178 lines
5.4 KiB
Bash
Executable File
178 lines
5.4 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Script to create Samba4 groups from CSV file using ldbmodify
|
|
# Usage: ./create_samba_groups.sh
|
|
|
|
# Set script directory for relative paths
|
|
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
CSV_FILE="$SCRIPT_DIR/Transfert/groups.csv"
|
|
TEMPLATE_FILE="$SCRIPT_DIR/group.ldif.orig"
|
|
TEMP_LDIF="$SCRIPT_DIR/group.ldif"
|
|
|
|
# Check if running as root
|
|
if [[ $EUID -ne 0 ]]; then
|
|
echo "Error: This script must be run as root to access Samba's LDB database."
|
|
echo "Please run with: sudo $0"
|
|
exit 1
|
|
fi
|
|
|
|
# Check if required files exist
|
|
if [[ ! -f "$CSV_FILE" ]]; then
|
|
echo "Error: CSV file not found at $CSV_FILE"
|
|
exit 1
|
|
fi
|
|
|
|
if [[ ! -f "$TEMPLATE_FILE" ]]; then
|
|
echo "Error: Template file not found at $TEMPLATE_FILE"
|
|
exit 1
|
|
fi
|
|
|
|
# Check if ldbmodify is available
|
|
if ! command -v ldbmodify &> /dev/null; then
|
|
echo "Error: ldbmodify command not found. Please ensure Samba4 is installed."
|
|
exit 1
|
|
fi
|
|
|
|
# Function to clean up temp file
|
|
cleanup() {
|
|
if [[ -f "$TEMP_LDIF" ]]; then
|
|
rm -f "$TEMP_LDIF"
|
|
echo "Cleaned up temporary file: $TEMP_LDIF"
|
|
fi
|
|
}
|
|
|
|
# Set trap to cleanup on exit
|
|
trap cleanup EXIT
|
|
|
|
# Function to sanitize input (escape special characters for sed)
|
|
sanitize_for_sed() {
|
|
local input="$1"
|
|
# Escape special sed characters: / \ &
|
|
echo "$input" | sed 's/[\/&\\]/\\&/g'
|
|
}
|
|
|
|
# Function to validate group data
|
|
validate_group_data() {
|
|
local name="$1"
|
|
local objectsid="$2"
|
|
|
|
# Check for empty fields
|
|
if [[ -z "$name" || -z "$objectsid" ]]; then
|
|
return 1
|
|
fi
|
|
|
|
# Check ObjectSID format (should start with S-1-5-21)
|
|
if [[ ! "$objectsid" =~ ^S-1-5-21- ]]; then
|
|
return 2
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
echo "Starting Samba4 group creation process..."
|
|
echo "Reading groups from: $CSV_FILE"
|
|
echo "Using template: $TEMPLATE_FILE"
|
|
echo ""
|
|
|
|
# Counter for statistics
|
|
total_groups=0
|
|
successful_groups=0
|
|
failed_groups=0
|
|
skipped_groups=0
|
|
|
|
# Read CSV file line by line (skip header)
|
|
while IFS=',' read -r NAME OBJECTSID; do
|
|
# Skip header line
|
|
if [[ "$NAME" == "NAME" && "$OBJECTSID" == "OBJECTSID" ]]; then
|
|
continue
|
|
fi
|
|
|
|
total_groups=$((total_groups + 1))
|
|
|
|
# Trim whitespace and newlines from variables
|
|
NAME=$(echo "$NAME" | tr -d '\r\n' | xargs)
|
|
OBJECTSID=$(echo "$OBJECTSID" | tr -d '\r\n' | xargs)
|
|
|
|
echo "Processing group $total_groups: $NAME"
|
|
|
|
# Validate group data
|
|
validate_group_data "$NAME" "$OBJECTSID"
|
|
validation_result=$?
|
|
|
|
case $validation_result in
|
|
1)
|
|
echo " Warning: Skipping group due to missing data (NAME='$NAME', OBJECTSID='$OBJECTSID')"
|
|
skipped_groups=$((skipped_groups + 1))
|
|
continue
|
|
;;
|
|
2)
|
|
echo " Warning: Skipping group due to invalid ObjectSID format: $OBJECTSID"
|
|
skipped_groups=$((skipped_groups + 1))
|
|
continue
|
|
;;
|
|
3)
|
|
echo " Warning: Skipping group due to invalid name format (contains LDAP special characters): '$NAME'"
|
|
skipped_groups=$((skipped_groups + 1))
|
|
continue
|
|
;;
|
|
esac
|
|
|
|
# Create group.ldif from template by replacing placeholders
|
|
if ! cp "$TEMPLATE_FILE" "$TEMP_LDIF" 2>/dev/null; then
|
|
echo " ✗ Failed to copy template file"
|
|
failed_groups=$((failed_groups + 1))
|
|
continue
|
|
fi
|
|
|
|
# Sanitize inputs for sed
|
|
NAME_SAFE=$(sanitize_for_sed "$NAME")
|
|
OBJECTSID_SAFE=$(sanitize_for_sed "$OBJECTSID")
|
|
|
|
# Use sed to replace placeholders with safe inputs
|
|
sed -i "s/NAME/$NAME_SAFE/g" "$TEMP_LDIF"
|
|
sed -i "s/OBJECTSID/$OBJECTSID_SAFE/g" "$TEMP_LDIF"
|
|
|
|
echo " Created LDIF file for group: $NAME"
|
|
|
|
# Execute ldbmodify command
|
|
if ldbmodify -H /var/lib/samba/private/sam.ldb --controls="local_oid:1.3.6.1.4.1.7165.4.3.12:0" "$TEMP_LDIF" 2>/dev/null; then
|
|
echo " ✓ Successfully created group: $NAME"
|
|
successful_groups=$((successful_groups + 1))
|
|
else
|
|
echo " ✗ Failed to create group: $NAME"
|
|
echo " Group may already exist or check Samba permissions."
|
|
failed_groups=$((failed_groups + 1))
|
|
|
|
# Try to get more specific error information
|
|
echo " Attempting to get detailed error..."
|
|
ldbmodify -H /var/lib/samba/private/sam.ldb --controls="local_oid:1.3.6.1.4.1.7165.4.3.12:0" "$TEMP_LDIF" 2>&1 | head -3 | sed 's/^/ /'
|
|
fi
|
|
|
|
echo ""
|
|
done < "$CSV_FILE"
|
|
|
|
# Display final statistics
|
|
echo "========================================="
|
|
echo "Group creation process completed!"
|
|
echo "Total groups processed: $total_groups"
|
|
echo "Successfully created: $successful_groups"
|
|
echo "Failed: $failed_groups"
|
|
echo "Skipped (validation errors): $skipped_groups"
|
|
echo "========================================="
|
|
|
|
# Provide recommendations
|
|
if [[ $failed_groups -gt 0 ]]; then
|
|
echo ""
|
|
echo "Note: If groups failed to be created, possible causes:"
|
|
echo "1. Group already exists in the domain"
|
|
echo "2. ObjectSID conflict or duplication"
|
|
echo "3. Invalid characters in group name"
|
|
echo "4. Insufficient permissions (already running as root)"
|
|
echo "5. Samba4 service not running: sudo systemctl status samba-ad-dc"
|
|
fi
|
|
|
|
# Show created groups
|
|
if [[ $successful_groups -gt 0 ]]; then
|
|
echo ""
|
|
echo "To verify created groups, run:"
|
|
echo "samba-tool group list | grep -E '$(echo "$CSV_FILE" | xargs -I {} awk -F',' 'NR>1 {print $1}' {} | tr '\n' '|' | sed 's/|$//')'"
|
|
fi |