search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Start to tidy-up check_user_ok().
[Samba/bb.git] / examples / misc / check_multiple_LDAP_entries.pl
blob00c197ace4fa4c8c3c22274f994f8ad983e24300
1 #!/usr/bin/perl -w
2 # Guenther Deschner <gd@samba.org>
3 #
4 # check for multiple LDAP entries
5
6 use strict;
7
8 use Net::LDAP;
9 use Getopt::Std;
10
11 my %opts;
12
13 if (!@ARGV) {
14 print "usage: $0 -h host -b base -D admindn -w password [-l]\n";
15 print "\tperforms checks for multiple sid, uid and gid-entries on your LDAP server\n";
16 print "\t-l adds additional checks against the local /etc/passwd and /etc/group file\n";
17 exit 1;
18 }
19
20 getopts('b:h:D:w:l', \%opts);
21
22 my $host = $opts{h} || "localhost";
23 my $suffix = $opts{b} || die "please set base with -b";
24 my $binddn = $opts{D} || die "please set basedn with -D";
25 my $bindpw = $opts{w} || die "please set password with -w";
26 my $check_local_files = $opts{l} || 0;
27
28 ########################
29
30
31 my ($ldap, $res);
32 my (%passwd_h, %group_h);
33 my $bad_uids = 0;
34 my $bad_gids = 0;
35 my $bad_sids = 0;
36 my $ret = 0;
37
38 if ($check_local_files) {
39 my @uids = `cut -d ':' -f 3 /etc/passwd`;
40 my @gids = `cut -d ':' -f 3 /etc/group`;
41
42 foreach my $uid (@uids) {
43 chomp($uid);
44 $passwd_h{$uid} = $uid;
45 }
46
47 foreach my $gid (@gids) {
48 chomp($gid);
49 $group_h{$gid} = $gid;
50 }
51 }
52
53 ########
54 # bind #
55 ########
56
57 $ldap = Net::LDAP->new($host, version => '3');
58
59 $res = $ldap->bind( $binddn, password => $bindpw);
60 $res->code && die "failed to bind: ", $res->error;
61
62
63
64 ###########################
65 # check for double sids #
66 ###########################
67
68 print "\ntesting for multiple sambaSids\n";
69
70 $res = $ldap->search(
71 base => $suffix,
72 filter => "(objectclass=sambaSamAccount)");
73
74 $res->code && die "failed to search: ", $res->error;
75
76 foreach my $entry ($res->all_entries) {
77
78 my $sid = $entry->get_value('sambaSid');
79
80 my $local_res = $ldap->search(
81 base => $suffix,
82 filter => "(&(objectclass=sambaSamAccount)(sambaSid=$sid))");
83
84 $local_res->code && die "failed to search: ", $local_res->error;
85 if ($local_res->count > 1) {
86 print "A SambaSamAccount with sambaSid [$sid] must exactly exist once\n";
87 print "You have ", $local_res->count, " entries:\n";
88 foreach my $loc_entry ($local_res->all_entries) {
89 printf "\t%s\n", $loc_entry->dn;
90 }
91 ++$bad_sids;
92 }
93 }
94
95 if ($bad_sids) {
96 $ret = -1;
97 print "You have $bad_sids bad sambaSids in your system. You might need to repair them\n";
98 } else {
99 print "No multiple sambaSids found in your system\n";
100 }
101
102 print "-" x 80, "\n";
103
104 ###########################
105 # check for double groups #
106 ###########################
107
108 print "\ntesting for multiple gidNumbers\n";
109
110 $res = $ldap->search(
111 base => $suffix,
112 filter => "(objectclass=posixGroup)");
113
114 $res->code && die "failed to search: ", $res->error;
115
116 foreach my $entry ($res->all_entries) {
117
118 my $gid = $entry->get_value('gidNumber');
119 my $dn = $entry->dn;
120
121 my $local_res = $ldap->search(
122 base => $suffix,
123 filter => "(&(objectclass=posixGroup)(gidNumber=$gid))");
124
125 $local_res->code && die "failed to search: ", $local_res->error;
126 if ($local_res->count > 1) {
127 print "A PosixGroup with gidNumber [$gid] must exactly exist once\n";
128 print "You have ", $local_res->count, " entries:\n";
129 foreach my $loc_entry ($local_res->all_entries) {
130 printf "\t%s\n", $loc_entry->dn;
131 }
132 ++$bad_gids;
133 next;
134 }
135
136 if ($check_local_files && exists $group_h{$gid}) {
137 print "Warning: There is a group in /etc/group that has gidNumber [$gid] as well\n";
138 print "This entry may conflict with $dn\n";
139 ++$bad_gids;
140 }
141 }
142
143 if ($bad_gids) {
144 $ret = -1;
145 print "You have $bad_gids bad gidNumbers in your system. You might need to repair them\n";
146 } else {
147 print "No multiple gidNumbers found in your system\n";
148 }
149
150 print "-" x 80, "\n";
151
152
153 ###########################
154 # check for double users #
155 ###########################
156
157 print "\ntesting for multiple uidNumbers\n";
158
159 $res = $ldap->search(
160 base => $suffix,
161 filter => "(objectclass=posixAccount)");
162
163 $res->code && die "failed to search: ", $res->error;
164
165
166 foreach my $entry ($res->all_entries) {
167
168 my $uid = $entry->get_value('uidNumber');
169 my $dn = $entry->dn;
170
171 my $local_res = $ldap->search(
172 base => $suffix,
173 filter => "(&(objectclass=posixAccount)(uidNumber=$uid))");
174
175 $local_res->code && die "failed to search: ", $local_res->error;
176 if ($local_res->count > 1) {
177 print "A PosixAccount with uidNumber [$uid] must exactly exist once\n";
178 print "You have ", $local_res->count, " entries:\n";
179 foreach my $loc_entry ($local_res->all_entries) {
180 printf "\t%s\n", $loc_entry->dn;
181 }
182 ++$bad_uids;
183 next;
184 }
185 if ($check_local_files && exists $passwd_h{$uid}) {
186 print "Warning: There is a user in /etc/passwd that has uidNumber [$uid] as well\n";
187 print "This entry may conflict with $dn\n";
188 ++$bad_uids;
189 }
190 }
191
192 if ($bad_uids) {
193 $ret = -1;
194 print "You have $bad_uids bad uidNumbers in your system. You might need to repair them\n";
195 } else {
196 print "No multiple uidNumbers found in your system\n";
197 }
198
199 $ldap->unbind;
200
201 exit $ret;