Hi all, I've been working on shell scripts that allow to manage ldap accounts (users, groups, machines). They are similar to the smbldap-tools but do not need PERL to work (and so on...) and are *very* simple to configure - they may be a good alternative. The only tools you need are standard ldap client commands (ldapadd, ldapdelete, ldapmodify, ldapsearch). The scripts can be used as standalone commands or within Samba configuration : add machine script = /usr/local/bin/ldapaddmachine '%u' sambamachines add user script = /usr/local/bin/ldapadduser '%u' sambausers add group script = /usr/local/bin/ldapaddgroup '%g' add user to group script = /usr/local/bin/ldapaddusertogroup '%u' '%g' delete user script = /usr/local/bin/ldapdeleteuser '%u' delete group script = /usr/local/bin/ldapdeletegroup '%g' delete user from group script = /usr/local/bin/ldapdeleteuserfromgroup '%u' '%g' set primary group script = /usr/local/bin/ldapsetprimarygroup '%u' '%g' (see README file for more details) For those who want to give a try, you can find the tarball of ldapscripts v1.0 here : http://contribs.martymac.com http://linagora.org/article108.html Just extract the tarball and type in "./install" as root... These scripts are in early version, so feel free to send bug reports and any feedback ! Ganael LAPLANCHE - http://www.martymac.com ganael.laplanche@martymac.com ganael.laplanche@linagora.org
Ganael Laplanche wrote:> Hi all, > > I've been working on shell scripts that allow to manage ldap accounts (users, > groups, machines).Very cool. LDAP configuration is always an interesting beast, and I welcome a set of tools to deal with them other the the smbldap-tools. They are similar to the smbldap-tools but do not need PERL to> work (and so on...)cool! i am not a perl fan. don't wanna start any language wars or anything. but sometimes its a pain to have to install a bunch of pre-req modules in order to run the thing and then you find out it doesn't do what you want. but i digress :) and are *very* simple to configure - they may be a good> alternative. The only tools you need are standard ldap client commands (ldapadd, > ldapdelete, ldapmodify, ldapsearch).cool cool. should be portable across lots of platforms then. anything that openldap is on should be usable.> > The scripts can be used as standalone commands or within Samba configuration : > > add machine script = /usr/local/bin/ldapaddmachine '%u' sambamachines > add user script = /usr/local/bin/ldapadduser '%u' sambausers > add group script = /usr/local/bin/ldapaddgroup '%g' > add user to group script = /usr/local/bin/ldapaddusertogroup '%u' '%g' > delete user script = /usr/local/bin/ldapdeleteuser '%u' > delete group script = /usr/local/bin/ldapdeletegroup '%g' > delete user from group script = /usr/local/bin/ldapdeleteuserfromgroup '%u' '%g' > set primary group script = /usr/local/bin/ldapsetprimarygroup '%u' '%g'ooooo. nice.> > (see README file for more details) > > For those who want to give a try, you can find the tarball of ldapscripts v1.0 > here : > > http://contribs.martymac.com > http://linagora.org/article108.html > > Just extract the tarball and type in "./install" as root... > > These scripts are in early version, so feel free to send bug reports and any > feedback !will do. thank you for your valuable contribution of time and code to the samba community. cnw> > Ganael LAPLANCHE - http://www.martymac.com > ganael.laplanche@martymac.com > ganael.laplanche@linagora.org >
Hi I just tried out YOur scripts on a brand new installation. Very cool but: ldapscripts.log: ---------------->> 02/08/05 - 06:09:01 : Command : /usr/local/bin/ldapaddmachineSuccessfully added machine philippines$ to LDAP samba-log: ---------- [2005/02/08 18:09:01, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:02, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:03, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:04, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:05, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:06, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:07, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:08, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:09, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:10, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:11, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:12, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:13, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:14, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:15, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:16, 0] lib/smbldap.c:smbldap_open(881) smbldap_open: cannot access LDAP when not root.. [2005/02/08 18:09:16, 0] lib/smbldap.c:smbldap_search_suffix(1169) smbldap_search_suffix: Problem during the LDAP search: (unknown) (Timed out) [2005/02/08 18:09:16, 0] rpc_server/srv_samr_nt.c:_samr_create_user (2398) could not add user/computer philippines$ to passdb. Check permissions? => I am not able to add a machine account. Any hints? /Jochen Am Dienstag, den 08.02.2005, 15:27 +0000 schrieb Ganael Laplanche:> Hi all, > > I've been working on shell scripts that allow to manage ldap accounts (users, > groups, machines). They are similar to the smbldap-tools but do not need PERL to > work (and so on...) and are *very* simple to configure - they may be a good > alternative. The only tools you need are standard ldap client commands (ldapadd, > ldapdelete, ldapmodify, ldapsearch). > > The scripts can be used as standalone commands or within Samba configuration : > > add machine script = /usr/local/bin/ldapaddmachine '%u' sambamachines > add user script = /usr/local/bin/ldapadduser '%u' sambausers > add group script = /usr/local/bin/ldapaddgroup '%g' > add user to group script = /usr/local/bin/ldapaddusertogroup '%u' '%g' > delete user script = /usr/local/bin/ldapdeleteuser '%u' > delete group script = /usr/local/bin/ldapdeletegroup '%g' > delete user from group script = /usr/local/bin/ldapdeleteuserfromgroup '%u' '%g' > set primary group script = /usr/local/bin/ldapsetprimarygroup '%u' '%g' > > (see README file for more details) > > For those who want to give a try, you can find the tarball of ldapscripts v1.0 > here : > > http://contribs.martymac.com > http://linagora.org/article108.html > > Just extract the tarball and type in "./install" as root... > > These scripts are in early version, so feel free to send bug reports and any > feedback ! > > Ganael LAPLANCHE - http://www.martymac.com > ganael.laplanche@martymac.com > ganael.laplanche@linagora.org >-- Jochen Witte <devnull@alpha-lab.net>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jochen Witte wrote: | Hi | | I just tried out YOur scripts on a brand new installation. Very cool | but: | | | ldapscripts.log: | ---------------- |>>02/08/05 - 06:09:01 : Command : /usr/local/bin/ldapaddmachine | Successfully added machine philippines$ to LDAP | | [2005/02/08 18:09:01, 0] lib/smbldap.c:smbldap_open(881) | smbldap_open: cannot access LDAP when not root.. This error is common when you can run the add user script as a non-root user but do not have the SeMachineAccountPrivilege or are not actually connecting as root. cheers, jerry ====================================================================Alleviating the pain of Windows(tm) ------- http://www.samba.org GnuPG Key ----- http://www.plainjoe.org/gpg_public.asc "I never saved anything for the swim back." Ethan Hawk in Gattaca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCCQtxIR7qMdg1EfYRAqMWAJ9pe23veA8WmrJeGAFRcQmOnnR4QQCghdnL OigjuRLmQrg7bVPAN5W7MGc=WyCX -----END PGP SIGNATURE-----