#define MOIRA_KERBEROS 0x2
#define MOIRA_STRINGS 0x4
#define MOIRA_LISTS 0x8
+#define MOIRA_MACHINE 0x16
#define CHECK_GROUPS 1
#define CLEANUP_GROUPS 2
#define ACTIVE_DIRECTORY "ACTIVE_DIRECTORY:"
#define PORT "PORT:"
#define PROCESS_MACHINE_CONTAINER "PROCESS_MACHINE_CONTAINER:"
+#define GROUP_POPULATE_MEMBERS "GROUP_POPULATE_MEMBERS:"
#define MAX_DOMAINS 10
char DomainNames[MAX_DOMAINS][128];
int ActiveDirectory = 1;
int UpdateDomainList;
int fsgCount;
+int GroupPopulateDelete = 0;
extern int set_password(char *user, char *password, char *domain);
if (!atoi(before[LM_EXTRA_ACTIVE]))
{
com_err(whoami, 0,
- "Unable to add %s to group %s : group not active",
+ "Unable to remove %s from group %s : group not active",
before[2], before[0]);
return;
}
com_err(whoami, 0, "removing user %s from list %s", user_name,
group_name);
pUserOu = user_ou;
-
+
if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
{
+ if (!ProcessMachineContainer)
+ {
+ com_err(whoami, 0, "Process machines and containers disabled, "
+ "skipping");
+ return;
+ }
+
memset(machine_ou, '\0', sizeof(machine_ou));
memset(NewMachineName, '\0', sizeof(NewMachineName));
if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER],
char **call_args;
char *s;
call_args = ptr;
-
+
strcpy(temp, av[ACE_NAME]);
if (!check_string(temp))
strcat(s, ".mit.edu");
}
}
-
+
if (!((int)call_args[3] & MOIRA_STRINGS))
return(0);
-
+
if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
return(0);
-
}
else if (!strcmp(av[ACE_TYPE], "LIST"))
{
return(0);
}
+ else if (!strcmp(av[ACE_TYPE], "MACHINE"))
+ {
+ if (!((int)call_args[3] & MOIRA_MACHINE))
+ return(0);
+ }
else
return(0);
while (linklist)
{
- if (!strcasecmp(temp, linklist->member))
+ if (!strcasecmp(temp, linklist->member) &&
+ !strcasecmp(av[ACE_TYPE], linklist->type))
return(0);
linklist = linklist->next;
if(!strcmp(group_ou, contact_ou))
{
ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
- }
-
- if(!strcmp(group_ou, contact_ou))
- {
ADD_ATTR("eduPersonPrincipalName", mail_routing_v, LDAP_MOD_ADD);
}
}
}
}
- if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
- {
- n = 0;
- ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
-
- if(ActiveDirectory)
- {
- ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
- }
- else
- {
- ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
- }
-
- ADD_ATTR("name", name_v, LDAP_MOD_ADD);
- ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
- ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
- mods[n] = NULL;
- rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
-
- for (i = 0; i < n; i++)
- free(mods[i]);
- }
-
if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
{
com_err(whoami, 0, "Unable to create contact %s : %s",
if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
{
+ n = 0;
+ ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
+ mods[n] = NULL;
+ rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
+
+ if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
+ rc = LDAP_SUCCESS;
+
+ if(rc)
+ com_err(whoami, 0,
+ "Unable to set the mailRoutingAddress for %s : %s",
+ user_name, ldap_err2string(rc));
+
p = strdup(save_argv[3]);
if((c = strchr(p, ',')) != NULL) {
int n = 0;
char group_dn[512];
LDAPMod *mods[20];
+ char *member_v[] = {NULL, NULL};
char *save_argv[U_END];
+ char machine_ou[256];
+ char NewMachineName[1024];
com_err(whoami, 0, "Populating group %s", group_name);
av[0] = group_name;
call_args[0] = (char *)ldap_handle;
call_args[1] = dn_path;
call_args[2] = group_name;
- call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
+ call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS |
+ MOIRA_MACHINE);
call_args[4] = NULL;
member_base = NULL;
}
members = (char **)malloc(sizeof(char *) * 2);
-
+
if (member_base != NULL)
{
ptr = member_base;
continue;
}
+ if (!strcasecmp(ptr->type, "MACHINE") && !ProcessMachineContainer)
+ {
+ ptr = ptr->next;
+ continue;
+ }
+
if(!strcasecmp(ptr->type, "USER"))
{
if(!strcasecmp(ptr->member, PRODUCTION_PRINCIPAL) ||
sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member),
pUserOu, dn_path);
}
+ else if (!strcasecmp(ptr->type, "MACHINE"))
+ {
+ memset(machine_ou, '\0', sizeof(machine_ou));
+ memset(NewMachineName, '\0', sizeof(NewMachineName));
+
+ if (!get_machine_ou(ldap_handle, dn_path, ptr->member,
+ machine_ou, NewMachineName))
+ {
+ pUserOu = machine_ou;
+ sprintf(member, "cn=%s,%s,%s", NewMachineName, pUserOu,
+ dn_path);
+ }
+ else
+ {
+ ptr = ptr->next;
+ continue;
+ }
+ }
if(i > 1)
members = (char **)realloc(members, ((i + 2) * sizeof(char *)));
}
members[i] = NULL;
+
+ sprintf(group_dn, "cn=%s,%s,%s", group_name, group_ou, dn_path);
+
+ if(GroupPopulateDelete)
+ {
+ n = 0;
+ ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
+ mods[n] = NULL;
+
+ if ((rc = ldap_modify_s(ldap_handle, group_dn,
+ mods)) != LDAP_SUCCESS)
+ {
+ com_err(whoami, 0,
+ "Unable to populate group membership for %s: %s",
+ group_dn, ldap_err2string(rc));
+ }
+ for (i = 0; i < n; i++)
+ free(mods[i]);
+ }
+
n = 0;
ADD_ATTR("member", members, LDAP_MOD_REPLACE);
mods[n] = NULL;
-
- sprintf(group_dn, "cn=%s,%s,%s", group_name, group_ou, dn_path);
-
+
if ((rc = ldap_modify_s(ldap_handle, group_dn,
mods)) != LDAP_SUCCESS)
{
for (i = 0; i < n; i++)
free(mods[i]);
-
+
free(members);
return(0);
if (group_count != 1)
{
- com_err(whoami, 0,
- "Unable to process machine %s : machine not found in AD",
- NewMachineName);
return(1);
}
ActiveDirectory = 0;
}
}
+ else if (!strncmp(temp, GROUP_POPULATE_MEMBERS,
+ strlen(GROUP_POPULATE_MEMBERS)))
+ {
+ if (strlen(temp) > (strlen(GROUP_POPULATE_MEMBERS)))
+ {
+ strcpy(temp1, &temp[strlen(GROUP_POPULATE_MEMBERS)]);
+ StringTrim(temp1);
+ if (!strcasecmp(temp1, "DELETE"))
+ {
+ GroupPopulateDelete = 1;
+ }
+ }
+ }
else
{
if (strlen(ldap_domain) != 0)