I am still having trouble with adding users to ldap via Array of Hashes. I
am a nOOb to perl scripting and learning my way thru the references.
Bind to LDAP & AD, getting attributes and values work fine.
*****NEED HELP IN AREA*****
I need someone to look at the routine where I generate the Array of hashes
and also if the iteration is fine. It is something with my syntax or may be
I am stupidly new and need a
********ERROR******
I get when performing LDAP add: Object Class Violation. Missing required
³ObjectClass²
*****STEPS I¹VE TAKEN*****
-I am sure to have eliminated the typos and objectClass dependencies, as I
have tested below key/value pair by manually adding via ldapadd¹.
-My LDAP server already has entries with below schema.
-The serial-wise combinations of the attributes didn;t work.
----------------------------------------------------------------------
My hash looks like this:
$VAR6 = {
'uid' => 'rgreen',
'cn' => 'Robert Green',
'homeDirectory' => '/home/rgreen',
'uidNumber' => 3087,
'objectClass' => [
'top',
'person',
'organizationalPerson',
'inetorgperson',
'posixAccount',
'account',
'shadowAccount'
],
'description' => 'Director of Content - So1',
'gidNumber' => '1010',
'gecos' => 'Robert Green',
'sn' => 'Green',
'mail' => '[email protected]',
'userPassword' => '{MD5}*',
'givenName' => 'Richard',
'loginShell' => '/bin/nologin'
};
My DN is correct: dn: uid=postdrop,ou=people,dc=fds,dc=net
========================================================================
############################################################################
# Get AD users
############################################################################
sub ad_sync_routine {
# Get available UID to allocate for new users sync (working fine)
@service_uid = &getUid(1001,2000);
@user_uid = &getUid(3001,3400);
foreach $ad_base (@ad_bases)
{
my $mesg_ad = $ldap_ad->search(base => $ad_base, filter =>
"objectClass=person");
$entries = $mesg_ad->count;
if ($entries lt 1)
{
send_mail($email_ldap_admins,"ZERO Entries in AD
$ad_host","Code:".ldap_error_desc($mesg_ad));
logit('err',"Zero entries in $ad_host under $ad_base, exiting from
sync routine",$mesg_ad);
exit 1;
}
foreach $entry ( $mesg_ad->entries )
{
$sAMAccountName = $entry->get_value("sAMAccountName");
# Perform ldapsearch for uid=sAMAccountName
my $mesg_ld = $ldap_ld->search(base =>$ldap_base,filter =>
"uid=$sAMAccountName");
if (!($mesg_ld->count))
{
(@add_user,@add_group) =
&get_values($entry,$sAMAccountName,$ad_base);
}
}
}
#print Dumper(@add_user);
create_user(@add_user);
#if ((check_limit(@add_group))) { create_group(@add_group)};
}
###########################################################
# Get the new user and new group values
##########################################################
sub get_values {
my ($entry,$sAMAccountName,$ad_base) = @_;
$cn = $entry->get_value("cn");
$givenName = $entry->get_value("givenName");
$description = $entry->get_value("description");
$mail = $entry->get_value("mail");
$sn = $entry->get_value("sn");
if(!$sn) { $sn = $cn; logit('info',"Added mising field 'SN' for
$sAMAccountName"); }
if(!$description) { $description = "NO DESCRIPTION";
logit('info',"Added missing field 'description'for $sAMAccountName"); }
if(!$mail) { $mail = "$sAMAccountName".'@fds.net';
logit('info',"Added missing field 'mail' for $sAMAccountName"); }
if ($ad_base eq $ad_service_base)
{
#$dn_group = "cn=".$cn.",ou=Group,".$ldap_base;
$description = "Unix Service Account";
$uidNumber = shift @service_uid;
$gidNumber = $uidNumber;
%group = ( cn => $sAMAccountName,
objectclass =>
['top','groupOfUniqueNames','posixGroup'],
uniqueMember =>
"uid=".$sAMAccountName.",ou=People,".$ldap_base,
gidNumber => $gidNumber,
);
push @add_group,{%group};
}
elsif ($ad_base eq $ad_user_base)
{
$uidNumber = shift @user_uid;
$gidNumber = "1010";
}
#$dn_user = "dn: uid=".$sAMAccountName.",ou=People,".$ldap_base;
# Add values to a single HASH
%user = ( givenName => $givenName,
sn => $sn,
loginShell => $loginShell,
gidNumber => $gidNumber,
uidNumber => $uidNumber,
uid => $sAMAccountName,
mail => $mail,
objectClass =>
['top','person','organizationalPerson','inetorgperson','posixAccount','accou
nt','shadowAccount'],
uid => $sAMAccountName,
gecos => $cn,
cn => $cn,
homeDirectory => "/home/".$sAMAccountName,
description => $description,
userPassword => "{MD5}*",
);
push @add_user,{%user};
return (@add_user,@add_group);
}
#####################################################
#Create the AD user with LDAP schema
####################################################
sub create_user {
my(@add_user)=...@_;
print Dumper(@add_user);
for $eachuser (@add_user)
{ print "\n==========\n ";
#for $attribut (keys %eachuser)
#{
# if ($attribut eq "\n objectClass"){ for (my $j=0; $j < 12;
$j++){print " objectClass:".$eachuser->{$attribut}[$j]; } }
# print $attribut.":".$eachuser->{$attribut}."\n";
#}
$dn_add='uid='.$eachuser->{'uid'}.',ou=people,'.$ldap_base;
print "dn: $dn_add \n";
$new_entry = Net::LDAP::Entry->new;
$new_entry->dn($dn_add);
$new_entry->add($dn_add,attr => [ %eachuser ]);
my $mesg_ld = $new_entry->update($ldap_ld);
if ($mesg_ld->code)
{
logit('err',"Error adding uid:".$eachuser->{'uid'}."with
uidNumber:".$eachuser->{'uidNumber'},$mesg_ld);
}
else
{
logit('info',"Successfully added
uid:".$eachuser->{'uid'}."uidNumber:".$eachuser->{'uidNumber'},$mesg_ld);
}
}
}
