ldap-scripts/setquota-ldap.pl - pub/scm/utils/quota/quota-tools - Git at Google

 #!/usr/bin/perl

 # A Perl wrapper for setquota utility which updates LDAP accordingly.

 # /etc/fstab: usrquota,grpquota
 # mount -o remount /f/s
 # touch /f/s/aquota.{user,group}
 # chmod 600 /f/s/aquota.{user,group}
 # quotacheck -cguvamf

 use strict;
 use warnings;
 use Net::LDAP;
 use Net::LDAP::Entry;
 use Getopt::Long;
 Getopt::Long::Configure ("bundling");

 my $help = $#ARGV >= 0 ? 0 : 1;
 my $ldaphost = 'localhost';
 my $passwordfile = '';
 my $password = '';
 my $binddn = $ENV{BINDDN};
 my $basedn = $ENV{BASEDN};
 my $oc = 'systemQuotas';
 my $attr = 'quota';
 my %Q = ();
 my $F = 'cn=*';
 GetOptions(
         'help|?' => \$help,
         'oc|o=s' => \$oc,
         'attr|a=s' => \$attr,
         'quota|Q=s' => \%Q,
         'filter|F=s' => \$F,
         'ldaphost|h=s' => \$ldaphost,
         'basedn|b=s' => \$basedn,
         'binddn|D=s' => \$binddn,
         'password|w=s' => \$password,
         'passwordfile|W=s' => \$passwordfile,
 );
 die "Usage: $0 -b basedn [-o objectClass] [-a attr] [-F '(extrafilter)'] [-Q
 /f/s=sb:hb:gb:sf:hf:gf ...]\n" if $help;
 %Q = checkQ(%Q);

 my ($ldap, $bind);
 if ( $ldap = Net::LDAP->new($ldaphost, version => 3, timeout => 3) ) {
         if ( $binddn && $password ) {
                 $bind = $ldap->bind($binddn, password=>$password);
         } elsif ( $binddn && $passwordfile ){
                 $bind = $ldap->bind($binddn, password=>bindpw($passwordfile));
         } else {
                 $bind = $ldap->bind();
         }
         die "Unable to connect to LDAP\n" if $bind->code;
         undef $passwordfile;
 } else {
         die "Unable to connect to LDAP\n";
 }

 my $search = $ARGV[0] ? $ldap->search(base=>$basedn, filter=>"uid=$ARGV[0]") : $ldap->search(base=>$basedn, filter=>$F);
 if ( $search->code ) {
         die "LDAP Error: ", error($search), "\n";
 } elsif ( $search->count <= 0 ) {
         die "0 results found in LDAP\n";
 } else {
         my $i = 0;
         for ( $i=0; $i<$search->count; $i++ ) {
                 my $entry = $search->entry($i);
                 my @oc = $entry->get_value('objectClass');
                 # objectClass: $oc
                 unless ( grep { /^$oc$/ } @oc ) {
                         my $modify = $ldap->modify($entry->dn, add => {objectClass => $oc});
                         if ( $modify->code ) {
                                 print STDERR "Failed to add objectClass $oc:", error($modify), "\n";
                         }
                 }
                 # $attr: /f/s=sb:hb:sf:hf
                 if ( $entry->exists($attr) ) {
                         my @attr = $entry->get_value($attr);
                         if ( keys %Q ) {
                                 foreach my $fs ( keys %Q ) {
                                         foreach ( @attr ) {
                                                 next unless /^$fs=/;
                                                 my $modify = $ldap->modify($entry->dn, delete => {$attr => "$_"});
                                                 if ( $modify->code ) {
                                                         print STDERR "Failed to delete $attr: $_: ", error($modify), "\n";
                                                 }
                                         }
                                         my $modify = $ldap->modify($entry->dn, add => {$attr => "$fs=$Q{$fs}"});
                                         if ( $modify->code ) {
                                                 print STDERR "Failed to add $attr: $fs=$Q{$fs}: ", error($modify), "\n";
                                         } else {
                                                 print STDERR "Failed to setquota: $fs=$Q{$fs}\n" if setquota($entry->get_value('uid'), $fs, $Q{$fs});
                                         }
                                 }
                         } else {
                                 my $modify = $ldap->modify($entry->dn, delete => [($attr)]);
                                 if ( $modify->code ) {
                                         print STDERR "Failed to delete $attr: ", error($modify), "\n";
                                 } else {
                                         foreach ( @attr ) {
                                                 my ($fs) = m!^(/[^=]*)!;
                                                 $Q{$fs} = '0:0:0:0:0:0';
                                                 print STDERR "Failed to setquota: $fs=$Q{$fs}\n" if setquota($entry->get_value('uid'), $fs, $Q{$fs});
                                         }
                                 }
                         }
                 } else {
                         if ( keys %Q ) {
                                 foreach my $fs ( keys %Q ) {
                                         my $modify = $ldap->modify($entry->dn, add => {$attr => "$fs=$Q{$fs}"});
                                         if ( $modify->code ) {
                                                 print STDERR "Failed to add $attr: $fs=$Q{$fs}: ", error($modify), "\n";
                                         } else {
                                                 print STDERR "Failed to setquota: $fs=$Q{$fs}\n" if setquota($entry->get_value('uid'), $fs, $Q{$fs});
                                         }
                                 }
                         }
                 }
         }
 }

 sub setquota {
         $_[2] = '0:0:0:0:0:0' unless $_[2];
         $_[2] =~ /^(\d+):(\d+):(\d+):(\d+):(\d+):(\d+)$/;
         qx{/usr/sbin/setquota -u $_[0] $1 $2 $4 $5 $_[1]};
         qx{/usr/sbin/setquota -T -u $_[0] $3 $6 $_[1]};
         return 0;
 }

 sub checkQ {
         my (%Q) = @_;
         foreach ( keys %Q ) {
                 die "$_: invalid format\n" unless m!^(/[^=]*)! && $Q{$_} =~ /^(\d+):(\d+):(\d+):(\d+):(\d+):(\d+)$/;
         }
         return %Q;
 }

 sub bindpw {
         my ($passwordfile) = @_;
         open P, $passwordfile or die "Can't open passwordfile: $!";
         chomp(my $password = <P>);
         close P;
         return $password;
 }

 sub error {
         return $_[0]->error, "(", $_[0]->code, ")";
 }
	#!/usr/bin/perl

	# A Perl wrapper for setquota utility which updates LDAP accordingly.

	# /etc/fstab: usrquota,grpquota
	# mount -o remount /f/s
	# touch /f/s/aquota.{user,group}
	# chmod 600 /f/s/aquota.{user,group}
	# quotacheck -cguvamf

	use strict;
	use warnings;
	use Net::LDAP;
	use Net::LDAP::Entry;
	use Getopt::Long;
	Getopt::Long::Configure ("bundling");

	my $help = $#ARGV >= 0 ? 0 : 1;
	my $ldaphost = 'localhost';
	my $passwordfile = '';
	my $password = '';
	my $binddn = $ENV{BINDDN};
	my $basedn = $ENV{BASEDN};
	my $oc = 'systemQuotas';
	my $attr = 'quota';
	my %Q = ();
	my $F = 'cn=*';
	GetOptions(
	'help\|?' => \$help,
	'oc\|o=s' => \$oc,
	'attr\|a=s' => \$attr,
	'quota\|Q=s' => \%Q,
	'filter\|F=s' => \$F,
	'ldaphost\|h=s' => \$ldaphost,
	'basedn\|b=s' => \$basedn,
	'binddn\|D=s' => \$binddn,
	'password\|w=s' => \$password,
	'passwordfile\|W=s' => \$passwordfile,
	);
	die "Usage: $0 -b basedn [-o objectClass] [-a attr] [-F '(extrafilter)'] [-Q
	/f/s=sb:hb:gb:sf:hf:gf ...]\n" if $help;
	%Q = checkQ(%Q);

	my ($ldap, $bind);
	if ( $ldap = Net::LDAP->new($ldaphost, version => 3, timeout => 3) ) {
	if ( $binddn && $password ) {
	$bind = $ldap->bind($binddn, password=>$password);
	} elsif ( $binddn && $passwordfile ){
	$bind = $ldap->bind($binddn, password=>bindpw($passwordfile));
	} else {
	$bind = $ldap->bind();
	}
	die "Unable to connect to LDAP\n" if $bind->code;
	undef $passwordfile;
	} else {
	die "Unable to connect to LDAP\n";
	}

	my $search = $ARGV[0] ? $ldap->search(base=>$basedn, filter=>"uid=$ARGV[0]") : $ldap->search(base=>$basedn, filter=>$F);
	if ( $search->code ) {
	die "LDAP Error: ", error($search), "\n";
	} elsif ( $search->count <= 0 ) {
	die "0 results found in LDAP\n";
	} else {
	my $i = 0;
	for ( $i=0; $i<$search->count; $i++ ) {
	my $entry = $search->entry($i);
	my @oc = $entry->get_value('objectClass');
	# objectClass: $oc
	unless ( grep { /^$oc$/ } @oc ) {
	my $modify = $ldap->modify($entry->dn, add => {objectClass => $oc});
	if ( $modify->code ) {
	print STDERR "Failed to add objectClass $oc:", error($modify), "\n";
	}
	}
	# $attr: /f/s=sb:hb:sf:hf
	if ( $entry->exists($attr) ) {
	my @attr = $entry->get_value($attr);
	if ( keys %Q ) {
	foreach my $fs ( keys %Q ) {
	foreach ( @attr ) {
	next unless /^$fs=/;
	my $modify = $ldap->modify($entry->dn, delete => {$attr => "$_"});
	if ( $modify->code ) {
	print STDERR "Failed to delete $attr: $_: ", error($modify), "\n";
	}
	}
	my $modify = $ldap->modify($entry->dn, add => {$attr => "$fs=$Q{$fs}"});
	if ( $modify->code ) {
	print STDERR "Failed to add $attr: $fs=$Q{$fs}: ", error($modify), "\n";
	} else {
	print STDERR "Failed to setquota: $fs=$Q{$fs}\n" if setquota($entry->get_value('uid'), $fs, $Q{$fs});
	}
	}
	} else {
	my $modify = $ldap->modify($entry->dn, delete => [($attr)]);
	if ( $modify->code ) {
	print STDERR "Failed to delete $attr: ", error($modify), "\n";
	} else {
	foreach ( @attr ) {
	my ($fs) = m!^(/[^=]*)!;
	$Q{$fs} = '0:0:0:0:0:0';
	print STDERR "Failed to setquota: $fs=$Q{$fs}\n" if setquota($entry->get_value('uid'), $fs, $Q{$fs});
	}
	}
	}
	} else {
	if ( keys %Q ) {
	foreach my $fs ( keys %Q ) {
	my $modify = $ldap->modify($entry->dn, add => {$attr => "$fs=$Q{$fs}"});
	if ( $modify->code ) {
	print STDERR "Failed to add $attr: $fs=$Q{$fs}: ", error($modify), "\n";
	} else {
	print STDERR "Failed to setquota: $fs=$Q{$fs}\n" if setquota($entry->get_value('uid'), $fs, $Q{$fs});
	}
	}
	}
	}
	}
	}

	sub setquota {
	$_[2] = '0:0:0:0:0:0' unless $_[2];
	$_[2] =~ /^(\d+):(\d+):(\d+):(\d+):(\d+):(\d+)$/;
	qx{/usr/sbin/setquota -u $_[0] $1 $2 $4 $5 $_[1]};
	qx{/usr/sbin/setquota -T -u $_[0] $3 $6 $_[1]};
	return 0;
	}

	sub checkQ {
	my (%Q) = @_;
	foreach ( keys %Q ) {
	die "$_: invalid format\n" unless m!^(/[^=]*)! && $Q{$_} =~ /^(\d+):(\d+):(\d+):(\d+):(\d+):(\d+)$/;
	}
	return %Q;
	}

	sub bindpw {
	my ($passwordfile) = @_;
	open P, $passwordfile or die "Can't open passwordfile: $!";
	chomp(my $password = <P>);
	close P;
	return $password;
	}

	sub error {
	return $_[0]->error, "(", $_[0]->code, ")";
	}