3_displayname[0]; }

     echo "Has the following additional mail fields: ";
     for ($i=1; $i < $hoeveel_mail; $i++) {
         echo ($i. ": ") . $s3_mail[$i]. ", ";
         $info["otherMailbox"][$i-1] = $s3_mail[$i];
     }
     echo "<br />";

// put $info array in the AD
     ldap_mod_replace($samba4, $s4_dn, $info);

// and proceed with the next samba3 record
     $uid = ldap_next_entry($samba3, $uid);
}

ldap_close($samba4);
ldap_close($samba3);

?>

More information about the samba mailing list