Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
fusiondirectory
fusiondirectory
Commits
332fed5a
Commit
332fed5a
authored
Jan 18, 2017
by
Côme Chilliet
Browse files
Fixes
#5235
Removed from fusiondirectory-setup migration option from older than 1.0.15
parent
ae3b5141
Changes
1
Hide whitespace changes
Inline
Side-by-side
contrib/bin/fusiondirectory-setup
View file @
332fed5a
...
...
@@ -1216,206 +1216,11 @@ sub migrate_users {
}
}
$mesg
=
$ldap
->
search
(
filter
=>
'
(objectClass=gosaAccount)
',
base
=>
$base
);
$mesg
->
code
&&
die
$mesg
->
error
;
if
(
$mesg
->
count
>
0
)
{
print
("
The following users are using the obsolete gosaAccount objectClass:
\n
");
my
@entries
=
$mesg
->
entries
;
foreach
my
$entry
(
@entries
)
{
print
$entry
->
dn
()
.
"
\n
";
}
if
(
ask_yn_question
("
Remove the gosaAccount objectClass from these entries?
"))
{
foreach
my
$entry
(
@entries
)
{
my
@replace
;
my
@delete
;
my
@classes
=
$entry
->
get_value
('
objectClass
');
if
(
grep
{
$_
eq
'
gosaAccount
'}
@classes
)
{
foreach
my
$class
(
@classes
)
{
if
(
$class
ne
'
gosaAccount
')
{
push
(
@replace
,
"
$class
");
}
}
if
(
(
$entry
->
exists
('
dateOfBirth
')
||
$entry
->
exists
('
personalTitle
')
||
$entry
->
exists
('
gender
'))
&&
!
(
grep
{
$_
eq
'
fdPersonalInfo
'}
@classes
)
)
{
push
(
@replace
,
"
fdPersonalInfo
");
}
if
(
!
(
grep
{
$_
eq
'
sambaSamAccount
'}
@classes
))
{
foreach
my
$sambaAttr
('
sambaLMPassword
','
sambaNTPassword
','
sambaPwdLastSet
','
sambaBadPasswordCount
','
sambaBadPasswordTime
')
{
if
(
$entry
->
exists
(
$sambaAttr
))
{
push
(
@delete
,
$sambaAttr
);
}
}
}
}
if
(
scalar
(
@delete
)
>
0
)
{
$mesg
=
$ldap
->
modify
(
$entry
->
dn
(),
delete
=>
\
@delete
,
replace
=>
[
"
objectClass
"
=>
\
@replace
]);
$mesg
->
code
&&
print
$entry
->
dn
()
.
"
(deleting samba attributes):
"
.
$mesg
->
error
.
"
\n
";
}
else
{
$mesg
=
$ldap
->
modify
(
$entry
->
dn
(),
replace
=>
[
"
objectClass
"
=>
\
@replace
]);
$mesg
->
code
&&
print
$entry
->
dn
()
.
"
:
"
.
$mesg
->
error
.
"
\n
";
}
undef
@replace
;
undef
@delete
;
}
}
}
# unbind to the LDAP server
my
$unbind
=
$ldap
->
unbind
;
$unbind
->
code
&&
warn
"
! Unable to unbind from LDAP server:
",
$unbind
->
error
.
"
\n
";
}
# function that moves DNS zones from systems to ou=dns
sub
migrate_dns
{
# initiate the LDAP connexion
my
%hash_ldap_param
=
get_ldap_connexion
();
# LDAP's connection's parameters
my
$base
=
$hash_ldap_param
{
base
};
my
$ldap
=
$hash_ldap_param
{
ldap
};
# Search for DNS zones
my
$mesg
=
$ldap
->
search
(
base
=>
"
$base
",
filter
=>
"
(&(objectClass=dNSZone)(relativeDomainName=@)(!(|(zoneName=*.arpa)(zoneName=*.arpa.))))
",
attrs
=>
['
zoneName
']
);
$mesg
->
code
&&
die
$mesg
->
error
;
my
@entries
=
$mesg
->
entries
;
print
"
There are
"
.
$mesg
->
count
.
"
DNS zones in the LDAP
\n
";
my
@baddns
=
();
foreach
my
$entry
(
@entries
)
{
if
(
$entry
->
dn
()
!~
m/$dnsrdn/
)
{
if
(
scalar
(
@baddns
)
==
0
)
{
print
"
The following are not in the DNS branch (
$dnsrdn
):
\n
";
}
print
$entry
->
dn
()
.
"
\n
";
push
@baddns
,
$entry
->
dn
();
}
}
if
(
scalar
(
@baddns
)
==
0
)
{
print
"
They all already are in the DNS branch (
$dnsrdn
):
\n
";
}
else
{
if
(
ask_yn_question
("
Move these entries to the DNS branch (
$dnsrdn
)?
"))
{
foreach
my
$entrydn
(
@baddns
)
{
$entrydn
=~
m/^([^,]+),(.+$systemrdn,(.+))$/
or
die
"
Could not parse dn
"
.
$entrydn
.
"
\n
";
my
$rdn
=
$
1
;
my
$systemdn
=
$
2
;
my
$entrybase
=
$
3
;
if
(
!
branch_exists
(
$ldap
,
"
$dnsrdn
,
$entrybase
"))
{
create_branch
(
$ldap
,
$entrybase
,
$dnsrdn
);
}
my
$result
=
$ldap
->
moddn
(
$entrydn
,
newrdn
=>
$rdn
,
deleteoldrdn
=>
'
1
',
newsuperior
=>
"
$dnsrdn
,
$entrybase
"
);
$result
->
code
&&
die
"
Migration of DNS zone entry failed, LDAP error:
"
.
$result
->
error
.
"
\n
";
my
$zoneDn
=
"
$rdn
,
$dnsrdn
,
$entrybase
";
$mesg
=
$ldap
->
search
(
base
=>
$zoneDn
,
filter
=>
"
(&(objectClass=dNSZone)(relativeDomainName=*)(!(|(zoneName=*.arpa)(zoneName=*.arpa.))))
"
);
$mesg
->
code
&&
die
$mesg
->
error
;
@entries
=
$mesg
->
entries
;
foreach
my
$entry
(
@entries
)
{
$entry
->
dn
()
=~
m/^([^,]+),(relativeDomainName=[^,]+),$zoneDn$/
or
next
;
$rdn
=
$
1
;
my
$relativeDomainName
=
$
2
;
if
(
$rdn
eq
$relativeDomainName
)
{
my
%replace
=
();
my
@attributes
=
$entry
->
attributes
();
foreach
my
$attr
(
@attributes
)
{
$replace
{
$attr
}
=
$entry
->
get_value
(
$attr
,
asref
=>
1
)
}
$result
=
$ldap
->
modify
(
"
$rdn
,
$zoneDn
",
replace
=>
\
%replace
);
$result
->
code
&&
die
"
Migration of DNS zone subentry failed, LDAP error:
"
.
$result
->
error
.
"
\n
";
$result
=
$ldap
->
delete
(
$entry
->
dn
());
}
else
{
$result
=
$ldap
->
moddn
(
$entry
->
dn
(),
newrdn
=>
$rdn
,
deleteoldrdn
=>
'
1
',
newsuperior
=>
$zoneDn
);
}
$result
->
code
&&
die
"
Migration of DNS zone subentry failed, LDAP error:
"
.
$result
->
error
.
"
\n
";
}
# Fix reverse zone PTR records DNs
$mesg
=
$ldap
->
search
(
base
=>
$zoneDn
,
filter
=>
"
(&(objectClass=dNSZone)(!(relativeDomainName=@))(|(zoneName=*.arpa)(zoneName=*.arpa.)))
"
);
$mesg
->
code
&&
die
$mesg
->
error
;
@entries
=
$mesg
->
entries
;
foreach
my
$entry
(
@entries
)
{
$entry
->
dn
()
=~
m/^([^,]+),relativeDomainName=[^,]+,$zoneDn$/
or
next
;
$result
=
$ldap
->
moddn
(
$entry
->
dn
(),
newrdn
=>
$
1
,
deleteoldrdn
=>
'
1
',
newsuperior
=>
'
zoneName=
'
.
$entry
->
get_value
('
zoneName
')
.
'
,
'
.
$zoneDn
);
$result
->
code
&&
die
"
Migration of DNS reverse zone subentry
"
.
$entry
->
dn
()
.
"
failed, LDAP error:
"
.
$result
->
error
.
"
\n
";
}
# Add DNS tab on server
$mesg
=
$ldap
->
search
(
base
=>
$systemdn
,
scope
=>
'
base
',
filter
=>
'
(objectClass=*)
'
);
$mesg
->
code
&&
die
$mesg
->
error
;
my
$system_entry
=
$mesg
->
shift_entry
;
$system_entry
->
get_value
('
objectClass
');
my
@classes
=
$system_entry
->
get_value
('
objectClass
');
if
(
grep
{
$_
eq
'
fdDNSHost
'}
@classes
)
{
$result
=
$ldap
->
modify
(
"
$systemdn
",
add
=>
{
'
fdDNSZoneDn
'
=>
$zoneDn
,
}
);
}
else
{
$result
=
$ldap
->
modify
(
"
$systemdn
",
add
=>
{
'
fdDNSZoneDn
'
=>
$zoneDn
,
'
objectClass
'
=>
'
fdDNSHost
'
}
);
}
$result
->
code
&&
print
"
Could not add DNS tab on
$systemdn
, LDAP error:
"
.
$result
->
error
.
"
\n
You'll need to activate it yourself
\n
";
}
}
}
}
# function that moves DHCP configurations from systems to ou=dhcp
sub
migrate_dhcp
{
# initiate the LDAP connexion
...
...
@@ -1506,139 +1311,6 @@ sub migrate_dhcp {
}
}
sub
migrate_acls
{
# initiate the LDAP connexion
my
%hash_ldap_param
=
get_ldap_connexion
();
# LDAP's connection's parameters
my
$base
=
$hash_ldap_param
{
base
};
my
$ldap
=
$hash_ldap_param
{
ldap
};
# Search for old formatted ACLs
my
$mesg
=
$ldap
->
search
(
base
=>
"
$base
",
filter
=>
"
(gosaAclEntry=*)
",
attrs
=>
['
gosaAclEntry
']
);
$mesg
->
code
&&
die
$mesg
->
error
;
while
(
my
$entry
=
$mesg
->
shift_entry
)
{
my
$acls
=
$entry
->
get_value
('
gosaAclEntry
',
asref
=>
1
);
my
@nacls
=
();
my
$old_formats
=
0
;
ACL:
foreach
my
$acl
(
@$acls
)
{
my
$old_format
=
0
;
my
(
$index
,
$scope
,
$part1
,
$part2
,
$filter
);
if
(
$acl
=~
m/:(p?sub|role):/
)
{
$old_format
=
1
;
(
$index
,
$scope
,
$part1
,
$part2
,
$filter
)
=
split
('
:
',
$acl
);
}
elsif
(
$acl
!~
m/:subtree:/
)
{
# With one or base scope we can't know, we have to check other parts
(
$index
,
$scope
,
$part1
,
$part2
,
$filter
)
=
split
('
:
',
$acl
);
my
$dn
=
decode_base64
(
$part1
);
$mesg
=
$ldap
->
search
(
base
=>
"
$dn
",
scope
=>
'
base
',
filter
=>
'
(objectClass=gosaRole)
'
);
die_on_ldap_errors
(
$mesg
);
if
(
$mesg
->
count
==
0
)
{
$old_format
=
1
;
}
}
if
(
$old_format
)
{
$old_formats
=
1
;
print
"
$acl
needs migration
\n
";
my
(
$role_dn
,
$members
);
if
(
$scope
eq
'
role
')
{
$role_dn
=
decode_base64
(
$part1
);
$members
=
$part2
;
# Find scope in role
$mesg
=
$ldap
->
search
(
base
=>
$role_dn
,
scope
=>
'
base
',
filter
=>
'
(objectClass=gosaRole)
'
);
die_on_ldap_errors
(
$mesg
);
if
(
my
$role_entry
=
$mesg
->
shift_entry
)
{
my
$acl_templates
=
$role_entry
->
get_value
('
gosaAclTemplate
',
asref
=>
1
);
my
$scope
=
'';
foreach
my
$acl_template
(
@$acl_templates
)
{
my
(
$t_index
,
$t_scope
,
$t_acl
)
=
split
('
:
',
$acl_template
);
if
(
$scope
eq
'')
{
$scope
=
$t_scope
;
}
elsif
(
$scope
ne
$t_scope
)
{
print
"
We don't know how to migrate role
$role_dn
as it contains several scopes
\n
";
push
@nacls
,
$acl
;
next
ACL
;
}
}
push
@nacls
,
"
$index
:
$scope
:
"
.
encode_base64
(
$role_dn
)
.
"
:
$members
";
}
else
{
# Removing invalid ACL
print
"
Removing acl as associated role
$role_dn
does not exists
\n
";
next
ACL
;
}
}
else
{
my
$cn
=
find_free_role_dn
(
$ldap
,
$base
,'
migrated-acl
');
$role_dn
=
create_role
(
$ldap
,
$base
,
$cn
,
$part2
);
$members
=
$part1
;
if
(
$scope
=~
m/sub$/
)
{
$scope
=
'
subtree
';
}
push
@nacls
,
"
$index
:
$scope
:
"
.
encode_base64
(
$role_dn
)
.
"
:
$members
";
}
}
else
{
push
@nacls
,
$acl
;
}
}
if
(
$old_formats
)
{
@nacls
=
sort
@nacls
;
my
$i
=
0
;
for
(
@nacls
)
{
s/^[0-9]*:/$i:/
;
$i
++
};
# Re-index acls
my
$result
=
$ldap
->
modify
(
$entry
->
dn
,
replace
=>
{
'
gosaAclEntry
'
=>
\
@nacls
}
);
$result
->
code
&&
warn
"
\n
! failed to migrate ACL for '
"
.
$entry
->
dn
.
"
' -
"
.
$result
->
error_name
.
"
:
"
.
$result
->
error_text
;
print
"
Migrated acls for '
"
.
$entry
->
dn
.
"
'
\n
";
}
}
# Search for old formatted ACL roles
$mesg
=
$ldap
->
search
(
base
=>
"
$base
",
filter
=>
"
(gosaAclTemplate=*:*:*)
",
attrs
=>
['
gosaAclTemplate
']
);
$mesg
->
code
&&
die
$mesg
->
error
;
ROLE:
while
(
my
$role_entry
=
$mesg
->
shift_entry
)
{
my
$acl_templates
=
$role_entry
->
get_value
('
gosaAclTemplate
',
asref
=>
1
);
my
$scope
=
'';
my
@ntemplates
=
();
foreach
my
$acl_template
(
@$acl_templates
)
{
my
(
$t_index
,
$t_scope
,
$t_acl
)
=
split
('
:
',
$acl_template
);
if
(
$scope
eq
'')
{
$scope
=
$t_scope
;
}
elsif
(
$scope
ne
$t_scope
)
{
print
"
We don't know how to migrate role '
"
.
$role_entry
->
dn
.
"
' as it contains several scopes
\n
";
next
ROLE
;
}
push
@ntemplates
,
$t_index
.
'
:
'
.
$t_acl
;
}
my
$result
=
$ldap
->
modify
(
$role_entry
->
dn
,
replace
=>
{
'
gosaAclTemplate
'
=>
\
@ntemplates
}
);
$result
->
code
&&
warn
"
\n
! failed to migrate ACL for '
"
.
$role_entry
->
dn
.
"
' -
"
.
$result
->
error_name
.
"
:
"
.
$result
->
error_text
;
print
"
Migrated role '
"
.
$role_entry
->
dn
.
"
'
\n
";
}
}
sub
delete_gosa_locks
{
# initiate the LDAP connexion
my
%hash_ldap_param
=
get_ldap_connexion
();
...
...
@@ -1697,65 +1369,6 @@ sub get_deprecated {
return
(
\
@obsolete_attrs
,
\
@obsolete_classes
);
}
# function that migrates printers from FD<=1.0.13 to FD>=1.0.14
sub
migrate_printers
{
# initiate the LDAP connexion
my
%hash_ldap_param
=
get_ldap_connexion
();
# LDAP's connection's parameters
my
$base
=
$hash_ldap_param
{
base
};
my
$ldap
=
$hash_ldap_param
{
ldap
};
my
$mesg
=
$ldap
->
search
(
filter
=>
'
(objectClass=gotoPrinter)
',
base
=>
$base
);
$mesg
->
code
&&
die
$mesg
->
error
;
if
(
$mesg
->
count
>
0
)
{
print
("
The following printers are using the obsolete gotoPrinter objectClass:
\n
");
my
@entries
=
$mesg
->
entries
;
foreach
my
$entry
(
@entries
)
{
print
$entry
->
dn
()
.
"
\n
";
}
if
(
ask_yn_question
("
Migrate these entries to fdPrinter objectClass?
"))
{
foreach
my
$entry
(
@entries
)
{
my
$newrdn
=
"
cn=
"
.
$entry
->
get_value
('
cn
')
.
"
+ipHostNumber=
"
.
$entry
->
get_value
('
ipHostNumber
');
$mesg
=
$ldap
->
moddn
(
$entry
->
dn
(),
newrdn
=>
$newrdn
);
if
(
$mesg
->
code
)
{
print
$entry
->
dn
()
.
"
:
"
.
$mesg
->
error
.
"
\n
";
next
;
}
my
$dn_old
=
$entry
->
dn
();
$dn_old
=~
s/^[^,]+,/$newrdn,/
;
my
@replace
=
('
ieee802Device
',
'
ipHost
',
'
fdPrinter
');
my
@classes
=
$entry
->
get_value
('
objectClass
');
foreach
my
$class
(
@classes
)
{
if
(
$class
ne
'
gotoPrinter
')
{
push
(
@replace
,
"
$class
");
}
}
$entry
->
replace
("
objectClass
"
=>
\
@replace
);
$mesg
=
$ldap
->
add
(
$entry
);
if
(
$mesg
->
code
)
{
print
$entry
->
dn
()
.
"
:
"
.
$mesg
->
error
.
"
\n
";
next
;
}
undef
@replace
;
$mesg
=
$ldap
->
delete
(
$dn_old
);
$mesg
->
code
&&
print
$dn_old
.
"
:
"
.
$mesg
->
error
.
"
\n
";
}
}
}
# unbind to the LDAP server
my
$unbind
=
$ldap
->
unbind
;
$unbind
->
code
&&
warn
"
! Unable to unbind from LDAP server:
",
$unbind
->
error
.
"
\n
";
}
# function that migrates systems from FD<1.1 to FD>=1.1
sub
migrate_systems
{
# initiate the LDAP connexion
...
...
@@ -1963,7 +1576,7 @@ sub ldif_deprecated {
my
(
$obsolete_attrs
,
$obsolete_classes
)
=
get_deprecated
();
my
$filterAttrs
=
'
(|
'
.
join
('',
(
map
{
'
(
'
.
$_
->
{'
name
'}
.
'
=*)
'
}
@$obsolete_attrs
))
.
'
)
';
my
$filterClasses
=
'
(|
'
.
join
('',
(
map
{
'
(objectClass=
'
.
$_
->
{'
name
'}
.
'
)
'
}
(
grep
{
$_
ne
'
gosaAccount
'}
@$obsolete_classes
))
)
.
'
)
';
my
$filterClasses
=
'
(|
'
.
join
('',
(
map
{
'
(objectClass=
'
.
$_
->
{'
name
'}
.
'
)
'
}
@$obsolete_classes
))
.
'
)
';
# initiate the LDAP connexion
my
%hash_ldap_param
=
get_ldap_connexion
();
...
...
@@ -1987,24 +1600,6 @@ sub ldif_deprecated {
print
"
delete:
"
.
$attr
->
{'
name
'}
.
"
\n
-
\n
";
}
}
my
@classes
=
$entry
->
get_value
('
objectClass
');
if
(
grep
{
$_
eq
'
gosaAccount
'}
@classes
)
{
print
"
# Removing obsolete objectClass gosaAccount
\n
";
print
"
replace:objectClass
\n
";
foreach
my
$class
(
@classes
)
{
if
(
$class
ne
'
gosaAccount
')
{
print
"
objectClass:
$class
\n
";
}
}
if
(
(
$entry
->
exists
('
dateOfBirth
')
||
$entry
->
exists
('
personalTitle
')
||
$entry
->
exists
('
gender
'))
&&
!
(
grep
{
$_
eq
'
fdPersonalInfo
'}
@classes
)
)
{
print
"
objectClass:fdPersonalInfo
\n
";
print
"
# Adding fdPersonalInfo because either dateOfBirth, personalTitle or gender is present. See personal plugin.
\n
";
}
print
"
-
\n
";
}
print
"
\n
";
}
}
else
{
...
...
@@ -2018,7 +1613,7 @@ sub ldif_deprecated {
$entries
->
code
&&
die
$entries
->
error
;
if
(
$entries
->
count
>
0
)
{
print
"
# WARNING: There are entries in the LDAP using obsolete classes
(other than gosaAccount)
, you need to edit them manually
\n
";
print
"
# WARNING: There are entries in the LDAP using obsolete classes, you need to edit them manually
\n
";
}
else
{
print
"
# There are no entries in the LDAP using obsolete classes
\n
";
}
...
...
@@ -2144,12 +1739,9 @@ die ("! You have to run this script as root\n") if ($<!=0);
$commands
{"
--check-ldap
"}
=
["
Checking your LDAP tree
",
\
&check_ldap
];
$commands
{"
--check-ids
"}
=
["
Checking for duplicated uid or gid numbers
",
\
&check_id_numbers
];
$commands
{"
--migrate-users
"}
=
["
Migrating your users
",
\
&migrate_users
];
$commands
{"
--migrate-printers
"}
=
["
Migrating your printers from FD < 1.0.14
",
\
&migrate_printers
];
$commands
{"
--migrate-phones
"}
=
["
Migrating your phones from FD < 1.1
",
\
&migrate_phones
];
$commands
{"
--migrate-systems
"}
=
["
Migrating your systems from FD < 1.1
",
\
&migrate_systems
];
$commands
{"
--migrate-dns
"}
=
["
Migrating DNS zones for FD >= 1.0.10
",
\
&migrate_dns
];
$commands
{"
--migrate-dhcp
"}
=
["
Migrating DHCP configurations for FD >= 1.0.17
",
\
&migrate_dhcp
];
$commands
{"
--migrate-acls
"}
=
["
Migrating your ACLs
",
\
&migrate_acls
];
$commands
{"
--delete-gosa-locks
"}
=
["
Delete lock tokens using old gosaLockEntry class
",
\
&delete_gosa_locks
];
$commands
{"
--install-plugins
"}
=
["
Installing FusionDirectory's plugins
",
\
&install_plugins
];
$commands
{"
--encrypt-passwords
"}
=
["
Encrypt passwords in fusiondirectory.conf
",
\
&encrypt_passwords
];
...
...
@@ -2247,10 +1839,6 @@ This option check your LDAP tree for duplicated uidNumber or gidNumber among use
This option add FusionDirectory attributes to the people branch.
=item --migrate-printers
This option replace gosaPrinter objectClass by new fdPrinter objectClass.
=item --migrate-phones
This option removes device objectClass for phones as fdPhones is now structural since FD 1.1.
...
...
@@ -2259,18 +1847,10 @@ This option removes device objectClass for phones as fdPhones is now structural
This option replace old systems objectClasses by new objectClasses from FD 1.1.
=item --migrate-dns
This option moves DNS zones from systems branch to DNS branch, which is necessary for FusionDirectory 1.0.10 and above.
=item --migrate-dhcp
This option moves DHCP configurations from systems branch to DHCP branch, which is necessary for FusionDirectory 1.0.17 and above.
=item --migrate-acls
This option will migrated old GOsa style acl from 1.0.7 into FusionDirectory acl roles in 1.0.8
=item --delete-gosa-locks
This option will delete old GOsa style lock tokens from 1.0.15 or older
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment