Hello perl-LDAP users,
I'm trying to migrate our NIS data from CentOS Linux
to Microsoft's SFU for Active Directory and
while the script importing NIS users by modifying
the corresponding AD users works fine,
I have troubles adding new groups to the
OU=NIS Groups that I've created manually:
use constant ROOTDN => 'OU=NIS Groups,DC=internal,DC=mycompany,DC=com';
.......
while (my ($key, $value) = each %passwd) {
print "$key -> $value\n";
my ($Name, $GidNumber, $PosixMember) = (split ':', $value)[0, 2, 3];
print "Name: $Name\n";
print "GidNumber: $GidNumber\n";
print "PosixMember: $PosixMember\n" if defined $PosixMember;
my $dn = "cn=$Name," . ROOTDN;
print "dn: $dn\n\n";
my $result = $ldap->add($dn, attrs => [
msSFU30GidNumber => $GidNumber,
msSFU30Name => $Name,
msSFU30NisDomain => 'internal',
#msSFU30PosixMember => $PosixMember,
] );
$result->code && print STDERR 'Failed to add group: ',
$result->error, "\n";
}
This gives me the error:
calibrat -> calibrat:*:5522:herman,hufeis,konop
Name: calibrat
GidNumber: 5522
PosixMember: herman,hufeis,konop
dn: cn=calibrat,OU=NIS Groups,DC=internal,DC=mycompany,DC=com
Failed to add group: 0000207B: UpdErr: DSID-03050FB5, problem 6002
(OBJ_CLASS_VIOLATION), data 0
Do you have any advice for me?
Regards
Alex
PS: Here is my NIS-users importing script that works:
#!/usr/bin/perl -wT
use strict;
use POSIX qw(strftime);
use Net::NIS;
use Net::LDAPS;
use constant ROOTDN => 'OU=Imported,OU=User
Accounts,DC=internal,DC=mycompany,DC=com';
use constant DOMAIN => 'internal.mycompany.com';
use constant SERVER => [ map { "ablwdc0$_." . DOMAIN } 1..4 ];
use constant ADMIN => 'XXXX';
use constant ADMPW => 'XXXX';
my $rot13;
($rot13 = ADMPW) =~ y/A-Za-z/N-ZA-Mn-za-m/;
my $ldap = Net::LDAPS->new(SERVER) or
die('Can not connect to LDAP server');
$ldap->bind(ADMIN . '@' . DOMAIN, password => $rot13) or
die('Can not bind to LDAP server as ' . ADMIN);
tie my %passwd, 'Net::NIS', 'passwd.byname' or
die "Cannot tie to passwd YP map: $yperr\n";
while (my ($key, $value) = each %passwd) {
print "$key -> $value\n";
my ($Name, $Password, $UidNumber, $LoginShell, $HomeDirectory,
$GidNumber) = (split ':', $value)[0, 1, 2, 6, 5, 3];
print "Name: $Name\n";
print "Password: $Password\n";
print "UidNumber: $UidNumber\n";
print "LoginShell: $LoginShell\n";
print "HomeDirectory: $HomeDirectory\n";
print "GidNumber: $GidNumber\n\n";
my $dn = "cn=$Name," . ROOTDN;
print "dn: $dn\n\n";
my $result = $ldap->modify($dn, replace => {
msSFU30Name => $Name,
msSFU30Password => $Password,
msSFU30NisDomain => 'internal',
msSFU30UidNumber => $UidNumber,
msSFU30LoginShell => $LoginShell,
msSFU30HomeDirectory => $HomeDirectory,
msSFU30GidNumber => $GidNumber,
} );
$result->code && print STDERR 'Failed to modify user: ',
$result->error, "\n";
}
$ldap->unbind();
And here is my NIS-groups script that fails:
#!/usr/bin/perl -wT
# import NIS group data into SFU
# afarber, 2008-03-12
use strict;
use POSIX qw(strftime);
use Net::NIS;
use Net::LDAPS;
use constant ROOTDN => 'OU=NIS Groups,DC=internal,DC=mycompany,DC=com';
use constant DOMAIN => 'internal.mycompany.com';
use constant SERVER => [ map { "ablwdc0$_." . DOMAIN } 1..4 ];
use constant ADMIN => 'XXXXX';
use constant ADMPW => 'XXXXX';
my $rot13;
($rot13 = ADMPW) =~ y/A-Za-z/N-ZA-Mn-za-m/;
my $ldap = Net::LDAPS->new(SERVER) or
die('Can not connect to LDAP server');
$ldap->bind(ADMIN . '@' . DOMAIN, password => $rot13) or
die('Can not bind to LDAP server as ' . ADMIN);
tie my %passwd, 'Net::NIS', 'group.byname' or
die "Cannot tie to group YP map: $yperr\n";
while (my ($key, $value) = each %passwd) {
print "$key -> $value\n";
my ($Name, $GidNumber, $PosixMember) = (split ':', $value)[0, 2, 3];
print "Name: $Name\n";
print "GidNumber: $GidNumber\n";
print "PosixMember: $PosixMember\n" if defined $PosixMember;
my $dn = "cn=$Name," . ROOTDN;
print "dn: $dn\n\n";
#next;
my $result = $ldap->add($dn, attrs => [
msSFU30GidNumber => $GidNumber,
msSFU30Name => $Name,
msSFU30NisDomain => 'internal',
#msSFU30PosixMember => $PosixMember,
] );
$result->code && print STDERR 'Failed to add group: ',
$result->error, "\n";
}
$ldap->unbind();
