Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Perl > Perl Misc > Creating an Active Directory group using Net::LDAP

Reply
Thread Tools

Creating an Active Directory group using Net::LDAP

 
 
A. Farber
Guest
Posts: n/a
 
      03-13-2009
Hello,

sorry for the partly offtopic question, but can anyone
please share a code for creating a new group in AD?
I'm taking http://techtasks.com/code/viewbookcode/1616
as a base and I think I'm missing something minor:

use constant ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP => 4;
use constant ADS_GROUP_TYPE_GLOBAL_GROUP => 2;
use constant ADS_GROUP_TYPE_LOCAL_GROUP => 4;
use constant ADS_GROUP_TYPE_SECURITY_ENABLED => -2147483648;
use constant ADS_GROUP_TYPE_UNIVERSAL_GROUP => 8;
......
my $result = $ldap->add($dn, attrs => [
samAccountName => $Name,
groupType => ADS_GROUP_TYPE_LOCAL_GROUP |
ADS_GROUP_TYPE_SECURITY_ENABLED,
description => '',
] );

This gives me:
00000057: LdapErr: DSID-0C090B38, comment: Error in attribute
conversion operation, data 0, vece

I've asked at perl-LDAP list yesterday, but no reply yet.

Thank you
Alex

PS: My full code is listed below:

#!/usr/bin/perl -wT

use strict;
use POSIX qw(strftime);
use Net::NIS;
use Net::LDAPS;

use constant ROOTDN => 'OU=NIS
Groups,DC=internal,DC=mycompany,DC=com';
use constant DOMAIN => 'internal.mycompany.com';
use constant SERVER => [ map { "ablwdc0$_." . DOMAIN } 1..5 ];
use constant ADMIN => 'XXXX';
use constant ADMPW => 'XXXX';

use constant ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP => 4;
use constant ADS_GROUP_TYPE_GLOBAL_GROUP => 2;
use constant ADS_GROUP_TYPE_LOCAL_GROUP => 4;
use constant ADS_GROUP_TYPE_SECURITY_ENABLED => -2147483648;
use constant ADS_GROUP_TYPE_UNIVERSAL_GROUP => 8;

my $rot13;
($rot13 = ADMPW) =~ y/A-Za-z/N-ZA-Mn-za-m/;

my $ldap = Net::LDAPS->new(SERVER) or
die('Can not connect to LDAP server');
$ldap->bind(ADMIN . '@' . DOMAIN, password => $rot13) or
die('Can not bind to LDAP server as ' . ADMIN);

tie my %passwd, 'Net::NIS', 'group.byname' or
die "Cannot tie to group YP map: $yperr\n";

while (my ($key, $value) = each %passwd) {
my ($Name, $GidNumber, $PosixMember) = (split ':', $value)[0,
2, 3];
my $members = defined $PosixMember ? [ split ',',
$PosixMember ] : [];
my $dn = "cn=$Name," . ROOTDN;

my $result = $ldap->add($dn, attrs => [
msSFU30Name => $Name,
msSFU30GidNumber => $GidNumber,
msSFU30NisDomain => 'internal',
#msSFU30PosixMember => $members,
#objectCategory => 'Group',
#objectClass => [ qw(top person organizationalPerson
group) ],
samAccountName => $Name,
groupType => ADS_GROUP_TYPE_LOCAL_GROUP |
ADS_GROUP_TYPE_SECURITY_ENABLED,
description => '',
] );

$result->code && print STDERR 'Failed to add group: ', $result-
>error, "\n";

}

$ldap->unbind();


 
Reply With Quote
 
 
 
 
A. Farber
Guest
Posts: n/a
 
      03-13-2009
On Mar 13, 10:01*am, "A. Farber" <(E-Mail Removed)> wrote:
> use constant ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP => 1;
> use constant ADS_GROUP_TYPE_GLOBAL_GROUP * * * => 2;
> use constant ADS_GROUP_TYPE_LOCAL_GROUP * * * *=> 4;
> use constant ADS_GROUP_TYPE_SECURITY_ENABLED * => -2147483648;
> use constant ADS_GROUP_TYPE_UNIVERSAL_GROUP * *=> 8;
> .....
> * * * * my $result = $ldap->add($dn, attrs => [
> * * * * * * * * samAccountName => $Name,
> * * * * * * * * groupType => ADS_GROUP_TYPE_LOCAL_GROUP|
> ADS_GROUP_TYPE_SECURITY_ENABLED,
> * * * * * * * * description => '',
> * * * * ] );
>


Ok, I was missing 'cn':

use constant USERDN => 'CN=%s,OU=Imported,OU=User
Accounts,DC=internal,DC=mycompany,DC=com';
......
# first create the group
my $result = $ldap->add($dn, attrs => [
cn => $Name,
msSFU30Name => $Name,
msSFU30GidNumber => $GidNumber,
msSFU30NisDomain => 'internal',
objectClass => [ qw(top group) ],
samAccountName => $Name,
groupType => ADS_GROUP_TYPE_GLOBAL_GROUP |
ADS_GROUP_TYPE_SECURITY_ENABLED,
description => "NIS group $Name",
] );

if ($result->code) {
print STDERR 'Failed to create group: ', $result-
>error, "\n";

next;
}

# then try to add members (some might be missing under USERDN)
my $members = defined $PosixMember ?
[ map { sprintf USERDN, $_ } split ',',
$PosixMember ] : [];
print 'Adding members: ', Dumper($members), "\n";

$result = $ldap->modify($dn, replace => {
msSFU30PosixMember => $members,
} );

$result->code && print STDERR 'Failed to add members: ',
$result->error, "\n";
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Fetching LargeInteger, Dates and Group Distribution Lists from LDAP/Active Directory gimme_this_gimme_that@yahoo.com Java 0 02-27-2007 10:21 PM
Active Directory : Add an user to a group ! moi ASP .Net 2 04-22-2006 01:37 PM
Help - Setting Up Authentication via Active Directory (Group Membership) for IPSEC and WebVPN Clients on VPN3K webspider Cisco 3 12-15-2004 04:35 AM
List members of a active directory group =?Utf-8?B?QW5kZXJzQmo=?= ASP .Net 0 06-10-2004 07:20 AM
Add User To Group in Active Directory using JNDI zieg Java 0 05-21-2004 08:38 AM



Advertisments