A
A. Farber
Hello,
sorry for the partly offtopic question, but can anyone
please share a code for creating a new group in AD?
I'm taking http://techtasks.com/code/viewbookcode/1616
as a base and I think I'm missing something minor:
use constant ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP => 4;
use constant ADS_GROUP_TYPE_GLOBAL_GROUP => 2;
use constant ADS_GROUP_TYPE_LOCAL_GROUP => 4;
use constant ADS_GROUP_TYPE_SECURITY_ENABLED => -2147483648;
use constant ADS_GROUP_TYPE_UNIVERSAL_GROUP => 8;
......
my $result = $ldap->add($dn, attrs => [
samAccountName => $Name,
groupType => ADS_GROUP_TYPE_LOCAL_GROUP |
ADS_GROUP_TYPE_SECURITY_ENABLED,
description => '',
] );
This gives me:
00000057: LdapErr: DSID-0C090B38, comment: Error in attribute
conversion operation, data 0, vece
I've asked at perl-LDAP list yesterday, but no reply yet.
Thank you
Alex
PS: My full code is listed below:
#!/usr/bin/perl -wT
use strict;
use POSIX qw(strftime);
use Net::NIS;
use Net::LDAPS;
use constant ROOTDN => 'OU=NIS
Groups,DC=internal,DC=mycompany,DC=com';
use constant DOMAIN => 'internal.mycompany.com';
use constant SERVER => [ map { "ablwdc0$_." . DOMAIN } 1..5 ];
use constant ADMIN => 'XXXX';
use constant ADMPW => 'XXXX';
use constant ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP => 4;
use constant ADS_GROUP_TYPE_GLOBAL_GROUP => 2;
use constant ADS_GROUP_TYPE_LOCAL_GROUP => 4;
use constant ADS_GROUP_TYPE_SECURITY_ENABLED => -2147483648;
use constant ADS_GROUP_TYPE_UNIVERSAL_GROUP => 8;
my $rot13;
($rot13 = ADMPW) =~ y/A-Za-z/N-ZA-Mn-za-m/;
my $ldap = Net::LDAPS->new(SERVER) or
die('Can not connect to LDAP server');
$ldap->bind(ADMIN . '@' . DOMAIN, password => $rot13) or
die('Can not bind to LDAP server as ' . ADMIN);
tie my %passwd, 'Net::NIS', 'group.byname' or
die "Cannot tie to group YP map: $yperr\n";
while (my ($key, $value) = each %passwd) {
my ($Name, $GidNumber, $PosixMember) = (split ':', $value)[0,
2, 3];
my $members = defined $PosixMember ? [ split ',',
$PosixMember ] : [];
my $dn = "cn=$Name," . ROOTDN;
my $result = $ldap->add($dn, attrs => [
msSFU30Name => $Name,
msSFU30GidNumber => $GidNumber,
msSFU30NisDomain => 'internal',
#msSFU30PosixMember => $members,
#objectCategory => 'Group',
#objectClass => [ qw(top person organizationalPerson
group) ],
samAccountName => $Name,
groupType => ADS_GROUP_TYPE_LOCAL_GROUP |
ADS_GROUP_TYPE_SECURITY_ENABLED,
description => '',
] );
$result->code && print STDERR 'Failed to add group: ', $result-
$ldap->unbind();
sorry for the partly offtopic question, but can anyone
please share a code for creating a new group in AD?
I'm taking http://techtasks.com/code/viewbookcode/1616
as a base and I think I'm missing something minor:
use constant ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP => 4;
use constant ADS_GROUP_TYPE_GLOBAL_GROUP => 2;
use constant ADS_GROUP_TYPE_LOCAL_GROUP => 4;
use constant ADS_GROUP_TYPE_SECURITY_ENABLED => -2147483648;
use constant ADS_GROUP_TYPE_UNIVERSAL_GROUP => 8;
......
my $result = $ldap->add($dn, attrs => [
samAccountName => $Name,
groupType => ADS_GROUP_TYPE_LOCAL_GROUP |
ADS_GROUP_TYPE_SECURITY_ENABLED,
description => '',
] );
This gives me:
00000057: LdapErr: DSID-0C090B38, comment: Error in attribute
conversion operation, data 0, vece
I've asked at perl-LDAP list yesterday, but no reply yet.
Thank you
Alex
PS: My full code is listed below:
#!/usr/bin/perl -wT
use strict;
use POSIX qw(strftime);
use Net::NIS;
use Net::LDAPS;
use constant ROOTDN => 'OU=NIS
Groups,DC=internal,DC=mycompany,DC=com';
use constant DOMAIN => 'internal.mycompany.com';
use constant SERVER => [ map { "ablwdc0$_." . DOMAIN } 1..5 ];
use constant ADMIN => 'XXXX';
use constant ADMPW => 'XXXX';
use constant ADS_GROUP_TYPE_DOMAIN_LOCAL_GROUP => 4;
use constant ADS_GROUP_TYPE_GLOBAL_GROUP => 2;
use constant ADS_GROUP_TYPE_LOCAL_GROUP => 4;
use constant ADS_GROUP_TYPE_SECURITY_ENABLED => -2147483648;
use constant ADS_GROUP_TYPE_UNIVERSAL_GROUP => 8;
my $rot13;
($rot13 = ADMPW) =~ y/A-Za-z/N-ZA-Mn-za-m/;
my $ldap = Net::LDAPS->new(SERVER) or
die('Can not connect to LDAP server');
$ldap->bind(ADMIN . '@' . DOMAIN, password => $rot13) or
die('Can not bind to LDAP server as ' . ADMIN);
tie my %passwd, 'Net::NIS', 'group.byname' or
die "Cannot tie to group YP map: $yperr\n";
while (my ($key, $value) = each %passwd) {
my ($Name, $GidNumber, $PosixMember) = (split ':', $value)[0,
2, 3];
my $members = defined $PosixMember ? [ split ',',
$PosixMember ] : [];
my $dn = "cn=$Name," . ROOTDN;
my $result = $ldap->add($dn, attrs => [
msSFU30Name => $Name,
msSFU30GidNumber => $GidNumber,
msSFU30NisDomain => 'internal',
#msSFU30PosixMember => $members,
#objectCategory => 'Group',
#objectClass => [ qw(top person organizationalPerson
group) ],
samAccountName => $Name,
groupType => ADS_GROUP_TYPE_LOCAL_GROUP |
ADS_GROUP_TYPE_SECURITY_ENABLED,
description => '',
] );
$result->code && print STDERR 'Failed to add group: ', $result-
}error, "\n";
$ldap->unbind();