Skip to content

Instantly share code, notes, and snippets.

@bufke bufke/insert_hashes.py
Last active Dec 10, 2015

Embed
What would you like to do?
For migrating zentyal 2.2 to 3.0 user ldap attributues
import base64
import binascii
import subprocess
import sys
# Set these please!
sam_file = "/var/lib/samba/private/sam.ldb.d/DC\=ZENTYAL\,DC\=EXAMPLE\,DC\=ORG.ldb"
user_dn = "ou=Users,dc=zentyal,dc=example,dc=org"
samba_dn = 'CN=Users,DC=zentyal,DC=example,DC=org'
base_dn = "dc=zentyal,dc=example,dc=org"
zentyal3_ldap_password = ""
ldap_hashes = open( "hashes.txt", "r")
# Also uncomment what the script should actually run at the bottom!
# First get users in a reasonable format
# Account for the order of the ldif being random
result = []
uid = uidNumber = gidNumber = sambaSID = userPassword = sambaNTPassword = None
for line in ldap_hashes:
if line:
if line[0] == "#":
if uid and uidNumber and sambaSID and userPassword and sambaNTPassword and gidNumber:
result += [[uid.strip('\n'),uidNumber.strip('\n'),sambaSID.strip('\n'),userPassword.strip().strip('\n'),sambaNTPassword.strip('\n'),gidNumber.strip('\n')]]
else:
print "error at %s" % uid
uid = uidNumber = sambaSID = userPassword = sambaNTPassword = None
elif line[0:4] == "uid:":
uid = line[5:]
elif line[0:10] == "uidNumber:":
uidNumber = line[11:]
elif line[0:9] == "sambaSID:":
sambaSID = line[10:]
elif line[0:13] == "userPassword:":
userPassword = line[14:]
elif line[0:13] == "sambaNTPasswo":
sambaNTPassword = line[17:]
elif line[0:10] == "gidNumber:":
gidNumber = line[11:]
if uid and uidNumber and sambaSID and userPassword and sambaNTPassword:
result += [[uid.strip('\n'),uidNumber.strip('\n'),sambaSID.strip('\n'),userPassword.strip().strip('\n'),sambaNTPassword.strip('\n'),gidNumber.strip('\n')]]
users = result[1:] # Skip first one
def set_user_hashes(user_dn,uid,uidNumber,sambaSID,userPassword,sambaNTPassword,gidNumber):
try:
b64_hash = base64.b64encode(binascii.a2b_hex(sambaNTPassword))
decoded_userPassword = base64.b64decode(userPassword)
cmd_unicodePwd = """ldbmodify -H %s --controls=local_oid:1.3.6.1.4.1.7165.4.3.12:0 <<EOF
dn: CN=%s,%s
changetype: modify
replace: unicodePwd
unicodePwd:: %s
EOF""" % (sam_file, uid, samba_dn, b64_hash)
cmd_userPassword = """ldapmodify -D 'cn=zentyal,%s' -w '%s' -p 390 -h localhost <<EOF
dn: %s
changetype: modify
replace: userPassword
userPassword: %s
EOF""" % (base_dn, zentyal3_ldap_password, user_dn, decoded_userPassword)
cmd_samba_uidNumber = """ldapmodify -D 'cn=zentyal,%s' -w '%s' -p 390 -h localhost <<EOF
dn: %s
changetype: modify
replace: uidNumber
uidNumber: %s
EOF""" % (base_dn, zentyal3_ldap_password, user_dn, uidNumber)
cmd_uidNumber = """ldapmodify -D 'cn=zentyal,%s' -w '%s' -p 390 -h localhost <<EOF
dn: %s
changetype: modify
replace: uidNumber
uidNumber: %s
EOF""" % (base_dn, zentyal3_ldap_password, user_dn, uidNumber)
cmd_sambaSID = """ldapmodify -D 'cn=zentyal,%s' -w '%s' -p 390 -h localhost <<EOF
dn: %s
changetype: modify
replace: sambaSID
sambaSID: %s
EOF""" % (base_dn, zentyal3_ldap_password, user_dn, sambaSID)
cmd_gidNumber = """ldapmodify -D 'cn=zentyal,%s' -w '%s' -p 390 -h localhost <<EOF
dn: %s
changetype: modify
replace: gidNumber
gidNumber: %s
EOF""" % (base_dn, zentyal3_ldap_password, user_dn, gidNumber)
#print cmd_unicodePwd
#print cmd_samba_uidNumber
#print cmd_userPassword
#print cmd_uidNumber
#print cmd_sambaSID
#print cmd_gidNumber
#subprocess.call(cmd_unicodePwd, shell=True)
#subprocess.call(cmd_samba_uidNumber, shell=True)
#subprocess.call(cmd_userPassword, shell=True)
#subprocess.call(cmd_uidNumber, shell=True)
#subprocess.call(cmd_sambaSID, shell=True)
#subprocess.call(cmd_gidNumber, shell=True)
except:
print "!!!! UNKNOWN ERROR ON %s !!!!" % user_dn
print "%s %s %s %s %s" % (user_dn,uidNumber,sambaSID,userPassword,sambaNTPassword)
print sys.exc_info()[0]
print sys.exc_info()[1]
print "-----------------------------"
for user in users:
user_user_dn = "uid=%s,%s" % (user[0], user_dn)
set_user_hashes(user_user_dn, user[0], user[1], user[2], user[3], user[4], user[5])
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.