sjorge/ldap2smbpasswd Secret

## ldap2smbpasswd
#!/bin/bash

#
# This use smbencrypt from freeradius
#

# read all accounts from ldap
ldapload() {
        local acc_uid=
        local acc_name=
        local acc_pass=
        ldapsearch -LLL -x -Z -H ldapi:/// -W \
          -D cn=admin,dc=acheron,dc=be \
          -b ou=accounts,dc=acheron,dc=be \
          -s one objectClass=posixAccount \
          uid uidNumber userPassword | while read line; do
                if [[ -z "$line" && -n "$acc_pass" && -n "$acc_uid" && -n "$acc_name" ]]; then
                        acc2smbpasswd "$acc_name" "$acc_uid" "$acc_pass"
                fi

                if [[ "$line" =~ ^dn: ]]; then
                        acc_uid=
                        acc_name=
                        acc_pass=
                fi

                if [[ "$line" =~ ^uid: ]]; then
                        acc_name="$(echo $line | awk -F ': ' '{ print $2 }')"
                fi
                if [[ "$line" =~ ^uidNumber: ]]; then
                        acc_uid="$(echo $line | awk -F ': ' '{ print $2 }')"
                fi
                if [[ "$line" =~ ^userPassword:: ]]; then
                        acc_pass="$(echo $line | awk -F ':: ' '{ print $2 }' | base64 -d)"
                fi
        done
}

# convert ldap info to smbpasswd entry
acc2smbpasswd() {
        local account="${1:-}"
        local uid="${2:-}"
        local password="${3:-}"
        local nthash="$(smbencrypt "$password" 2>&1 | tail -n 1 | awk '{ print $2 }')"
        local rnthash=
        for s in $(seq 0 2 $((${#nthash} - 2))); do
                rnthash="${rnthash}$(echo ${nthash:${s}:2} | rev)"
        done
        echo "$account:$uid::$rnthash"
}

## main
tmp_smbpasswd="$(mktemp)"
ldapload >> $tmp_smbpasswd
chown root:sys $tmp_smbpasswd
chmod 0400 $tmp_smbpasswd
[ ! -e "$tmp_smbpasswd" ] || mv "$tmp_smbpasswd" /var/smb/smbpasswd
	#!/bin/bash

	#
	# This use smbencrypt from freeradius
	#

	# read all accounts from ldap
	ldapload() {
	local acc_uid=
	local acc_name=
	local acc_pass=
	ldapsearch -LLL -x -Z -H ldapi:/// -W \
	-D cn=admin,dc=acheron,dc=be \
	-b ou=accounts,dc=acheron,dc=be \
	-s one objectClass=posixAccount \
	uid uidNumber userPassword \| while read line; do
	if [[ -z "$line" && -n "$acc_pass" && -n "$acc_uid" && -n "$acc_name" ]]; then
	acc2smbpasswd "$acc_name" "$acc_uid" "$acc_pass"
	fi

	if [[ "$line" =~ ^dn: ]]; then
	acc_uid=
	acc_name=
	acc_pass=
	fi

	if [[ "$line" =~ ^uid: ]]; then
	acc_name="$(echo $line \| awk -F ': ' '{ print $2 }')"
	fi
	if [[ "$line" =~ ^uidNumber: ]]; then
	acc_uid="$(echo $line \| awk -F ': ' '{ print $2 }')"
	fi
	if [[ "$line" =~ ^userPassword:: ]]; then
	acc_pass="$(echo $line \| awk -F ':: ' '{ print $2 }' \| base64 -d)"
	fi
	done
	}

	# convert ldap info to smbpasswd entry
	acc2smbpasswd() {
	local account="${1:-}"
	local uid="${2:-}"
	local password="${3:-}"
	local nthash="$(smbencrypt "$password" 2>&1 \| tail -n 1 \| awk '{ print $2 }')"
	local rnthash=
	for s in $(seq 0 2 $((${#nthash} - 2))); do
	rnthash="${rnthash}$(echo ${nthash:${s}:2} \| rev)"
	done
	echo "$account:$uid::$rnthash"
	}

	## main
	tmp_smbpasswd="$(mktemp)"
	ldapload >> $tmp_smbpasswd
	chown root:sys $tmp_smbpasswd
	chmod 0400 $tmp_smbpasswd
	[ ! -e "$tmp_smbpasswd" ] \|\| mv "$tmp_smbpasswd" /var/smb/smbpasswd