Remove debugging output.

[moira.git] / incremental / ldap / winad.c
diff --git a/incremental/ldap/winad.c b/incremental/ldap/winad.c

index 9849d2eca8db6f3dc216dc0abb433e73a82f5a0e..24cc0b06a7f821f2a00609a64f79f50c6c67b1f9 100755 (executable)
--- a/incremental/ldap/winad.c
+++ b/incremental/ldap/winad.c
@@ -291,6 +291,7 @@ typedef struct _SID {
  #define MOIRA_KERBEROS  0x2
  #define MOIRA_STRINGS   0x4
  #define MOIRA_LISTS     0x8
+#define MOIRA_MACHINE   0x16
  
  #define CHECK_GROUPS    1
  #define CLEANUP_GROUPS  2
@@ -378,6 +379,8 @@ CN=Microsoft Exchange,CN=Services,CN=Configuration,"
  #define ACTIVE_DIRECTORY "ACTIVE_DIRECTORY:"
  #define PORT "PORT:"
  #define PROCESS_MACHINE_CONTAINER "PROCESS_MACHINE_CONTAINER:"
+#define GROUP_POPULATE_MEMBERS "GROUP_POPULATE_MEMBERS:"
+#define MAX_MEMBERS "MAX_MEMBERS:"
  #define MAX_DOMAINS 10
  char DomainNames[MAX_DOMAINS][128];
  
@@ -416,6 +419,10 @@ int  Exchange = 0;
  int  ProcessMachineContainer = 1;
  int  ActiveDirectory = 1;
  int  UpdateDomainList;
+int  fsgCount;
+int  GroupPopulateDelete = 0;
+int  group_members = 0;
+int  max_group_members = 0;
  
  extern int set_password(char *user, char *password, char *domain);
  
@@ -486,6 +493,7 @@ int ReadDomainList();
  void StringTrim(char *StringToTrim);
  char *escape_string(char *s);
  int save_query_info(int argc, char **argv, void *hint);
+int save_fsgroup_info(int argc, char **argv, void *hint);
  int user_create(int ac, char **av, void *ptr);
  int user_change_status(LDAP *ldap_handle, char *dn_path, 
                         char *user_name, char *MoiraId, int operation);
@@ -527,9 +535,11 @@ int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
  int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name, 
                    char *group_ou, char *group_membership, char *user_name,
                    char *pUserOu, char *MoiraId);
+int contains_member(LDAP *ldap_handle, char *dn_path, char *group_name,
+                  char *UserOu, char *member);
  int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name, 
                     char *group_ou, char *group_membership, 
-                   int group_security_flag, char *MoiraId);
+                   int group_security_flag, char *MoiraId, int synchronize);
  int SetHomeDirectory(LDAP *ldap_handle, char *user_name, 
                      char *DistinguishedName,
                       char *WinHomeDir, char *WinProfileDir,
@@ -799,7 +809,7 @@ void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
    
    if (rc = moira_connect())
      {
-      critical_alert("AD incremental",
+      critical_alert("Ldap incremental",
                      "Error contacting Moira server : %s",
                      error_message(rc));
        return;
@@ -843,7 +853,7 @@ void do_mcntmap(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
  
    if (machine_check(ldap_handle, dn_path, MachineName))
      {
-      com_err(whoami, 0, "Unable to find machine %s (alias %s) in AD.", 
+      com_err(whoami, 0, "Unable to find machine %s (alias %s) in directory.", 
               OriginalMachineName, MachineName);
        moira_disconnect();
        return;
@@ -891,7 +901,7 @@ void do_container(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
  
    if (rc = moira_connect())
      {
-      critical_alert("AD incremental", "Error contacting Moira server : %s",
+      critical_alert("Ldap incremental", "Error contacting Moira server : %s",
                      error_message(rc));
        return;
      }
@@ -1125,7 +1135,7 @@ void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
  
        if (rc = moira_connect())
          {
-          critical_alert("AD incremental",
+          critical_alert("Ldap incremental",
                           "Error contacting Moira server : %s",
                           error_message(rc));
            return;
@@ -1155,7 +1165,7 @@ void do_list(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
        if (atoi(after[L_ACTIVE]))
          {
            populate_group(ldap_handle, dn_path, after[L_NAME], group_ou, 
-                         group_membership, security_flag, list_id);
+                         group_membership, security_flag, list_id, 1);
          }
  
        moira_disconnect();
@@ -1258,7 +1268,7 @@ void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
        if (!atoi(before[LM_EXTRA_ACTIVE]))
          {
            com_err(whoami, 0, 
-                 "Unable to add %s to group %s : group not active", 
+                 "Unable to remove %s from group %s : group not active", 
                   before[2], before[0]);
            return;
          }
@@ -1351,7 +1361,7 @@ void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
      {
        if (rc = moira_connect())
          {
-          critical_alert("AD incremental",
+          critical_alert("Ldap incremental",
                           "Error contacting Moira server : %s",
                           error_message(rc));
            return;
@@ -1382,7 +1392,7 @@ void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
        if (atoi(ptr[LM_EXTRA_ACTIVE]))
          {
            populate_group(ldap_handle, dn_path, ptr[LM_LIST], group_ou, 
-                         group_membership, security_flag, moira_list_id);
+                         group_membership, security_flag, moira_list_id, 1);
          }
  
        moira_disconnect();
@@ -1395,9 +1405,16 @@ void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
        com_err(whoami, 0, "removing user %s from list %s", user_name, 
               group_name);
        pUserOu = user_ou;
-
+ 
        if (!strcasecmp(ptr[LM_TYPE], "MACHINE"))
          {
+         if (!ProcessMachineContainer)
+           {
+             com_err(whoami, 0, "Process machines and containers disabled, "
+                     "skipping");
+             return;
+           }
+
            memset(machine_ou, '\0', sizeof(machine_ou));
           memset(NewMachineName, '\0', sizeof(NewMachineName));
            if (get_machine_ou(ldap_handle, dn_path, ptr[LM_MEMBER], 
@@ -1452,7 +1469,7 @@ void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
         }
  
        if (rc = moira_connect()) {
-       critical_alert("AD incremental",
+       critical_alert("Ldap incremental",
                        "Error contacting Moira server : %s",
                        error_message(rc));              
         return;
@@ -1460,30 +1477,18 @@ void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
        
        if (rc = populate_group(ldap_handle, dn_path, group_name,
                               group_ou, group_membership, 
-                             security_flag, moira_list_id))
+                             security_flag, moira_list_id, 0))
         com_err(whoami, 0, "Unable to remove %s from group %s", user_name, 
                 group_name);
        
        moira_disconnect();
-      
-      if (!strcasecmp(ptr[LM_TYPE], "STRING"))
-       {
-         if (rc = moira_connect())
-           {
-             critical_alert("AD incremental",
-                            "Error contacting Moira server : %s",
-                            error_message(rc));
-             return;
-           }
-         
-         if (rc = populate_group(ldap_handle, dn_path, group_name,
-                                 group_ou, group_membership, security_flag,
-                                 moira_list_id))
-           com_err(whoami, 0, "Unable to remove %s from group %s",
-                   user_name, group_name);
  
-         moira_disconnect();
-       }
+      if (rc = member_remove(ldap_handle, dn_path, group_name,
+                             group_ou, group_membership, ptr[LM_MEMBER],
+                             pUserOu, moira_list_id))
+        com_err(whoami, 0, "Unable to remove %s from group %s", user_name,
+                group_name);
+      
        return;
      }
    
@@ -1553,7 +1558,7 @@ void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
          {
            if (rc = moira_connect())
              {
-              critical_alert("AD incremental", 
+              critical_alert("Ldap incremental", 
                               "Error connection to Moira : %s",
                               error_message(rc));
                return;
@@ -1629,7 +1634,7 @@ void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
      }
  
    if (rc = moira_connect()) {
-    critical_alert("AD incremental",
+    critical_alert("Ldap incremental",
                    "Error contacting Moira server : %s",
                    error_message(rc));              
      return;
@@ -1637,30 +1642,16 @@ void do_member(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
  
    if (rc = populate_group(ldap_handle, dn_path, group_name,
                           group_ou, group_membership, security_flag,
-                         moira_list_id))
+                         moira_list_id, 0))
      com_err(whoami, 0, "Unable to add %s to group %s", user_name, 
             group_name);
    
    moira_disconnect();
  
-  if (!strcasecmp(ptr[LM_TYPE], "STRING"))
-    {
-      if (rc = moira_connect())
-       {
-         critical_alert("AD incremental",
-                        "Error contacting Moira server : %s",
-                        error_message(rc));
-         return;
-       }
-      
-      if (rc = populate_group(ldap_handle, dn_path, group_name,
-                             group_ou, group_membership, security_flag,
-                             moira_list_id))
-       com_err(whoami, 0, "Unable to add %s to group %s",
-               user_name, group_name);
-      
-      moira_disconnect();
-    }
+  if (rc = member_add(ldap_handle, dn_path, group_name,
+                      group_ou, group_membership, ptr[LM_MEMBER],
+                      pUserOu, moira_list_id))
+    com_err(whoami, 0, "Unable to add %s to group %s", user_name, group_name);
  
    return;
  }
@@ -1716,7 +1707,8 @@ void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
      {                                 
        if (atoi(before[U_STATE]) == 0)
          {
-          com_err(whoami, 0, "expunging user %s from AD", before[U_NAME]);
+          com_err(whoami, 0, "expunging user %s from directory", 
+                 before[U_NAME]);
            user_delete(ldap_handle, dn_path, before[U_NAME], before_user_id);
          }
        else
@@ -1737,7 +1729,7 @@ void do_user(LDAP *ldap_handle, char *dn_path, char *ldap_hostname,
  
        if (rc = moira_connect())
          {
-          critical_alert("AD incremental", 
+          critical_alert("Ldap incremental", 
                           "Error connection to Moira : %s",
                           error_message(rc));
            return;
@@ -2244,8 +2236,8 @@ int check_winad(void)
      {
        if (i > 30)
          {
-          critical_alert("AD incremental",
-                         "WINAD incremental failed (%s exists): %s",
+          critical_alert("Ldap incremental",
+                         "Ldap incremental failed (%s exists): %s",
                           STOP_FILE, tbl_buf);
            return(1);
          }
@@ -2396,6 +2388,7 @@ int group_rename(LDAP *ldap_handle, char *dn_path,
    char      *report_to_originator_v[] = {NULL, NULL};
    char      *address_book_v[] = {NULL, NULL};
    char      *legacy_exchange_dn_v[] = {NULL, NULL};
+  char      *null_v[] = {NULL, NULL};
    u_int     groupTypeControl;
    char      groupTypeControlStr[80];
    char      contact_mail[256];
@@ -2405,6 +2398,7 @@ int group_rename(LDAP *ldap_handle, char *dn_path,
    LK_ENTRY  *group_base;
    int       group_count;
    int       MailDisabled = 0;
+  char      search_filter[1024];
  
    if(UseGroupUniversal)
      groupTypeControl = ADS_GROUP_TYPE_UNIVERSAL_GROUP;
@@ -2433,12 +2427,13 @@ int group_rename(LDAP *ldap_handle, char *dn_path,
           group_count = 0;
           group_base = NULL;
           
-         sprintf(filter, "(&(objectClass=user)(cn=%s))", after_group_name);
+         sprintf(search_filter, "(&(objectClass=user)(cn=%s))", 
+                 after_group_name);
           attr_array[0] = "cn";
           attr_array[1] = NULL;
  
-         if ((rc = linklist_build(ldap_handle, dn_path, filter, attr_array,
-                                  &group_base, &group_count,
+         if ((rc = linklist_build(ldap_handle, dn_path, search_filter, 
+                                  attr_array, &group_base, &group_count,
                                    LDAP_SCOPE_SUBTREE)) != 0)
           {
             com_err(whoami, 0, "Unable to process group %s : %s",
@@ -2476,7 +2471,7 @@ int group_rename(LDAP *ldap_handle, char *dn_path,
    if (group_count != 1)
      {
        com_err(whoami, 0, "Unable to process multiple groups with "
-             "MoiraId = %s exist in the AD", MoiraId);
+             "MoiraId = %s exist in the directory", MoiraId);
        return(AD_MULTIPLE_GROUPS_FOUND);
      }
  
@@ -2600,6 +2595,12 @@ int group_rename(LDAP *ldap_handle, char *dn_path,
         {
           mail_v[0] = contact_mail;
           ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
+
+         if(!ActiveDirectory)
+           {
+             null_v[0] = "/dev/null";
+             ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
+           }
         }
      }
  
@@ -2645,6 +2646,7 @@ int group_create(int ac, char **av, void *ptr)
    char *mitMoiraId_v[] = {NULL, NULL};
    char *mitMoiraPublic_v[] = {NULL, NULL};
    char *mitMoiraHidden_v[] = {NULL, NULL};
+  char *mitMoiraActive_v[] = {NULL, NULL};
    char *groupTypeControl_v[] = {NULL, NULL};
    char *mail_v[] = {NULL, NULL};
    char *proxy_address_v[] = {NULL, NULL};
@@ -2653,6 +2655,7 @@ int group_create(int ac, char **av, void *ptr)
    char *address_book_v[] = {NULL, NULL};
    char *legacy_exchange_dn_v[] = {NULL, NULL};
    char *gidNumber_v[] = {NULL, NULL};
+  char *null_v[] = {NULL, NULL};
    char groupTypeControlStr[80];
    char group_membership[1];
    int  i;
@@ -2722,9 +2725,11 @@ int group_create(int ac, char **av, void *ptr)
         {
           mitMoiraPublic_v[0] = av[L_PUBLIC];
           mitMoiraHidden_v[0] = av[L_HIDDEN];
+         mitMoiraActive_v[0] = av[L_ACTIVE];
           ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
           ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_ADD);
           ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_ADD);
+         ADD_ATTR("mitMoiraActive", mitMoiraActive_v, LDAP_MOD_ADD);
           
           if(atoi(av[L_GROUP])) 
             {
@@ -2786,6 +2791,12 @@ int group_create(int ac, char **av, void *ptr)
             {
               mail_v[0] = contact_mail;
               ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
+
+             if(!ActiveDirectory)
+               {
+                 null_v[0] = "/dev/null";
+                 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_ADD);
+               }
             }
         }
        
@@ -2820,7 +2831,7 @@ int group_create(int ac, char **av, void *ptr)
  
        if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
          {
-          com_err(whoami, 0, "Unable to create list %s in AD : %s",
+          com_err(whoami, 0, "Unable to create list %s in directory : %s",
                    av[L_NAME], ldap_err2string(rc));
            callback_rc = rc;
            return(rc);
@@ -2854,8 +2865,10 @@ int group_create(int ac, char **av, void *ptr)
         {
            mitMoiraPublic_v[0] = av[L_PUBLIC];
            mitMoiraHidden_v[0] = av[L_HIDDEN];
+         mitMoiraActive_v[0] = av[L_ACTIVE];
            ADD_ATTR("mitMoiraPublic", mitMoiraPublic_v, LDAP_MOD_REPLACE);
            ADD_ATTR("mitMoiraHidden", mitMoiraHidden_v, LDAP_MOD_REPLACE);
+          ADD_ATTR("mitMoiraActive", mitMoiraActive_v, LDAP_MOD_REPLACE);
  
           if(atoi(av[L_GROUP])) 
             {
@@ -2935,11 +2948,23 @@ int group_create(int ac, char **av, void *ptr)
             {
               mail_v[0] = contact_mail;
               ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
+
+             if(!ActiveDirectory)
+               {
+                 null_v[0] = "/dev/null";
+                 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
+               }
             }
           else
             {
               mail_v[0] = NULL;
               ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
+
+             if(!ActiveDirectory)
+               {
+                 null_v[0] = NULL;
+                 ADD_ATTR("mailRoutingAddress", null_v, LDAP_MOD_REPLACE);
+               }
             }
         }
     
@@ -2955,7 +2980,7 @@ int group_create(int ac, char **av, void *ptr)
  
            if (rc != LDAP_SUCCESS)
              {
-              com_err(whoami, 0, "Unable to update list %s in AD : %s",
+              com_err(whoami, 0, "Unable to update list %s in directory : %s",
                        av[L_NAME], ldap_err2string(rc));
                callback_rc = rc;
                return(rc);
@@ -3138,7 +3163,7 @@ int ProcessGroupSecurity(LDAP *ldap_handle, char *dn_path,
    if (AceSidCount == 0)
      {
        com_err(whoami, 0, "Group %s: Administrator: %s, Type: %s - does not "
-             "have an AD SID.", TargetGroupName, AceName, AceType);
+             "have a directory SID.", TargetGroupName, AceName, AceType);
        com_err(whoami, 0, "   Non-admin security group template will be used.");
      }
    else
@@ -3358,7 +3383,7 @@ int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
        if ((rc = ldap_delete_s(ldap_handle, group_base->dn)) != LDAP_SUCCESS)
          {
            linklist_free(group_base);
-          com_err(whoami, 0, "Unable to delete list %s from AD : %s",
+          com_err(whoami, 0, "Unable to delete list %s from directory : %s",
                    group_name, ldap_err2string(rc));
            return(rc);
          }
@@ -3367,7 +3392,7 @@ int group_delete(LDAP *ldap_handle, char *dn_path, char *group_name,
    else
      {
        linklist_free(group_base);
-      com_err(whoami, 0, "Unable to find list %s in AD.", group_name);
+      com_err(whoami, 0, "Unable to find list %s in directory.", group_name);
        return(AD_NO_GROUPS_FOUND);
      }
    
@@ -3399,7 +3424,7 @@ int process_lists(int ac, char **av, void *ptr)
    get_group_membership(group_membership, group_ou, &security_flag, av);
    rc = populate_group((LDAP *)call_args[0], (char *)call_args[1], 
                       av[L_NAME], group_ou, group_membership, 
-                     security_flag, "");
+                     security_flag, "", 1);
  
    return(0);
  }
@@ -3411,9 +3436,10 @@ int member_list_build(int ac, char **av, void *ptr)
    char      **call_args;
    char      *s;
    call_args = ptr;
-  
-  strcpy(temp, av[ACE_NAME]);
  
+  strcpy(temp, av[ACE_NAME]);
+  StringTrim(temp);
+  
    if (!check_string(temp))
      return(0);
  
@@ -3438,13 +3464,12 @@ int member_list_build(int ac, char **av, void *ptr)
               strcat(s, ".mit.edu");
             }
         }
-      
+
        if (!((int)call_args[3] & MOIRA_STRINGS))
          return(0);
-
+       
        if (contact_create((LDAP *)call_args[0], call_args[1], temp, contact_ou))
          return(0);
-
      }
    else if (!strcmp(av[ACE_TYPE], "LIST"))
      {
@@ -3461,6 +3486,11 @@ int member_list_build(int ac, char **av, void *ptr)
          return(0);
  
      }
+  else if (!strcmp(av[ACE_TYPE], "MACHINE"))
+    {
+      if (!((int)call_args[3] & MOIRA_MACHINE))
+       return(0);
+    }
    else
      return(0);
  
@@ -3468,7 +3498,8 @@ int member_list_build(int ac, char **av, void *ptr)
  
    while (linklist)
      {
-    if (!strcasecmp(temp, linklist->member))
+    if (!strcasecmp(temp, linklist->member) &&
+       !strcasecmp(av[ACE_TYPE], linklist->type))
        return(0);
  
      linklist = linklist->next;
@@ -3506,9 +3537,15 @@ int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
    ULONG       rc;
    char        *s;
  
+  if (max_group_members && (group_members < max_group_members))
+    return(0);
+
    if (!check_string(group_name))
      return(AD_INVALID_NAME);
  
+  if(!contains_member(ldap_handle, dn_path, group_name, UserOu, user_name))
+    return(0);
+
    memset(filter, '\0', sizeof(filter));
    group_base = NULL;
    group_count = 0;
@@ -3521,7 +3558,7 @@ int member_remove(LDAP *ldap_handle, char *dn_path, char *group_name,
  
    if (group_count != 1)
      {
-      com_err(whoami, 0, "Unable to find list %s in AD",
+      com_err(whoami, 0, "Unable to find list %s in directory",
                group_name);
        linklist_free(group_base);
        group_base = NULL;
@@ -3633,9 +3670,15 @@ int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
    LK_ENTRY    *group_base;
    ULONG       rc;
  
+  if (max_group_members && (group_members < max_group_members))
+    return(0);
+
    if (!check_string(group_name))
      return(AD_INVALID_NAME);
  
+  if(contains_member(ldap_handle, dn_path, group_name, UserOu, user_name) > 0)
+    return(0);
+
    rc = 0;
    memset(filter, '\0', sizeof(filter));
    group_base = NULL;
@@ -3652,7 +3695,7 @@ int member_add(LDAP *ldap_handle, char *dn_path, char *group_name,
        linklist_free(group_base);
        group_base = NULL;
        group_count = 0;
-      com_err(whoami, 0, "Unable to find list %s %d in AD",
+      com_err(whoami, 0, "Unable to find list %s %d in directory",
                group_name, group_count);
        return(AD_MULTIPLE_GROUPS_FOUND);
      }
@@ -3729,7 +3772,7 @@ int contact_remove_email(LDAP *ld, char *bind_path,
      
      if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
        {
-       com_err(whoami, 0, "Unable to modify contact %s in AD : %s",
+       com_err(whoami, 0, "Unable to modify contact %s in directory : %s",
                 gPtr->dn, ldap_err2string(rc));
         return(rc);
        }
@@ -3988,10 +4031,6 @@ int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
        if(!strcmp(group_ou, contact_ou))
         {
           ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_ADD);
-       }
-
-      if(!strcmp(group_ou, contact_ou))
-       {
           ADD_ATTR("eduPersonPrincipalName", mail_routing_v, LDAP_MOD_ADD);
         }
      }
@@ -4033,30 +4072,6 @@ int contact_create(LDAP *ld, char *bind_path, char *user, char *group_ou)
         }
      }
  
-  if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
-    {
-      n = 0;
-      ADD_ATTR("cn", contact_v, LDAP_MOD_ADD);
-      
-      if(ActiveDirectory)
-       {
-         ADD_ATTR("objectClass", objectClass_v, LDAP_MOD_ADD);
-       }
-      else
-       {
-         ADD_ATTR("objectClass", objectClass_ldap_v, LDAP_MOD_ADD);
-       }
-
-      ADD_ATTR("name", name_v, LDAP_MOD_ADD);
-      ADD_ATTR("displayName", name_v, LDAP_MOD_ADD);
-      ADD_ATTR("description", desc_v, LDAP_MOD_ADD);
-      mods[n] = NULL;
-      rc = ldap_add_ext_s(ld, new_dn, mods, NULL, NULL);
-
-      for (i = 0; i < n; i++)
-        free(mods[i]);
-    }
-
    if ((rc != LDAP_SUCCESS) && (rc != LDAP_ALREADY_EXISTS))
      {
        com_err(whoami, 0, "Unable to create contact %s : %s",
@@ -4206,7 +4221,7 @@ int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
  
    if (group_count != 1)
      {
-      com_err(whoami, 0, "Unable to find user %s in AD",
+      com_err(whoami, 0, "Unable to find user %s in directory",
                user_name);
        linklist_free(group_base);
        return(AD_NO_USER_FOUND);
@@ -4221,7 +4236,7 @@ int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
      {
        if (rc = moira_connect())
         {
-         critical_alert("AD incremental", 
+         critical_alert("Ldap incremental", 
                          "Error contacting Moira server : %s",
                          error_message(rc));
           return;
@@ -4478,7 +4493,7 @@ int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
      {
        if (rc = moira_connect())
         {
-         critical_alert("AD incremental", 
+         critical_alert("Ldap incremental", 
                          "Error contacting Moira server : %s",
                          error_message(rc));
           return;
@@ -4550,6 +4565,11 @@ int user_update(LDAP *ldap_handle, char *dn_path, char *user_name,
      {
        mail_v[0] = contact_mail;
        ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE);
+
+      if(!ActiveDirectory)
+       {
+         ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_REPLACE);
+       }
      }
  
    n = SetHomeDirectory(ldap_handle, user_name, distinguished_name, WinHomeDir, 
@@ -4751,6 +4771,11 @@ int user_rename(LDAP *ldap_handle, char *dn_path, char *before_user_name,
      {
        mail_v[0] = contact_mail;
        ADD_ATTR("mail", mail_v, LDAP_MOD_REPLACE); 
+
+      if(!ActiveDirectory)
+       {
+         ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_REPLACE);
+       }
      }
  
    mods[n] = NULL;
@@ -5059,6 +5084,11 @@ int user_create(int ac, char **av, void *ptr)
      {
        mail_v[0] = contact_mail;
        ADD_ATTR("mail", mail_v, LDAP_MOD_ADD);
+
+      if(!ActiveDirectory)
+       {
+         ADD_ATTR("mitMoiraMail", mail_v, LDAP_MOD_ADD);
+       }
      }
  
    if(strlen(av[U_FIRST])) {
@@ -5251,7 +5281,7 @@ int user_create(int ac, char **av, void *ptr)
      {
        if (rc = moira_connect())
         {
-         critical_alert("AD incremental", 
+         critical_alert("Ldap incremental", 
                          "Error contacting Moira server : %s",
                          error_message(rc));
           return;
@@ -5261,6 +5291,19 @@ int user_create(int ac, char **av, void *ptr)
        
        if (!(rc = mr_query("get_pobox", 1, argv, save_query_info, save_argv)))
         {
+          n = 0;
+         ADD_ATTR("mailRoutingAddress", mail_routing_v, LDAP_MOD_REPLACE);
+         mods[n] = NULL;
+         rc = ldap_modify_s((LDAP *)call_args[0], new_dn, mods);
+          
+         if (rc == LDAP_ALREADY_EXISTS || rc == LDAP_TYPE_OR_VALUE_EXISTS)
+            rc = LDAP_SUCCESS;
+
+         if(rc)
+            com_err(whoami, 0,
+                    "Unable to set the mailRoutingAddress for %s : %s",
+                    user_name, ldap_err2string(rc));
+
           p = strdup(save_argv[3]);
           
           if((c = strchr(p, ',')) != NULL) {
@@ -5416,7 +5459,7 @@ int user_change_status(LDAP *ldap_handle, char *dn_path,
    if (group_count != 1)
      {
        linklist_free(group_base);
-      com_err(whoami, 0, "Unable to find user %s in AD",
+      com_err(whoami, 0, "Unable to find user %s in directory",
                user_name);
        return(LDAP_NO_SUCH_OBJECT);
      }
@@ -5519,8 +5562,6 @@ int user_delete(LDAP *ldap_handle, char *dn_path,
  
    if (group_count != 1)
      {
-      com_err(whoami, 0, "Unable to find user %s in AD",
-              user_name);
        goto cleanup;
      }
    
@@ -5621,7 +5662,7 @@ static int illegalchars[] = {
  static int illegalchars_ldap[] = {
    1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^@ - ^O */
    1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* ^P - ^_ */
-  0, 1, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 0, 0, 0, 1, /* SPACE - / */
+  0, 1, 0, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, /* SPACE - / */
    0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 1, /* 0 - ? */
    0, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, /* @ - O */
    1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 0, /* P - _ */
@@ -5640,6 +5681,9 @@ static int illegalchars_ldap[] = {
  int check_string(char *s)
  {
    char  character;
+  char  *string;
+
+  string = s;
  
    for (; *s; s++)
      {
@@ -5651,12 +5695,20 @@ int check_string(char *s)
        if(ActiveDirectory)
         {
           if (illegalchars[(unsigned) character])
-           return 0;
+           {
+             com_err(whoami, 0, "Found illegal char '%c' (%d) in string %s",
+                     character, (unsigned) character, string);
+             return 0;
+           }
         }
        else
         {
           if (illegalchars_ldap[(unsigned) character])
-           return 0;
+           {
+             com_err(whoami, 0, "Found illegal char '%c' (%d) in string %s",
+                     character, (unsigned) character, string);
+             return 0;
+           }
         }
      }
  
@@ -5865,8 +5917,10 @@ int ProcessAce(LDAP *ldap_handle, char *dn_path, char *Name, char *Type,
      
        if (rc = mr_query("get_list_info", 1, av, GetAceInfo, AceInfo))
          { 
-          com_err(whoami, 0, "Unable to get ACE info for list %s : %s", 
-                 GroupName, error_message(rc));
+         if(rc != MR_NO_MATCH)
+           com_err(whoami, 0, "Unable to get ACE info for list %s : %s", 
+                   GroupName, error_message(rc));
+
            return(1);
          }
  
@@ -5897,6 +5951,9 @@ int ProcessAce(LDAP *ldap_handle, char *dn_path, char *Name, char *Type,
            if (make_new_group(ldap_handle, dn_path, "", AceName, AceOu, 
                              AceMembership, 0, UpdateGroup, maillist))
              return(1);
+
+         populate_group(ldap_handle, dn_path, AceName, AceOu, AceMembership,
+                        0, "", 1);
          }
        else if (!strcasecmp(AceInfo[0], "USER"))
          {
@@ -5907,6 +5964,12 @@ int ProcessAce(LDAP *ldap_handle, char *dn_path, char *Name, char *Type,
            call_args[3] = NULL;
            callback_rc = 0;
  
+         if(!strcasecmp(AceName, PRODUCTION_PRINCIPAL) ||
+            !strcasecmp(AceName, TEST_PRINCIPAL))
+           {
+             return(1);
+           }
+
            if (rc = mr_query("get_user_account_by_login", 1, av, 
                             save_query_info, save_argv))
              {
@@ -5992,7 +6055,8 @@ int make_new_group(LDAP *ldap_handle, char *dn_path, char *MoiraId,
  
  int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name, 
                     char *group_ou, char *group_membership, 
-                   int group_security_flag, char *MoiraId)
+                   int group_security_flag, char *MoiraId, 
+                  int synchronize)
  {
    char      *av[3];
    char      *call_args[7];
@@ -6007,27 +6071,76 @@ int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
    int       n = 0;
    char      group_dn[512];
    LDAPMod   *mods[20];
+  char      *member_v[] = {NULL, NULL};
    char      *save_argv[U_END];
+  char      machine_ou[256];
+  char      NewMachineName[1024];
  
    com_err(whoami, 0, "Populating group %s", group_name);
    av[0] = group_name;
    call_args[0] = (char *)ldap_handle;
    call_args[1] = dn_path;
    call_args[2] = group_name;
-  call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS);
+  call_args[3] = (char *)(MOIRA_USERS | MOIRA_KERBEROS | MOIRA_STRINGS | 
+                         MOIRA_MACHINE);
    call_args[4] = NULL;
    member_base = NULL;
+  group_members = 0;
  
    if (rc = mr_query("get_end_members_of_list", 1, av,
                      member_list_build, call_args))
      {
+      if(rc == MR_LIST)
+       return(0);
+      
        com_err(whoami, 0, "Unable to populate list %s : %s", 
                group_name, error_message(rc));
        return(3);
      }
  
+  if (member_base != NULL)
+    {
+      ptr = member_base;
+
+      while(ptr != NULL)
+        {
+          if (!strcasecmp(ptr->type, "LIST"))
+            {
+              ptr = ptr->next;
+              continue;
+            }
+
+          if (!strcasecmp(ptr->type, "MACHINE") && !ProcessMachineContainer)
+            {
+              ptr = ptr->next;
+              continue;
+            }
+
+          if(!strcasecmp(ptr->type, "USER"))
+            {
+              if(!strcasecmp(ptr->member, PRODUCTION_PRINCIPAL) ||
+                 !strcasecmp(ptr->member, TEST_PRINCIPAL))
+                {
+                  ptr = ptr->next;
+                  continue;
+                }
+            }
+
+          ptr = ptr->next;
+          group_members++;
+        }
+    }
+
+  if(max_group_members && !synchronize && (group_members > max_group_members))
+    {
+      com_err(whoami, 0, 
+             "Group %s membership of %d exceeds maximum %d, skipping",
+             group_name, group_members, max_group_members);
+      return(0);
+    }
+
    members = (char **)malloc(sizeof(char *) * 2);
-  
+
    if (member_base != NULL)
      {
        ptr = member_base;
@@ -6040,8 +6153,21 @@ int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
                continue;
              }
           
-         if(!strcasecmp(ptr->type, "USER")) 
+         if (!strcasecmp(ptr->type, "MACHINE") && !ProcessMachineContainer)
             {
+             ptr = ptr->next;
+             continue;
+           }
+           
+         if(!strcasecmp(ptr->type, "USER"))
+           {
+             if(!strcasecmp(ptr->member, PRODUCTION_PRINCIPAL) ||
+                !strcasecmp(ptr->member, TEST_PRINCIPAL))
+               {
+                 ptr = ptr->next;
+                 continue;
+               }
+
               if ((rc = check_user(ldap_handle, dn_path, ptr->member,
                                    "")) == AD_NO_USER_FOUND)
                 {
@@ -6095,7 +6221,6 @@ int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
                   sprintf(member, "uid=%s,%s,%s", ptr->member, pUserOu, 
                           dn_path);
                 }
-
             }
            else if (!strcasecmp(ptr->type, "STRING"))
              {
@@ -6117,6 +6242,24 @@ int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
               sprintf(member, "cn=%s,%s,%s", escape_string(ptr->member), 
                       pUserOu, dn_path);
              }
+         else if (!strcasecmp(ptr->type, "MACHINE"))
+           {
+             memset(machine_ou, '\0', sizeof(machine_ou));
+             memset(NewMachineName, '\0', sizeof(NewMachineName));
+
+             if (!get_machine_ou(ldap_handle, dn_path, ptr->member,
+                                machine_ou, NewMachineName))
+               {
+                 pUserOu = machine_ou;
+                 sprintf(member, "cn=%s,%s,%s", NewMachineName, pUserOu,
+                         dn_path);
+               }
+             else
+               {
+                 ptr = ptr->next;                  
+                 continue;
+               }
+           }
  
           if(i > 1) 
             members = (char **)realloc(members, ((i + 2) * sizeof(char *)));
@@ -6130,13 +6273,31 @@ int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
      }
  
    members[i] = NULL;
+
+  sprintf(group_dn, "cn=%s,%s,%s", group_name, group_ou, dn_path);
+
+  if(GroupPopulateDelete)
+    {
+      n = 0;
+      ADD_ATTR("member", member_v, LDAP_MOD_REPLACE);
+      mods[n] = NULL;
+      
+      if ((rc = ldap_modify_s(ldap_handle, group_dn, 
+                             mods)) != LDAP_SUCCESS)
+       {
+         com_err(whoami, 0,
+                 "Unable to populate group membership for %s: %s",
+                 group_dn, ldap_err2string(rc));
+       }
    
+      for (i = 0; i < n; i++)
+       free(mods[i]);
+    }
+
    n = 0;
    ADD_ATTR("member", members, LDAP_MOD_REPLACE);
    mods[n] = NULL;
-  
-  sprintf(group_dn, "cn=%s,%s,%s", group_name, group_ou, dn_path);
-  
+
    if ((rc = ldap_modify_s(ldap_handle, group_dn, 
                           mods)) != LDAP_SUCCESS)
      {
@@ -6147,7 +6308,7 @@ int populate_group(LDAP *ldap_handle, char *dn_path, char *group_name,
    
    for (i = 0; i < n; i++)
      free(mods[i]);
-  
+    
    free(members);
  
    return(0);
@@ -6809,7 +6970,7 @@ int container_delete(LDAP *ldap_handle, char *dn_path, int count, char **av)
        if (rc == LDAP_NOT_ALLOWED_ON_NONLEAF)
          container_move_objects(ldap_handle, dn_path, distinguishedName);
        else
-        com_err(whoami, 0, "Unable to delete container %s from AD : %s",
+        com_err(whoami, 0, "Unable to delete container %s from directory : %s",
                  av[CONTAINER_NAME], ldap_err2string(rc));
      }
  
@@ -7393,9 +7554,6 @@ int get_machine_ou(LDAP *ldap_handle, char *dn_path, char *member,
  
    if (group_count != 1)
      {
-      com_err(whoami, 0, 
-             "Unable to process machine %s : machine not found in AD",
-              NewMachineName);
        return(1);
      }
  
@@ -7490,7 +7648,7 @@ int machine_move_to_ou(LDAP *ldap_handle, char * dn_path,
  
    if (group_count != 1)
      {
-      com_err(whoami, 0, "Unable to find machine %s in AD: %s", 
+      com_err(whoami, 0, "Unable to find machine %s in directory: %s", 
               MoiraMachineName);
        return(1);
      }
@@ -8009,7 +8167,6 @@ int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
                       char **drives_v, LDAPMod **mods, 
                       int OpType, int n)
  {
-  char **hp;
    char cWeight[3];
    char cPath[1024];
    char path[1024];
@@ -8023,129 +8180,140 @@ int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
    int  i;
    int  rc;
    LDAPMod *DelMods[20];
-  
+  char *argv[3];
+  char *save_argv[FS_END];
+  char *fsgroup_save_argv[2];
+
    memset(homeDrive, '\0', sizeof(homeDrive));
    memset(path, '\0', sizeof(path));
    memset(winPath, '\0', sizeof(winPath));
    memset(winProfile, '\0', sizeof(winProfile));
-  hp = NULL;
  
    if(!ActiveDirectory) 
      {
-      if ((hp = hes_resolve(user_name, "filsys")) != NULL)
-        {
-         memset(cWeight, 0, sizeof(cWeight));
-         memset(cPath, 0, sizeof(cPath));
-         last_weight = 1000;
-         i = 0;
-         
-         while (hp[i] != NULL)
-            {
-             if (sscanf(hp[i], "%*s %s", cPath))
-                {
-                 if (strnicmp(cPath, AFS, strlen(AFS)) == 0)
-                    {
-                     if (sscanf(hp[i], "%*s %*s %*s %*s %s", cWeight))
-                        {
-                         if (atoi(cWeight) < last_weight)
-                            {
-                             strcpy(path, cPath);
-                             last_weight = (int)atoi(cWeight);
-                            }
-                        }
-                     else 
-                       strcpy(path, cPath);
-                    }
-                }
-              ++i;
-            }
-         
-         if (strlen(path))
-            {
-             if (!strnicmp(path, AFS, strlen(AFS)))
-                {
-                 sprintf(homedir, "%s", path);
-                 sprintf(apple_homedir, "%s/MacData", path);
-                 homedir_v[0] = homedir;
-                 apple_homedir_v[0] = apple_homedir;
-                 ADD_ATTR("homeDirectory", homedir_v, OpType);
-                 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v, 
-                          OpType);
-                }
-           }
-         else
+      if (rc = moira_connect())
+       {
+          critical_alert("Ldap incremental",
+                        "Error contacting Moira server : %s",
+                        error_message(rc));
+         return;
+       }
+      
+      argv[0] = user_name;
+
+      if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info, 
+                         save_argv)))
+       {
+         if(!strcmp(save_argv[FS_TYPE], "FSGROUP") ||
+            !strcmp(save_argv[FS_TYPE], "MUL"))
             {
-             if(user_name[0] && user_name[1]) 
+       
+             argv[0] = save_argv[FS_NAME];
+             fsgCount = 0;
+             
+             if (!(rc = mr_query("get_fsgroup_members", 1, argv, 
+                                 save_fsgroup_info, fsgroup_save_argv)))
                 {
-                 sprintf(homedir, "/afs/athena.mit.edu/user/%c/%c/%s", 
-                         user_name[0], user_name[1], user_name);
-                 sprintf(apple_homedir, "%s/MacData", homedir);
-                 homedir_v[0] = "NONE";
-                 apple_homedir_v[0] = "NONE";
-                 ADD_ATTR("homeDirectory", homedir_v, OpType);
-                 ADD_ATTR("apple-user-homeDirectory", apple_homedir_v, 
-                          OpType);
+                 if(fsgCount)
+                   {
+                     argv[0] = fsgroup_save_argv[0];
+                     
+                     if (!(rc = mr_query("get_filesys_by_label", 1, argv, 
+                                         save_query_info, save_argv)))
+                       {
+                         strcpy(path, save_argv[FS_PACK]);
+                       }
+                   }
                 }
             }
+         else
+           {
+             strcpy(path, save_argv[FS_PACK]);
+           }
         }
-      else
+      
+      moira_disconnect();
+
+      if (strlen(path))
         {
-         if(user_name[0] && user_name[1]) 
+         if (!strnicmp(path, AFS, strlen(AFS)))
             {
-             sprintf(homedir, "/afs/athena.mit.edu/user/%c/%c/%s", 
-                     user_name[0], user_name[1], user_name);
-             sprintf(apple_homedir, "%s/MacData", homedir);
-             homedir_v[0] = "NONE";
-             apple_homedir_v[0] = "NONE";
+             sprintf(homedir, "%s", path);
+             sprintf(apple_homedir, "%s/MacData", path);
+             homedir_v[0] = homedir;
+             apple_homedir_v[0] = apple_homedir;
               ADD_ATTR("homeDirectory", homedir_v, OpType);
               ADD_ATTR("apple-user-homeDirectory", apple_homedir_v, 
                        OpType);
             }
         }
+      else
+       {
+         homedir_v[0] = "NONE";
+         apple_homedir_v[0] = "NONE";
+         ADD_ATTR("homeDirectory", homedir_v, OpType);
+         ADD_ATTR("apple-user-homeDirectory", apple_homedir_v, 
+                  OpType);
+       }
+
        return(n);
      }
-      
+ 
    if ((!strcasecmp(WinHomeDir, "[afs]")) || 
        (!strcasecmp(WinProfileDir, "[afs]")))
      {
-      if ((hp = hes_resolve(user_name, "filsys")) != NULL)
-        {
-         memset(cWeight, 0, sizeof(cWeight));
-         memset(cPath, 0, sizeof(cPath));
-         last_weight = 1000;
-         i = 0;
+      if (rc = moira_connect())
+       {
+          critical_alert("Ldap incremental",
+                        "Error contacting Moira server : %s",
+                        error_message(rc));
+         return;
+       }
+      
+      argv[0] = user_name;
  
-         while (hp[i] != NULL)
-            {
-             if (sscanf(hp[i], "%*s %s", cPath))
-                {
-                 if (strnicmp(cPath, AFS, strlen(AFS)) == 0)
-                    {
-                     if (sscanf(hp[i], "%*s %*s %*s %*s %s", cWeight))
-                        {
-                         if (atoi(cWeight) < last_weight)
-                            {
-                             strcpy(path, cPath);
-                             last_weight = (int)atoi(cWeight);
-                            }
-                        }
-                     else 
-                       strcpy(path, cPath);
-                    }
-                }
-              ++i;
-            }
+      if (!(rc = mr_query("get_filesys_by_label", 1, argv, save_query_info, 
+                         save_argv)))
+       {
+         if(!strcmp(save_argv[FS_TYPE], "FSGROUP") ||
+            !strcmp(save_argv[FS_TYPE], "MUL"))
+           {
+       
+             argv[0] = save_argv[FS_NAME];
+             fsgCount = 0;
+             
+             if (!(rc = mr_query("get_fsgroup_members", 1, argv, 
+                                 save_fsgroup_info, fsgroup_save_argv)))
+               {
+                 if(fsgCount)
+                   {
+                     argv[0] = fsgroup_save_argv[0];
+                     
+                     if (!(rc = mr_query("get_filesys_by_label", 1, argv, 
+                                         save_query_info, save_argv)))
+                       {
+                         strcpy(path, save_argv[FS_PACK]);
+                       }
+                   }
+               }
+           }
+         else
+           {
+             strcpy(path, save_argv[FS_PACK]);
+           }
+       }
+     
+      moira_disconnect();
  
-         if (strlen(path))
-            {
-             if (!strnicmp(path, AFS, strlen(AFS)))
-                {
-                 AfsToWinAfs(path, winPath);
-                 strcpy(winProfile, winPath);
-                 strcat(winProfile, "\\.winprofile");
-                }
-            }
-        }
+      if (strlen(path))
+       {
+         if (!strnicmp(path, AFS, strlen(AFS)))
+           {
+             AfsToWinAfs(path, winPath);
+             strcpy(winProfile, winPath);
+             strcat(winProfile, "\\.winprofile");
+           }
+       }
        else
         return(n);
      }
@@ -8166,16 +8334,6 @@ int SetHomeDirectory(LDAP *ldap_handle, char *user_name,
         strcpy(winPath, path);
      }
      
-    if (hp != NULL)
-      {
-        i = 0;
-        while (hp[i])
-         {
-            free(hp[i]);
-            i++;
-         }
-      }
-    
      if (!strcasecmp(WinHomeDir, "[local]"))
        memset(winPath, '\0', sizeof(winPath));
      else if (!strcasecmp(WinHomeDir, "[afs]") || 
@@ -8314,7 +8472,7 @@ int attribute_update(LDAP *ldap_handle, char *distinguished_name,
                                   mods)) != LDAP_SUCCESS)
              {
                com_err(whoami, 0, "Unable to change the %s attribute for %s "
-                     "in the AD : %s",
+                     "in the directory : %s",
                        attribute, user_name, ldap_err2string(rc));
              }
          }
@@ -8521,6 +8679,28 @@ int ReadConfigFile(char *DomainName)
                       ActiveDirectory = 0;
                   }
               }
+           else if (!strncmp(temp, GROUP_POPULATE_MEMBERS, 
+                             strlen(GROUP_POPULATE_MEMBERS)))
+             {
+               if (strlen(temp) > (strlen(GROUP_POPULATE_MEMBERS)))
+                 {
+                   strcpy(temp1, &temp[strlen(GROUP_POPULATE_MEMBERS)]);
+                   StringTrim(temp1);
+                   if (!strcasecmp(temp1, "DELETE")) 
+                     {
+                       GroupPopulateDelete = 1;
+                     }
+                 }
+             }
+            else if (!strncmp(temp, MAX_MEMBERS, strlen(MAX_MEMBERS)))
+              {
+                if (strlen(temp) > (strlen(MAX_MEMBERS)))
+                  {
+                    strcpy(temp1, &temp[strlen(MAX_MEMBERS)]);
+                    StringTrim(temp1);
+                    max_group_members = atoi(temp1);
+                  }
+              }
              else
               {
                  if (strlen(ldap_domain) != 0)
@@ -8875,15 +9055,6 @@ char *escape_string(char *s)
  
    q = s;
  
-  /* Replace leading spaces */
-
-  while(isspace(*q)) {
-    string[i++] = '\\';
-    string[i++] = '2';
-    string[i++] = '0';
-    q++;
-  }
-
    /* Escape any special characters */
  
    for(; *q != '\0'; q++) {
@@ -8922,3 +9093,71 @@ int save_query_info(int argc, char **argv, void *hint)
  
    return MR_CONT;
  }
+
+int save_fsgroup_info(int argc, char **argv, void *hint)
+{
+  int i;
+  char **nargv = hint;
+
+  if(!fsgCount) 
+    {
+      for(i = 0; i < argc; i++)
+       nargv[i] = strdup(argv[i]);
+
+      fsgCount++;
+    }
+
+  return MR_CONT;
+}
+
+int contains_member(LDAP *ldap_handle, char *dn_path, char *group_name, 
+                   char *UserOu, char *user_name)
+{
+  char         search_filter[1024];
+  char         *attr_array[3];
+  LK_ENTRY     *group_base;
+  int          group_count;
+  int          rc;
+  char         temp[256];
+
+  if(ActiveDirectory)
+    {
+      sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
+    }
+  else
+    {
+      if(!strcmp(UserOu, user_ou))
+       sprintf(temp, "uid=%s,%s,%s", user_name, UserOu, dn_path);
+      else
+       sprintf(temp, "CN=%s,%s,%s", user_name, UserOu, dn_path);
+    }
+
+  group_base = NULL;
+  group_count = 0;
+  
+  sprintf(search_filter, "(&(objectClass=group)(cn=%s)(member=%s))",
+         group_name, temp);
+
+  attr_array[0] = "mitMoiraId";
+  attr_array[1] = NULL;
+
+  if ((rc = linklist_build(ldap_handle, dn_path, search_filter, 
+                          attr_array, &group_base, &group_count,
+                          LDAP_SCOPE_SUBTREE)) != 0)
+    {
+      com_err(whoami, 0, "Unable to check group %s for membership of %s : %s",
+             group_name, user_name, ldap_err2string(rc));
+      return(-1);
+    }
+          
+  if (group_count)
+    rc = 1;
+  else 
+    rc = 0;
+
+  linklist_free(group_base);
+  group_count = 0;
+  group_base = NULL;
+
+  return(rc);
+}