#include <stdio.h>
#include <stdlib.h>
#include <ldap.h>
#if defined(N_PLAT_NLM) && defined(LIBC)
#include <screen.h>
#endif
int _addUserToGroup( LDAP*, char* , char* );
static char usage[] =
"\n Usage: addUserToGroup <host name> <port number> <login dn> <password>"
"\n <user dn> <group dn>\n"
"\n Example: addUserToGroup acme.com 389 cn=admin,o=acme secret"
"\n cn=JSmith,ou=sales,o=acme cn=salesGroup,ou=sales,o=acme\n";
int main( int argc, char **argv) {
int version, ldapPort, rc;
LDAP *ld;
char *ldapHost, *loginDN, *password, *userDN, *groupDN;
struct timeval timeOut = {10,0};
#if defined(N_PLAT_NLM) && defined(LIBC)
setscreenmode(SCR_NO_MODE);
#endif
if (argc != 7) {
printf("%s", usage);
return(1);
}
ldapHost = argv[1];
ldapPort = atoi(argv[2]);
loginDN = argv[3];
password = argv[4];
userDN = argv[5];
groupDN = argv[6];
version = LDAP_VERSION3;
ldap_set_option( NULL, LDAP_OPT_PROTOCOL_VERSION, &version);
ldap_set_option( NULL, LDAP_OPT_NETWORK_TIMEOUT, &timeOut);
if (( ld = ldap_init( ldapHost, ldapPort )) == NULL) {
printf ( "\n\tLDAP session initialization failed\n");
return( 1 );
}
printf ( "\n\tLDAP session initialized\n");
if ( (rc = ldap_simple_bind_s( ld, loginDN, password )) != LDAP_SUCCESS) {
printf("\n\tldap_simple_bind_s: %s\n", ldap_err2string( rc ));
ldap_unbind_s ( ld );
return (1);
}
printf("\n\tBind successful\n");
rc = _addUserToGroup( ld, userDN, groupDN );
if ( rc != LDAP_SUCCESS )
printf("\n\tUser: %s could not be enrolled in group: %s.\n",
userDN, groupDN);
else
printf("\n\tUser: %s was enrolled in group: %s.\n", userDN, groupDN);
ldap_unbind_s( ld );
return (0);
}
int _addUserToGroup( LDAP *ld, char *userdn, char *groupdn ) {
int rc, rc1;
char *userValues[2], *groupValues[2] ;
LDAPMod security, membership, *modUser[3];
LDAPMod equivalent, member, *modGroup[3];
userValues[0] = groupdn;
userValues[1] = NULL;
membership.mod_op = LDAP_MOD_ADD;
membership.mod_type = "groupMembership";
membership.mod_values = userValues;
security.mod_op = LDAP_MOD_ADD;
security.mod_type = "securityEquals";
security.mod_values = userValues;
modUser[0] = &security;
modUser[1] = &membership;
modUser[2] = NULL;
groupValues[0] = userdn;
groupValues[1] = NULL;
member.mod_op = LDAP_MOD_ADD;
member.mod_type = "uniqueMember";
member.mod_values = groupValues;
equivalent.mod_op = LDAP_MOD_ADD;
equivalent.mod_type = "equivalentToMe";
equivalent.mod_values = groupValues;
modGroup[0] = &equivalent;
modGroup[1] = &member;
modGroup[2] = NULL;
rc= ldap_modify_ext_s(
ld,
userdn,
modUser,
NULL,
NULL);
if ( rc == LDAP_SUCCESS )
printf("\n\tModified %s's attributes.\n", userdn);
else {
printf("\n\tFailed to modify %s's attributes. ldap_modify_ext_s: %s.\n",
userdn, ldap_err2string(rc));
return rc;
}
rc= ldap_modify_ext_s(
ld,
groupdn,
modGroup,
NULL,
NULL);
if ( rc == LDAP_SUCCESS )
printf("\n\tModified %s's attributes.\n", groupdn);
else {
printf("\n\tFailed to modify %s's attributes. ldap_modify_ext_s: %s.\n",
groupdn, ldap_err2string(rc));
printf("\n\tDeleting modified %s's attribute values...\n", userdn);
modUser[0]->mod_op = LDAP_MOD_DELETE;
modUser[1]->mod_op = LDAP_MOD_DELETE;
rc1 = ldap_modify_ext_s(
ld,
userdn,
modUser,
NULL,
NULL);
if ( rc1 == LDAP_SUCCESS )
printf("\n\tDeleted %s's modified attribute values.\n", userdn);
else
printf("\n\tCould not delete %s's modified attribute values. "
"ldap_modify_ext_s: %s.\n", userdn, ldap_err2string(rc));
}
return rc;
}