diff --git a/root/etc/e-smith/events/actions/update-reverse-group b/root/etc/e-smith/events/actions/update-reverse-group index b83870a..28a1aa6 100644 --- a/root/etc/e-smith/events/actions/update-reverse-group +++ b/root/etc/e-smith/events/actions/update-reverse-group @@ -39,14 +39,12 @@ my $i = $c->get('ipasserelle'); my $ip = $i->prop('status') || 'disabled'; my $reverse = $i->prop('LdapReverseGroups') || 'disabled'; -if (($ip eq 'disabled') || ($reverse eq 'disabled')){ - exit (0); -} +exit (0) if (($ip eq 'disabled') || ($reverse eq 'disabled')){ + my $l = $c->get('ldap'); my $status = $l->prop('status') || "disabled"; -unless ($status eq "enabled" ) -{ +unless ($status eq "enabled" ){ warn "Not running action script $0, LDAP service not enabled!\n"; exit(0); } @@ -64,18 +62,15 @@ my $account; my $event = shift || die "Event name must be specified"; if ($event eq 'ldap-update' or $event eq 'bootstrap-ldap-save' or - $event =~ m/group\-(create|modify|delete)/) -{ + $event =~ m/group\-(create|modify|delete)/){ @accounts = ($a->users); push(@accounts, $a->get('admin')); } -else -{ +else{ my @name = @ARGV; die "Account name argument missing." unless scalar (@name) >= 1; - foreach my $name (@name) - { + foreach my $name (@name){ $account = $a->get($name); die "Account $name not found.\n" unless defined $account; my $type = $account->prop('type') || "unknown"; @@ -89,8 +84,7 @@ else my $base = esmith::util::ldapBase ($domain); my $pw = esmith::util::LdapPassword(); -my $ldap = Net::LDAP->new('localhost') - or die "$@"; +my $ldap = Net::LDAP->new('localhost') or die "$@"; $ldap->bind( dn => "cn=root,$base", @@ -98,8 +92,7 @@ $ldap->bind( ); my $result; -foreach my $acct (@accounts) -{ +foreach my $acct (@accounts){ my $key = $acct->key; # Ensure this account has the iPasserelleUser objectclass @@ -110,30 +103,39 @@ foreach my $acct (@accounts) ); $result->code && warn "Error looking for entry uid=$key,ou=Users,$base: ", $result->error; my @oc = (); + my @oldgroups = (); foreach my $entry ($result->all_entries()){ push @oc, $entry->get_value('objectClass'); + push @oldgroups, $entry->get_value('posixMemberOf'); } - push @oc, 'iPasserelleUser' unless (grep { $_ =~ /iPasserelleUser/i } @oc); + unless (grep { $_ =~ /iPasserelleUser/i } @oc){ + push @oc, 'iPasserelleUser'; - $result = $ldap->modify( + $result = $ldap->modify( "uid=$key,ou=Users,$base", replace => { objectClass => \@oc } ); - $result->code && warn "failed to modify entry uid=$key,ou=Users,$base: ", $result->error; - + $result->code && warn "failed to modify entry uid=$key,ou=Users,$base: ", $result->error; + } my @groups = $a->user_group_list($key); + @oldgroups = sort @oldgroups; + @groups = sort @groups; + my $oldgroups = join('\0', @oldgroups); + my $groups = join('\0', @groups); - $result = $ldap->modify( + unless ($oldgroups eq $groups){ + $result = $ldap->modify( "uid=$key,ou=Users,$base", replace => { posixMemberOf => \@groups } ); - $result->code && warn "failed to modify entry uid=$key,ou=Users,$base: ", $result->error; + $result->code && warn "failed to modify entry uid=$key,ou=Users,$base: ", $result->error; + } } $ldap->unbind;