|
1
|
|
|
#!/usr/bin/php -qC |
|
2
|
|
|
<?php |
|
3
|
|
|
/** |
|
4
|
|
|
* API accounts - convert a slapcat file to the rfc2307bis schema (from nis or rfc2307bis without groupOfNames) |
|
5
|
|
|
* |
|
6
|
|
|
* Only the groups get changed: |
|
7
|
|
|
* - structural objectClass posixAccount (or SuSE's namedObject) get replaced with groupOfNames |
|
8
|
|
|
* - SuSE's default structural objectClass namedObject get removed from the objectClass(es) |
|
9
|
|
|
* - member attribute(s) of groupOfNames get set from the posixAccount memberUid and the account-dn |
|
10
|
|
|
* - memberUid's not found in the whole file get removed! |
|
11
|
|
|
* |
|
12
|
|
|
* Use it as filter: nis2rfc2307bis.php [--group2account-dn /cn=[^,]+,ou=groups/ou=accounts/] old.ldif > new.ldif |
|
13
|
|
|
* |
|
14
|
|
|
* @link http://www.egroupware.org |
|
15
|
|
|
* @author Ralf Becker <RalfBecker-AT-outdoor-training.de> complete rewrite in 6/2006 and earlier modifications |
|
16
|
|
|
* |
|
17
|
|
|
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License |
|
18
|
|
|
* @package api |
|
19
|
|
|
* @subpackage accounts |
|
20
|
|
|
* @access public |
|
21
|
|
|
* @version $Id: class.accounts.inc.php 22048 2006-07-08 21:41:42Z ralfbecker $ |
|
22
|
|
|
*/ |
|
23
|
|
|
|
|
24
|
|
|
if ($argc <= 1 || in_array($argv[1],array('-v','--help')) || $argv[1] == '--accounts-dn' && $argc <= 3|| |
|
25
|
|
|
!is_readable($file = $argv[$argc-1])) |
|
26
|
|
|
{ |
|
27
|
|
|
if ($file) |
|
28
|
|
|
{ |
|
29
|
|
|
echo "'$file' does NOT exist!!!\n"; |
|
30
|
|
|
} |
|
31
|
|
|
die("Usage: nis2rfc2307bis.php [--group2account-dn /cn=[^,]+,ou=groups/ou=accounts/] old.ldif > new.ldif\n"); |
|
32
|
|
|
} |
|
33
|
|
|
|
|
34
|
|
|
$lines = file($file); |
|
35
|
|
|
foreach($lines as $l => $line) |
|
36
|
|
|
{ |
|
37
|
|
|
$lines[$l] = rtrim($line); |
|
38
|
|
|
} |
|
39
|
|
|
|
|
40
|
|
|
$group2account = '/cn=[^,]+,ou=groups/ou=accounts/'; |
|
41
|
|
|
if ($argv[1] == '--group2account-dn' && $argc > 3) |
|
42
|
|
|
{ |
|
43
|
|
|
$group2account = $argv[2]; |
|
44
|
|
|
} |
|
45
|
|
|
$parts = explode('/',$group2account); |
|
46
|
|
|
if (count($parts) != 4) |
|
47
|
|
|
{ |
|
48
|
|
|
die("Wrong format for --group2accounts-dn, use something like '/cn=[^,]+,ou=groups/ou=accounts/'\n"); |
|
49
|
|
|
} |
|
50
|
|
|
$replace_with = $parts[2]; unset($parts[2]); |
|
51
|
|
|
$replace = implode('/',$parts); |
|
52
|
|
|
|
|
53
|
|
|
$block = array(); |
|
54
|
|
|
$i = 0; |
|
55
|
|
|
$lines[] = ''; // extra empty line, if none is behind the last block |
|
56
|
|
|
foreach($lines as $l => $line) |
|
57
|
|
|
{ |
|
58
|
|
|
if ($line) |
|
59
|
|
|
{ |
|
60
|
|
|
@list($attr,$value) = explode(': ',$line,2); |
|
61
|
|
|
switch($attr) |
|
62
|
|
|
{ |
|
63
|
|
|
case 'dn': |
|
64
|
|
|
$dn = $value; |
|
65
|
|
|
break; |
|
66
|
|
|
case 'objectClass': |
|
67
|
|
|
$objectclasses[] = $value; |
|
68
|
|
|
break; |
|
69
|
|
|
case 'structuralObjectClass': |
|
70
|
|
|
$structural = $value; |
|
71
|
|
|
break; |
|
72
|
|
|
case 'memberUid': |
|
73
|
|
|
$member_dn = 'uid='.$value.','.preg_replace($replace,$replace_with,$dn); |
|
74
|
|
|
if (!in_array('dn: '.$member_dn,$lines)) continue; // member does not exist --> ignore him! |
|
75
|
|
|
$members[] = 'member: '.$member_dn; |
|
76
|
|
|
// fall-through |
|
77
|
|
|
default: |
|
78
|
|
|
$data[] = $line; |
|
79
|
|
|
break; |
|
80
|
|
|
} |
|
81
|
|
|
$block[] = $line; |
|
82
|
|
|
continue; |
|
83
|
|
|
} |
|
84
|
|
|
if (!$block) continue; |
|
|
|
|
|
|
85
|
|
|
|
|
86
|
|
|
// got a complete block |
|
87
|
|
|
if (in_array('posixGroup',$objectclasses)) |
|
88
|
|
|
{ |
|
89
|
|
|
switch($structural) |
|
90
|
|
|
{ |
|
91
|
|
|
case 'namedObject': // regular SuSE |
|
92
|
|
|
unset($objectclasses[array_search('namedObject',$objectclasses)]); |
|
93
|
|
|
// fall-through |
|
94
|
|
|
case 'posixGroup': // nis |
|
95
|
|
|
$objectclasses[] = $structural = 'groupOfNames'; |
|
96
|
|
|
if (!$members) $members[] = 'member: '.$dn; // member is a required attribute! |
|
97
|
|
|
$data = array_merge($members,$data); |
|
98
|
|
|
break; |
|
99
|
|
|
case 'groupOfNames': // ok, already what we want |
|
100
|
|
|
break; |
|
101
|
|
|
default: |
|
102
|
|
|
die("\nposixGroup dn: $dn has as structrualObjectClass $structural, not posixGroup, namedObject or groupOfNames!\n"); |
|
103
|
|
|
} |
|
104
|
|
|
$block = array('dn: '.$dn,); |
|
105
|
|
|
foreach($objectclasses as $class) |
|
106
|
|
|
{ |
|
107
|
|
|
$block[] = 'objectClass: '.$class; |
|
108
|
|
|
} |
|
109
|
|
|
$block[] = 'structuralObjectClass: '.$class; |
|
110
|
|
|
$block = array_merge($block,$data); |
|
111
|
|
|
} |
|
112
|
|
|
echo implode("\n",$block)."\n\n"; |
|
113
|
|
|
|
|
114
|
|
|
// process next block |
|
115
|
|
|
$block = $objectclasses = $members = $data = array(); |
|
116
|
|
|
$dn = $structural = null; |
|
117
|
|
|
} |
EGroupware /
egroupware
Ralf Becker
This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent.
Consider making the comparison explicit by using
empty(..)or! empty(...)instead.