A question about Auth Backends

Kervin Pierre kpierre at fit.edu
Thu Mar 29 20:17:16 GMT 2001


"Theodore J. Soldatos" wrote:
[...]
> One problem with this setup is that, if one of the password databases
> (LDAP or Samba) is been destroyed in some way, you cannot recreate it
> from the other. I'm thinking about writing a script to keep a backup of
> smbpasword file in LDAP... *ugly*....
> 
[..]

Would something like this work?  This scripts backs-up and ldap database
to a file in /etc/passwd format (It's only been tested on Solaris8 with
iPlanet DS though)

-Kervin
-------------- next part --------------
#!/bin/sh
#Kervin Pierre 19AUG00
#Dump a valid passwd file from ldap

SCRIPT_DIR=/opt/scripts
AWK=/usr/bin/awk
LDAP_FILE=$SCRIPT_DIR/ldap.dat
LDAP_BASE="ou=people,dc=eng,dc=fit,dc=edu"

#The following 2 lines read the credentials from a file
#I should have used the '.' instead
#ie. '. $LDAP_FILE'
#optionally you can use.
#OP_CRED='cn=Directory Manager'
#OP_PASS='secret'
OP_CRED=`$AWK -F'=' '$1=="OP_CRED" { print substr($0, length($1)+2) }' $LDAP_FILE`
OP_PASS=`$AWK -F'=' '$1=="OP_PASS" { print substr($0, length($1)+2) }' $LDAP_FILE`

ldapsearch -L -D "$OP_CRED" -w "$OP_PASS" -b "$LDAP_BASE" -s sub "(objectclass=posixaccount)" | $AWK '
BEGIN { FS=":"; OFS=":"}
{if($1=="uid" && NF<3) uid = $2
if($1=="uidnumber") uidnumber = $2
if($1=="gidnumber") gidnumber = $2
if($1=="gecos") gecos = $2
if($1=="homedirectory") homedirectory = $2
if($1=="loginshell") loginshell = $2
if(NF==0) print uid,"x",uidnumber,gidnumber,gecos,homedirectory,loginshell}' | sed -e 's/: /:/g
s/^ //g'

-------------- next part --------------
#!/bin/sh
#Kervin Pierre 19AUG00
#Dump a valid shadow file from ldap

SCRIPT_DIR=/opt/scripts
AWK=/usr/local/bin/awk
LDAP_FILE=$SCRIPT_DIR/ldap.dat
LDAP_BASE="ou=people,dc=eng,dc=fit,dc=edu"

OP_CRED=`$AWK -F'=' '$1=="OP_CRED" { print substr($0, length($1)+2) }' $LDAP_FILE`
OP_PASS=`$AWK -F'=' '$1=="OP_PASS" { print substr($0, length($1)+2) }' $LDAP_FILE`

ldapsearch -L -D "$OP_CRED" -w "$OP_PASS" -b "$LDAP_BASE" -s sub "objectclass=posixaccount" | $AWK '
BEGIN { FS=":"; OFS=":"}
{if($1=="uid" && NF<3) uid = $2
if($1=="userpassword") userpassword = substr($2,9)
if($1=="shadowlastchange") shadowlastchange = $2
if(NF==0) print uid,userpassword,shadowlastchange,":::::"}' | sed -e 's/: /:/g
s/^ //g'



More information about the samba-ntdom mailing list