
__END__

=head1 NAME

B<ldapsmb> - LDAP-Managment-Tool for a Samba Domain Controller

=head1 SYNOPSIS

ldapsmb [options] 

	Main Options:
--add|-a				Add something
--config				Show configuration
--delete|-d				Delete something
--group|-g <groupname>			Set Group-Name
--help|-h|?				Display help
--init|-i				Initialize LDAP 
--join|-j				Join a user to a group
--list|-l				List Something
--modify|-m				Modify something
--remove|-r				Remove a user from a group
--smbacct|-s				Promote to samba-Account
--user|-u <username>			Set User-Name
--workstation|-wks <workstationname>	Set Workstation-Name

	Global Options:
--bindpw <password>			LDAP bind password
--debug <n>				Select debug-level (default: 3)
--force|-f				Force execution
--mode					Select mode (default: local)
--quiet|-q				No output
--raw					Raw list-output
--smbconf <smb.conf>			Choose another configfile
--verbose|-v				Verbose output
--version				Display version
--logfile <logfile>			Specify logfile (default: @LOGFILE@)

	Misc Options:
--comment|-c <comment>			Set Comment
--gid <n>				Set Gid-Number
--homedir <home directory>		Set Home-Directory
--makehomedir				Make Home-Directory
--ntgroup <ntgroupname>			Set NT-Groupname
--passwd <password>			Set Password 
--rid <n>				Set Rid for Samba account
--shell <login shell>			Set Loginshell
--skeldir|-k <skeleton dir>		Define Skeleton-Dir
--uid <n>				Set Uid-Number
--username <username>			Set Username

=head1 DESCRIPTION

B<ldapsmb> will create and delete Posix-Accounts for users, groups and
workstations in your LDAP-Directory. Although designed for Samba 3.0/HEAD it
should work for Samba 2.2.x as well. Furthermore B<ldapsmb> should provide all
necessary scripting-hooks to fullfill a clean "net rpc vampire" - Migration of a
NT4/2000 Domain Controller to a Samba 3.0 PDC. 

B<ldapsmb> can run in two modes:

	local:	your smbd is running on the same machine where B<ldapsmb> is called.
	remote:	your smbd is running on another machine.

All LDAP relevant configuration data will be autodetected if possible. Your
password can be autodetected as well, as long as you have read permission on
your secrets.tdb where your admin password will be stored after you have called
B<smbpasswd -w adminpassword>. If you have not done that (e. g. running in
remote mode) you have to set the password manually in B<ldapsmb>.

The file C<~/.ldapsmbrc> could be used to set additional configuration
parameters not yet part of the smb.conf.

=head1 MAIN OPTIONS

=over 8

=item B<--add|-a>

Add an account. Requires B<--user|-u>, B<--group|-g> or B<--workstation|-wks>. Can be
combined with B<-smbacct> do promote the posixAccount to a full sambaAccount if
running in local-mode.

=item B<--config>

Show the config that will be used (the result of all autodetections).

=item B<--delete|-d>

Delete an account. Requires B<--user|-u>, B<--group|-g> or
B<--workstation|-wks>.

=item B<--group|-g> C<groupname>

Define a groupname. Requires B<-add>, B<-delete>, B<-list>, B<-join> or
B<-remove>.

=item B<--help|-h>

Print a brief help message and exits.

=item B<--init|-i>

to be documented...

=item B<--join|-j>

Join a LDAP-PosixAccount to a LDAP-PosixGroup. Requires B<--user|-u> and
B<--group|-g>. A corresponding memberUid-attribute with the given username will
be added to the posixGroup-object.

=item B<--list|-l>

List an account. Requires B<--user|-u>, B<--group|-g> or B<--workstation|-wks>.
If no user, group or workstation is specified, all entries of the specific
account are listed.

=item B<--mode> C<mode>

Choose in which mode B<ldapsmb> should run (local, remote). If running in local
mode (the default) it will check for ldap-support in smbd, look for a
secrets-tdb to retrieve the password, etc. If running in remote-mode, you need
to assign a config-file with --smbconf /path/to_my/smb.conf and you need to
write your admin-password into B<ldapsmb>. Adding or promoting Accounts to full
LDAP-Accounts is currently only available in local mode.

=item B<--modify|-m>

Modify an account. Requires B<--user|-u>, B<--group|-g> or
B<--workstation|-wks>.

=item B<--raw>

Raw output while listing.

=item B<--smbacct>

Trigger all necessary steps to make either a user, a group or a workstation a
full Samba-Account.  This option will be redesigned in the future. It was added
by Lars Müller to ease Samba 2.2-Administration but really makes not very much
sense for Samba 3.0. By default samba-specific information are not added.

=item B<--remove|-r>

Remove a LDAP-PosixAccount from a LDAP-PosixGroup. Requires B<-user> and
B<-group>. If existant, the memberUid-attribute for a given username will be
removed from the posixGroup-object.

=item B<--user|-u> C<username>

Define a username. Requires B<-add>, B<-delete>, B<-list>, B<-join> or
B<-remove>.

=item B<--workstation|-wks> C<workstation>

Define a workstation. Requires B<-add>, B<-delete>, B<-list>, B<-join> or
B<-remove>.

=head1 GLOBAL OPTIONS

=item B<--debug n>

Use an debuglevel. You can choose between 3 (default), 5 and 10 (full
debugging).

=item B<--force|-f> 

Force execution.

=item B<--quiet|-q>

No output.

=item B<--smbconf> F<smb.conf>

Use another smb.conf-file instead of the default location. Needed for running
in remote mode.

=item B<--verbose|-v>

Prints additional information if possible.

=item B<--version>

Prints the version and exits.

=head1 MISC OPTIONS

=item B<--comment|-c> C<comment>

Set a comment for a given user while adding or modifying a user.

=item B<--homedir> C<homedir>

Set the user's login directory while adding or modifying a user. The default
is to append the login name to default_home and use that as the login directory
name.

=item B<--makehomedir>

Create user's home directory while adding a user. The files contained in
/etc/skeleton will be copied to the home directory.

=item B<--passwd> C<pwd>

Set a password for a given user while adding or modifying a user. If no
password is set, the password is identical with the userid (FIXME).

=item B<--shell> C<shell>

Set the login shell while adding or modifying a user. The default is to leave
this field blank, which causes the system to select the default login shell.

=item B<--skeldir skeldir>

Set a different skeleton directory while using the B<-makehomedir> option.

=back

=head1 EXAMPLES

C<ldapsmb -a -u gd -passwd 'secret' -smbacct> 

This will create a user called gd in LDAP and will add all required information
to make that a full samba-Account.

C<ldapsmb -j -u lmuelle -g admins> 

This will add the user lmuelle to the admins-group in ldap.

=head1 AUTHOR

Günther Deschner <gd@suse.de>
Lars Müller <lmuelle@suse.de>
Björn Jacke <bjoern@j3e.de>

If you find any errors in the code please let me know at gd@suse.de.

=head1 BUGS

B<ldapsmb> is not yet fully UNICODE-aware. B<ldapsmb> does not yet deal with
idmap in ldap. Both features will be added in a future release.

=head1 VERSION

This is version 1.34b of B<ldapsmb>.

=head1 COPYRIGHT

Copyright (c) 2003-2005 SuSE Linux AG. All rights reserved.

This program is free software; you can redistribute it and/or modify it under
the same terms as Perl itself.

=cut
