[debian-edu-commits] debian-edu/ 01/01: Drop share/debian-edu-config/tools/ldap-migrate-squeeze-wheezy.
Holger Levsen
holger at layer-acht.org
Mon Aug 14 16:28:08 UTC 2017
This is an automated email from the git hooks/post-receive script.
holger pushed a commit to branch master
in repository debian-edu-config.
commit 31eaee61adb822494f3b419b9c66a79d625d7ec7
Author: Holger Levsen <holger at layer-acht.org>
Date: Mon Aug 14 12:28:01 2017 -0400
Drop share/debian-edu-config/tools/ldap-migrate-squeeze-wheezy.
---
debian/changelog | 1 +
.../tools/ldap-migrate-squeeze-wheezy | 223 ---------------------
2 files changed, 1 insertion(+), 223 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 011f656..562752f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -26,6 +26,7 @@ debian-edu-config (1.931) UNRELEASED; urgency=medium
* Drop share/debian-edu-config/tools/migrate-squid-to-squid3 and drop
(commented out) reference in cf/cf.squid as squid is back since Stretch.
* testsuite/cups: drop now useless reference to Jessie in comment.
+ * Drop share/debian-edu-config/tools/ldap-migrate-squeeze-wheezy.
-- Holger Levsen <holger at debian.org> Sat, 05 Aug 2017 17:37:04 -0400
diff --git a/share/debian-edu-config/tools/ldap-migrate-squeeze-wheezy b/share/debian-edu-config/tools/ldap-migrate-squeeze-wheezy
deleted file mode 100755
index 2f2c970..0000000
--- a/share/debian-edu-config/tools/ldap-migrate-squeeze-wheezy
+++ /dev/null
@@ -1,223 +0,0 @@
-#!/usr/bin/perl
-#
-# Migrate the relevant parts of the Debian Edu LDAP database from
-# Squeeze to Wheezy.
-#
-# Extract users and groups from the slapcad output to insert with
-# slapadd. It must be run just after installation of the main server.
-
-sub usage {
- my $exitcode = shift;
- print <<'EOF';
-Usage: $0
-
-Migrate LDAP information from a Debian Edu Squeeze main server to a
-Debian Edu Wheezy main server.
-
-How to use it:
-
- # Get a copy of the Squeeze LDAP database
- ssh root at squeeze-tjener "service slapd stop"
- ssh root at squeeze-tjener "slapcat" > tjener-squeeze.ldif
- ssh root at squeeze-tjener "service slapd start"
-
- # Fetch Kerberos master key used to encrypt user passwords
- ssh root at squeeze-tjener "klist -K -k /etc/krb5kdc/stash"
-
- # Get a copy of the current Wheezy LDAP database
- service slapd stop
- slapcat > tjener-wheezy.ldif
- service slapd start # Restart local LDAP server
-
- ldap-migrate-squeeze-wheezy # Create input file for ldapmodify to merge
-
- ldapadmindn=$(ldapsearch -H ldap://localhost/ -x "(&(cn=admin)(objectClass=simpleSecurityObject))" 2>/dev/null | perl -p0e 's/\n //g' | awk '/^dn: / {print $2}')
- ldapmodify -H ldap://localhost/ -ZZ -D "$ldapadmindn" -W -v -x < tjener-wheezy-ldapmodify.ldif # Load the new/changed entries into LDAP
-
- # List current key with KNVO 1
- klist -K -k /etc/krb5kdc/stash
-
- # Add old Kerberos master key used to encrypt user passwords as KNVO 2
- kdb5_util add_mkey
-
- # Add new Kerberos master key to get a KNVO number higher than the old key
- kdb5_util add_mkey
-
- # Activate key with KNVO 3
- kdb5_util use_mkey 3
-
- # Migrate all users to KNVO 3
- kdb5_util update_princ_encryption
-
- # Store key with KNVO 3 in /etc/krb5kdc/stash
- kdb5_util stash
-
- # Remove now obsolete keys with KNVO 1 and 2
- kdb5_util purge_mkeys -v
-
- # Copy home directories from old to new main-server
- rsync -av root at squeeze-tjener:/skole/tjener/home0/. /skole/tjener/home0/.
-
-WARNING: This code is experimental!
-EOF
- exit($exitcore) if $exitcode;
-}
-
-use strict;
-use warnings;
-
-use Getopt::Std;
-use Net::LDAP::LDIF;
-use Data::Dumper;
-
-my $debug = 0;
-my %opts;
-getopts("d", \%opts) || usage(1);
-$debug = 1 if $opts{d};
-
-my $oldldiffile = "tjener-squeeze.ldif";
-my $curldiffile = "tjener-wheezy.ldif";
-my $newldiffile = "tjener-wheezy-ldapmodify.ldif";
-
-my $oldldif = Net::LDAP::LDIF->new( $oldldiffile, "r", onerror => 'undef' );
-unless ($oldldif) { warn "unable to read $oldldiffile"; usage(1); }
-my $curldif = Net::LDAP::LDIF->new( $curldiffile, "r", onerror => 'undef' );
-unless ($curldif) { warn "unable to read $curldiffile"; usage(1); }
-my $newldif = Net::LDAP::LDIF->new( $newldiffile, "w", onerror => 'undef',
- change => 1 );
-unless ($newldif) { warn "unable to write $newldiffile"; usage(1); }
-
-my %curuser;
-my %curgroup;
-my %cursudorole;
-my %curnisnetgroup;
-my %curhost;
-while (not $curldif->eof() ) {
- my $entry = $curldif->read_entry();
- if ( ! $curldif->error() ) {
- my %cls;
- map { $cls{$_} = 1 } $entry->get_value('objectClass');
- print Data::Dumper->Dump([\%cls], [qw(*cls)]) if $debug;
- if (exists $cls{'posixAccount'} && exists $cls{'person'}
- && ! exists $cls{'gosaUserTemplate'}
- && ! exists $cls{'gotoWorkstation'}) {
- $curuser{$entry->get_value('uid')} = 1;
- } elsif (exists $cls{'posixGroup'} ) {
- $curgroup{$entry->get_value('cn')} = $entry;
- } elsif (exists $cls{'sudoRole'} ) {
- $cursudorole{$entry->get_value('cn')} = $entry;
- } elsif (exists $cls{'nisNetgroup'} ) {
- $curnisnetgroup{$entry->get_value('cn')} = $entry;
- } elsif (exists $cls{'device'}
- || exists $cls{'goServer'}
- || exists $cls{'gotoWorkstation'}) {
- $curhost{$entry->get_value('cn')} = $entry;
- }
- }
-}
-
-print Data::Dumper->Dump([\%curuser], [qw(*curuser)]) if $debug;
-print Data::Dumper->Dump([\%curgroup], [qw(*curgroup)]) if $debug;
-print Data::Dumper->Dump([\%curnisnetgroup], [qw(*curnisnetgroup)]) if $debug;
-
-# Extract every user and group LDAP object not already in the LDAP
-# database.
-while (not $oldldif->eof() ) {
- my $entry = $oldldif->read_entry();
- if ( $oldldif->error() ) {
- print "Error msg: ", $oldldif->error( ), "\n";
- print "Error lines:\n", $oldldif->error_lines( ), "\n";
- } else {
- my %cls;
- map { $cls{$_} = 1 } $entry->get_value('objectClass');
- if (exists $cls{'posixAccount'} && exists $cls{'person'}
- && ! exists $cls{'gosaUserTemplate'}
- && ! exists $cls{'gotoWorkstation'}) {
- my $uid = $entry->get_value('uid');
- if (!exists ($curuser{$uid})) {
- $entry = trim_internal_attributes_from_entry($entry);
- $newldif->write_entry($entry);
- }
- } elsif (exists $cls{'sudoRole'}) {
- my $cn = $entry->get_value('cn');
- if (!exists ($cursudorole{$cn})) {
- $entry = trim_internal_attributes_from_entry($entry);
- $newldif->write_entry($entry);
- }
- } elsif (exists $cls{'posixGroup'} ) {
- change_or_add($newldif, $entry, \%curgroup, ['memberUid']);
- } elsif (exists $cls{'nisNetgroup'}) {
- change_or_add($newldif, $entry, \%curnisnetgroup, ['memberNisNetgroup', 'nisNetgroupTriple']);
- } elsif (exists $cls{'device'}
- || exists $cls{'goServer'}
- || exists $cls{'gotoWorkstation'}) {
- my $cn = $entry->get_value('cn');
- if (!exists ($curhost{$cn})) {
- $entry = trim_internal_attributes_from_entry($entry);
- $newldif->write_entry($entry);
- }
- }
- print Data::Dumper->Dump([\$entry], [qw(*entry)]) if $debug;
- }
-}
-
-$newldif->done();
-$curldif->done();
-$oldldif->done();
-
-sub trim_internal_attributes_from_entry {
- my ($entry) = @_;
-
- # Drop these attributes from all new LDAP objects. They are not
- # user settable in OpenLDAP.
- my @dropattr = qw(creatorsName entryUUID structuralObjectClass
- createTimestamp entryCSN modifiersName
- modifyTimestamp);
-
- for my $attr (@dropattr) {
- $entry->delete( $attr => []);
- }
- return $entry;
-}
-
-
-sub change_or_add {
- my ($newldif, $entry, $group, $attr_names_aref) = @_;
-
- my $cn = $entry->get_value('cn');
-
- if (exists ($group->{$cn})) {
- # check membership of both groups and create change records
- my $curentry = $group->{$cn};
-
- for my $attr_name (@$attr_names_aref) {
- my @oldmembers = sort $entry->get_value($attr_name);
- my @curmembers = sort $curentry->get_value($attr_name);
- print "Cur: ", Dumper(\@curmembers), "\n" if $debug;
- print "Old: ", Dumper(\@oldmembers), "\n" if $debug;
- my %curmemhash;
- map { $curmemhash{$_} = 1 } @curmembers;
- my $newentry;
- my @newmembers;
- for my $oldmember (@oldmembers) {
- if (!exists $curmemhash{$oldmember}) {
- print "Adding $oldmember to group $cn\n" if $debug;
- if (! defined $newentry) {
- $newentry = $entry->clone();
- $newentry->changetype('modify');
- }
- push(@newmembers, $oldmember);
- }
- }
- if (@newmembers) {
- $newentry->replace($attr_name =>
- [@curmembers, @newmembers]);
- $newldif->write_entry($newentry);
- }
- }
- } else {
- # Missing entry, just add it
- $entry = trim_internal_attributes_from_entry($entry);
- $newldif->write_entry($entry);
- }
-}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/debian-edu-config.git
More information about the debian-edu-commits
mailing list