[Samba] migrating smbpasswd backend to ldap backend

Matt Hyclak hyclak at math.ohiou.edu
Wed Sep 20 14:22:59 GMT 2006 

On Wed, Sep 20, 2006 at 05:59:54PM +0300, Peter Collins Wasenda enlightened us:
> i would like to use an ldap backend in place of my existing smbpasswd  
> backend because i just can't get unix password synchronization to work.
> 
> Any suggestions on how i can make this smooth migration ?

I wrote a script to do it, attached. You'll have to fill in the blanks, of
course, and you might modify it a bit if you're comfortable with python. It
currently outputs individual LDIF files for each user. For me that was ok
because I only had about 20 users to migrate, but if you have more, you
might want to change the output to a single LDIF file.

Matt

-- 
Matt Hyclak
Department of Mathematics 
Department of Social Work
Ohio University
(740) 593-1263
-------------- next part --------------
#!/usr/bin/env python

passwdfile="/etc/passwd"
shadowfile="/etc/shadow"
smbpassfile="/etc/samba/smbpasswd"

import os, pwd, re, string

userdic = {}
shadowdic = {}
smbdic = {}

for record in pwd.getpwall(): 
	userdic[record[0]] = record

sfh = open(shadowfile, 'r')
for line in sfh:
	fields = line.strip().split(':')
	shadowdic[fields[0]] = fields[1]
sfh.close()

smfh = open(smbpassfile, 'r')
for line in smfh:
	fields = line.strip().split(':')
	smbdic[fields[0]] = fields
smfh.close()

for i in userdic.keys():
	if int(userdic[i][2]) > 500 and int(userdic[i][2]) < 1000:
		if i[-1] == '$':
			group = "Computers"
		else:
			group = "People"
		namelist = userdic[i][4].split(' ')
		lastname = namelist[-1]
		firstname = ' '.join(namelist[:-1])
		ldifentries = [
			"version: 1\n\n",
			"dn: uid=%s,ou=%s,dc=example,dc=com\n" % (i, group),
			"uid: %s\n" % i,
			"cn: %s\n" % userdic[i][4],
			"loginShell: %s\n" % userdic[i][6],
			"uidNumber: %s\n" % userdic[i][2],
			"gidNumber: %s\n" % userdic[i][3],
			"homeDirectory: %s\n" % userdic[i][5],
			"sambaSID: S-1-5-21-XXXXXXXXXXX-XXXXXXXXX-XXXXXXXXX-%s\n" % str(int(userdic[i][2]) * 2 + 10)
			"sambaPwdMustChange: 2147483647\n",
			"sambaAcctFlags: %s\n" % smbdic[i][4],
			"sambaPwdCanChange: 1094045290\n"
			"sambaNTPassword: %s\n" % smbdic[i][3],
			"sambaPwdLastSet: 1094045290\n",
			"userPassword: {crypt}%s\n" % shadowdic[i],
		]
		if group == "People":
			addlentries = [
				"givenName: %s\n" % firstname,
				"sn: %s\n" % lastname,
				"mail: %s at example.com\n" % i,
				"shadowMax: 99999\n",
				"shadowWarning: 7\n",
				"objectClass: person\nobjectClass: organizationalPerson\nobjectClass: inetOrgPerson\nobjectClass: posixAccount\nobjectClass: top\nobjectClass: shadowAccount\nobjectClass: sambaSamAccount\n", 
				"gecos: %s\n" % userdic[i][4],
				"sambaPrimaryGroupSID: S-1-5-21-XXXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-%s\n" % userdic[i][3],
				"sambaLMPassword: %s\n" % smbdic[i][2],
				"shadowLastChange: 13397\n"
			]
		else:
			addlentries = [
				"objectClass: account\nobjectClass: posixAccount\nobjectClass: sambaSamAccount\n",
				"sambaDomainName: EXAMPLE\n",
				"sambaPrimaryGroupSID: S-1-5-21-XXXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-515\n",
			]
		ldifentries = ldifentries + addlentries
		print ldifentries
				
		lfh = open("/root/migration/%s.ldif" % i, "w")
		lfh.writelines(ldifentries)
		lfh.close()
	else:
		continue

# vim:tabstop=4

More information about the samba mailing list