A question about Auth Backends
Kervin Pierre
kpierre at fit.edu
Thu Mar 29 20:17:16 GMT 2001
"Theodore J. Soldatos" wrote:
[...]
> One problem with this setup is that, if one of the password databases
> (LDAP or Samba) is been destroyed in some way, you cannot recreate it
> from the other. I'm thinking about writing a script to keep a backup of
> smbpasword file in LDAP... *ugly*....
>
[..]
Would something like this work? This scripts backs-up and ldap database
to a file in /etc/passwd format (It's only been tested on Solaris8 with
iPlanet DS though)
-Kervin
-------------- next part --------------
#!/bin/sh
#Kervin Pierre 19AUG00
#Dump a valid passwd file from ldap
SCRIPT_DIR=/opt/scripts
AWK=/usr/bin/awk
LDAP_FILE=$SCRIPT_DIR/ldap.dat
LDAP_BASE="ou=people,dc=eng,dc=fit,dc=edu"
#The following 2 lines read the credentials from a file
#I should have used the '.' instead
#ie. '. $LDAP_FILE'
#optionally you can use.
#OP_CRED='cn=Directory Manager'
#OP_PASS='secret'
OP_CRED=`$AWK -F'=' '$1=="OP_CRED" { print substr($0, length($1)+2) }' $LDAP_FILE`
OP_PASS=`$AWK -F'=' '$1=="OP_PASS" { print substr($0, length($1)+2) }' $LDAP_FILE`
ldapsearch -L -D "$OP_CRED" -w "$OP_PASS" -b "$LDAP_BASE" -s sub "(objectclass=posixaccount)" | $AWK '
BEGIN { FS=":"; OFS=":"}
{if($1=="uid" && NF<3) uid = $2
if($1=="uidnumber") uidnumber = $2
if($1=="gidnumber") gidnumber = $2
if($1=="gecos") gecos = $2
if($1=="homedirectory") homedirectory = $2
if($1=="loginshell") loginshell = $2
if(NF==0) print uid,"x",uidnumber,gidnumber,gecos,homedirectory,loginshell}' | sed -e 's/: /:/g
s/^ //g'
-------------- next part --------------
#!/bin/sh
#Kervin Pierre 19AUG00
#Dump a valid shadow file from ldap
SCRIPT_DIR=/opt/scripts
AWK=/usr/local/bin/awk
LDAP_FILE=$SCRIPT_DIR/ldap.dat
LDAP_BASE="ou=people,dc=eng,dc=fit,dc=edu"
OP_CRED=`$AWK -F'=' '$1=="OP_CRED" { print substr($0, length($1)+2) }' $LDAP_FILE`
OP_PASS=`$AWK -F'=' '$1=="OP_PASS" { print substr($0, length($1)+2) }' $LDAP_FILE`
ldapsearch -L -D "$OP_CRED" -w "$OP_PASS" -b "$LDAP_BASE" -s sub "objectclass=posixaccount" | $AWK '
BEGIN { FS=":"; OFS=":"}
{if($1=="uid" && NF<3) uid = $2
if($1=="userpassword") userpassword = substr($2,9)
if($1=="shadowlastchange") shadowlastchange = $2
if(NF==0) print uid,userpassword,shadowlastchange,":::::"}' | sed -e 's/: /:/g
s/^ //g'
More information about the samba-ntdom
mailing list