Commit faf38818 authored by Côme Chilliet's avatar Côme Chilliet
Browse files

Fixes #4543 Added an option to fusiondirectory-setup to search for duplicated ids

parent ddcb7c76
......@@ -57,6 +57,8 @@ use XML::Twig;
# To hide password input
use Term::ReadKey;
use Data::Dumper;
# fd's directory and class.cache file's path declaration
my %vars = (
fd_home => "/var/www/fusiondirectory",
......@@ -89,8 +91,8 @@ my $configrdn = "cn=config,ou=fusiondirectory";
my $userrdn = "ou=people";
my $aclrolerdn = "ou=aclroles";
my $grouprdn = "ou=groups";
my $systemrdn = "ou=systems";
my $dnsrdn = "ou=dns";
my $systemrdn = "ou=systems";
my $dnsrdn = "ou=dns";
#################################################################################################################################################
......@@ -1045,6 +1047,58 @@ sub check_ldap {
$unbind->code && warn "! Unable to unbind from LDAP server: ", $unbind->error."\n";
}
# function that check for duplicated uid or gid numbers
sub check_id_numbers {
read_ldap_config();
# initiate the LDAP connexion
my %hash_ldap_param = get_ldap_connexion();
# LDAP's connection's parameters
my $ldap = $hash_ldap_param{ldap};
my $base = $hash_ldap_param{base};
check_id_numbers_generic($ldap, $base, 'posixAccount','uidNumber','users');
check_id_numbers_generic($ldap, $base, 'posixGroup','gidNumber','groups');
}
sub check_id_numbers_generic {
my ($ldap, $base, $objectClass, $attribute, $type) = @_;
my $mesg = $ldap->search(
filter => "(&(objectClass=$objectClass)($attribute=*))",
base => $base,
attrs => [$attribute]
);
$mesg->code && die $mesg->error;
my @entries = $mesg->entries;
my %tmp = ();
foreach my $entry (@entries) {
if (not defined $tmp{$entry->get_value($attribute)}) {
$tmp{$entry->get_value($attribute)} = ();
}
push @{$tmp{$entry->get_value($attribute)}}, $entry->dn();
}
my $dups = 0;
while (my ($id, $dns) = each %tmp) {
if (scalar(@$dns) > 1) {
$dups = 1;
print "The following $type use the same $attribute $id:\n";
foreach my $dn (@$dns) {
print "\t$dn\n";
}
}
}
if ($dups == 0) {
print "There are no duplicated ${attribute}s\n";
}
}
# function that create a directory and copy plugin files in it
sub create_and_copy_plugin_dir {
my ($plugin_dir,$dest_dir) = @_;
......@@ -1682,19 +1736,20 @@ die ("! You have to run this script as root\n") if ($<!=0);
$commands{"--check-directories"} = ["Checking FusionDirectory's directories", \&check_directories];
$commands{"--check-config"} = ["Checking FusionDirectory's config file", \&check_config];
$commands{"--check-ldap"} = ["Checking your LDAP tree", \&check_ldap];
$commands{"--check-ids"} = ["Checking for duplicated uid or gid numbers", \&check_id_numbers];
$commands{"--migrate-users"} = ["Migrating your users", \&migrate_users];
$commands{"--migrate-dns"} = ["Migrating DNS zones for FD 1.0.10", \&migrate_dns];
$commands{"--migrate-acls"} = ["Migrating your ACLs", \&migrate_acls];
$commands{"--install-plugins"} = ["Installing FusionDirectory's plugins", \&install_plugins];
$commands{"--encrypt-passwords"} = ["Encrypt passwords in fusiondirectory.conf", \&encrypt_passwords];
$commands{"--show-version"} = ["Show FusionDirectory version from variables_common.inc", \&show_version];
$commands{"--show-version"} = ["Show FusionDirectory version from variables_common.inc", \&show_version];
$commands{"--list-vars"} = ["List possible vars to give --set", \&list_vars];
$commands{"--write-vars"} = ["Choose FusionDirectory Directories", \&write_vars];
$commands{"--set-VAR=value"} = ["Set the variable VAR to value see --list-vars", \&die]; # Won't be called because it contains uppercase
$commands{"--list-deprecated"} = ["List deprecated attributes and objectclasses", \&list_deprecated];
$commands{"--check-deprecated"} = ["List LDAP entries using deprecated attributes or objectclasses", \&check_deprecated];
$commands{"--check-deprecated"} = ["List LDAP entries using deprecated attributes or objectclasses", \&check_deprecated];
$commands{"--ldif-deprecated"} = ["# Print an LDIF removing deprecated attributes",\&ldif_deprecated];
$commands{"--show-config"} = ["Show an LDAP dump of the FusionDirectory configuration",\&show_ldap_config];
$commands{"--show-config"} = ["Show an LDAP dump of the FusionDirectory configuration", \&show_ldap_config];
$commands{"--set-config-VAR=value"} = ["Set the value in LDAP of a configuration field",\&set_config_var];
my $usage = 0;
......@@ -1773,6 +1828,10 @@ This option perform a check on FusionDirectory's config file.
This option check your LDAP tree. Looking for admin account, and groups or people branch. If one of those don't exists, the script will ask you what to do.
=item --check-ids
This option check your LDAP tree for duplicated uidNumber or gidNumber among users and groups.
=item --migrate-users
This option add FusionDirectory attributes to the people branch.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment