diff -Nru smbldap-tools-0.9.5/build/install-sh smbldap-tools-0.9.7/build/install-sh
--- smbldap-tools-0.9.5/build/install-sh	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/build/install-sh	2011-07-12 15:29:04.000000000 +0200
@@ -0,0 +1,251 @@
+#!/bin/sh
+#
+# install - install a program, script, or datafile
+# This comes from X11R5 (mit/util/scripts/install.sh).
+#
+# Copyright 1991 by the Massachusetts Institute of Technology
+#
+# Permission to use, copy, modify, distribute, and sell this software and its
+# documentation for any purpose is hereby granted without fee, provided that
+# the above copyright notice appear in all copies and that both that
+# copyright notice and this permission notice appear in supporting
+# documentation, and that the name of M.I.T. not be used in advertising or
+# publicity pertaining to distribution of the software without specific,
+# written prior permission.  M.I.T. makes no representations about the
+# suitability of this software for any purpose.  It is provided "as is"
+# without express or implied warranty.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.  It can only install one file at a time, a restriction
+# shared with many OS's install programs.
+
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit="${DOITPROG-}"
+
+
+# put in absolute paths if you don't have them in your path; or use env. vars.
+
+mvprog="${MVPROG-mv}"
+cpprog="${CPPROG-cp}"
+chmodprog="${CHMODPROG-chmod}"
+chownprog="${CHOWNPROG-chown}"
+chgrpprog="${CHGRPPROG-chgrp}"
+stripprog="${STRIPPROG-strip}"
+rmprog="${RMPROG-rm}"
+mkdirprog="${MKDIRPROG-mkdir}"
+
+transformbasename=""
+transform_arg=""
+instcmd="$mvprog"
+chmodcmd="$chmodprog 0755"
+chowncmd=""
+chgrpcmd=""
+stripcmd=""
+rmcmd="$rmprog -f"
+mvcmd="$mvprog"
+src=""
+dst=""
+dir_arg=""
+
+while [ x"$1" != x ]; do
+    case $1 in
+	-c) instcmd="$cpprog"
+	    shift
+	    continue;;
+
+	-d) dir_arg=true
+	    shift
+	    continue;;
+
+	-m) chmodcmd="$chmodprog $2"
+	    shift
+	    shift
+	    continue;;
+
+	-o) chowncmd="$chownprog $2"
+	    shift
+	    shift
+	    continue;;
+
+	-g) chgrpcmd="$chgrpprog $2"
+	    shift
+	    shift
+	    continue;;
+
+	-s) stripcmd="$stripprog"
+	    shift
+	    continue;;
+
+	-t=*) transformarg=`echo $1 | sed 's/-t=//'`
+	    shift
+	    continue;;
+
+	-b=*) transformbasename=`echo $1 | sed 's/-b=//'`
+	    shift
+	    continue;;
+
+	*)  if [ x"$src" = x ]
+	    then
+		src=$1
+	    else
+		# this colon is to work around a 386BSD /bin/sh bug
+		:
+		dst=$1
+	    fi
+	    shift
+	    continue;;
+    esac
+done
+
+if [ x"$src" = x ]
+then
+	echo "install:	no input file specified"
+	exit 1
+else
+	true
+fi
+
+if [ x"$dir_arg" != x ]; then
+	dst=$src
+	src=""
+	
+	if [ -d $dst ]; then
+		instcmd=:
+		chmodcmd=""
+	else
+		instcmd=mkdir
+	fi
+else
+
+# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
+# might cause directories to be created, which would be especially bad 
+# if $src (and thus $dsttmp) contains '*'.
+
+	if [ -f $src -o -d $src ]
+	then
+		true
+	else
+		echo "install:  $src does not exist"
+		exit 1
+	fi
+	
+	if [ x"$dst" = x ]
+	then
+		echo "install:	no destination specified"
+		exit 1
+	else
+		true
+	fi
+
+# If destination is a directory, append the input filename; if your system
+# does not like double slashes in filenames, you may need to add some logic
+
+	if [ -d $dst ]
+	then
+		dst="$dst"/`basename $src`
+	else
+		true
+	fi
+fi
+
+## this sed command emulates the dirname command
+dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
+
+# Make sure that the destination directory exists.
+#  this part is taken from Noah Friedman's mkinstalldirs script
+
+# Skip lots of stat calls in the usual case.
+if [ ! -d "$dstdir" ]; then
+defaultIFS=' 	
+'
+IFS="${IFS-${defaultIFS}}"
+
+oIFS="${IFS}"
+# Some sh's can't handle IFS=/ for some reason.
+IFS='%'
+set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
+IFS="${oIFS}"
+
+pathcomp=''
+
+while [ $# -ne 0 ] ; do
+	pathcomp="${pathcomp}${1}"
+	shift
+
+	if [ ! -d "${pathcomp}" ] ;
+        then
+		$mkdirprog "${pathcomp}"
+	else
+		true
+	fi
+
+	pathcomp="${pathcomp}/"
+done
+fi
+
+if [ x"$dir_arg" != x ]
+then
+	$doit $instcmd $dst &&
+
+	if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
+	if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
+	if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
+	if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
+else
+
+# If we're going to rename the final executable, determine the name now.
+
+	if [ x"$transformarg" = x ] 
+	then
+		dstfile=`basename $dst`
+	else
+		dstfile=`basename $dst $transformbasename | 
+			sed $transformarg`$transformbasename
+	fi
+
+# don't allow the sed command to completely eliminate the filename
+
+	if [ x"$dstfile" = x ] 
+	then
+		dstfile=`basename $dst`
+	else
+		true
+	fi
+
+# Make a temp file name in the proper directory.
+
+	dsttmp=$dstdir/#inst.$$#
+
+# Move or copy the file name to the temp name
+
+	$doit $instcmd $src $dsttmp &&
+
+	trap "rm -f ${dsttmp}" 0 &&
+
+# and set any options; do chmod last to preserve setuid bits
+
+# If any of these fail, we abort the whole thing.  If we want to
+# ignore errors from any of these, just make sure not to ignore
+# errors from the above "$doit $instcmd $src $dsttmp" command.
+
+	if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
+	if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
+	if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
+	if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
+
+# Now rename the file to the real destination.
+
+	$doit $rmcmd -f $dstdir/$dstfile &&
+	$doit $mvcmd $dsttmp $dstdir/$dstfile 
+
+fi &&
+
+
+exit 0
diff -Nru smbldap-tools-0.9.5/build/Makefile.common.in smbldap-tools-0.9.7/build/Makefile.common.in
--- smbldap-tools-0.9.5/build/Makefile.common.in	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/build/Makefile.common.in	2011-08-05 16:20:04.000000000 +0200
@@ -0,0 +1,141 @@
+## Makefile.common
+## ======================================================================
+
+PACKAGE_NAME=		@PACKAGE_NAME@
+PACKAGE_VERSION=	@PACKAGE_VERSION@
+PACKAGE_TARNAME=	@PACKAGE_TARNAME@
+
+## Path
+## ----------------------------------------------------------------------
+
+INSTALL_ROOT=		$(DESTDIR)
+
+package_subdir=		@package_subdir@
+
+prefix=			@prefix@
+exec_prefix=		@exec_prefix@
+bindir=			@bindir@
+sbindir=		@sbindir@
+libdir=			@libdir@
+libexecdir=		@libexecdir@$(package_subdir)
+sysconfdir=		@sysconfdir@$(package_subdir)
+localstatedir=		@localstatedir@
+datadir=		@datadir@
+datarootdir=		@datarootdir@$(package_subdir)
+mandir=			@mandir@
+infodir=		@infodir@
+docdir=			@docdir@
+
+vardir=			$(localstatedir)/lib$(package_subdir)
+rundir=			$(localstatedir)/run$(package_subdir)
+logdir=			$(localstatedir)/log$(package_subdir)
+
+## Commands, Flags and so on
+## ----------------------------------------------------------------------
+
+SUBST=			$(SOURCE_BUILD)/subst
+SUBST_SRC=		$(SUBST).pl
+
+CC=			@CC@
+CPPFLAGS=		@CPPFLAGS@
+CFLAGS=			@CFLAGS@
+
+CP=			cp -p
+RM=			rm -rf
+LN_S=			ln -s
+INSTALL=		$(SOURCE_BUILD)/install-sh -c
+CHMOD_FILES=		chmod 0644
+CHMOD_EXES=		chmod 0755
+CHMOD_CMDS=		chmod 0755
+## ----------------------------------------------------------------------
+
+BUILD_TARGETS_TOP=	$(SUBST)
+
+## Package local
+## ----------------------------------------------------------------------
+
+include $(SOURCE_BUILD)/Makefile.package
+
+## Suffix rules
+## ======================================================================
+
+.SUFFIXES: .pl .pm .cmd .example .tmpl
+
+.pl.cmd:
+	@echo "Building $@ from $< ..."
+	@$(RM) $@ $@.tmp
+	@$(SUBST) <$< >$@.tmp
+	@$(CHMOD_CMDS) $@.tmp
+	@mv $@.tmp $@
+
+.pl.pm:
+	@echo "Building $@ from $< ..."
+	@$(RM) $@ $@.tmp
+	@$(SUBST) <$< >$@.tmp
+	@$(CHMOD_FILES) $@.tmp
+	@mv $@.tmp $@
+
+.tmpl.example:
+	@echo "Building $@ from $< ..."
+	@$(RM) $@ $@.tmp
+	@$(SUBST) <$< >$@.tmp
+	@$(CHMOD_FILES) $@.tmp
+	@mv $@.tmp $@
+
+## Target rules
+## ======================================================================
+
+default:: build
+
+build:: $(BUILD_TARGETS)
+
+install:: $(INSTALL_TARGETS)
+
+install-dir:
+	@echo "Creating directory $(INSTALL_ROOT)$(INSTALL_DIR) ..."
+	@$(INSTALL) -d $(INSTALL_ROOT)$(INSTALL_DIR)
+
+install-files: install-dir
+	@for f in $(INSTALL_FILES); do \
+	    echo "Installing file $$f into $(INSTALL_ROOT)$(INSTALL_DIR) ..."; \
+	    $(INSTALL) -m 0644 -t='s/\.substed$$//' $$f "$(INSTALL_ROOT)$(INSTALL_DIR)" \
+	      || exit 1; \
+	done
+
+install-cmd-dir:
+	@echo "Creating directory $(INSTALL_ROOT)$(INSTALL_CMD_DIR) ..."
+	@$(INSTALL) -d $(INSTALL_ROOT)$(INSTALL_CMD_DIR)
+
+install-cmds: install-cmd-dir
+	@for f in $(INSTALL_CMDS); do \
+	    echo "Installing file $$f into $(INSTALL_ROOT)$(INSTALL_CMD_DIR) ..."; \
+	    $(INSTALL) -m 0755 -t='s/\.cmd$$//' $$f "$(INSTALL_ROOT)$(INSTALL_CMD_DIR)" \
+	      || exit 1; \
+	done
+
+clean::
+	$(RM) $(BUILD_TARGETS) $(BUILD_TARGETS_POST) *.tmp
+
+distclean:: clean
+
+build install clean distclean::
+	@if [ -n "$(MAKE_DIRS)" ]; then \
+	    set - $(MAKE_DIRS); \
+	    for subdir in "$$@"; do \
+		(cd $$subdir && $(MAKE) $@) || exit 1; \
+	    done \
+	fi
+
+build:: $(BUILD_TARGETS_POST)
+
+$(BUILD_TARGETS):: $(SUBST)
+
+$(SUBST): $(SUBST_SRC) $(SOURCE_BUILD)/Makefile.common $(SOURCE_BUILD)/Makefile.package
+	cp $< $@.tmp
+	sed -n 's/^\([A-Za-z_][A-Za-z_0-9]*\)[ 	]*=[ 	]*\(.*\)/\1=\2/p' \
+	  $(SOURCE_BUILD)/Makefile.common \
+	  $(SOURCE_BUILD)/Makefile.package \
+	  >>$@.tmp
+	chmod 0755 $@.tmp
+	mv $@.tmp $@
+
diff -Nru smbldap-tools-0.9.5/build/Makefile.maintainer smbldap-tools-0.9.7/build/Makefile.maintainer
--- smbldap-tools-0.9.5/build/Makefile.maintainer	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/build/Makefile.maintainer	2011-09-05 12:31:58.000000000 +0200
@@ -0,0 +1,54 @@
+## Makefile.maintainer
+## ======================================================================
+
+PACKAGE_NAME_cmd=	grep '^AC_INIT' configure.in |sed 's/.*(//;s/,.*//'
+PACKAGE_NAME=		$(shell $(PACKAGE_NAME_cmd))$(PACKAGE_NAME_cmd:sh)
+PACKAGE_VERSION_cmd=	grep '^AC_INIT' configure.in |sed 's/.*, *//;s/)$$//'
+PACKAGE_VERSION=	$(shell $(PACKAGE_VERSION_cmd))$(PACKAGE_VERSION_cmd:sh)
+PACKAGE_DIST=		$(PACKAGE_NAME)-$(PACKAGE_VERSION)
+
+ARCHIVE_DIR=		..
+ARCHIVE_NAME=		$(PACKAGE_DIST).tar.gz
+ARCHIVE_COMPRESS=	$(GZIP)
+
+TAR=			tar
+GZIP=			gzip -9
+GPG_cmd=		type gpg >/dev/null 2>&1 && echo gpg || echo :
+GPG=			$(shell $(GPG_cmd))$(GPG_CMD:sh)
+RPMBUILD_cmd=		type gpg >/dev/null 2>&1 && echo rpmbuild --sign || echo rpmbuild
+RPMBUILD=		$(shell $(RPMBUILD_cmd))$(RPMBUILD_CMD:sh)
+
+## ----------------------------------------------------------------------
+
+default:
+	@echo "Please read file 'INSTALL' and run ./configure && make."
+
+## ----------------------------------------------------------------------
+
+dist: dist-conf dist-archive dist-rpm
+
+dist-conf:
+	[ -f Makefile ] && $(MAKE) distclean || :
+	autoconf
+	rm -rf autom4te.cache .dist.tmp $(PACKAGE_DIST)
+
+dist-archive:
+	mkdir .dist.tmp
+	cp -rp * .dist.tmp
+	find .dist.tmp -type d -name .svn -exec rm -rf {} \; -prune
+	rm -rf .dist.tmp/vendor/rails .dist.tmp/tags
+	mv .dist.tmp $(PACKAGE_DIST)
+	$(TAR) cf - $(PACKAGE_DIST) |$(ARCHIVE_COMPRESS) >$(ARCHIVE_DIR)/$(ARCHIVE_NAME)
+	rm -rf $(PACKAGE_DIST)
+	$(GPG) --sign --detach-sign $(ARCHIVE_DIR)/$(ARCHIVE_NAME)
+	ls -l $(ARCHIVE_DIR)/$(ARCHIVE_NAME)
+	ls -l $(ARCHIVE_DIR)/$(ARCHIVE_NAME).sig 2>/dev/null || :
+
+dist-rpm:
+	$(RPMBUILD) -ta $(ARCHIVE_DIR)/$(ARCHIVE_NAME)
+
+configure: configure.in
+	autoconf
+
+distclean:
+
diff -Nru smbldap-tools-0.9.5/build/Makefile.package.in smbldap-tools-0.9.7/build/Makefile.package.in
--- smbldap-tools-0.9.5/build/Makefile.package.in	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/build/Makefile.package.in	2011-08-05 16:22:27.000000000 +0200
@@ -0,0 +1,11 @@
+## Makefile.package
+## ======================================================================
+
+PERL_CMD=		@PERL_CMD@
+PERL_LIBDIR=		@PERL_LIBDIR@
+POD2MAN_CMD=		@POD2MAN_CMD@
+
+SAMBA_BINDIR=		@SAMBA_BINDIR@
+SAMBA_SYSCONFDIR=	@SAMBA_SYSCONFDIR@
+SAMBA_SMB_CONF=		$(SAMBA_SYSCONFDIR)/smb.conf
+
diff -Nru smbldap-tools-0.9.5/build/Makefile.top.in smbldap-tools-0.9.7/build/Makefile.top.in
--- smbldap-tools-0.9.5/build/Makefile.top.in	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/build/Makefile.top.in	2011-08-05 16:12:50.000000000 +0200
@@ -0,0 +1,18 @@
+## Makefile.top
+## ======================================================================
+
+CONFIG_HEADERS=		@CONFIG_HEADERS@
+
+clean::
+	$(RM) $(SOURCE_BUILD)/subst
+
+distclean:: clean
+	$(RM) $(CONFIG_HEADERS)
+	$(RM) Makefile config.log config.status config.cache autom4te.cache
+	$(RM) $(SUBST_SRC)
+	$(RM) $(SOURCE_BUILD)/Makefile.common $(SOURCE_BUILD)/Makefile.package $(SOURCE_BUILD)/Makefile.top
+	echo "include $(SOURCE_BUILD)/Makefile.maintainer" >Makefile
+
+dist dist-conf:
+	$(MAKE) -f $(SOURCE_BUILD)/Makefile.maintainer $@
+
diff -Nru smbldap-tools-0.9.5/build/subst.pl.in smbldap-tools-0.9.7/build/subst.pl.in
--- smbldap-tools-0.9.5/build/subst.pl.in	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/build/subst.pl.in	2011-09-02 09:23:49.000000000 +0200
@@ -0,0 +1,72 @@
+#!@PERL_CMD@
+##
+## Substitute for @TAG@ in STDIN stream and output to STDOUT
+## Copyright (c) 2000-2011 SATOH Fumiyasu, All rights reserved.
+##
+## License: GNU General Public License version 2
+## Date: 2011-06-22, since 2000-10-27
+##
+
+use strict;
+use warnings;
+use English;
+use IO::File;
+
+my $tag1 = qr/\@([A-Za-z]+(?:_[0-9A-Za-z]+)*)\@/;
+my $tag2 = qr/\$[{(]([A-Za-z]+(?:_[0-9A-Za-z]+)*)[)}]/;
+my $fh_in = *STDIN;
+my $fh_out = *STDOUT;
+
+if (defined($ARGV[0]) && $ARGV[0] !~ /=/) {
+  my $file = shift(@ARGV);
+  if ($fh_in = IO::File->new($file, 'r')) {
+    die "Cannot open file: $file: $OS_ERROR";
+  }
+}
+if (defined($ARGV[0]) && $ARGV[0] !~ /=/) {
+  my $file = shift(@ARGV);
+  if ($fh_out = IO::File->new($file, 'w')) {
+    die "Cannot open file: $file: $OS_ERROR";
+  }
+}
+
+my %text = ();
+## Read tag names and values
+while (defined(my $line = DATA->getline())) {
+  if ($line =~ /^(\w+)=(["']?)(.*)(\2)$/) {
+    $text{lc($1)} = $3;
+  }
+}
+## Override tags by command-line arguments if specified
+foreach my $arg (@ARGV) {
+  if ($arg =~ /^(\w+)=(.*)$/) {
+    $text{lc($1)} = $2;
+  }
+}
+
+sub subst
+{
+  my $str = shift;
+
+  $str =~ s/$tag1/exists($text{lc($1)}) ? subst2($text{lc($1)}) : "XXX Unknown: $1 XXX"/ge;
+
+  return $str;
+}
+
+sub subst2
+{
+  my $str = shift;
+
+  while ($str =~ s/$tag2/exists($text{lc($1)}) ? $text{lc($1)} : "XXX Unknown: $1 XXX"/ge) {};
+
+  return $str;
+}
+
+while (defined(my $line = $fh_in->getline())) {
+  $line = subst($line);
+  $fh_out->print($line);
+}
+
+exit(0);
+
+__DATA__
diff -Nru smbldap-tools-0.9.5/ChangeLog smbldap-tools-0.9.7/ChangeLog
--- smbldap-tools-0.9.5/ChangeLog	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/ChangeLog	2011-09-26 10:10:37.000000000 +0200
@@ -1,182 +1,336 @@
+2011-09-26 <fumiyas at OSS Technology, Inc., Japan>
+	* new tag 0.9.7
 
-2008-04-22   <jtournier@gmail.com>
+2011-09-06 <fumiyas at OSS Technology, Inc., Japan>
+	* smbldap-populate: Create parent entry for $config{sambaUnixIdPooldn}
+	  if it does not exist
+
+2011-09-02 <fumiyas at OSS Technology, Inc., Japan>
+	* smbldap-config: Rename from configure.pl
+
+2011-07-23 <fumiyas at OSS Technology, Inc., Japan>
+	* smbldap-populate: Create parent entry for $config{usersdn}
+	  (and others) if it does not exist
+	  (e.g. usersdn="ou=Users,ou=parent,${suffix}" in smbldap.conf)
+
+2011-07-13 <fumiyas at OSS Technology, Inc., Japan>
+	* smbldap-useradd: New option: --non-unique (Allow the creation of a
+	  user account with a duplicate (non-unique) UID)
+
+2011-07-12 <fumiyas at OSS Technology, Inc., Japan>
+	* smbldap-usermod: New option: --ou NODE (move user entry to the
+	  specified organazional unit)
+	* Canonize user name to treat the memberUid as case-sensitive
+	  attribute (but the uid attribute is case-insensitive)
+	* smbldap-useradd: New option: -p (allow to set password from
+	  STDIN without verification, e.g. using a pipe)
+
+2011-07-08 <fumiyas at OSS Technology, Inc., Japan>
+	* smbldap-populate: Use Net::LDAP::Entry for populating entries
+
+2011-06-29 <fumiyas at OSS Technology, Inc., Japan>
+	* Use sambaNextRid attribute in sambaDomain entry for the next RID
+	  as same as Samba 3.0+ (only when sambaAlgorithmicRidBase attribute
+	  does NOT exists in sambaDomain entry for backward compatibility)
+
+2011-06-24 <fumiyas at OSS Technology, Inc., Japan>
+	* Rename smbldap.conf parameters:
+	  - hash_encrypt -> password_hash
+	  - crypt_salt_format -> password_crypt_salt_format
+	* LDAPv3 Password Modify (RFC 3062) extended operation
+	  support when password_hash="exop" in smbldap.conf
+
+2011-06-23 <fumiyas at OSS Technology, Inc., Japan>
+	* Add shadowAccount parameter in smbldap.conf to control whether
+	  to treat shadowAccount objectclass and attributes or not
+
+2011-06-22 <fumiyas at OSS Technology, Inc., Japan>
+	* Introduce autoconf (configure.in, Makefile.in and so on)
+
+2011-06-14 <fumiyas at OSS Technology, Inc., Japan>
+	* smbldap-passwd: Do not use permuted -s option for the smbpasswd(1)
+	  command-line because the plain-old getopt(3) does not support it
+
+2011-05-28 <fumiyas at OSS Technology, Inc., Japan>
+	* smbldap_tools.pm: Add read_password() to avoid `stty -echo` hacks
+	* Use /usr/sbin/nscd -i instead of /etc/init.d/nscd
+
+2011-05-24 <fumiyas at OSS Technology, Inc., Japan>
+	* smbldap-populate, smbldap_tools.pm: Use /nonexistent instead
+	  of /dev/null for guest's and computer's homeDirectory
+
+2011-03-09 <fumiyas at OSS Technology, Inc., Japan>
+	* smbldap_tools.pm: Use Encode instead of Unicode::MapUTF8
+
+2011-02-23 <fumiyas at OSS Technology, Inc., Japan>
+	* smbldap_tools.pm:
+	  - get_next_id: Use getgrgid() for GID number
+	  - read_parameter: Use lexically-scoped variable $line
+	    instead of global $_
+	  - read_user_human_readable: Use UTF-8 flaged string and
+	    \P{IsPrint} to check if an LDAP attribute has non-printable
+	    characters or not
+	* smbldap-populate: Fix wrong sambaGroupType values for local groups
+	* Replace bare "smbpasswd" with "$config{smbpasswd}"
+	* smbldap-useradd: Add -h (--no-dereference) option to the
+	  chown(1) command-line
+	* smbldap-useradd: Extend -Z (--attr) option to take multiple
+	  -Z options
+	* smbldap-usermod: Set sambaPwdLastSet to the current time
+	  if "-B 0" is used (for Samba 3.0.25 and later)
+	* smbldap-usermod: Extend -Z (--attr) option:
+	  - Take multiple -Z options
+	  - Append a value to a multi-value attribute by -Z +name=value
+	  - Remove a value from a multi-value attribute by -Z -name=value
+	  - Remove a attribte by -Z -name
+
+2010-11-15 <mm@FreeBSD.org>
+	* smbldap-useradd:
+	  - fix Z option in getopt (custom LDAP attribute)
+	  - drop unused L option from getopt
+	  - alphabetically reorganize getopt options
+	  - fix several mis-spellings and typos
+	(thx to Paul Howarth <paul@city-fan.org>)
+	* other utilities:
+	  - alphabetically reorganize getopt and help
+	* new tag 0.9.6
+
+2010-10-21 <mm@FreeBSD.org>
+	* new tool: smbldap-grouplist (list LDAP groups)
+	* smbldap-useradd, smbldap-usershow, smbldap-usermod:
+	  - change default encoding of givenName and sn to UTF-8 (bug #11717)
+	  - new option: -X (input/output encoding, defaults to UTF-8)
+	  - new option: -O (localMailAddress attribute)
+	  - changed option: -M (now sets only mail attribute)
+	  - home directory is now chowned as $userUidNumber:$userGidNumber
+	    (bug #11721)
+	  - use gecos as displayName if givenName and userSN not provided
+	    (bug #14517)
+	* smbldap-passwd:
+	  - new option: -p (allow root to set password from 
+	    STDIN without verification, e.g. using a pipe) (bug #11964)
+	  - change userPassword, shadowLastChange and shadowMax individually
+	    e.g. no shadow class or user may not have rights (bug #15052)
+	* smbldap-groupmod: allow deletion of users from groups without 
+	  a defined samba group SID)
+	* remove references to smbldap_conf.pm
+
+2008-04-22 <jtournier@gmail.com>
 	* new tag 0.9.5
 
-2008-04-13   <jtournier@gmail.com>
-	* smbldap-useradd: new option '-W' to add a computer account with samba attributes (for account creation
-	through samba, use '-w')
+2008-04-13 <jtournier@gmail.com>
+	* smbldap-useradd: new option '-W' to add a computer account with samba
+	attributes (for account creation through samba, use '-w')
 	* smbldap_tools.pm: added ldaps support
 	* smbldap.conf: new option 'ldapSSL' for SSL support
 
-2008-03-05   <jtournier@gmail.com>
+2008-03-05 <jtournier@gmail.com>
 	* smbldap-usershow: if nscd is up dans running, restart the service
 	(http://gna.org/bugs/?11206)
 
-2008-02-17   <jtournier@gmail.com>
-	* smbldap-populate: remove sambaNextRid entry if ${sambaDomain} is not used for ${sambaUnixIdPooldn} entry
-	                    (sambaDomain objectclass is then not added to ${sambaUnixIdPooldn})
-
-2008-02-15   <jtournier@gmail.com>
-	* smbldap-usermod: if "-I" is used, set sambaPwdLastSet to the current time
-	* smbldap-useradd: if '-k /etc/skel" is used, /etc/skel content is now correctly copied to home directory
-
-2007-12-18    <jtournier@gmail.com>
-	* smbldap-usermod, smbldap-passwd (smbldap-passwd is asked by smbldap-useradd): if "-B 1" is used, set sambaPwdLastSet to 0
- 	 (https://gna.org/support/?1828)
-
-2007-12-17    <jtournier@gmail.com>
-	* smbldap-usermod, smbldap-useradd: new -Z option to add custom LDAP attributes
-
-2007-11-26    <jtournier@gmail.com>
-	* smbldap-groupadd: added sncd status and restart service after applying modifications
+2008-02-17 <jtournier@gmail.com>
+	* smbldap-populate: remove sambaNextRid entry if ${sambaDomain} is not 
+	used for ${sambaUnixIdPooldn} entry
+	(sambaDomain objectclass is then not added to ${sambaUnixIdPooldn})
+
+2008-02-15 <jtournier@gmail.com>
+	* smbldap-usermod: if "-I" is used, set sambaPwdLastSet to the current 
+	time
+	* smbldap-useradd: if '-k /etc/skel" is used, /etc/skel content is now 
+	correctly copied to home directory
+
+2007-12-18 <jtournier@gmail.com>
+	* smbldap-usermod, smbldap-passwd (smbldap-passwd is asked by 
+	smbldap-useradd): if "-B 1" is used, set sambaPwdLastSet to 0
+	(https://gna.org/support/?1828)
+
+2007-12-17 <jtournier@gmail.com>
+	* smbldap-usermod, smbldap-useradd: new -Z option to add custom LDAP
+	attributes
+
+2007-11-26 <jtournier@gmail.com>
+	* smbldap-groupadd: added sncd status and restart service after
+	applying modifications
 	(https://gna.org/bugs/index.php?10313)
 
-	* smbldap-passwd: unix password not updated if maxPasswordAge not defined in smbldap.Conf => added control test
+	* smbldap-passwd: unix password not updated if maxPasswordAge not
+	defined in smbldap.Conf => added control test
 	(https://gna.org/bugs/?10230)
 
 	* smbldap-usershow: new -h option to print dates in human-readable form
 	(https://gna.org/bugs/?10231)
 
-2007-11-23    <jtournier@gmail.com>
+2007-11-23 <jtournier@gmail.com>
 	* smbldap-usermod: fixes and enhancements relative to expirations dates
 	(https://gna.org/bugs/?10229)
 
-2007-10-30    <jtournier@gmail.com>
-
-	* smbldap_tools.pm (read_user): do not print binary data in smbldap-usershow
+2007-10-30 <jtournier@gmail.com>
+	* smbldap_tools.pm (read_user): do not print binary data in
+	smbldap-usershow
 	(https://gna.org/bugs/?10228)
 
-2007-09-17    <jtournier@gmail.com>
+2007-09-17 <jtournier@gmail.com>
 	* new tag 0.9.4
 
-2007-09-17    <jtournier@gmail.com>
-	* smbldap-usermod and smbldap-useradd: displayName attribute default to username or use the information given
-	with the -S and -N options. (RFC 2256 & RFC 2798).
+2007-09-17 <jtournier@gmail.com>
+	* smbldap-usermod and smbldap-useradd: displayName attribute default to
+	username or use the information given with the -S and -N options. 
+	(RFC 2256 & RFC 2798).
 	* update sambaPrimaryGroupSID if '-g' option is used
 	Thanks to Christoph Szeppek <szeppek@ida.ing.tu-bs.de> for his patch.
 
-2007-09-05    <jtournier@gmail.com>
+2007-09-05 <jtournier@gmail.com>
 	* smbldap-userlist (print_user): print also shadowMax attribute value
 
-2007-08-07    <jtournier@gmail.com>
+2007-08-07 <jtournier@gmail.com>
 	* smbldap-usermod: allow renaming of computers account
 
-2007-08-01    <jtournier@gmail.com>
-	* smbldap-usermod: cn was updated to null string (if -N or -S are not used.) which causes a failed
-	ldap modification
+2007-08-01 <jtournier@gmail.com>
+	* smbldap-usermod: cn was updated to null string (if -N or -S are not 
+	used.) which causes a failed ldap modification
 
-2007-07-19    <jtournier@gmail.com>
+2007-07-19 <jtournier@gmail.com>
 	* new tag 0.9.3
 	
-2007-07-13    <jtournier@gmail.com>
-	* smbldap-userinfo (exist_in_tab;): print also Samba Password Last Set, Samba Password Must Change and Samba Flags
+2007-07-13 <jtournier@gmail.com>
+	* smbldap-userinfo (exist_in_tab;): print also Samba Password Last Set,
+	Samba Password Must Change and Samba Flags
 
-	* smbldap-userlist (exist_in_tab;): only root can show all users informations. If used as standard user,
-	only print personnal informations
+	* smbldap-userlist (exist_in_tab;): only root can show all users
+	informations. If used as standard user, only print personnal
+	informations
 
-2007-07-10    <jtournier@gmail.com>
+2007-07-10 <jtournier@gmail.com>
 
-	* smbldap-populate: new option '-r' to specify the first rid available for users and groups creation
-	(default is 1000)
+	* smbldap-populate: new option '-r' to specify the first rid available
+	for users and groups creation (default is 1000)
 
-2007-07-06    <jtournier@gmail.com>
+2007-07-06 <jtournier@gmail.com>
 
-	* smbldap_tools.pm (add_posix_machine): add only 'top', 'account', 'posixAccount' objectclass for computers account
+	* smbldap_tools.pm (add_posix_machine): add only 'top', 'account',
+	'posixAccount' objectclass for computers account
 
-	* smbldap_tools.pm (get_next_id($$)): look if the id or gid is not already used in /etc/passwd or
-	/etc/group. Check the next one if so.
+	* smbldap_tools.pm (get_next_id($$)): look if the id or gid is not
+	already used in /etc/passwd or /etc/group. Check the next one if so.
 
-	* smbldap_tools.pm (delete_user): print error message if deleting user failed
+	* smbldap_tools.pm (delete_user): print error message if deleting
+	user failed
 
-2007-07-05    <jtournier@gmail.com>
+2007-07-05 <jtournier@gmail.com>
 
-	* smbldap-userlist: new script that list all account properties (expiration, status,...)
+	* smbldap-userlist: new script that list all account properties
+	(expiration, status,...)
 
-2007-07-04    <jtournier@gmail.com>
+2007-07-04 <jtournier@gmail.com>
 
-	* smbldap-passwd (make_salt): update shadowMax (to $config{defaultMaxPasswordAge}) entry if script
-	used with root priviledge
+	* smbldap-passwd (make_salt): update shadowMax
+	(to $config{defaultMaxPasswordAge}) entry if script used with root 
+	priviledge
 
-	* smbldap_tools.pm (add_posix_machine): when creating a computer account, just set the 'top',
-	'account' and 'posixAccount' objectclass
+	* smbldap_tools.pm (add_posix_machine): when creating a computer
+	account, just set the 'top', 'account' and 'posixAccount' objectclass
 
-	* smbldap_tools.pm (parse_group): same as below: replace getgrgid() by a ldap querie
+	* smbldap_tools.pm (parse_group): same as below: replace getgrgid() by
+	a ldap querie
 
-	* smbldap-groupmod: replace the call of getgrnam() with a ldap search because getgrnam() can't return
-	the group gidNumber in case the script is executed from a server where ldap auth is not set
+	* smbldap-groupmod: replace the call of getgrnam() with a ldap search
+	because getgrnam() can't return the group gidNumber in case the script
+	is executed from a server where ldap auth is not set
 	(tnx to Konstantin Munning)
 
-2007-07-03    <jtournier@gmail.com>
+2007-07-03 <jtournier@gmail.com>
 
-	* smbldap-useradd: using the userName instead of uidNumber in "chown ... $userHomeDirectory" because
-	$userUidNumber is linked to user which has a different uidNumber in case of use numeric-only username
+	* smbldap-useradd: using the userName instead of uidNumber in
+	"chown ... $userHomeDirectory" because $userUidNumber is linked to user
+	which has a different uidNumber in case of use numeric-only username
 	(thx to Francesco Malvezzi)
 	
-	* smbldap-useradd: if -B option is used, called smbldap-passwd with -B option (without -B option
-	in smbldap-passwd, this command was overwritten sambaPwdMustChange sambaPwdLastSet and sambaAcctFlags
-	just after being updated with smbldap-usermod)
+	* smbldap-useradd: if -B option is used, called smbldap-passwd with -B
+	option (without -B option in smbldap-passwd, this command was 
+	overwritten sambaPwdMustChange sambaPwdLastSet and sambaAcctFlags just 
+	after being updated with smbldap-usermod)
 
-	* smbldap-passwd: new option -B to force user to change Samba password (and then also unix) at
-	next connection
+	* smbldap-passwd: new option -B to force user to change Samba password
+	(and then also unix) at next connection
 
-2007-07-02    <jtournier@gmail.com>
+2007-07-02 <jtournier@gmail.com>
 
-	* smbldap-migrate-pwdump-accounts: make the ldap connection before trying to modify any entry
+	* smbldap-migrate-pwdump-accounts: make the ldap connection before
+	trying to modify any entry
 
 	* smbldap-migrate-pwdump-accounts and smbldap-migrate-pwdump-groups: 
-	added "PATH=/sbin:/usr/sbin:/usr/local/sbin:/opt/IDEALX/sbin/" before calling smbldap-useradd
+	added "PATH=/sbin:/usr/sbin:/usr/local/sbin:/opt/IDEALX/sbin/" before
+	calling smbldap-useradd
 
-	* smbldap-userinfo: new option -l to list user properties and specially password aging informations
+	* smbldap-userinfo: new option -l to list user properties and specially
+	password aging informations
 
-	* smbldap-usermod: new options --shadowExpire --shadowMax --shadowMin and --shadowWarning
-	related to password aging
+	* smbldap-usermod: new options --shadowExpire --shadowMax --shadowMin
+	and --shadowWarning related to password aging
 
-	* smbldap-usermod: new options -L and -U to lock/unlock shadow account (thx to
-	(Pierluigi Miranda <Pierluigi.Miranda@agecontrol.it>)
+	* smbldap-usermod: new options -L and -U to lock/unlock shadow account
+	(thx to Pierluigi Miranda <Pierluigi.Miranda@agecontrol.it>)
 
-	* smbldap-passwd: sambaPwdLastSet attribute is updated whend changing password
+	* smbldap-passwd: sambaPwdLastSet attribute is updated whend changing
+	password
 
-	* smbldap-usermod: if -o was used, script must not exit if uid already exist
+	* smbldap-usermod: if -o was used, script must not exit if uid already
+	exist
 
-	* smbldap_tool.pm: in function connect_ldap_slave, bind parameters to contact the master server
-	(if slave is not available) must be $config{masterDn} and $config{masterPw}
+	* smbldap_tool.pm: in function connect_ldap_slave, bind parameters to
+	contact the master server (if slave is not available) must be 
+	$config{masterDn} and $config{masterPw}
 
-2007-06-27    <jtournier@gmail.com>
+2007-06-27 <jtournier@gmail.com>
 
 	* smbldap-tools.spec: added man pages
 	
-	* smbldap-useradd: update -o option to allow specify a node like '-o ou=admin,ou=all'
+	* smbldap-useradd: update -o option to allow specify a node like
+	'-o ou=admin,ou=all'
 	
-	* smbldap-tools.pm: be more verbose if ldap_bind failed (thx to tarjei <tarjei@nu.no>)
+	* smbldap-tools.pm: be more verbose if ldap_bind failed
+	(thx to tarjei <tarjei@nu.no>)
 	
 	* smbldap-useradd: be more berbose if problem searching next uid in 
-	$config{sambaUnixIdPooldn} (thx to  Goneri Le Boude <goneri@rulezlan.org>)
+	$config{sambaUnixIdPooldn} 
+	(thx to Goneri Le Boude <goneri@rulezlan.org>)
 
-2006-01-13    <jtournier@gmail.com>
+2006-01-13 <jtournier@gmail.com>
 
 	* UTF8 support in smbldap-usermod for option -N
 	
 2006-01-03
 	. new tag (v0-9-2 for rpm version 0.9.2)
+
 2005-10-31
-	. Option 'P' to set password was not possible in smbldap-useradd when usernames contained
-	  space character
-	. smbldap-populate and smbldap_tools.pm: classes hierarchical is specified completly to avoid
-	  problem with others directories then OpenLDAP.
-	. smbldap-useradd: users are not added to group if the group is their primary one
-	. smbldap-useradd and smbldap_tools: new function is_nonldap_unix_user to allow adding non
-	  ldap users to group. This is typically used to add users from a trusted domains (winbind)
-	. when adding trusted account (smbldap-useraddd -i) '$' caracter is added to the name if
-	  not present
-	. if with_smbpasswd="1", we let samba adding the sambaPrimaryGroupSID entry
-	. smbldap-passwd: new option -s and -u to only update samba password or unix password
-	. smbldap-passwd: regular users can change their passwords when TLS is forced
-	. parsing smb.conf is correct if parameters are defined in several lines (using \ caracter)
-	. automatic creation of the OU of a new user if it does not exist (smbldap-useradd -o ou=xxx)
-	  The new OU must me relative to the $config{usersdn} parameter
+	. Option 'P' to set password was not possible in smbldap-useradd when
+	usernames contained space character
+	. smbldap-populate and smbldap_tools.pm: classes hierarchical is 
+	specified completly to avoid problem with others directories then 
+	OpenLDAP.
+	. smbldap-useradd: users are not added to group if the group is their 
+	primary one
+	. smbldap-useradd and smbldap_tools: new function is_nonldap_unix_user
+	to allow adding non ldap users to group. This is typically used to add 
+	users from a trusted domains (winbind)
+	. when adding trusted account (smbldap-useraddd -i) '$' caracter is
+	added to the name if not present
+	. if with_smbpasswd="1", we let samba adding the sambaPrimaryGroupSID 
+	entry
+	. smbldap-passwd: new option -s and -u to only update samba password or
+	unix password
+	. smbldap-passwd: regular users can change their passwords when TLS is
+	forced
+	. parsing smb.conf is correct if parameters are defined in several
+	lines (using \ caracter)
+	. automatic creation of the OU of a new user if it does not exist
+	(smbldap-useradd -o ou=xxx).  The new OU must me relative to the 
+	$config{usersdn} parameter
+
 2005-07-12
-	. sambaPrimaryGroupSID for samba users is set to DOMAIN_SID-513, whatever is
-	  the defaultUserGid parameter value defined in smbldap.conf
+	. sambaPrimaryGroupSID for samba users is set to DOMAIN_SID-513,
+	whatever is the defaultUserGid parameter value defined in smbldap.conf
+
 2005-06-07
 	. sambaBadPasswordCount is set to 0 when using smbldap-passwd
 	. update for respect with RFC 2256:
@@ -184,35 +338,46 @@
 	  givenName <-> prenom (option N)
 	  cn <-> person's full name
 	. UTF8 support for givenName (option N) and sn (option S)
+
 2005-05-26: new tag (v0-9-1 for rpm version 0.9.1)
 	. bugs correction and updates in configure.pl
+
 2005-05-17: new tag (v0-9-0 for rpm version 0.9.0)
+
 2005-05-16
-	. update release version 0.9.0 for synchronisation with examples of the "Samba3 by examples"
-	  book of John H Terpstra.
+	. update release version 0.9.0 for synchronisation with examples
+	  of the "Samba3 by examples" book of John H Terpstra.
 	. default configuration files for the smbldap-tools can be place in
 	  /etc/opt/IDEALX/smbldap-tools or /etc/smbldap-tools/
 	. default configuration file for samba can be /etc/samba/smb.conf or
 	  /usr/local/samba/lib/smb.conf
-	. new parameter userHomeDirectoryMode in smbldap.conf to set the default directory mode used
-	  for user's homeDirectory
+	. new parameter userHomeDirectoryMode in smbldap.conf to set the
+	  default directory mode used for user's homeDirectory
 	. enhancements and fixes in configure.pl
+
 2005-04-27
 	. error in group type documentation in smbldap-groupadd
+
 2005-04-17
-	. warnings was displayed when samba configuraton file (smb.conf) had single quotes in
-	  parameters definition (thanks to Tom Burkart <samba@aussec.com>)
-	. 'idmapdn' is now also optional in smbldap.conf (if needed and defined in smb.conf)
+	. warnings was displayed when samba configuraton file (smb.conf) had
+	  single quotes in parameters definition
+	  (thanks to Tom Burkart <samba@aussec.com>)
+	. 'idmapdn' is now also optional in smbldap.conf (if needed and defined
+	  in smb.conf)
+
 2005-04-03: new tag (v0-8-8 for rpm version 0.8.8)
+
 2005-03-09
-	. Four more options are now optional in smbldap.conf. Default values are:
+	. Four more options are now optional in smbldap.conf.
+	  Default values are:
 	  > slaveLDAP="127.0.0.1"
 	  > slavePort="389"
 	  > masterLDAP="127.0.0.1"
 	  > masterPort="389"
 	  > ldapTLS="0"
 	. the following suffix can be used with the smbldap-tools:
-	  > suffix="dc=dpt,dc=idealx,dc=org", suffix="dc=idealx,dc=org" or suffix="dc=idealx"
+	  > suffix="dc=dpt,dc=idealx,dc=org", suffix="dc=idealx,dc=org" or
+	  suffix="dc=idealx"
 	. update to smbldap-populate:
 	    . administrator account is now called 'root'
 	    . default uidNumber for root is set to 0
@@ -222,114 +387,146 @@
 2005-03-08
 	. Four parameters in smbldap.conf are now optional:
 	  'suffix', 'usersdn', 'computersdn' and 'groupsdn'
-	  If those parameters are not set, they are respectivly taken from the following
-	  parameters in smb.conf :
-	  'ldap suffix', 'ldap user suffix', 'ldap machine suffix' and 'ldap group suffix'
+	  If those parameters are not set, they are respectivly taken from
+	  the following parameters in smb.conf :
+	  'ldap suffix', 'ldap user suffix', 'ldap machine suffix' and
+	  'ldap group suffix'
 	. renaming two files:
 	  $ mv smbldap-migrate-accounts smbldap-migrate-pwdump-accounts 
 	  $ mv smbldap-migrate-groups smbldap-migrate-pwdump-groups
 2005-02-26
-	. New option '-t time' to smbldap-useradd: wait <time> seconds before exiting script when
-	  adding computer's account. This is useful when Master/PDC and Slaves/BDCs are connected
-	  through the internet (replication is not real time).
+	. New option '-t time' to smbldap-useradd: wait <time> seconds before
+	  exiting script when adding computer's account. This is useful when
+	  Master/PDC and Slaves/BDCs are connected through the internet
+	  (replication is not real time).
 	  The Samba smb.conf configuration file should then look like this :
 	  > add machine script = /opt/IDEALX/sbin/smbldap-useradd -t 30 -w "%u"
 	  This options can only be used with the -w to add computers's account.
 	  bug report: https://bugzilla.samba.org/show_bug.cgi?id=2384
 	. three parameters are now optional in smbldap.conf
-	  . 'sambaUnixIdPooldn': If not defined, next uidNumber and gidNumber available for new
-	    users and groups are stored in sambaDomainName object
-	  . 'SID': If not defined, parameter is taking from "net getlocalsid" return
-	  . 'sambaDomain': If not defined, parameter is taking from smb.conf configuration file
-	. add 'sambaDomain' parameter in smbldap.conf. If not defined 'workgroup' parameter in
-	  smb.conf is used
+	  . 'sambaUnixIdPooldn': If not defined, next uidNumber and gidNumber
+	    available for new users and groups are stored in sambaDomainName
+	    object
+	  . 'SID': If not defined, parameter is taking from "net getlocalsid"
+	    return
+	  . 'sambaDomain': If not defined, parameter is taking from smb.conf
+	    configuration file
+	. add 'sambaDomain' parameter in smbldap.conf. If not defined
+	  'workgroup' parameter in smb.conf is used
+
 2005-02-13: new tag (v0-8-7 for rpm version 0.8.7)
-	. update smbldap-populate: check previously if entries exist. If the sambaDomain entry
-	  already exist when using smbldap-populate, we just modify it to add the sambaUnixIdPool
-	  objectclass which store the first uidNumber and gidNumber available.
+	. update smbldap-populate: check previously if entries exist. If the
+	  sambaDomain entry already exist when using smbldap-populate, we just
+	  modify it to add the sambaUnixIdPool objectclass which store the
+	  first uidNumber and gidNumber available.
 	. update connection procedure to the directory in smbldap-passwd
-	. new script smbldap-userinfo from Pawel Wieleba to allow people update their own
-	  informations like telephoneNumber, name and some others (need proper ACL in ldap
-	  configuration)
-	. new migration scripts from Pawel Wieleba smbldap-migrate-unix-accounts and
-	  smbldap-migrate-unix-groups to help migrating users and groups defined in /etc/passwd (and/or
-	  /etc/shadow) and /etc/group.
+	. new script smbldap-userinfo from Pawel Wieleba to allow people update
+	  their own informations like telephoneNumber, name and some others
+	  (need proper ACL in ldap configuration)
+	. new migration scripts from Pawel Wieleba
+	  smbldap-migrate-unix-accounts and smbldap-migrate-unix-groups to help
+	  migrating users and groups defined in /etc/passwd
+	  (and/or /etc/shadow) and /etc/group.
+
 2005-01-29
 	. bug in smbldap-populate: the -b option (guest login name) was broken
-	. new option '-k' and '-l' to smbldap-populate to defined the uidNumber of administrator and
-	  guest accounts
+	. new option '-k' and '-l' to smbldap-populate to defined the uidNumber
+	  of administrator and guest accounts
 	. group "Account Operators" is now created with smbldap-populate
 	. Administrator account does not need anymore uidNumber=0 (using 998)
 	. update in smbldap-populate and smbldap.conf:
-	  . next uidNumber and gidNumber available for new users and new groups are now
-	    stored in the sambaDomainName object. This allow the sambaUnixIdPooldn to not
-	    been viewed as a real user under IMC (http://www.idealx.org/prj/imc/)
-	    sambaUnixIdPooldn in configuration file smbldap.conf must look like
+	  . next uidNumber and gidNumber available for new users and new groups
+	    are now stored in the sambaDomainName object. This allow the
+	    sambaUnixIdPooldn to not been viewed as a real user under IMC
+	    (http://www.idealx.org/prj/imc/) sambaUnixIdPooldn in configuration
+	    file smbldap.conf must look like:
 	    > sambaUnixIdPooldn="sambaDomainName=MYDOMAIN,${suffix}"
 	  . the sambaDomainName is determine by 
 	    - the sambaUnixIdPooldn parameter of smbldap.conf, or
-	    - the workgroup parameter of smb.conf if sambaUnixIdPooldn is not a sambaDomainName
-	      object
-	. patch to smbldap-useradd: $modify->code was executed even if no modification was required,
-	  this can cause error mesage with some ldap directory.
+	    - the workgroup parameter of smb.conf if sambaUnixIdPooldn
+	      is not a sambaDomainName object
+	. patch to smbldap-useradd: $modify->code was executed even if no
+	  modification was required, this can cause error mesage with some ldap
+	  directory.
 	. small typo corrections
+
 2005-16-01: new tag (v0-8-6 for rpm version 0.8.6)
+
 2005-06-01:
-	. new location /opt/IDEALX and /etc/opt/IDEALX/ (instead of /usr/local and /etc)
-	  to conform to FHS/LSB
+	. new location /opt/IDEALX and /etc/opt/IDEALX/ (instead of /usr/local
+	  and /etc) to conform to FHS/LSB
 	. update typo correction in documentation
-	. patch to smbldap-passwd from Pawel Wieleba <wielebap@volt.iem.pw.edu.pl>:
-	   see www.iem.pw.edu.pl/~wielebap/ldap/smbldap-tools/smbldap-tools_doc.pdf
-	  . use of slappasswd was insecure as external program. Now slappasswd is run in
-	    a child process and shell is not used
+	. patch to smbldap-passwd from
+	  Pawel Wieleba <wielebap@volt.iem.pw.edu.pl>, see:
+	  www.iem.pw.edu.pl/~wielebap/ldap/smbldap-tools/smbldap-tools_doc.pdf
+	  . use of slappasswd was insecure as external program. Now slappasswd
+	    is run in a child process and shell is not used
 	  . it is now possible to not use slappasswd but perl module only
-	  . new parameter 'with_slappasswd' in smbldap.conf to allow not use 'slappasswd'
-	    but perl module only
+	  . new parameter 'with_slappasswd' in smbldap.conf to allow not use
+	    'slappasswd' but perl module only
 	. new option '-r' to smbldap-usermod for renaming a user. Exemple:
 	  $ smbldap-usermod -d /home/new_user -r new_user old_user
+
 2004-10-28: new tag (v0-8-5-3 for rpm version 0.8.5-3)
+
 2004-10-07:
-	. smbldap-useradd: set sambaPwdLastSet to the current date, and sambaPwdMustChange
-	  to 2147483647 for trust account to work
+	. smbldap-useradd: set sambaPwdLastSet to the current date, and
+	  sambaPwdMustChange to 2147483647 for trust account to work
 	. patch from Quentin Delance <quentin.delance@insalien.org>:
 	  added test to not being able to remove primary group of a user
+
 2004-08-29: new tag (v0-8-5-2 for rpm version 0.8.5-2)
 	. small corrections
-	. computer's account have the 'gecos' attribute set to 'computer': computers may not
-	  join the domain if this attribute is not defined (thanks to "Dominik 'Rathann' Mierzejewski")
+	. computer's account have the 'gecos' attribute set to 'computer':
+	  computers may not join the domain if this attribute is not defined
+	  (thanks to "Dominik 'Rathann' Mierzejewski")
+
 2004-06-25:
-	. patch to smbldap_tools.pm: the 'search' to sambaUnixIdPool objectclass is done
-	  directly to the object defined in the configuration file (sambaUnixIdPooldn="...").
-	  This allow to have more then one object having the sambaUnixIdPool objectclass.
-	. patch smbldap-useradd. The -P and -T options had no effect if the -a was not used.
+	. patch to smbldap_tools.pm: the 'search' to sambaUnixIdPool
+	  objectclass is done directly to the object defined in the
+	  configuration file (sambaUnixIdPooldn="..."). This allow to have more
+	  then one object having the sambaUnixIdPool objectclass.
+	. patch smbldap-useradd. The -P and -T options had no effect if the -a
+	  was not used.
 	. update configure.pl
+
 2004-06-21:
-	. new '-o' option in smbldap-useradd to set the organizatinal unit where the account
-	  will be created. It is relative of the user suffix dn ($usersdn) defined in the
-	  configuration file
+	. new '-o' option in smbldap-useradd to set the organizatinal unit
+	  where the account will be created. It is relative of the user suffix
+	  dn ($usersdn) defined in the configuration file
+
 2004-06-17: new tag (v0-8-5-1 for rpm version 0.8.5-1)
 	. update documentation
+
 2004-05-25:
 	. patch to smbldap-populate:
 	  fix sambaSID and sambaGroupType error for builtin groups
 	. new entry in /etc/smbldap-tools/smbldap.conf for idmap ou:
 	  > idmapdn="ou=Idmap,${suffix}"
+
 2004-05-10:
 	. patch from Ross Becker <ross@rbecker.org> :
-	  new option in smbldap.conf to set the salt format if CRYPT hash is used.
-	. add a check to see if STDIN is connected to tty by using if (-t STDIN) ...
-	  This allow the unsecure use of "echo -e 'password\npassword' | smbldap-passwd jto"
+	  new option in smbldap.conf to set the salt format if CRYPT hash is
+	  used.
+	. add a check to see if STDIN is connected to tty by using if
+	  (-t STDIN) ...
+	  This allow the unsecure use of
+	  "echo -e 'password\npassword' | smbldap-passwd jto"
+
 2004-04-30:
-	. patch for smbldap-useradd and smbldap-groupadd: next uidNumber and gidNumber available
-	  are now stored in cn=NextFreeUnixId
+	. patch for smbldap-useradd and smbldap-groupadd: next uidNumber and
+	  gidNumber available are now stored in cn=NextFreeUnixId
 	  WARNING:
-	  . when upgrading, you need to create the new object manually (see INSTALL file)
+	  . when upgrading, you need to create the new object manually
+	    (see INSTALL file)
 	  . this object's name is defined in /etc/smbldap-tools/smbldap.conf
 	    you can defined another name as desired, for example:
 	    > sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
+
 2004-04-07:
 	. patch from Emmanuel Lacour <elacour@home-dn.net> :
 	  no more use of mkntpwd, use of Crypt::SmbHash perl module instead
+
 2004-04-04:
 	. patchs from Alexander Bergolth <leo@strike.wu-wien.ac.at> :
 	  . variable substitution to the config-file parser.
@@ -339,99 +536,136 @@
 	    Username substitution is done via %U:
 	      > userHome="/home/%U"
             ==> smbldap.conf file can now use the samba %U definition
-	  . change in smbldap-userdel refuses deleting a home directory that doesn't contain
-	    the username, more precisely that doesn't look like /^\/.+\/(.*)$user/
+	  . change in smbldap-userdel refuses deleting a home directory that
+	    doesn't contain the username, more precisely that doesn't look like
+	    /^\/.+\/(.*)$user/
 	    This avoids deleting-disasters when the homeDirectory attribute is
 	    erroneous set to a wrong value like "/" or "/home".
-	  . adds mail-forwarding and mail-alias capabilities (for use by MTAs like sendmail or
-            postfix). Two new options "-M" and "-T" allow specifying mail-aliases and mail-forward
-	    addresses in smbldap-useradd and smbldap-usermod. If those options are used, the
+	  . adds mail-forwarding and mail-alias capabilities (for use by MTAs
+	    like sendmail or postfix). Two new options "-M" and "-T" allow 
+	    specifying mail-aliases and mail-forward addresses in 
+	    smbldap-useradd and smbldap-usermod. If those options are used, the
 	    objectclass "inetLocalMailRecipient" is used
-	  . patch to allows adding new mail-aliases (-M), mail-forward addresses (-T) or
-	    supplementary groups (-G) without overwriting the existing ones using a syntax like
-		smbldap-usermod -G +wheel testuser
-	    Removing only the specified attributes without deleting all of them works the same way
-	    using a syntax like
-		smbldap-usermod -G -wheel testuser
-	  . patch that fixes a small problem when using userHomeDrive without the ":" symbol
-	. test if a user is unique in get_homedir function. Replace the regular expression that check
-          the homeDirectory attribute's value with the exact query response.
+	  . patch to allows adding new mail-aliases (-M), mail-forward
+	    addresses (-T) or supplementary groups (-G) without overwriting the
+	    existing ones using a syntax like
+	    smbldap-usermod -G +wheel testuser
+	    Removing only the specified attributes without deleting all of them
+	    works the same way using a syntax like
+	    smbldap-usermod -G -wheel testuser
+	  . patch that fixes a small problem when using userHomeDrive without
+	    the ":" symbol
+	. test if a user is unique in get_homedir function. Replace the regular
+	  expression that check the homeDirectory attribute's value with the
+	  exact query response.
+
 2004-03-05:
 	. add the displayName attribut when using 'smbldap-groupadd -a'
-	. update smbldap-populate (set the username for the guest account and the
-	  administrative account in sambaProfilePath instead of $adminName and $guestName)
+	. update smbldap-populate (set the username for the guest account and
+	  the administrative account in sambaProfilePath instead of $adminName
+	  and $guestName)
+
 2004-03-01:
-	. update smbldap-populate to allow setting userHomeDrive="" in configuration file
+	. update smbldap-populate to allow setting userHomeDrive="" in
+	  configuration file
+
 2004-02-22:
-	. it is now possible to delete the following entries with smbldap-usermod :
+	. it is now possible to delete the following entries with
+	smbldap-usermod:
 	  sambaHomePath (option -C), sambaHomeDrive (option -D)
 	  sambaLogonScript (option -E) and sambaProfilePath (option -F)
 	  ex: smbldap-usermod -C "" user
 	. update documentation
+
 2004-02-07: new tag v0-8-4
 	. include documentation in smbldap-tools.spec file
+
 2004-01-22:
 	. config.pl: usersdn, groupsdn and computersdn was not updated
 	. config.pl: empty value can be set with the "." caracter
+
 2004-01-19:
 	. certificates for TLS support can now be declared in the smbldap.conf
-	  configuration file. 4 new options: verify, cafile, clientcert and clientkey
+	  configuration file. 4 new options: verify, cafile, clientcert and
+	  clientkey
+
 2004-01-17:
-	. remove OpenLDAP requirement in smbldap-tools spec file as the LDAP server
-	  can be on another computer
+	. remove OpenLDAP requirement in smbldap-tools spec file as the LDAP
+	  server can be on another computer
+
 2004-01-14:
-	. patch to smbldap-populate to not take into account attributes that has a null
-	  definition in smbldap.conf (sambaProfilePath and sambaHomePath)
+	. patch to smbldap-populate to not take into account attributes that
+	  has a null definition in smbldap.conf
+	  (sambaProfilePath and sambaHomePath)
+
 2004-01-10:
-	. shadowAccount objectclass added for users account (needed for users on Solaris
-	  system to authenticate)
+	. shadowAccount objectclass added for users account (needed for users
+	  on Solaris system to authenticate)
 	. configuration is now split in two files
 	  > smbldap.conf : globals parameters
 	  > smbldap_bind.conf: connection parameters to the directory
-	. patch in smbldap-password that allow users to use this script to change their
-	  own passwords
+	. patch in smbldap-password that allow users to use this script
+	  to change their own passwords
+
 2003-12-29:
 	. new script configure.pl to help setting up the smbldap_conf.pl file
-	. bug: smbldap_conf.pm now allow to set _userSmbHome and _userProfile to a null string
-	  to disable homedirectory and roaming profiles
+	. bug: smbldap_conf.pm now allow to set _userSmbHome and _userProfile
+	  to a null string to disable homedirectory and roaming profiles
+
 2003-12-19:
-	. new option '-i' to smbldap-useradd to create a trust account (domain membership)
+	. new option '-i' to smbldap-useradd to create a trust account
+	  (domain membership)
 	. rename all scripts: remove the '.pl' 
+
 2003-12-11:
 	. new option '-i' to smbldap-populate to import an ldif file
 	. new option '-e' to smbldap-populate to export an ldif file
+
 2003-11-18: new tag v0-8-2
-	. new option '-a' to smbldap-usermod.pl that allow adding the sambaSAMAccount
-	  objectclass to an existing posixAccount
+	. new option '-a' to smbldap-usermod.pl that allow adding the
+	  sambaSAMAccount objectclass to an existing posixAccount
+
 2003-11-07:
-	. patch that allow adding user to a group when the group is in a higher level depth
-          then ou=Groups (for example, ou=grp1,ou=Groups,...)
+	. patch that allow adding user to a group when the group is
+	  in a higher level depth then ou=Groups
+	  (for example, ou=grp1,ou=Groups,...)
         . check the unicity of a group when adding/removing a user to this group
 2003-10-28:
 	. new option '-p' in smbldap-groupadd.pl to 'print' the gidNumber
 	  of the group to STDOUT. This is needed by samba (see the man page)
+
 2003-10-19:
-	. new function does_sid_exist that check if samaSID sttribute is already
-          defined for another use or another group
+	. new function does_sid_exist that check if samaSID sttribute is
+	  already defined for another use or another group
+
 2003-10-13:
 	. smbldap-populate.pl now also add the group mapping
+
 2003-10-01: new tag v0-8-1
-        . one can now comment the two directives '$_userSmbHome' and '$_userProfile'
-          if you want to use the smb.conf directives instead ('logon home' and
-	  'logon path' respectively), or if you want to desable roaming profiles
-	. Patch from Alexander Bergolth <leo@strike.wu-wien.ac.at>: the sambaPrimaryGroupSID
-	  of a user is now set to the sambaSID of his primary group
+        . one can now comment the two directives '$_userSmbHome' and
+	  '$_userProfile' if you want to use the smb.conf directives instead
+	  ('logon home' and 'logon path' respectively), or if you want to
+	  desable roaming profiles
+	. Patch from Alexander Bergolth <leo@strike.wu-wien.ac.at>: the
+	  sambaPrimaryGroupSID of a user is now set to the sambaSID of his
+	  primary group
+
 2003-09-29:
-	. added new option '$_defaultMaxPasswordAge' in smbldap_conf.pm to specifie
-	  how long a password is valid
-	. The '-B' option was not always valid: to force a user to change his password:
+	. added new option '$_defaultMaxPasswordAge' in smbldap_conf.pm to
+	  specifie how long a password is valid
+	. The '-B' option was not always valid: to force a user to change his
+	  password:
 	  . the attribut sambaPwdLastSet must be != 0
 	  . the attribut sambaAcctFlags must not match the 'X' flag
-	. logon script is set (for every one) to the default '_userScript' value if it is defined 
+	. logon script is set (for every one) to the default '_userScript'
+	  value if it is defined 
 	. Patch from Alexander Bergolth <leo@strike.wu-wien.ac.at>:
 	  gid-sid group mapping to smbldap-groupadd.pl and smbldap-groupmod.pl
+
 2003-09-19: Patch from Marc Schoechlin <ms@LF.net>
-	. load the perl-modules without setting environment-variables or making symlinks
+	. load the perl-modules without setting environment-variables or making
+	  symlinks
+
 2003-09-18: Patch from Alexander Bergolth <leo@strike.wu-wien.ac.at>
 	. options "-u", "-g", "-s" and "-c" are now functionnal
 	. the existence of samba account was made on sambaAccount and
@@ -440,47 +674,65 @@
 	  a Net::LDAP:Entry object of the user
 	. Use this object to get the dn and user attributes instead of
 	  producing an ldif and searching for attributes within that ldif
+
 2003-09-15:
-	. change machine account creation to not add the sambaSAMAccount objectclass.
-	  It is now added directly by samba when joigning the domain
+	. change machine account creation to not add the sambaSAMAccount
+	  objectclass. It is now added directly by samba when joigning
+	  the domain
 	. new option in smbldap-usermod.pl: '-e' to set an expire date
 	. Start_tls support activated when ldapSSL is set to 1
 	. Net::LDAP support more scripts
 	. bugs correction
+
 2003-09-02:
 	. sambaPwdLastSet is updated when smbldap-passwd.pl is used
 	. add a function is_group_member to test the existence of a
 	  user in a particular group
 	. add a function is_unix_user to test if a particular user exist
 	. Net::LDAP support more scripts
+
 2003-08-15:
 	. Samba3.0 support
+
 2003-08-01:
 	. Final version for samba 2.2.8a (cvs tag SAMBA-2-2-8a-FINAL)
 	. OpenLDAP 2.1 support (only one structural objectclass allowed)
+
 2002-07-24: top and account objectclasses replaced with inetorgperson
+
 2002-06-03: notes to webmin.idealx.org (idxldapaccounts)
+
 2002-06-01: release 0.7. tested with 2.2.4
+
 2002-05-31: fixed smbldap-populate compliance to smbldap_conf 
             cleaned up smbldap_conf to be more readable 
             some more documentation
             bugfixes on smbldap-passwd and smbldap-populate
+
 2002-05-16: modified default mode on homes: now 700
+
 2002-05-13: fixed spec (relocation and reqs)
+
 2002-03-02: fixed 2.2.3 sambaAccount bug with smbldap-useradd.pl
               (rid is now mandatory in the sambaAccount objectClass)
+
 2002-02-14: just modified default populate for Administrator
+
 2002-02-05: release 0.6. enable/disable user in usermod
+
 2002-02-04: release 0.5. added smbldap-migrate-groups to migrate NT groups
             from a net group dump. added samba parameters to smbldap-useradd
             and smbldap-usermod.
+
 2002-01-12: added smbldap-migrate-accounts to migrate users/machines
             accounts from a PWDUMP dump
+
 2001-12-13: added smbldap-populate to create the initial base
+
 2001-12-13: initial release 0.1
+
 2001-12-12: fixed the SPEC file for RedHat
-2001-12-03: cleaned the code and use strict;
-2001-11-20: initial needs (for testing purpose on Samba-2.2.2 an Samba-TNG)
 
+2001-12-03: cleaned the code and use strict;
 
-# - The End
+2001-11-20: initial needs (for testing purpose on Samba-2.2.2 an Samba-TNG)
diff -Nru smbldap-tools-0.9.5/configure smbldap-tools-0.9.7/configure
--- smbldap-tools-0.9.5/configure	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/configure	2011-09-26 10:10:42.000000000 +0200
@@ -0,0 +1,3069 @@
+#! /bin/sh
+# Guess values for system-dependent variables and create Makefiles.
+# Generated by GNU Autoconf 2.68 for smbldap-tools 0.9.7.
+#
+#
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
+# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010 Free Software
+# Foundation, Inc.
+#
+#
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in #(
+  *posix*) :
+    set -o posix ;; #(
+  *) :
+     ;;
+esac
+fi
+
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+    && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='print -r --'
+  as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in #(
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+as_myself=
+case $0 in #((
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+  done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh).  But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there.  '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+  && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+if test "x$CONFIG_SHELL" = x; then
+  as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '\${1+\"\$@\"}'='\"\$@\"'
+  setopt NO_GLOB_SUBST
+else
+  case \`(set -o) 2>/dev/null\` in #(
+  *posix*) :
+    set -o posix ;; #(
+  *) :
+     ;;
+esac
+fi
+"
+  as_required="as_fn_return () { (exit \$1); }
+as_fn_success () { as_fn_return 0; }
+as_fn_failure () { as_fn_return 1; }
+as_fn_ret_success () { return 0; }
+as_fn_ret_failure () { return 1; }
+
+exitcode=0
+as_fn_success || { exitcode=1; echo as_fn_success failed.; }
+as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
+as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
+as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
+if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
+
+else
+  exitcode=1; echo positional parameters were not saved.
+fi
+test x\$exitcode = x0 || exit 1"
+  as_suggested="  as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
+  as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
+  eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
+  test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1"
+  if (eval "$as_required") 2>/dev/null; then :
+  as_have_required=yes
+else
+  as_have_required=no
+fi
+  if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
+
+else
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_found=false
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  as_found=:
+  case $as_dir in #(
+	 /*)
+	   for as_base in sh bash ksh sh5; do
+	     # Try only shells that exist, to save several forks.
+	     as_shell=$as_dir/$as_base
+	     if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
+		    { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
+  CONFIG_SHELL=$as_shell as_have_required=yes
+		   if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
+  break 2
+fi
+fi
+	   done;;
+       esac
+  as_found=false
+done
+$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
+	      { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
+  CONFIG_SHELL=$SHELL as_have_required=yes
+fi; }
+IFS=$as_save_IFS
+
+
+      if test "x$CONFIG_SHELL" != x; then :
+  # We cannot yet assume a decent shell, so we have to provide a
+	# neutralization value for shells without unset; and this also
+	# works around shells that cannot unset nonexistent variables.
+	# Preserve -v and -x to the replacement shell.
+	BASH_ENV=/dev/null
+	ENV=/dev/null
+	(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+	export CONFIG_SHELL
+	case $- in # ((((
+	  *v*x* | *x*v* ) as_opts=-vx ;;
+	  *v* ) as_opts=-v ;;
+	  *x* ) as_opts=-x ;;
+	  * ) as_opts= ;;
+	esac
+	exec "$CONFIG_SHELL" $as_opts "$as_myself" ${1+"$@"}
+fi
+
+    if test x$as_have_required = xno; then :
+  $as_echo "$0: This script requires a shell more modern than all"
+  $as_echo "$0: the shells that I found on your system."
+  if test x${ZSH_VERSION+set} = xset ; then
+    $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
+    $as_echo "$0: be upgraded to zsh 4.3.4 or later."
+  else
+    $as_echo "$0: Please tell bug-autoconf@gnu.org about your system,
+$0: including any error possibly output before this
+$0: message. Then install a modern shell, or manually run
+$0: the script under such a shell if you do have one."
+  fi
+  exit 1
+fi
+fi
+fi
+SHELL=${CONFIG_SHELL-/bin/sh}
+export SHELL
+# Unset more variables known to interfere with behavior of common tools.
+CLICOLOR_FORCE= GREP_OPTIONS=
+unset CLICOLOR_FORCE GREP_OPTIONS
+
+## --------------------- ##
+## M4sh Shell Functions. ##
+## --------------------- ##
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+  { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+  return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+  set +e
+  as_fn_set_status $1
+  exit $1
+} # as_fn_exit
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || eval $as_mkdir_p || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+  eval 'as_fn_append ()
+  {
+    eval $1+=\$2
+  }'
+else
+  as_fn_append ()
+  {
+    eval $1=\$$1\$2
+  }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+  eval 'as_fn_arith ()
+  {
+    as_val=$(( $* ))
+  }'
+else
+  as_fn_arith ()
+  {
+    as_val=`expr "$@" || test $? -eq 1`
+  }
+fi # as_fn_arith
+
+
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+  as_status=$1; test $as_status -eq 0 && as_status=1
+  if test "$4"; then
+    as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+    $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+  fi
+  $as_echo "$as_me: error: $2" >&2
+  as_fn_exit $as_status
+} # as_fn_error
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+
+  as_lineno_1=$LINENO as_lineno_1a=$LINENO
+  as_lineno_2=$LINENO as_lineno_2a=$LINENO
+  eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
+  test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
+  # Blame Lee E. McMahon (1931-1989) for sed's syntax.  :-)
+  sed -n '
+    p
+    /[$]LINENO/=
+  ' <$as_myself |
+    sed '
+      s/[$]LINENO.*/&-/
+      t lineno
+      b
+      :lineno
+      N
+      :loop
+      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+      t loop
+      s/-\n.*//
+    ' >$as_me.lineno &&
+  chmod +x "$as_me.lineno" ||
+    { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
+
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensitive to this).
+  . "./$as_me.lineno"
+  # Exit status is that of the last command.
+  exit
+}
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+  case `echo 'xy\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  xy)  ECHO_C='\c';;
+  *)   echo `echo ksh88 bug on AIX 6.1` > /dev/null
+       ECHO_T='	';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -p'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -p'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -p'
+  fi
+else
+  as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p='mkdir -p "$as_dir"'
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+  as_test_x='test -x'
+else
+  if ls -dL / >/dev/null 2>&1; then
+    as_ls_L_option=L
+  else
+    as_ls_L_option=
+  fi
+  as_test_x='
+    eval sh -c '\''
+      if test -d "$1"; then
+	test -d "$1/.";
+      else
+	case $1 in #(
+	-*)set "./$1";;
+	esac;
+	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
+	???[sx]*):;;*)false;;esac;fi
+    '\'' sh
+  '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+test -n "$DJDIR" || exec 7<&0 </dev/null
+exec 6>&1
+
+# Name of the host.
+# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+
+#
+# Initializations.
+#
+ac_default_prefix=/usr/local
+ac_clean_files=
+ac_config_libobj_dir=.
+LIBOBJS=
+cross_compiling=no
+subdirs=
+MFLAGS=
+MAKEFLAGS=
+
+# Identity of this package.
+PACKAGE_NAME='smbldap-tools'
+PACKAGE_TARNAME='smbldap-tools'
+PACKAGE_VERSION='0.9.7'
+PACKAGE_STRING='smbldap-tools 0.9.7'
+PACKAGE_BUGREPORT=''
+PACKAGE_URL=''
+
+ac_default_prefix=/usr/local
+ac_subst_vars='LTLIBOBJS
+LIBOBJS
+SAMBA_BINDIR
+SAMBA_SYSCONFDIR
+POD2MAN_CMD
+PERL_LIBDIR
+PERL_CMD
+package_subdir
+target_alias
+host_alias
+build_alias
+LIBS
+ECHO_T
+ECHO_N
+ECHO_C
+DEFS
+mandir
+localedir
+libdir
+psdir
+pdfdir
+dvidir
+htmldir
+infodir
+docdir
+oldincludedir
+includedir
+localstatedir
+sharedstatedir
+sysconfdir
+datadir
+datarootdir
+libexecdir
+sbindir
+bindir
+program_transform_name
+prefix
+exec_prefix
+PACKAGE_URL
+PACKAGE_BUGREPORT
+PACKAGE_STRING
+PACKAGE_VERSION
+PACKAGE_TARNAME
+PACKAGE_NAME
+PATH_SEPARATOR
+SHELL'
+ac_subst_files=''
+ac_user_opts='
+enable_option_checking
+with_subdir
+with_perl
+with_perl_libdir
+with_pod2man
+with_samba_sysconfdir
+with_samba_bindir
+'
+      ac_precious_vars='build_alias
+host_alias
+target_alias'
+
+
+# Initialize some variables set by options.
+ac_init_help=
+ac_init_version=false
+ac_unrecognized_opts=
+ac_unrecognized_sep=
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+cache_file=/dev/null
+exec_prefix=NONE
+no_create=
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+verbose=
+x_includes=NONE
+x_libraries=NONE
+
+# Installation directory options.
+# These are left unexpanded so users can "make install exec_prefix=/foo"
+# and all the variables that are supposed to be based on exec_prefix
+# by default will actually change.
+# Use braces instead of parens because sh, perl, etc. also accept them.
+# (The list follows the same order as the GNU Coding Standards.)
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datarootdir='${prefix}/share'
+datadir='${datarootdir}'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+infodir='${datarootdir}/info'
+htmldir='${docdir}'
+dvidir='${docdir}'
+pdfdir='${docdir}'
+psdir='${docdir}'
+libdir='${exec_prefix}/lib'
+localedir='${datarootdir}/locale'
+mandir='${datarootdir}/man'
+
+ac_prev=
+ac_dashdash=
+for ac_option
+do
+  # If the previous option needs an argument, assign it.
+  if test -n "$ac_prev"; then
+    eval $ac_prev=\$ac_option
+    ac_prev=
+    continue
+  fi
+
+  case $ac_option in
+  *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
+  *=)   ac_optarg= ;;
+  *)    ac_optarg=yes ;;
+  esac
+
+  # Accept the important Cygnus configure options, so we can diagnose typos.
+
+  case $ac_dashdash$ac_option in
+  --)
+    ac_dashdash=yes ;;
+
+  -bindir | --bindir | --bindi | --bind | --bin | --bi)
+    ac_prev=bindir ;;
+  -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+    bindir=$ac_optarg ;;
+
+  -build | --build | --buil | --bui | --bu)
+    ac_prev=build_alias ;;
+  -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+    build_alias=$ac_optarg ;;
+
+  -cache-file | --cache-file | --cache-fil | --cache-fi \
+  | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+    ac_prev=cache_file ;;
+  -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+  | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+    cache_file=$ac_optarg ;;
+
+  --config-cache | -C)
+    cache_file=config.cache ;;
+
+  -datadir | --datadir | --datadi | --datad)
+    ac_prev=datadir ;;
+  -datadir=* | --datadir=* | --datadi=* | --datad=*)
+    datadir=$ac_optarg ;;
+
+  -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
+  | --dataroo | --dataro | --datar)
+    ac_prev=datarootdir ;;
+  -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
+  | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
+    datarootdir=$ac_optarg ;;
+
+  -disable-* | --disable-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error $? "invalid feature name: $ac_useropt"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"enable_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval enable_$ac_useropt=no ;;
+
+  -docdir | --docdir | --docdi | --doc | --do)
+    ac_prev=docdir ;;
+  -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
+    docdir=$ac_optarg ;;
+
+  -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
+    ac_prev=dvidir ;;
+  -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
+    dvidir=$ac_optarg ;;
+
+  -enable-* | --enable-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error $? "invalid feature name: $ac_useropt"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"enable_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval enable_$ac_useropt=\$ac_optarg ;;
+
+  -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+  | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+  | --exec | --exe | --ex)
+    ac_prev=exec_prefix ;;
+  -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+  | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+  | --exec=* | --exe=* | --ex=*)
+    exec_prefix=$ac_optarg ;;
+
+  -gas | --gas | --ga | --g)
+    # Obsolete; use --with-gas.
+    with_gas=yes ;;
+
+  -help | --help | --hel | --he | -h)
+    ac_init_help=long ;;
+  -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
+    ac_init_help=recursive ;;
+  -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
+    ac_init_help=short ;;
+
+  -host | --host | --hos | --ho)
+    ac_prev=host_alias ;;
+  -host=* | --host=* | --hos=* | --ho=*)
+    host_alias=$ac_optarg ;;
+
+  -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
+    ac_prev=htmldir ;;
+  -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
+  | --ht=*)
+    htmldir=$ac_optarg ;;
+
+  -includedir | --includedir | --includedi | --included | --include \
+  | --includ | --inclu | --incl | --inc)
+    ac_prev=includedir ;;
+  -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+  | --includ=* | --inclu=* | --incl=* | --inc=*)
+    includedir=$ac_optarg ;;
+
+  -infodir | --infodir | --infodi | --infod | --info | --inf)
+    ac_prev=infodir ;;
+  -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+    infodir=$ac_optarg ;;
+
+  -libdir | --libdir | --libdi | --libd)
+    ac_prev=libdir ;;
+  -libdir=* | --libdir=* | --libdi=* | --libd=*)
+    libdir=$ac_optarg ;;
+
+  -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+  | --libexe | --libex | --libe)
+    ac_prev=libexecdir ;;
+  -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+  | --libexe=* | --libex=* | --libe=*)
+    libexecdir=$ac_optarg ;;
+
+  -localedir | --localedir | --localedi | --localed | --locale)
+    ac_prev=localedir ;;
+  -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
+    localedir=$ac_optarg ;;
+
+  -localstatedir | --localstatedir | --localstatedi | --localstated \
+  | --localstate | --localstat | --localsta | --localst | --locals)
+    ac_prev=localstatedir ;;
+  -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+  | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
+    localstatedir=$ac_optarg ;;
+
+  -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+    ac_prev=mandir ;;
+  -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+    mandir=$ac_optarg ;;
+
+  -nfp | --nfp | --nf)
+    # Obsolete; use --without-fp.
+    with_fp=no ;;
+
+  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+  | --no-cr | --no-c | -n)
+    no_create=yes ;;
+
+  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+    no_recursion=yes ;;
+
+  -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+  | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+  | --oldin | --oldi | --old | --ol | --o)
+    ac_prev=oldincludedir ;;
+  -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+  | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+  | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+    oldincludedir=$ac_optarg ;;
+
+  -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+    ac_prev=prefix ;;
+  -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+    prefix=$ac_optarg ;;
+
+  -program-prefix | --program-prefix | --program-prefi | --program-pref \
+  | --program-pre | --program-pr | --program-p)
+    ac_prev=program_prefix ;;
+  -program-prefix=* | --program-prefix=* | --program-prefi=* \
+  | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+    program_prefix=$ac_optarg ;;
+
+  -program-suffix | --program-suffix | --program-suffi | --program-suff \
+  | --program-suf | --program-su | --program-s)
+    ac_prev=program_suffix ;;
+  -program-suffix=* | --program-suffix=* | --program-suffi=* \
+  | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+    program_suffix=$ac_optarg ;;
+
+  -program-transform-name | --program-transform-name \
+  | --program-transform-nam | --program-transform-na \
+  | --program-transform-n | --program-transform- \
+  | --program-transform | --program-transfor \
+  | --program-transfo | --program-transf \
+  | --program-trans | --program-tran \
+  | --progr-tra | --program-tr | --program-t)
+    ac_prev=program_transform_name ;;
+  -program-transform-name=* | --program-transform-name=* \
+  | --program-transform-nam=* | --program-transform-na=* \
+  | --program-transform-n=* | --program-transform-=* \
+  | --program-transform=* | --program-transfor=* \
+  | --program-transfo=* | --program-transf=* \
+  | --program-trans=* | --program-tran=* \
+  | --progr-tra=* | --program-tr=* | --program-t=*)
+    program_transform_name=$ac_optarg ;;
+
+  -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
+    ac_prev=pdfdir ;;
+  -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
+    pdfdir=$ac_optarg ;;
+
+  -psdir | --psdir | --psdi | --psd | --ps)
+    ac_prev=psdir ;;
+  -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
+    psdir=$ac_optarg ;;
+
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil)
+    silent=yes ;;
+
+  -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+    ac_prev=sbindir ;;
+  -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+  | --sbi=* | --sb=*)
+    sbindir=$ac_optarg ;;
+
+  -sharedstatedir | --sharedstatedir | --sharedstatedi \
+  | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+  | --sharedst | --shareds | --shared | --share | --shar \
+  | --sha | --sh)
+    ac_prev=sharedstatedir ;;
+  -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+  | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+  | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+  | --sha=* | --sh=*)
+    sharedstatedir=$ac_optarg ;;
+
+  -site | --site | --sit)
+    ac_prev=site ;;
+  -site=* | --site=* | --sit=*)
+    site=$ac_optarg ;;
+
+  -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+    ac_prev=srcdir ;;
+  -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+    srcdir=$ac_optarg ;;
+
+  -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+  | --syscon | --sysco | --sysc | --sys | --sy)
+    ac_prev=sysconfdir ;;
+  -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+  | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+    sysconfdir=$ac_optarg ;;
+
+  -target | --target | --targe | --targ | --tar | --ta | --t)
+    ac_prev=target_alias ;;
+  -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+    target_alias=$ac_optarg ;;
+
+  -v | -verbose | --verbose | --verbos | --verbo | --verb)
+    verbose=yes ;;
+
+  -version | --version | --versio | --versi | --vers | -V)
+    ac_init_version=: ;;
+
+  -with-* | --with-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error $? "invalid package name: $ac_useropt"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"with_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval with_$ac_useropt=\$ac_optarg ;;
+
+  -without-* | --without-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error $? "invalid package name: $ac_useropt"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"with_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval with_$ac_useropt=no ;;
+
+  --x)
+    # Obsolete; use --with-x.
+    with_x=yes ;;
+
+  -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+  | --x-incl | --x-inc | --x-in | --x-i)
+    ac_prev=x_includes ;;
+  -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+  | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+    x_includes=$ac_optarg ;;
+
+  -x-libraries | --x-libraries | --x-librarie | --x-librari \
+  | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+    ac_prev=x_libraries ;;
+  -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+  | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+    x_libraries=$ac_optarg ;;
+
+  -*) as_fn_error $? "unrecognized option: \`$ac_option'
+Try \`$0 --help' for more information"
+    ;;
+
+  *=*)
+    ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
+    # Reject names that are not valid shell variable names.
+    case $ac_envvar in #(
+      '' | [0-9]* | *[!_$as_cr_alnum]* )
+      as_fn_error $? "invalid variable name: \`$ac_envvar'" ;;
+    esac
+    eval $ac_envvar=\$ac_optarg
+    export $ac_envvar ;;
+
+  *)
+    # FIXME: should be removed in autoconf 3.0.
+    $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+    expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+      $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+    : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}"
+    ;;
+
+  esac
+done
+
+if test -n "$ac_prev"; then
+  ac_option=--`echo $ac_prev | sed 's/_/-/g'`
+  as_fn_error $? "missing argument to $ac_option"
+fi
+
+if test -n "$ac_unrecognized_opts"; then
+  case $enable_option_checking in
+    no) ;;
+    fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;;
+    *)     $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
+  esac
+fi
+
+# Check all directory arguments for consistency.
+for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
+		datadir sysconfdir sharedstatedir localstatedir includedir \
+		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
+		libdir localedir mandir
+do
+  eval ac_val=\$$ac_var
+  # Remove trailing slashes.
+  case $ac_val in
+    */ )
+      ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
+      eval $ac_var=\$ac_val;;
+  esac
+  # Be sure to have absolute directory names.
+  case $ac_val in
+    [\\/$]* | ?:[\\/]* )  continue;;
+    NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
+  esac
+  as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val"
+done
+
+# There might be people who depend on the old broken behavior: `$host'
+# used to hold the argument of --host etc.
+# FIXME: To remove some day.
+build=$build_alias
+host=$host_alias
+target=$target_alias
+
+# FIXME: To remove some day.
+if test "x$host_alias" != x; then
+  if test "x$build_alias" = x; then
+    cross_compiling=maybe
+    $as_echo "$as_me: WARNING: if you wanted to set the --build type, don't use --host.
+    If a cross compiler is detected then cross compile mode will be used" >&2
+  elif test "x$build_alias" != "x$host_alias"; then
+    cross_compiling=yes
+  fi
+fi
+
+ac_tool_prefix=
+test -n "$host_alias" && ac_tool_prefix=$host_alias-
+
+test "$silent" = yes && exec 6>/dev/null
+
+
+ac_pwd=`pwd` && test -n "$ac_pwd" &&
+ac_ls_di=`ls -di .` &&
+ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
+  as_fn_error $? "working directory cannot be determined"
+test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
+  as_fn_error $? "pwd does not report name of working directory"
+
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+  ac_srcdir_defaulted=yes
+  # Try the directory containing this script, then the parent directory.
+  ac_confdir=`$as_dirname -- "$as_myself" ||
+$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_myself" : 'X\(//\)[^/]' \| \
+	 X"$as_myself" : 'X\(//\)$' \| \
+	 X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_myself" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  srcdir=$ac_confdir
+  if test ! -r "$srcdir/$ac_unique_file"; then
+    srcdir=..
+  fi
+else
+  ac_srcdir_defaulted=no
+fi
+if test ! -r "$srcdir/$ac_unique_file"; then
+  test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
+  as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir"
+fi
+ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
+ac_abs_confdir=`(
+	cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg"
+	pwd)`
+# When building in place, set srcdir=.
+if test "$ac_abs_confdir" = "$ac_pwd"; then
+  srcdir=.
+fi
+# Remove unnecessary trailing slashes from srcdir.
+# Double slashes in file names in object file debugging info
+# mess up M-x gdb in Emacs.
+case $srcdir in
+*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
+esac
+for ac_var in $ac_precious_vars; do
+  eval ac_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_env_${ac_var}_value=\$${ac_var}
+  eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_cv_env_${ac_var}_value=\$${ac_var}
+done
+
+#
+# Report the --help message.
+#
+if test "$ac_init_help" = "long"; then
+  # Omit some internal or obsolete options to make the list less imposing.
+  # This message is too long to be a string in the A/UX 3.1 sh.
+  cat <<_ACEOF
+\`configure' configures smbldap-tools 0.9.7 to adapt to many kinds of systems.
+
+Usage: $0 [OPTION]... [VAR=VALUE]...
+
+To assign environment variables (e.g., CC, CFLAGS...), specify them as
+VAR=VALUE.  See below for descriptions of some of the useful variables.
+
+Defaults for the options are specified in brackets.
+
+Configuration:
+  -h, --help              display this help and exit
+      --help=short        display options specific to this package
+      --help=recursive    display the short help of all the included packages
+  -V, --version           display version information and exit
+  -q, --quiet, --silent   do not print \`checking ...' messages
+      --cache-file=FILE   cache test results in FILE [disabled]
+  -C, --config-cache      alias for \`--cache-file=config.cache'
+  -n, --no-create         do not create output files
+      --srcdir=DIR        find the sources in DIR [configure dir or \`..']
+
+Installation directories:
+  --prefix=PREFIX         install architecture-independent files in PREFIX
+                          [$ac_default_prefix]
+  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
+                          [PREFIX]
+
+By default, \`make install' will install all the files in
+\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc.  You can specify
+an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+for instance \`--prefix=\$HOME'.
+
+For better control, use the options below.
+
+Fine tuning of the installation directories:
+  --bindir=DIR            user executables [EPREFIX/bin]
+  --sbindir=DIR           system admin executables [EPREFIX/sbin]
+  --libexecdir=DIR        program executables [EPREFIX/libexec]
+  --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
+  --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
+  --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
+  --libdir=DIR            object code libraries [EPREFIX/lib]
+  --includedir=DIR        C header files [PREFIX/include]
+  --oldincludedir=DIR     C header files for non-gcc [/usr/include]
+  --datarootdir=DIR       read-only arch.-independent data root [PREFIX/share]
+  --datadir=DIR           read-only architecture-independent data [DATAROOTDIR]
+  --infodir=DIR           info documentation [DATAROOTDIR/info]
+  --localedir=DIR         locale-dependent data [DATAROOTDIR/locale]
+  --mandir=DIR            man documentation [DATAROOTDIR/man]
+  --docdir=DIR            documentation root [DATAROOTDIR/doc/smbldap-tools]
+  --htmldir=DIR           html documentation [DOCDIR]
+  --dvidir=DIR            dvi documentation [DOCDIR]
+  --pdfdir=DIR            pdf documentation [DOCDIR]
+  --psdir=DIR             ps documentation [DOCDIR]
+_ACEOF
+
+  cat <<\_ACEOF
+_ACEOF
+fi
+
+if test -n "$ac_init_help"; then
+  case $ac_init_help in
+     short | recursive ) echo "Configuration of smbldap-tools 0.9.7:";;
+   esac
+  cat <<\_ACEOF
+
+Optional Packages:
+  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
+  --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
+  --with-subdir=DIR       change default subdirectory used for installs
+  --with-perl=PATH        Use specific perl command
+  --with-perl-libdir=PATH *.pm install directory
+  --with-pod2man=PATH     Use specific pod2man command
+  --with-samba-sysconfdir=DIR
+                          Path for Samba sysconf directory
+  --with-samba-bindir=DIR Path for Samba bin directory
+
+Report bugs to the package provider.
+_ACEOF
+ac_status=$?
+fi
+
+if test "$ac_init_help" = "recursive"; then
+  # If there are subdirs, report their specific --help.
+  for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+    test -d "$ac_dir" ||
+      { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
+      continue
+    ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+    cd "$ac_dir" || { ac_status=$?; continue; }
+    # Check for guested configure.
+    if test -f "$ac_srcdir/configure.gnu"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure.gnu" --help=recursive
+    elif test -f "$ac_srcdir/configure"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure" --help=recursive
+    else
+      $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+    fi || ac_status=$?
+    cd "$ac_pwd" || { ac_status=$?; break; }
+  done
+fi
+
+test -n "$ac_init_help" && exit $ac_status
+if $ac_init_version; then
+  cat <<\_ACEOF
+smbldap-tools configure 0.9.7
+generated by GNU Autoconf 2.68
+
+Copyright (C) 2010 Free Software Foundation, Inc.
+This configure script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it.
+_ACEOF
+  exit
+fi
+
+## ------------------------ ##
+## Autoconf initialization. ##
+## ------------------------ ##
+cat >config.log <<_ACEOF
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by smbldap-tools $as_me 0.9.7, which was
+generated by GNU Autoconf 2.68.  Invocation command line was
+
+  $ $0 $@
+
+_ACEOF
+exec 5>>config.log
+{
+cat <<_ASUNAME
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null     || echo unknown`
+
+/bin/arch              = `(/bin/arch) 2>/dev/null              || echo unknown`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null       || echo unknown`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+/usr/bin/hostinfo      = `(/usr/bin/hostinfo) 2>/dev/null      || echo unknown`
+/bin/machine           = `(/bin/machine) 2>/dev/null           || echo unknown`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null       || echo unknown`
+/bin/universe          = `(/bin/universe) 2>/dev/null          || echo unknown`
+
+_ASUNAME
+
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    $as_echo "PATH: $as_dir"
+  done
+IFS=$as_save_IFS
+
+} >&5
+
+cat >&5 <<_ACEOF
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+_ACEOF
+
+
+# Keep a trace of the command line.
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Strip out --silent because we don't want to record it for future runs.
+# Also quote any args containing shell meta-characters.
+# Make two passes to allow for proper duplicate-argument suppression.
+ac_configure_args=
+ac_configure_args0=
+ac_configure_args1=
+ac_must_keep_next=false
+for ac_pass in 1 2
+do
+  for ac_arg
+  do
+    case $ac_arg in
+    -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+    -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+    | -silent | --silent | --silen | --sile | --sil)
+      continue ;;
+    *\'*)
+      ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    case $ac_pass in
+    1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
+    2)
+      as_fn_append ac_configure_args1 " '$ac_arg'"
+      if test $ac_must_keep_next = true; then
+	ac_must_keep_next=false # Got value, back to normal.
+      else
+	case $ac_arg in
+	  *=* | --config-cache | -C | -disable-* | --disable-* \
+	  | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+	  | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+	  | -with-* | --with-* | -without-* | --without-* | --x)
+	    case "$ac_configure_args0 " in
+	      "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+	    esac
+	    ;;
+	  -* ) ac_must_keep_next=true ;;
+	esac
+      fi
+      as_fn_append ac_configure_args " '$ac_arg'"
+      ;;
+    esac
+  done
+done
+{ ac_configure_args0=; unset ac_configure_args0;}
+{ ac_configure_args1=; unset ac_configure_args1;}
+
+# When interrupted or exit'd, cleanup temporary files, and complete
+# config.log.  We remove comments because anyway the quotes in there
+# would cause problems or look ugly.
+# WARNING: Use '\'' to represent an apostrophe within the trap.
+# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
+trap 'exit_status=$?
+  # Save into config.log some information that might help in debugging.
+  {
+    echo
+
+    $as_echo "## ---------------- ##
+## Cache variables. ##
+## ---------------- ##"
+    echo
+    # The following way of writing the cache mishandles newlines in values,
+(
+  for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+      *) { eval $ac_var=; unset $ac_var;} ;;
+      esac ;;
+    esac
+  done
+  (set) 2>&1 |
+    case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
+      sed -n \
+	"s/'\''/'\''\\\\'\'''\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
+      ;; #(
+    *)
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+      ;;
+    esac |
+    sort
+)
+    echo
+
+    $as_echo "## ----------------- ##
+## Output variables. ##
+## ----------------- ##"
+    echo
+    for ac_var in $ac_subst_vars
+    do
+      eval ac_val=\$$ac_var
+      case $ac_val in
+      *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+      esac
+      $as_echo "$ac_var='\''$ac_val'\''"
+    done | sort
+    echo
+
+    if test -n "$ac_subst_files"; then
+      $as_echo "## ------------------- ##
+## File substitutions. ##
+## ------------------- ##"
+      echo
+      for ac_var in $ac_subst_files
+      do
+	eval ac_val=\$$ac_var
+	case $ac_val in
+	*\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+	esac
+	$as_echo "$ac_var='\''$ac_val'\''"
+      done | sort
+      echo
+    fi
+
+    if test -s confdefs.h; then
+      $as_echo "## ----------- ##
+## confdefs.h. ##
+## ----------- ##"
+      echo
+      cat confdefs.h
+      echo
+    fi
+    test "$ac_signal" != 0 &&
+      $as_echo "$as_me: caught signal $ac_signal"
+    $as_echo "$as_me: exit $exit_status"
+  } >&5
+  rm -f core *.core core.conftest.* &&
+    rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
+    exit $exit_status
+' 0
+for ac_signal in 1 2 13 15; do
+  trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
+done
+ac_signal=0
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -f -r conftest* confdefs.h
+
+$as_echo "/* confdefs.h */" > confdefs.h
+
+# Predefined preprocessor variables.
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_NAME "$PACKAGE_NAME"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_VERSION "$PACKAGE_VERSION"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_STRING "$PACKAGE_STRING"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_URL "$PACKAGE_URL"
+_ACEOF
+
+
+# Let the site file select an alternate cache file if it wants to.
+# Prefer an explicitly selected file to automatically selected ones.
+ac_site_file1=NONE
+ac_site_file2=NONE
+if test -n "$CONFIG_SITE"; then
+  # We do not want a PATH search for config.site.
+  case $CONFIG_SITE in #((
+    -*)  ac_site_file1=./$CONFIG_SITE;;
+    */*) ac_site_file1=$CONFIG_SITE;;
+    *)   ac_site_file1=./$CONFIG_SITE;;
+  esac
+elif test "x$prefix" != xNONE; then
+  ac_site_file1=$prefix/share/config.site
+  ac_site_file2=$prefix/etc/config.site
+else
+  ac_site_file1=$ac_default_prefix/share/config.site
+  ac_site_file2=$ac_default_prefix/etc/config.site
+fi
+for ac_site_file in "$ac_site_file1" "$ac_site_file2"
+do
+  test "x$ac_site_file" = xNONE && continue
+  if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
+$as_echo "$as_me: loading site script $ac_site_file" >&6;}
+    sed 's/^/| /' "$ac_site_file" >&5
+    . "$ac_site_file" \
+      || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error $? "failed to load site script $ac_site_file
+See \`config.log' for more details" "$LINENO" 5; }
+  fi
+done
+
+if test -r "$cache_file"; then
+  # Some versions of bash will fail to source /dev/null (special files
+  # actually), so we avoid doing that.  DJGPP emulates it as a regular file.
+  if test /dev/null != "$cache_file" && test -f "$cache_file"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
+$as_echo "$as_me: loading cache $cache_file" >&6;}
+    case $cache_file in
+      [\\/]* | ?:[\\/]* ) . "$cache_file";;
+      *)                      . "./$cache_file";;
+    esac
+  fi
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
+$as_echo "$as_me: creating cache $cache_file" >&6;}
+  >$cache_file
+fi
+
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in $ac_precious_vars; do
+  eval ac_old_set=\$ac_cv_env_${ac_var}_set
+  eval ac_new_set=\$ac_env_${ac_var}_set
+  eval ac_old_val=\$ac_cv_env_${ac_var}_value
+  eval ac_new_val=\$ac_env_${ac_var}_value
+  case $ac_old_set,$ac_new_set in
+    set,)
+      { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,set)
+      { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,);;
+    *)
+      if test "x$ac_old_val" != "x$ac_new_val"; then
+	# differences in whitespace do not lead to failure.
+	ac_old_val_w=`echo x $ac_old_val`
+	ac_new_val_w=`echo x $ac_new_val`
+	if test "$ac_old_val_w" != "$ac_new_val_w"; then
+	  { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
+$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+	  ac_cache_corrupted=:
+	else
+	  { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+	  eval $ac_var=\$ac_old_val
+	fi
+	{ $as_echo "$as_me:${as_lineno-$LINENO}:   former value:  \`$ac_old_val'" >&5
+$as_echo "$as_me:   former value:  \`$ac_old_val'" >&2;}
+	{ $as_echo "$as_me:${as_lineno-$LINENO}:   current value: \`$ac_new_val'" >&5
+$as_echo "$as_me:   current value: \`$ac_new_val'" >&2;}
+      fi;;
+  esac
+  # Pass precious variables to config.status.
+  if test "$ac_new_set" = set; then
+    case $ac_new_val in
+    *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+    *) ac_arg=$ac_var=$ac_new_val ;;
+    esac
+    case " $ac_configure_args " in
+      *" '$ac_arg' "*) ;; # Avoid dups.  Use of quotes ensures accuracy.
+      *) as_fn_append ac_configure_args " '$ac_arg'" ;;
+    esac
+  fi
+done
+if $ac_cache_corrupted; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+  { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
+$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+  as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
+fi
+## -------------------- ##
+## Main body of script. ##
+## -------------------- ##
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+
+
+
+#AC_PROG_INSTALL
+
+package_subdir="$PACKAGE_NAME"
+PERL_VERSION=5.008001
+SAMBA_SYSCONFDIR="/etc/samba"
+SAMBA_BINDIR="/usr/bin"
+
+## Installation directories
+## ======================================================================
+
+
+
+
+# Check whether --with-subdir was given.
+if test "${with_subdir+set}" = set; then :
+  withval=$with_subdir; package_subdir="$withval"
+fi
+
+
+case "$package_subdir" in
+yes|no|"")
+    package_subdir=""
+    ;;
+*)
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: using $package_subdir for install subdir" >&5
+$as_echo "using $package_subdir for install subdir" >&6; }
+    package_subdir="/$package_subdir"
+    ;;
+esac
+
+## Perl
+## ======================================================================
+
+
+
+
+# Check whether --with-perl was given.
+if test "${with_perl+set}" = set; then :
+  withval=$with_perl; PERL_CMD="$withval"
+fi
+
+
+case "$PERL_CMD" in
+/*)
+    ;;
+*)
+    # Extract the first word of "perl", so it can be a program name with args.
+set dummy perl; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_PERL_CMD+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $PERL_CMD in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_PERL_CMD="$PERL_CMD" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_path_PERL_CMD="$as_dir/$ac_word$ac_exec_ext"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+PERL_CMD=$ac_cv_path_PERL_CMD
+if test -n "$PERL_CMD"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PERL_CMD" >&5
+$as_echo "$PERL_CMD" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+    ;;
+esac
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: using $PERL_CMD for perl command" >&5
+$as_echo "using $PERL_CMD for perl command" >&6; }
+
+## ----------------------------------------------------------------------
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for Perl version" >&5
+$as_echo_n "checking for Perl version... " >&6; }
+
+if test x`"$PERL_CMD" -e "use $PERL_VERSION; print 'ok'"` = x"ok"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PERL_VERSION or later" >&5
+$as_echo "$PERL_VERSION or later" >&6; }
+else
+    as_fn_error $? "Perl $PERL_VERSION or later required." "$LINENO" 5
+fi
+
+## ----------------------------------------------------------------------
+
+
+
+
+# Check whether --with-perl-libdir was given.
+if test "${with_perl_libdir+set}" = set; then :
+  withval=$with_perl_libdir; PERL_LIBDIR="$withval"
+fi
+
+
+case "$PERL_LIBDIR" in
+/*)
+    ;;
+sitelib)
+    PERL_LIBDIR=`$PERL_CMD -MConfig -e 'print $Config{installsitelib}'`
+    ;;
+*)
+    PERL_LIBDIR=`$PERL_CMD -MConfig -e 'print $Config{installvendorlib}'`
+    ;;
+esac
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: using $PERL_LIBDIR for *.pm install directory" >&5
+$as_echo "using $PERL_LIBDIR for *.pm install directory" >&6; }
+
+## ----------------------------------------------------------------------
+
+
+
+
+# Check whether --with-pod2man was given.
+if test "${with_pod2man+set}" = set; then :
+  withval=$with_pod2man; POD2MAN_CMD="$withval"
+fi
+
+
+case "$POD2MAN_CMD" in
+/*)
+    ;;
+*)
+    # Extract the first word of "pod2man", so it can be a program name with args.
+set dummy pod2man; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_POD2MAN_CMD+:} false; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $POD2MAN_CMD in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_POD2MAN_CMD="$POD2MAN_CMD" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_path_POD2MAN_CMD="$as_dir/$ac_word$ac_exec_ext"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+POD2MAN_CMD=$ac_cv_path_POD2MAN_CMD
+if test -n "$POD2MAN_CMD"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $POD2MAN_CMD" >&5
+$as_echo "$POD2MAN_CMD" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+    ;;
+esac
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: using $POD2MAN_CMD for pod2man command" >&5
+$as_echo "using $POD2MAN_CMD for pod2man command" >&6; }
+
+## Samba
+## ======================================================================
+
+
+
+
+# Check whether --with-samba-sysconfdir was given.
+if test "${with_samba_sysconfdir+set}" = set; then :
+  withval=$with_samba_sysconfdir; SAMBA_SYSCONFDIR="$withval"
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: using $SAMBA_SYSCONFDIR for Samba sysconf directory" >&5
+$as_echo "using $SAMBA_SYSCONFDIR for Samba sysconf directory" >&6; }
+
+## ----------------------------------------------------------------------
+
+
+
+
+# Check whether --with-samba_bindir was given.
+if test "${with_samba_bindir+set}" = set; then :
+  withval=$with_samba_bindir; SAMBA_BINDIR="$withval"
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: using $SAMBA_BINDIR for Samba bin directory" >&5
+$as_echo "using $SAMBA_BINDIR for Samba bin directory" >&6; }
+
+## Output
+## ======================================================================
+
+ac_config_files="$ac_config_files Makefile build/Makefile.common build/Makefile.package build/Makefile.top build/subst.pl"
+
+
+cat >confcache <<\_ACEOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs, see configure's option --config-cache.
+# It is not useful on other systems.  If it contains results you don't
+# want to keep, you may remove or edit it.
+#
+# config.status only pays attention to the cache file if you give it
+# the --recheck option to rerun configure.
+#
+# `ac_cv_env_foo' variables (set or unset) will be overridden when
+# loading this file, other *unset* `ac_cv_foo' will be assigned the
+# following values.
+
+_ACEOF
+
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, we kill variables containing newlines.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+(
+  for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+      *) { eval $ac_var=; unset $ac_var;} ;;
+      esac ;;
+    esac
+  done
+
+  (set) 2>&1 |
+    case $as_nl`(ac_space=' '; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
+      # `set' does not quote correctly, so add quotes: double-quote
+      # substitution turns \\\\ into \\, and sed turns \\ into \.
+      sed -n \
+	"s/'/'\\\\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
+      ;; #(
+    *)
+      # `set' quotes correctly as required by POSIX, so do not add quotes.
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+      ;;
+    esac |
+    sort
+) |
+  sed '
+     /^ac_cv_env_/b end
+     t clear
+     :clear
+     s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
+     t end
+     s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
+     :end' >>confcache
+if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
+  if test -w "$cache_file"; then
+    if test "x$cache_file" != "x/dev/null"; then
+      { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
+$as_echo "$as_me: updating cache $cache_file" >&6;}
+      if test ! -f "$cache_file" || test -h "$cache_file"; then
+	cat confcache >"$cache_file"
+      else
+        case $cache_file in #(
+        */* | ?:*)
+	  mv -f confcache "$cache_file"$$ &&
+	  mv -f "$cache_file"$$ "$cache_file" ;; #(
+        *)
+	  mv -f confcache "$cache_file" ;;
+	esac
+      fi
+    fi
+  else
+    { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
+$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
+  fi
+fi
+rm -f confcache
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+# Transform confdefs.h into DEFS.
+# Protect against shell expansion while executing Makefile rules.
+# Protect against Makefile macro expansion.
+#
+# If the first sed substitution is executed (which looks for macros that
+# take arguments), then branch to the quote section.  Otherwise,
+# look for a macro that doesn't take arguments.
+ac_script='
+:mline
+/\\$/{
+ N
+ s,\\\n,,
+ b mline
+}
+t clear
+:clear
+s/^[	 ]*#[	 ]*define[	 ][	 ]*\([^	 (][^	 (]*([^)]*)\)[	 ]*\(.*\)/-D\1=\2/g
+t quote
+s/^[	 ]*#[	 ]*define[	 ][	 ]*\([^	 ][^	 ]*\)[	 ]*\(.*\)/-D\1=\2/g
+t quote
+b any
+:quote
+s/[	 `~#$^&*(){}\\|;'\''"<>?]/\\&/g
+s/\[/\\&/g
+s/\]/\\&/g
+s/\$/$$/g
+H
+:any
+${
+	g
+	s/^\n//
+	s/\n/ /g
+	p
+}
+'
+DEFS=`sed -n "$ac_script" confdefs.h`
+
+
+ac_libobjs=
+ac_ltlibobjs=
+U=
+for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
+  # 1. Remove the extension, and $U if already installed.
+  ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
+  ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
+  # 2. Prepend LIBOBJDIR.  When used with automake>=1.10 LIBOBJDIR
+  #    will be set to the directory where LIBOBJS objects are built.
+  as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
+  as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
+done
+LIBOBJS=$ac_libobjs
+
+LTLIBOBJS=$ac_ltlibobjs
+
+
+
+: "${CONFIG_STATUS=./config.status}"
+ac_write_fail=0
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files $CONFIG_STATUS"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
+$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
+as_write_fail=0
+cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+
+SHELL=\${CONFIG_SHELL-$SHELL}
+export SHELL
+_ASEOF
+cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in #(
+  *posix*) :
+    set -o posix ;; #(
+  *) :
+     ;;
+esac
+fi
+
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+    && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='print -r --'
+  as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in #(
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+as_myself=
+case $0 in #((
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+  done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh).  But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there.  '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+  && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+
+# as_fn_error STATUS ERROR [LINENO LOG_FD]
+# ----------------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with STATUS, using 1 if that was 0.
+as_fn_error ()
+{
+  as_status=$1; test $as_status -eq 0 && as_status=1
+  if test "$4"; then
+    as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+    $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4
+  fi
+  $as_echo "$as_me: error: $2" >&2
+  as_fn_exit $as_status
+} # as_fn_error
+
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+  return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+  set +e
+  as_fn_set_status $1
+  exit $1
+} # as_fn_exit
+
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+  { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+  eval 'as_fn_append ()
+  {
+    eval $1+=\$2
+  }'
+else
+  as_fn_append ()
+  {
+    eval $1=\$$1\$2
+  }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+  eval 'as_fn_arith ()
+  {
+    as_val=$(( $* ))
+  }'
+else
+  as_fn_arith ()
+  {
+    as_val=`expr "$@" || test $? -eq 1`
+  }
+fi # as_fn_arith
+
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+  case `echo 'xy\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  xy)  ECHO_C='\c';;
+  *)   echo `echo ksh88 bug on AIX 6.1` > /dev/null
+       ECHO_T='	';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -p'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -p'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -p'
+  fi
+else
+  as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || eval $as_mkdir_p || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p='mkdir -p "$as_dir"'
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+  as_test_x='test -x'
+else
+  if ls -dL / >/dev/null 2>&1; then
+    as_ls_L_option=L
+  else
+    as_ls_L_option=
+  fi
+  as_test_x='
+    eval sh -c '\''
+      if test -d "$1"; then
+	test -d "$1/.";
+      else
+	case $1 in #(
+	-*)set "./$1";;
+	esac;
+	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
+	???[sx]*):;;*)false;;esac;fi
+    '\'' sh
+  '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+exec 6>&1
+## ----------------------------------- ##
+## Main body of $CONFIG_STATUS script. ##
+## ----------------------------------- ##
+_ASEOF
+test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# Save the log message, to keep $0 and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.
+ac_log="
+This file was extended by smbldap-tools $as_me 0.9.7, which was
+generated by GNU Autoconf 2.68.  Invocation command line was
+
+  CONFIG_FILES    = $CONFIG_FILES
+  CONFIG_HEADERS  = $CONFIG_HEADERS
+  CONFIG_LINKS    = $CONFIG_LINKS
+  CONFIG_COMMANDS = $CONFIG_COMMANDS
+  $ $0 $@
+
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
+_ACEOF
+
+case $ac_config_files in *"
+"*) set x $ac_config_files; shift; ac_config_files=$*;;
+esac
+
+
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+# Files that config.status was made for.
+config_files="$ac_config_files"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ac_cs_usage="\
+\`$as_me' instantiates files and other configuration actions
+from templates according to the current configuration.  Unless the files
+and actions are specified as TAGs, all are instantiated by default.
+
+Usage: $0 [OPTION]... [TAG]...
+
+  -h, --help       print this help, then exit
+  -V, --version    print version number and configuration settings, then exit
+      --config     print configuration, then exit
+  -q, --quiet, --silent
+                   do not print progress messages
+  -d, --debug      don't remove temporary files
+      --recheck    update $as_me by reconfiguring in the same conditions
+      --file=FILE[:TEMPLATE]
+                   instantiate the configuration file FILE
+
+Configuration files:
+$config_files
+
+Report bugs to the package provider."
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
+ac_cs_version="\\
+smbldap-tools config.status 0.9.7
+configured by $0, generated by GNU Autoconf 2.68,
+  with options \\"\$ac_cs_config\\"
+
+Copyright (C) 2010 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+
+ac_pwd='$ac_pwd'
+srcdir='$srcdir'
+test -n "\$AWK" || AWK=awk
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# The default lists apply if the user does not specify any file.
+ac_need_defaults=:
+while test $# != 0
+do
+  case $1 in
+  --*=?*)
+    ac_option=`expr "X$1" : 'X\([^=]*\)='`
+    ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+    ac_shift=:
+    ;;
+  --*=)
+    ac_option=`expr "X$1" : 'X\([^=]*\)='`
+    ac_optarg=
+    ac_shift=:
+    ;;
+  *)
+    ac_option=$1
+    ac_optarg=$2
+    ac_shift=shift
+    ;;
+  esac
+
+  case $ac_option in
+  # Handling of the options.
+  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+    ac_cs_recheck=: ;;
+  --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+    $as_echo "$ac_cs_version"; exit ;;
+  --config | --confi | --conf | --con | --co | --c )
+    $as_echo "$ac_cs_config"; exit ;;
+  --debug | --debu | --deb | --de | --d | -d )
+    debug=: ;;
+  --file | --fil | --fi | --f )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    '') as_fn_error $? "missing file argument" ;;
+    esac
+    as_fn_append CONFIG_FILES " '$ac_optarg'"
+    ac_need_defaults=false;;
+  --he | --h |  --help | --hel | -h )
+    $as_echo "$ac_cs_usage"; exit ;;
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil | --si | --s)
+    ac_cs_silent=: ;;
+
+  # This is an error.
+  -*) as_fn_error $? "unrecognized option: \`$1'
+Try \`$0 --help' for more information." ;;
+
+  *) as_fn_append ac_config_targets " $1"
+     ac_need_defaults=false ;;
+
+  esac
+  shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+  exec 6>/dev/null
+  ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+if \$ac_cs_recheck; then
+  set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+  shift
+  \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
+  CONFIG_SHELL='$SHELL'
+  export CONFIG_SHELL
+  exec "\$@"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+exec 5>>config.log
+{
+  echo
+  sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+  $as_echo "$ac_log"
+} >&5
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+
+# Handling of arguments.
+for ac_config_target in $ac_config_targets
+do
+  case $ac_config_target in
+    "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+    "build/Makefile.common") CONFIG_FILES="$CONFIG_FILES build/Makefile.common" ;;
+    "build/Makefile.package") CONFIG_FILES="$CONFIG_FILES build/Makefile.package" ;;
+    "build/Makefile.top") CONFIG_FILES="$CONFIG_FILES build/Makefile.top" ;;
+    "build/subst.pl") CONFIG_FILES="$CONFIG_FILES build/subst.pl" ;;
+
+  *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
+  esac
+done
+
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used.  Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+  test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+fi
+
+# Have a temporary directory for convenience.  Make it in the build tree
+# simply because there is no reason against having it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
+$debug ||
+{
+  tmp= ac_tmp=
+  trap 'exit_status=$?
+  : "${ac_tmp:=$tmp}"
+  { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status
+' 0
+  trap 'as_fn_exit 1' 1 2 13 15
+}
+# Create a (secure) tmp directory for tmp files.
+
+{
+  tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+  test -d "$tmp"
+}  ||
+{
+  tmp=./conf$$-$RANDOM
+  (umask 077 && mkdir "$tmp")
+} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5
+ac_tmp=$tmp
+
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
+if test -n "$CONFIG_FILES"; then
+
+
+ac_cr=`echo X | tr X '\015'`
+# On cygwin, bash can eat \r inside `` if the user requested igncr.
+# But we know of no other shell where ac_cr would be empty at this
+# point, so we can use a bashism as a fallback.
+if test "x$ac_cr" = x; then
+  eval ac_cr=\$\'\\r\'
+fi
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+  ac_cs_awk_cr='\\r'
+else
+  ac_cs_awk_cr=$ac_cr
+fi
+
+echo 'BEGIN {' >"$ac_tmp/subs1.awk" &&
+_ACEOF
+
+
+{
+  echo "cat >conf$$subs.awk <<_ACEOF" &&
+  echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
+  echo "_ACEOF"
+} >conf$$subs.sh ||
+  as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'`
+ac_delim='%!_!# '
+for ac_last_try in false false false false false :; do
+  . ./conf$$subs.sh ||
+    as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+
+  ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
+  if test $ac_delim_n = $ac_delim_num; then
+    break
+  elif $ac_last_try; then
+    as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5
+  else
+    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+  fi
+done
+rm -f conf$$subs.sh
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK &&
+_ACEOF
+sed -n '
+h
+s/^/S["/; s/!.*/"]=/
+p
+g
+s/^[^!]*!//
+:repl
+t repl
+s/'"$ac_delim"'$//
+t delim
+:nl
+h
+s/\(.\{148\}\)..*/\1/
+t more1
+s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
+p
+n
+b repl
+:more1
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t nl
+:delim
+h
+s/\(.\{148\}\)..*/\1/
+t more2
+s/["\\]/\\&/g; s/^/"/; s/$/"/
+p
+b
+:more2
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t delim
+' <conf$$subs.awk | sed '
+/^[^""]/{
+  N
+  s/\n//
+}
+' >>$CONFIG_STATUS || ac_write_fail=1
+rm -f conf$$subs.awk
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACAWK
+cat >>"\$ac_tmp/subs1.awk" <<_ACAWK &&
+  for (key in S) S_is_set[key] = 1
+  FS = ""
+
+}
+{
+  line = $ 0
+  nfields = split(line, field, "@")
+  substed = 0
+  len = length(field[1])
+  for (i = 2; i < nfields; i++) {
+    key = field[i]
+    keylen = length(key)
+    if (S_is_set[key]) {
+      value = S[key]
+      line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+      len += length(value) + length(field[++i])
+      substed = 1
+    } else
+      len += 1 + keylen
+  }
+
+  print line
+}
+
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+  sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+  cat
+fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \
+  || as_fn_error $? "could not setup config files machinery" "$LINENO" 5
+_ACEOF
+
+# VPATH may cause trouble with some makes, so we remove sole $(srcdir),
+# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and
+# trailing colons and then remove the whole line if VPATH becomes empty
+# (actually we leave an empty line to preserve line numbers).
+if test "x$srcdir" = x.; then
+  ac_vpsub='/^[	 ]*VPATH[	 ]*=[	 ]*/{
+h
+s///
+s/^/:/
+s/[	 ]*$/:/
+s/:\$(srcdir):/:/g
+s/:\${srcdir}:/:/g
+s/:@srcdir@:/:/g
+s/^:*//
+s/:*$//
+x
+s/\(=[	 ]*\).*/\1/
+G
+s/\n//
+s/^[^=]*=[	 ]*$//
+}'
+fi
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+fi # test -n "$CONFIG_FILES"
+
+
+eval set X "  :F $CONFIG_FILES      "
+shift
+for ac_tag
+do
+  case $ac_tag in
+  :[FHLC]) ac_mode=$ac_tag; continue;;
+  esac
+  case $ac_mode$ac_tag in
+  :[FHL]*:*);;
+  :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;;
+  :[FH]-) ac_tag=-:-;;
+  :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+  esac
+  ac_save_IFS=$IFS
+  IFS=:
+  set x $ac_tag
+  IFS=$ac_save_IFS
+  shift
+  ac_file=$1
+  shift
+
+  case $ac_mode in
+  :L) ac_source=$1;;
+  :[FH])
+    ac_file_inputs=
+    for ac_f
+    do
+      case $ac_f in
+      -) ac_f="$ac_tmp/stdin";;
+      *) # Look for the file first in the build tree, then in the source tree
+	 # (if the path is not absolute).  The absolute path cannot be DOS-style,
+	 # because $ac_f cannot contain `:'.
+	 test -f "$ac_f" ||
+	   case $ac_f in
+	   [\\/$]*) false;;
+	   *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+	   esac ||
+	   as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;;
+      esac
+      case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+      as_fn_append ac_file_inputs " '$ac_f'"
+    done
+
+    # Let's still pretend it is `configure' which instantiates (i.e., don't
+    # use $as_me), people would be surprised to read:
+    #    /* config.h.  Generated by config.status.  */
+    configure_input='Generated from '`
+	  $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+	`' by configure.'
+    if test x"$ac_file" != x-; then
+      configure_input="$ac_file.  $configure_input"
+      { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
+$as_echo "$as_me: creating $ac_file" >&6;}
+    fi
+    # Neutralize special characters interpreted by sed in replacement strings.
+    case $configure_input in #(
+    *\&* | *\|* | *\\* )
+       ac_sed_conf_input=`$as_echo "$configure_input" |
+       sed 's/[\\\\&|]/\\\\&/g'`;; #(
+    *) ac_sed_conf_input=$configure_input;;
+    esac
+
+    case $ac_tag in
+    *:-:* | *:-) cat >"$ac_tmp/stdin" \
+      || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;;
+    esac
+    ;;
+  esac
+
+  ac_dir=`$as_dirname -- "$ac_file" ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$ac_file" : 'X\(//\)[^/]' \| \
+	 X"$ac_file" : 'X\(//\)$' \| \
+	 X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$ac_file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  as_dir="$ac_dir"; as_fn_mkdir_p
+  ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+  case $ac_mode in
+  :F)
+  #
+  # CONFIG_FILE
+  #
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+ac_sed_dataroot='
+/datarootdir/ {
+  p
+  q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+  ac_datarootdir_hack='
+  s&@datadir@&$datadir&g
+  s&@docdir@&$docdir&g
+  s&@infodir@&$infodir&g
+  s&@localedir@&$localedir&g
+  s&@mandir@&$mandir&g
+  s&\\\${datarootdir}&$datarootdir&g' ;;
+esac
+_ACEOF
+
+# Neutralize VPATH when `$srcdir' = `.'.
+# Shell code in configure.ac might set extrasub.
+# FIXME: do we really want to maintain this feature?
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_sed_extra="$ac_vpsub
+$extrasub
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s|@configure_input@|$ac_sed_conf_input|;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+$ac_datarootdir_hack
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \
+  >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+  { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } &&
+  { ac_out=`sed -n '/^[	 ]*datarootdir[	 ]*:*=/p' \
+      "$ac_tmp/out"`; test -z "$ac_out"; } &&
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined" >&5
+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined" >&2;}
+
+  rm -f "$ac_tmp/stdin"
+  case $ac_file in
+  -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";;
+  *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";;
+  esac \
+  || as_fn_error $? "could not create $ac_file" "$LINENO" 5
+ ;;
+
+
+
+  esac
+
+done # for ac_tag
+
+
+as_fn_exit 0
+_ACEOF
+ac_clean_files=$ac_clean_files_save
+
+test $ac_write_fail = 0 ||
+  as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5
+
+
+# configure is writing to config.log, and then calls config.status.
+# config.status does its own redirection, appending to config.log.
+# Unfortunately, on DOS this fails, as config.log is still kept open
+# by configure, so config.status won't be able to write to it; its
+# output is simply discarded.  So we exec the FD to /dev/null,
+# effectively closing config.log, so it can be properly (re)opened and
+# appended to by config.status.  When coming back to configure, we
+# need to make the FD available again.
+if test "$no_create" != yes; then
+  ac_cs_success=:
+  ac_config_status_args=
+  test "$silent" = yes &&
+    ac_config_status_args="$ac_config_status_args --quiet"
+  exec 5>/dev/null
+  $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
+  exec 5>>config.log
+  # Use ||, not &&, to avoid exiting from the if with $? = 1, which
+  # would make configure fail if this is the last instruction.
+  $ac_cs_success || as_fn_exit 1
+fi
+if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
+$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
+fi
+
+
diff -Nru smbldap-tools-0.9.5/configure.in smbldap-tools-0.9.7/configure.in
--- smbldap-tools-0.9.5/configure.in	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/configure.in	2011-09-26 09:57:50.000000000 +0200
@@ -0,0 +1,152 @@
+## smbldap-tools configure.in
+## ======================================================================
+
+AC_PREREQ(2.50)
+
+AC_INIT(smbldap-tools, 0.9.7)
+
+AC_PREFIX_DEFAULT(/usr/local)
+
+#AC_PROG_INSTALL
+
+package_subdir="$PACKAGE_NAME"
+PERL_VERSION=5.008001
+SAMBA_SYSCONFDIR="/etc/samba"
+SAMBA_BINDIR="/usr/bin"
+
+## Installation directories
+## ======================================================================
+
+AC_SUBST(package_subdir)
+
+AC_ARG_WITH(
+  subdir,
+  [AC_HELP_STRING(--with-subdir=DIR,
+    [change default subdirectory used for installs])],
+  [package_subdir="$withval"],
+)
+
+case "$package_subdir" in
+yes|no|"")
+    package_subdir=""
+    ;;
+*)
+    AC_MSG_RESULT([using $package_subdir for install subdir])
+    package_subdir="/$package_subdir"
+    ;;
+esac
+
+## Perl
+## ======================================================================
+
+AC_SUBST(PERL_CMD)
+
+AC_ARG_WITH(
+    perl,
+    [AC_HELP_STRING(--with-perl=PATH, [Use specific perl command])],
+    [PERL_CMD="$withval"],
+)
+
+case "$PERL_CMD" in
+/*)
+    ;;
+*)
+    AC_PATH_PROG(PERL_CMD, perl)
+    ;;
+esac
+
+AC_MSG_RESULT([using $PERL_CMD for perl command])
+
+## ----------------------------------------------------------------------
+
+AC_MSG_CHECKING(for Perl version)
+
+if test x`"$PERL_CMD" -e "use $PERL_VERSION; print 'ok'"` = x"ok"; then
+    AC_MSG_RESULT($PERL_VERSION or later)
+else
+    AC_MSG_ERROR(Perl $PERL_VERSION or later required.)
+fi
+
+## ----------------------------------------------------------------------
+
+AC_SUBST(PERL_LIBDIR)
+
+AC_ARG_WITH(
+    perl-libdir,
+    [AC_HELP_STRING(--with-perl-libdir=PATH,[*.pm install directory])],
+    [PERL_LIBDIR="$withval"],
+)
+
+case "$PERL_LIBDIR" in
+/*)
+    ;;
+sitelib)
+    PERL_LIBDIR=`$PERL_CMD -MConfig -e 'print $Config{installsitelib}'`
+    ;;
+*)
+    PERL_LIBDIR=`$PERL_CMD -MConfig -e 'print $Config{installvendorlib}'`
+    ;;
+esac
+
+AC_MSG_RESULT([using $PERL_LIBDIR for *.pm install directory])
+
+## ----------------------------------------------------------------------
+
+AC_SUBST(POD2MAN_CMD)
+
+AC_ARG_WITH(
+    pod2man,
+    [AC_HELP_STRING(--with-pod2man=PATH, [Use specific pod2man command])],
+    [POD2MAN_CMD="$withval"],
+)
+
+case "$POD2MAN_CMD" in
+/*)
+    ;;
+*)
+    AC_PATH_PROG(POD2MAN_CMD, pod2man)
+    ;;
+esac
+
+AC_MSG_RESULT([using $POD2MAN_CMD for pod2man command])
+
+## Samba
+## ======================================================================
+
+AC_SUBST(SAMBA_SYSCONFDIR)
+
+AC_ARG_WITH(
+    samba-sysconfdir,
+    [AC_HELP_STRING(--with-samba-sysconfdir=DIR,
+	[Path for Samba sysconf directory])],
+    [SAMBA_SYSCONFDIR="$withval"],
+)
+
+AC_MSG_RESULT([using $SAMBA_SYSCONFDIR for Samba sysconf directory])
+
+## ----------------------------------------------------------------------
+
+AC_SUBST(SAMBA_BINDIR)
+
+AC_ARG_WITH(
+    samba_bindir,
+    [AC_HELP_STRING([--with-samba-bindir=DIR],
+	[Path for Samba bin directory])],
+    [SAMBA_BINDIR="$withval"],
+)
+
+AC_MSG_RESULT([using $SAMBA_BINDIR for Samba bin directory])
+
+## Output
+## ======================================================================
+
+AC_CONFIG_FILES(
+    Makefile
+    build/Makefile.common
+    build/Makefile.package
+    build/Makefile.top
+    build/subst.pl
+)
+
+AC_OUTPUT
+
diff -Nru smbldap-tools-0.9.5/configure.pl smbldap-tools-0.9.7/configure.pl
--- smbldap-tools-0.9.5/configure.pl	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/configure.pl	1970-01-01 01:00:00.000000000 +0100
@@ -1,578 +0,0 @@
-#!/usr/bin/perl -w
-
-# $Id: $
-# $Source: $
-
-# This script can help you setting up the smbldap_conf.pl file. It will get all the defaults value
-# that are defined in the smb.conf configuration file. You should then start with this configuration
-# file. You will also need the SID for your samba domain: set up the controler domain before using
-# this script.
-
-#  This code was developped by IDEALX (http://IDEALX.org/) and
-#  contributors (their names can be found in the CONTRIBUTORS file).
-#
-#                 Copyright (C) 2002 IDEALX
-#
-#  This program is free software; you can redistribute it and/or
-#  modify it under the terms of the GNU General Public License
-#  as published by the Free Software Foundation; either version 2
-#  of the License, or (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-#  USA.
-
-
-use strict;
-use File::Basename;
-
-# we need to be root to configure the scripts
-if ($< != 0) {
-  die "Only root can configure the smbldap-tools scripts\n";
-}
-
-print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-       smbldap-tools script configuration
-       -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-Before starting, check
- . if your samba controller is up and running.
- . if the domain SID is defined (you can get it with the 'net getlocalsid')
-
- . you can leave the configuration using the Crtl-c key combination
- . empty value can be set with the \".\" character\n";
-print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n";
-
-# we first check if Samba is up and running
-my $test_smb=`pidof smbd`;
-chomp($test_smb);
-die "\nSamba need to be started first !\n" if ($test_smb eq "" || not defined $test_smb);
-
-print "Looking for configuration files...\n\n";
-my $smb_conf="";
-if (-e "/etc/samba/smb.conf") {
-  $smb_conf="/etc/samba/smb.conf";
-} elsif (-e "/usr/local/samba/lib/smb.conf") {
-  $smb_conf="/usr/local/samba/lib/smb.conf";
-}
-print "Samba Configuration File Path [$smb_conf] > ";
-chomp(my $config_smb=<STDIN>);
-if ($config_smb ne "") {
-  $smb_conf=$config_smb;
-}
-
-my $conf_dir;
-if (-d "/etc/opt/IDEALX/smbldap-tools") {
-	$conf_dir="/etc/opt/IDEALX/smbldap-tools/";
-} elsif (-d "/etc/smbldap-tools") {
-	$conf_dir="/etc/smbldap-tools/";
-} else {
-	$conf_dir="/etc/opt/IDEALX/smbldap-tools/";
-}
-
-print "\nThe default directory in which the smbldap configuration files are stored is shown.\n";
-print "If you need to change this, enter the full directory path, then press enter to continue.\n";
-print "Smbldap-tools Configuration Directory Path [$conf_dir] > ";
-my $conf_dir_tmp;
-chomp($conf_dir_tmp=<STDIN>);
-if ($conf_dir_tmp ne "") {
-  $conf_dir=$conf_dir_tmp;
-}
-
-$conf_dir=~s/(\w)$/$1\//;
-if (! -d $conf_dir) {
-	mkdir "$conf_dir";
-}
-
-my $smbldap_conf="$conf_dir"."smbldap.conf";
-my $smbldap_bind_conf="$conf_dir"."smbldap_bind.conf";
-
-
-
-# Let's read the smb.conf configuration file
-my %config;
-open (CONFIGFILE, "$smb_conf") || die "Unable to open $smb_conf for reading !\n";
-
-while (<CONFIGFILE>) {
-
-  chomp($_);
-
-  ## eat leading whitespace
-  $_=~s/^\s*//;
-
-  ## eat trailing whitespace
-  $_=~s/\s*$//;
-
-
-  ## throw away comments
-  next if (($_=~/^#/) || ($_=~/^;/));
-
-  ## check for a param = value
-  if ($_=~/=/) {
-    #my ($param, $value) = split (/=/, $_);
-    my ($param, $value) = ($_=~/([^=]*)=(.*)/i);
-    $param=~s/./\l$&/g;
-    $param=~s/\s+//g;
-    $value=~s/^\s+//;
-
-    $value=~s/"//g;
-
-    $config{$param} = $value;
-    #print "param=$param\tvalue=$value\n";
-
-    next;
-  }
-}
-close (CONFIGFILE);
-
-print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
-print "Let's start configuring the smbldap-tools scripts ...\n\n";
-
-# This function need 4 parameters:
-# . the description of the parameter
-# . name of the key it is related to in the %config hash (key similar as the name parameter in
-#   smb.conf). You can get all the available keys using this:
-#   foreach my $tmp (keys %config) {
-#	print "key=$tmp\t value=$config{$tmp}\n";
-#   }
-# . if no value is found in smb.conf for the keys, this value is proposed
-# . the 'insist' variable: if set to 1, then the script will always call for a value
-#   for the parameter. In other words, there's not default value, and it can't be set
-#   to a null caracter string.
-
-sub read_entry
-  {
-    my $description=shift;
-    my $value=shift;
-    my $example_value=shift;
-    my $insist=shift;
-    my $value_tmp;
-    chomp($value);
-    $insist=0 if (! defined $insist);
-    if (defined $config{$value} and $config{$value} ne "") {
-      print "$description [$config{$value}] > ";
-      $value_tmp=$config{$value};
-    } else {
-      print "$description [$example_value] > ";
-      $value_tmp="$example_value";
-    }
-    chomp(my $get=<STDIN>);
-    if ($get eq "") {
-      $value=$value_tmp;
-    } elsif ($get eq ".") {
-      $value="";
-    } else {
-      $value=$get;
-    }
-    if ($insist == 1 and "$value" eq "") {
-      while ($insist == 1) {
-	print "  Warning: You really need to set this parameter...\n";
-	$description=~s/. /  /;
-	if (defined $config{$value}) {
-	  print "$description [$config{$value}] > ";
-	  $value_tmp=$config{$value};
-	} else {
-	  print "$description [$value] > ";
-	  $value_tmp="$value";
-	}
-	chomp(my $get=<STDIN>);
-	if ($get eq "") {
-	  $value=$value_tmp;
-	} elsif ($get eq ".") {
-	  $value="";
-	} else {
-	  $value=$get;
-	  $insist=0;
-	}
-      }
-    }
-    return $value;
-  }
-
-print ". workgroup name: name of the domain Samba act as a PDC\n";
-my $workgroup=read_entry("  workgroup name","workgroup","",0);
-
-print ". netbios name: netbios name of the samba controler\n";
-my $netbios_name=read_entry("  netbios name","netbiosname","",0);
-
-print ". logon drive: local path to which the home directory will be connected (for NT Workstations). Ex: 'H:'\n";
-my $logondrive=read_entry("  logon drive","logondrive","",0);
-
-print ". logon home: home directory location (for Win95/98 or NT Workstation).\n  (use %U as username) Ex:'\\\\$netbios_name\\%U'\n";
-my $logonhome=read_entry("  logon home (press the \".\" character if you don't want homeDirectory)","logonhome","\\\\$netbios_name\\%U",0);
-#$logonhome=~s/\\/\\\\/g;
-
-print ". logon path: directory where roaming profiles are stored. Ex:'\\\\$netbios_name\\profiles\\\%U'\n";
-my $logonpath=read_entry("  logon path (press the \".\" character if you don't want roaming profile)","logonpath","\\\\$netbios_name\\profiles\\\%U",0);
-#$logonpath=~s/\\/\\\\/g;
-
-my $userHome=read_entry(". home directory prefix (use %U as username)","","/home/\%U",0);
-
-my $userHomeDirectoryMode=read_entry(". default users' homeDirectory mode","","700",0);
-
-my $userScript=read_entry(". default user netlogon script (use %U as username)","logonscript","",0);
-
-my $defaultMaxPasswordAge=read_entry("  default password validation time (time in days)","","45",0);
-
-#############################
-# ldap directory parameters #
-#############################
-my $ldap_suffix=read_entry(". ldap suffix","ldapsuffix","",0);
-my $ldap_group_suffix=read_entry(". ldap group suffix","ldapgroupsuffix","",0);
-$ldap_group_suffix=~s/ou=//;
-my $ldap_user_suffix=read_entry(". ldap user suffix","ldapusersuffix","",0);
-$ldap_user_suffix=~s/ou=//;
-my $ldap_machine_suffix=read_entry(". ldap machine suffix","ldapmachinesuffix","",0);
-$ldap_machine_suffix=~s/ou=//;
-my $ldap_idmap_suffix=read_entry(". Idmap suffix","ldapidmapsuffix","ou=Idmap",0);
-print ". sambaUnixIdPooldn: object where you want to store the next uidNumber\n";
-print "  and gidNumber available for new users and groups\n";
-my $sambaUnixIdPooldn=read_entry("  sambaUnixIdPooldn object (relative to \${suffix})","","sambaDomainName=$workgroup",0);
-
-# parameters for the master ldap server
-my ($trash1,$server);
-if (defined $config{passdbbackend}) {
-  ($trash1,$server)=($config{passdbbackend}=~m/(.*)ldap:\/\/(.*)/);
-} else {
-  $server="127.0.0.1";
-}
-$server=~s/\///;
-my $ldapmasterserver;
-print ". ldap master server: IP adress or DNS name of the master (writable) ldap server\n";
-$ldapmasterserver=read_entry("  ldap master server","",$server,0);
-my $ldapmasterport;
-if (defined $config{ldapport}) {
-  $ldapmasterport=read_entry(". ldap master port","ldapport","",0);
-} else {
-  $ldapmasterport=read_entry(". ldap master port","","389",0);
-}
-my $ldap_master_admin_dn=read_entry(". ldap master bind dn","ldapadmindn","",0);
-system "stty -echo";
-my $ldap_master_bind_password=read_entry(". ldap master bind password","","",1);
-print "\n";
-system "stty echo";
-
-# parameters for the slave ldap server
-print ". ldap slave server: IP adress or DNS name of the slave ldap server: can also be the master one\n";
-my $ldap_slave_server=read_entry("  ldap slave server","","$server",0);
-my $ldap_slave_port;
-if (defined $config{ldapport}) {
-  $ldap_slave_port=read_entry(". ldap slave port","ldapport","",0);
-} else {
-  $ldap_slave_port=read_entry(". ldap slave port","","389",0);
-}
-my $ldap_slave_admin_dn=read_entry(". ldap slave bind dn","ldapadmindn","",0);
-system "stty -echo";
-my $ldap_slave_bind_password=read_entry(". ldap slave bind password","","",1);
-print "\n";
-system "stty echo";
-my $ldaptls=read_entry(". ldap tls support (1/0)","","0",0);
-my ($cert_verify,$cert_cafile,$cert_clientcert,$cert_clientkey)=("","","","");
-if ($ldaptls == 1) {
-  $cert_verify=read_entry(". How to verify the server's certificate (none, optional or require)","","require",0);
-  $cert_cafile=read_entry(". CA certificate file","","$conf_dir/ca.pem",0);
-  $cert_clientcert=read_entry(". certificate to use to connect to the ldap server","","$conf_dir/smbldap-tools.pem",0);
-  $cert_clientkey=read_entry(". key certificate to use to connect to the ldap server","","$conf_dir/smbldap-tools.key",0);
-}
-
-# let's test if any sid is available
-# Here is the strategy: If smb.conf has 'domain master = No'
-#  this means we are a BDC and we must obtain the SID from the PDC
-#  using the command 'net rpc getsid -S PDC -Uroot%password' BEFORE
-#  executing this script - that then guarantees the correct SID is available.
-my $sid_tmp=`net getlocalsid \$netbios_name 2>/dev/null | cut -f2 -d: | sed "s/ //g"`;
-chomp $sid_tmp;
-print ". SID for domain $config{workgroup}: SID of the domain (can be obtained with 'net getlocalsid $netbios_name')\n";
-my $sid=read_entry("  SID for domain $config{workgroup}","","$sid_tmp",0);
-
-print ". unix password encryption: encryption used for unix passwords\n";
-my $cryp_algo=read_entry("  unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA)","","SSHA",0);
-my $crypt_salt_format="";
-if ( $cryp_algo eq "CRYPT" ) {
-  print ". crypt salt format: If hash_encrypt is set to CRYPT, you may set \n";
-  print "  a salt format. The default is \"\%s\", but many systems will generate\n";
-  print "  MD5 hashed passwords if you use \"\$1\$\%\.8s\"\n";
-  $crypt_salt_format=read_entry("  crypt salt format","","\%s",0);
-}
-
-my $default_user_gidnumber=read_entry(". default user gidNumber","","513",0);
-
-my $default_computer_gidnumber=read_entry(". default computer gidNumber","","515",0);
-
-my $userLoginShell=read_entry(". default login shell","","/bin/bash",0);
-
-my $skeletonDir=read_entry(". default skeleton directory","","/etc/skel",0);
-
-my $mailDomain=read_entry(". default domain name to append to mail adress", "","",0);
-
-print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
-my $template_smbldap="
-# \$Source: /opt/cvs/samba/smbldap-tools/configure.pl,v $
-# \$Id: configure.pl,v 1.17 2005/07/05 09:05:16 jtournier Exp $
-#
-# smbldap-tools.conf : Q & D configuration file for smbldap-tools
-
-#  This code was developped by IDEALX (http://IDEALX.org/) and
-#  contributors (their names can be found in the CONTRIBUTORS file).
-#
-#                 Copyright (C) 2001-2002 IDEALX
-#
-#  This program is free software; you can redistribute it and/or
-#  modify it under the terms of the GNU General Public License
-#  as published by the Free Software Foundation; either version 2
-#  of the License, or (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-#  USA.
-
-#  Purpose :
-#       . be the configuration file for all smbldap-tools scripts
-
-##############################################################################
-#
-# General Configuration
-#
-##############################################################################
-
-# Put your own SID. To obtain this number do: \"net getlocalsid\".
-# If not defined, parameter is taking from \"net getlocalsid\" return
-SID=\"$sid\"
-
-# Domain name the Samba server is in charged.
-# If not defined, parameter is taking from smb.conf configuration file
-# Ex: sambaDomain=\"IDEALX-NT\"
-sambaDomain=\"$workgroup\"
-
-##############################################################################
-#
-# LDAP Configuration
-#
-##############################################################################
-
-# Notes: to use to dual ldap servers backend for Samba, you must patch
-# Samba with the dual-head patch from IDEALX. If not using this patch
-# just use the same server for slaveLDAP and masterLDAP.
-# Those two servers declarations can also be used when you have 
-# . one master LDAP server where all writing operations must be done
-# . one slave LDAP server where all reading operations must be done
-#   (typically a replication directory)
-
-# Slave LDAP server
-# Ex: slaveLDAP=127.0.0.1
-# If not defined, parameter is set to \"127.0.0.1\"
-slaveLDAP=\"$ldap_slave_server\"
-
-# Slave LDAP port
-# If not defined, parameter is set to \"389\"
-slavePort=\"$ldap_slave_port\"
-
-# Master LDAP server: needed for write operations
-# Ex: masterLDAP=127.0.0.1
-# If not defined, parameter is set to \"127.0.0.1\"
-masterLDAP=\"$ldapmasterserver\"
-
-# Master LDAP port
-# If not defined, parameter is set to \"389\"
-masterPort=\"$ldapmasterport\"
-
-# Use TLS for LDAP
-# If set to 1, this option will use start_tls for connection
-# (you should also used the port 389)
-# If not defined, parameter is set to \"1\"
-ldapTLS=\"$ldaptls\"
-
-# How to verify the server's certificate (none, optional or require)
-# see \"man Net::LDAP\" in start_tls section for more details
-verify=\"$cert_verify\"
-
-# CA certificate
-# see \"man Net::LDAP\" in start_tls section for more details
-cafile=\"$cert_cafile\"
-
-# certificate to use to connect to the ldap server
-# see \"man Net::LDAP\" in start_tls section for more details
-clientcert=\"$cert_clientcert\"
-
-# key certificate to use to connect to the ldap server
-# see \"man Net::LDAP\" in start_tls section for more details
-clientkey=\"$cert_clientkey\"
-
-# LDAP Suffix
-# Ex: suffix=dc=IDEALX,dc=ORG
-suffix=\"$ldap_suffix\"
-
-# Where are stored Users
-# Ex: usersdn=\"ou=Users,dc=IDEALX,dc=ORG\"
-# Warning: if 'suffix' is not set here, you must set the full dn for usersdn
-usersdn=\"ou=$ldap_user_suffix,\${suffix}\"
-
-# Where are stored Computers
-# Ex: computersdn=\"ou=Computers,dc=IDEALX,dc=ORG\"
-# Warning: if 'suffix' is not set here, you must set the full dn for computersdn
-computersdn=\"ou=$ldap_machine_suffix,\${suffix}\"
-
-# Where are stored Groups
-# Ex: groupsdn=\"ou=Groups,dc=IDEALX,dc=ORG\"
-# Warning: if 'suffix' is not set here, you must set the full dn for groupsdn
-groupsdn=\"ou=$ldap_group_suffix,\${suffix}\"
-
-# Where are stored Idmap entries (used if samba is a domain member server)
-# Ex: groupsdn=\"ou=Idmap,dc=IDEALX,dc=ORG\"
-# Warning: if 'suffix' is not set here, you must set the full dn for idmapdn
-idmapdn=\"$ldap_idmap_suffix,\${suffix}\"
-
-# Where to store next uidNumber and gidNumber available for new users and groups
-# If not defined, entries are stored in sambaDomainName object.
-# Ex: sambaUnixIdPooldn=\"sambaDomainName=\${sambaDomain},\${suffix}\"
-# Ex: sambaUnixIdPooldn=\"cn=NextFreeUnixId,\${suffix}\"
-sambaUnixIdPooldn=\"$sambaUnixIdPooldn,\${suffix}\"
-
-# Default scope Used
-scope=\"sub\"
-
-# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
-hash_encrypt=\"$cryp_algo\"
-
-# if hash_encrypt is set to CRYPT, you may set a salt format.
-# default is \"\%s\", but many systems will generate MD5 hashed
-# passwords if you use \"\$1\$\%\.8s\". This parameter is optional!
-crypt_salt_format=\"$crypt_salt_format\"
-
-##############################################################################
-# 
-# Unix Accounts Configuration
-# 
-##############################################################################
-
-# Login defs
-# Default Login Shell
-# Ex: userLoginShell=\"/bin/bash\"
-userLoginShell=\"$userLoginShell\"
-
-# Home directory
-# Ex: userHome=\"/home/\%U\"
-userHome=\"$userHome\"
-
-# Default mode used for user homeDirectory
-userHomeDirectoryMode=\"$userHomeDirectoryMode\"
-
-# Gecos
-userGecos=\"System User\"
-
-# Default User (POSIX and Samba) GID
-defaultUserGid=\"$default_user_gidnumber\"
-
-# Default Computer (Samba) GID
-defaultComputerGid=\"$default_computer_gidnumber\"
-
-# Skel dir
-skeletonDir=\"$skeletonDir\"
-
-# Default password validation time (time in days) Comment the next line if
-# you don't want password to be enable for defaultMaxPasswordAge days (be
-# careful to the sambaPwdMustChange attribute's value)
-defaultMaxPasswordAge=\"$defaultMaxPasswordAge\"
-
-##############################################################################
-#
-# SAMBA Configuration
-#
-##############################################################################
-
-# The UNC path to home drives location (\%U username substitution)
-# Just set it to a null string if you want to use the smb.conf 'logon home'
-# directive and/or disable roaming profiles
-# Ex: userSmbHome=\"\\\\PDC-SMB3\\%U\"
-userSmbHome=\"$logonhome\"
-
-# The UNC path to profiles locations (\%U username substitution)
-# Just set it to a null string if you want to use the smb.conf 'logon path'
-# directive and/or disable roaming profiles
-# Ex: userProfile=\"\\\\PDC-SMB3\\profiles\\\%U\"
-userProfile=\"$logonpath\"
-
-# The default Home Drive Letter mapping
-# (will be automatically mapped at logon time if home directory exist)
-# Ex: userHomeDrive=\"H:\"
-userHomeDrive=\"$logondrive\"
-
-# The default user netlogon script name (\%U username substitution)
-# if not used, will be automatically username.cmd
-# make sure script file is edited under dos
-# Ex: userScript=\"startup.cmd\" # make sure script file is edited under dos
-userScript=\"$userScript\"
-
-# Domain appended to the users \"mail\"-attribute
-# when smbldap-useradd -M is used
-# Ex: mailDomain=\"idealx.com\"
-mailDomain=\"$mailDomain\"
-
-##############################################################################
-#
-# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
-#
-##############################################################################
-
-# Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but
-# prefer Crypt::SmbHash library
-with_smbpasswd=\"0\"
-smbpasswd=\"/usr/bin/smbpasswd\"
-
-# Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)
-# but prefer Crypt:: libraries
-with_slappasswd=\"0\"
-slappasswd=\"/usr/sbin/slappasswd\"
-
-# comment out the following line to get rid of the default banner
-# no_banner=\"1\"
-";
-
-my $template_smbldap_bind="
-############################
-# Credential Configuration #
-############################
-# Notes: you can specify two differents configuration if you use a
-# master ldap for writing access and a slave ldap server for reading access
-# By default, we will use the same DN (so it will work for standard Samba
-# release)
-slaveDN=\"$ldap_master_admin_dn\"
-slavePw=\"$ldap_master_bind_password\"
-masterDN=\"$ldap_slave_admin_dn\"
-masterPw=\"$ldap_slave_bind_password\"
-";
-
-print "backup old configuration files:\n";
-print "  $smbldap_conf->$smbldap_conf.old\n";
-print "  $smbldap_bind_conf->$smbldap_bind_conf.old\n";
-rename "$smbldap_conf","$smbldap_conf.old";
-rename "$smbldap_bind_conf","$smbldap_bind_conf.old";
-
-print "writing new configuration file:\n";
-open (SMBLDAP,'>',"$smbldap_conf") || die "Unable to open $smbldap_conf for writing !\n";
-print SMBLDAP "$template_smbldap";
-close(SMBLDAP);
-print "  $smbldap_conf done.\n";
-my $mode=0644;
-chmod $mode,"$smbldap_conf","$smbldap_conf.old";
-
-open (SMBLDAP_BIND,'>',"$smbldap_bind_conf") || die "Unable to open $smbldap_bind_conf for writing !\n";
-print SMBLDAP_BIND "$template_smbldap_bind";
-close(SMBLDAP_BIND);
-print "  $smbldap_bind_conf done.\n";
-$mode=0600;
-chmod $mode,"$smbldap_bind_conf","$smbldap_bind_conf.old";
-
-
-
diff -Nru smbldap-tools-0.9.5/CONTRIBUTORS smbldap-tools-0.9.7/CONTRIBUTORS
--- smbldap-tools-0.9.5/CONTRIBUTORS	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/CONTRIBUTORS	2011-07-12 15:29:04.000000000 +0200
@@ -1,22 +1,25 @@
-# $Id: $
-# $Source: $
+# $Id$
 #
-## Authors and actives contributors to SMBLDAP-TOOLS
+## Authors, developers and contributors of SMBLDAP-TOOLS
 
-Have contributed directly to this tools, or are always in charge of 
-some aspects of it developments:
- . Jérôme Tournier <jerome.tournier@IDEALX.com>
+The following developers have contributed directly to this project,
+or maintain parts of the code tree:
+ . Jérôme Tournier <jerome.tournier@IDEALX.com>
  . Terry Davis <terry@terryd.net>
  . David Le Corfec <dlc@freesurf.fr>
  . Olivier Lemaire <olivier.lemaire@IDEALX.com>
+ . Martin Matuška <mm@FreeBSD.org>
+ . SATOH Fumiyasu <fumiyas at OSS Technology, Inc., Japan>
 
-Many thanks to contributors for bug report and patches:
+Many thanks for bug reports and patches:
  . Bruce Benda
-	smbldap-passwd: regular users can change their passwords when TLS is forced
+	smbldap-passwd: regular users can change their passwords when
+	TLS is forced
  . Dmitry Grigorovich
 	options in smbldap-passwd
  . Marc Schoechlin <ms@LF.net>
-	load the perl-modules without setting environment-variables or making symlinks
+	load the perl-modules without setting environment-variables
+	or making symlinks
  . Alexander Bergolth <leo@strike.wu-wien.ac.at>
 	more Net::LDAP support
  . Gert-Jan Braas <braas@wyldebeast-wunderliebe.com>
@@ -35,4 +38,5 @@
 	bug report for smbldap-populate
  . Christophe DUBREUIL <christophe.dubreuil@laposte.net>
 	Net::LDAP support in smbldap_tools.pm
-# - The End
+ . Paul Howarth <paul@city-fan.org>
+	various style, spelling and other bugfixes
diff -Nru smbldap-tools-0.9.5/COPYING smbldap-tools-0.9.7/COPYING
--- smbldap-tools-0.9.5/COPYING	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/COPYING	2011-07-12 15:29:04.000000000 +0200
@@ -1,12 +1,12 @@
-		    GNU GENERAL PUBLIC LICENSE
-		       Version 2, June 1991
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 2, June 1991
 
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.
- 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  Everyone is permitted to copy and distribute verbatim copies
  of this license document, but changing it is not allowed.
 
-			    Preamble
+                            Preamble
 
   The licenses for most software are designed to take away your
 freedom to share and change it.  By contrast, the GNU General Public
@@ -15,7 +15,7 @@
 General Public License applies to most of the Free Software
 Foundation's software and to any other program whose authors commit to
 using it.  (Some other Free Software Foundation software is covered by
-the GNU Library General Public License instead.)  You can apply it to
+the GNU Lesser General Public License instead.)  You can apply it to
 your programs, too.
 
   When we speak of free software, we are referring to freedom, not
@@ -56,7 +56,7 @@
   The precise terms and conditions for copying, distribution and
 modification follow.
 
-		    GNU GENERAL PUBLIC LICENSE
+                    GNU GENERAL PUBLIC LICENSE
    TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
 
   0. This License applies to any program or other work which contains
@@ -255,7 +255,7 @@
 of preserving the free status of all derivatives of our free software and
 of promoting the sharing and reuse of software generally.
 
-			    NO WARRANTY
+                            NO WARRANTY
 
   11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
 FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
@@ -277,9 +277,9 @@
 PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGES.
 
-		     END OF TERMS AND CONDITIONS
+                     END OF TERMS AND CONDITIONS
 
-	    How to Apply These Terms to Your New Programs
+            How to Apply These Terms to Your New Programs
 
   If you develop a new program, and you want it to be of the greatest
 possible use to the public, the best way to achieve this is to make it
@@ -291,7 +291,7 @@
 the "copyright" line and a pointer to where the full notice is found.
 
     <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) 19yy  <name of author>
+    Copyright (C) <year>  <name of author>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -303,17 +303,16 @@
     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     GNU General Public License for more details.
 
-    You should have received a copy of the GNU General Public License
-    along with this program; if not, write to the Free Software
-    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-
+    You should have received a copy of the GNU General Public License along
+    with this program; if not, write to the Free Software Foundation, Inc.,
+    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 
 Also add information on how to contact you by electronic and paper mail.
 
 If the program is interactive, make it output a short notice like this
 when it starts in an interactive mode:
 
-    Gnomovision version 69, Copyright (C) 19yy name of author
+    Gnomovision version 69, Copyright (C) year name of author
     Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
     This is free software, and you are welcome to redistribute it
     under certain conditions; type `show c' for details.
@@ -336,5 +335,5 @@
 This General Public License does not permit incorporating your program into
 proprietary programs.  If your program is a subroutine library, you may
 consider it more useful to permit linking proprietary applications with the
-library.  If this is what you want to do, use the GNU Library General
+library.  If this is what you want to do, use the GNU Lesser General
 Public License instead of this License.
diff -Nru smbldap-tools-0.9.5/debian/changelog smbldap-tools-0.9.7/debian/changelog
--- smbldap-tools-0.9.5/debian/changelog	2011-11-12 11:21:15.000000000 +0100
+++ smbldap-tools-0.9.7/debian/changelog	2011-11-12 11:07:23.000000000 +0100
@@ -1,3 +1,29 @@
+smbldap-tools (0.9.7-1ubuntu1) precise; urgency=low
+
+  * Merge from debian unstable.  Remaining changes:
+    - Apply patch from rdratlos to resolve being unable to join a Windows
+      7 or Windows 2008 machine to a Samba domain due to the use of cached
+      nss credentials. (LP: #814898)
+
+ -- Leo Iannacone <l3on@ubuntu.com>  Tue, 27 Sep 2011 18:05:13 +0000
+
+smbldap-tools (0.9.7-1) unstable; urgency=low
+
+  * New upstream release
+    (Closes: #480386, #519551, #561941, #568259, #572711, #582902).
+
+ -- Sergio Talens-Oliag <sto@debian.org>  Tue, 27 Sep 2011 15:14:48 +0200
+
+smbldap-tools (0.9.6-1) unstable; urgency=low
+
+  * New upstream release
+  * Bumped standard version (no changes needed)
+  * Add use-Digest-SHA.patch patch to use Digest::SHA from perl core instead
+    of Digest::SHA1. Drop libdigest-sha1-perl from Depends (Closes: #624065).
+    Patch from Salvatore Bonaccorso <carnil@debian.org>.
+
+ -- Sergio Talens-Oliag <sto@debian.org>  Thu, 18 Aug 2011 10:55:45 +0200
+
 smbldap-tools (0.9.5-1ubuntu1) oneiric; urgency=low
 
   * Apply patch from rdratlos to resolve being unable to join a Windows
diff -Nru smbldap-tools-0.9.5/debian/control smbldap-tools-0.9.7/debian/control
--- smbldap-tools-0.9.5/debian/control	2011-11-12 11:21:15.000000000 +0100
+++ smbldap-tools-0.9.7/debian/control	2011-09-27 20:05:13.000000000 +0200
@@ -5,11 +5,11 @@
 XSBC-Original-Maintainer: Sergio Talens-Oliag <sto@debian.org>
 Build-Depends: debhelper (>= 7.0.50~), quilt
 Build-Depends-Indep: perl
-Standards-Version: 3.8.3.0
+Standards-Version: 3.9.2.0
 
 Package: smbldap-tools
 Architecture: all
-Depends: ${misc:Depends}, ${perl:Depends}, libnet-ldap-perl, libio-socket-ssl-perl, libcrypt-smbhash-perl, libdigest-sha1-perl, libunicode-maputf8-perl
+Depends: ${misc:Depends}, ${perl:Depends}, libnet-ldap-perl, libio-socket-ssl-perl, libcrypt-smbhash-perl, libunicode-maputf8-perl
 Description: Scripts to manage Unix and Samba accounts stored on LDAP
  Set of scripts to manage data relative to users and groups stored in an LDAP
  server. The tools manage POSIX, shadow and Samba (3.0 series) accounts and
diff -Nru smbldap-tools-0.9.5/debian/doc-base smbldap-tools-0.9.7/debian/doc-base
--- smbldap-tools-0.9.5/debian/doc-base	2011-11-12 11:21:15.000000000 +0100
+++ smbldap-tools-0.9.7/debian/doc-base	2011-09-27 20:05:13.000000000 +0200
@@ -9,5 +9,5 @@
 Files: /usr/share/doc/smbldap-tools/smbldap-tools.pdf.gz
 
 Format: html
-Index: /usr/share/doc/smbldap-tools/html/index.html
-Files: /usr/share/doc/smbldap-tools/html/*.html
+Index: /usr/share/doc/smbldap-tools/smbldap-tools.html
+Files: /usr/share/doc/smbldap-tools/*.html
diff -Nru smbldap-tools-0.9.5/debian/docs smbldap-tools-0.9.7/debian/docs
--- smbldap-tools-0.9.5/debian/docs	2011-11-12 11:21:15.000000000 +0100
+++ smbldap-tools-0.9.7/debian/docs	2011-09-27 20:05:13.000000000 +0200
@@ -1,5 +1,4 @@
-configure.pl
-doc/html
+doc/smbldap-tools.html
 doc/smbldap-tools.pdf
 CONTRIBUTORS
 INFRA
diff -Nru smbldap-tools-0.9.5/debian/examples smbldap-tools-0.9.7/debian/examples
--- smbldap-tools-0.9.5/debian/examples	2011-11-12 11:21:15.000000000 +0100
+++ smbldap-tools-0.9.7/debian/examples	2011-09-27 20:05:13.000000000 +0200
@@ -1,5 +1,5 @@
 doc/migration_scripts
-doc/slapd.conf
-doc/smb.conf
+doc/*.example
 smbldap_bind.conf
 smbldap.conf
+smbldap-upgrade-0.9.6.cmd
diff -Nru smbldap-tools-0.9.5/debian/install smbldap-tools-0.9.7/debian/install
--- smbldap-tools-0.9.5/debian/install	2011-11-12 11:21:15.000000000 +0100
+++ smbldap-tools-0.9.7/debian/install	1970-01-01 01:00:00.000000000 +0100
@@ -1,2 +0,0 @@
-smbldap-[gpu]*		/usr/sbin
-smbldap_tools.pm	/usr/share/perl5
diff -Nru smbldap-tools-0.9.5/debian/manpages smbldap-tools-0.9.7/debian/manpages
--- smbldap-tools-0.9.5/debian/manpages	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/debian/manpages	2011-09-27 10:36:10.000000000 +0200
@@ -0,0 +1 @@
+*.8
diff -Nru smbldap-tools-0.9.5/debian/patches/0001_debian_nobody.patch smbldap-tools-0.9.7/debian/patches/0001_debian_nobody.patch
--- smbldap-tools-0.9.5/debian/patches/0001_debian_nobody.patch	2011-11-12 11:21:15.000000000 +0100
+++ smbldap-tools-0.9.7/debian/patches/0001_debian_nobody.patch	2011-09-27 20:05:13.000000000 +0200
@@ -1,33 +1,11 @@
---- smbldap-tools-0.9.5.orig/smbldap-populate
-+++ smbldap-tools-0.9.5/smbldap-populate
-@@ -116,7 +116,7 @@
- 
+--- a/smbldap-populate.pl
++++ b/smbldap-populate.pl
+@@ -114,7 +114,7 @@ if (!defined($adminUidNumber)) {
  my $guestUidNumber=$Options{'l'};
+ my $guestRid = 501;
  if (!defined($guestUidNumber)) {
 -    $guestUidNumber = "999";
 +    $guestUidNumber = "65534";
- }
- 
- my $adminGidNumber=$Options{'m'};
-@@ -253,10 +253,10 @@
- objectClass: sambaSAMAccount
- objectClass: posixAccount
- objectClass: shadowAccount
--gidNumber: 514
-+gidNumber: 65534
- uid: $guestName
- uidNumber: $guestUidNumber
--homeDirectory: /dev/null
-+homeDirectory: /nonexistent
- sambaPwdLastSet: 0
- sambaLogonTime: 0
- sambaLogoffTime: 2147483647
-@@ -282,7 +282,7 @@
- # account disabled by default
- sambaAcctFlags: [NUD        ]
- sambaSID: $config{SID}-2998
--loginShell: /bin/false
-+loginShell: /bin/sh
- 
- dn: cn=Domain Admins,$config{groupsdn}
- objectClass: top
+ } else {
+     if (defined($algorithmicRidBase)) {
+ 	## For backward compatibility with smbldap-tools 0.9.6 and older
diff -Nru smbldap-tools-0.9.5/debian/patches/0002_smbldap-userlist_manpage_fix.patch smbldap-tools-0.9.7/debian/patches/0002_smbldap-userlist_manpage_fix.patch
--- smbldap-tools-0.9.5/debian/patches/0002_smbldap-userlist_manpage_fix.patch	2011-11-12 11:21:15.000000000 +0100
+++ smbldap-tools-0.9.7/debian/patches/0002_smbldap-userlist_manpage_fix.patch	2011-09-27 20:05:13.000000000 +0200
@@ -1,6 +1,6 @@
---- smbldap-tools-0.9.5.orig/smbldap-userlist
-+++ smbldap-tools-0.9.5/smbldap-userlist
-@@ -266,7 +266,7 @@
+--- a/smbldap-userlist.pl
++++ b/smbldap-userlist.pl
+@@ -258,7 +258,7 @@ foreach my $entry ($mesg->all_entries) {
  
  =head1 NAME
  
diff -Nru smbldap-tools-0.9.5/debian/patches/0009_original_doc_html_index.patch smbldap-tools-0.9.7/debian/patches/0009_original_doc_html_index.patch
--- smbldap-tools-0.9.5/debian/patches/0009_original_doc_html_index.patch	2011-11-12 11:21:15.000000000 +0100
+++ smbldap-tools-0.9.7/debian/patches/0009_original_doc_html_index.patch	1970-01-01 01:00:00.000000000 +0100
@@ -1,2367 +0,0 @@
---- smbldap-tools-0.9.5.orig/doc/html/index.html
-+++ smbldap-tools-0.9.5/doc/html/index.html
-@@ -0,0 +1,2364 @@
-+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
-+            "http://www.w3.org/TR/REC-html40/loose.dtd">
-+<HTML>
-+<HEAD><TITLE>Smbldap-tools User Manual 
-+(Release: 0.9.3 )</TITLE>
-+
-+<META http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-+<META name="GENERATOR" content="hevea 1.07">
-+
-+<link rel="stylesheet" href="IDXDOC.css">
-+</HEAD>
-+<BODY >
-+<!--HEVEA command line is: hevea -fix -I ./styles -exec xxdate.exe -pedantic IDXDOC.hva smbldap-tools.tex -o smbldap-tools.html -->
-+<!--HTMLHEAD-->
-+
-+
-+  <DIV class="entete">
-+  Copyright 2002 &copy; IDEALX S.A.S. - 
-+  Contact:&nbsp;<A href="mailto:samba@IDEALX.org">samba@IDEALX.org</A>
-+  </DIV>
-+  <HR>
-+<!--ENDHTML-->
-+<!--PREFIX <ARG ></ARG>-->
-+<!--CUT DEF section 1 -->
-+
-+
-+
-+
-+
-+<H1 ALIGN=center>Smbldap-tools User Manual<BR>
-+(<I>Release</I>: 0.9.3 )</H1>
-+
-+<H3 ALIGN=center>Jérôme Tournier</H3>
-+
-+<H3 ALIGN=center><I>Revision</I>: 1.7 , generated July 12, 2007<BR>
-+</H3>
-+<DIV ALIGN=center>
-+ 
-+ <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=1>
-+<TR><TD ALIGN=left NOWRAP bgcolor="#f2f2f2">Release:</TD>
-+<TD ALIGN=left NOWRAP>&nbsp;</TD>
-+</TR>
-+<TR><TD ALIGN=left NOWRAP bgcolor="#f2f2f2">Reference:</TD>
-+<TD ALIGN=left NOWRAP>&nbsp;</TD>
-+</TR>
-+<TR><TD ALIGN=left NOWRAP bgcolor="#f2f2f2">Publication date:</TD>
-+<TD ALIGN=left NOWRAP>&nbsp;</TD>
-+</TR>
-+<TR><TD ALIGN=left NOWRAP bgcolor="#f2f2f2">Print date:</TD>
-+<TD ALIGN=left NOWRAP>July 12, 2007</TD>
-+</TR></TABLE>
-+ </DIV>
-+
-+<BR>
-+This document is the property of IDEALX<SUP><A NAME="text1" HREF="#note1">1</A></SUP>.
-+Permission is granted to distribute this document under the terms of the GNU 
-+Free Documentation License (<A HREF="http://www.gnu.org/copyleft/fdl.html"><TT>http://www.gnu.org/copyleft/fdl.html</TT></A>).<BR>
-+<BR>
-+<!--TOC section Table of Contents-->
-+
-+<H2>Table of Contents</H2><!--SEC END -->
-+
-+<UL><LI>
-+<A HREF="#htoc1">1&nbsp;&nbsp;Introduction</A>
-+<UL><LI>
-+<A HREF="#htoc2">1.1&nbsp;&nbsp;Software requirements</A>
-+<LI><A HREF="#htoc3">1.2&nbsp;&nbsp;Updates of this document</A>
-+<LI><A HREF="#htoc4">1.3&nbsp;&nbsp;Availability of this document</A>
-+</UL>
-+<LI><A HREF="#htoc5">2&nbsp;&nbsp;Installation</A>
-+<UL><LI>
-+<A HREF="#htoc6">2.1&nbsp;&nbsp;Requirements</A>
-+<LI><A HREF="#htoc7">2.2&nbsp;&nbsp;Installation</A>
-+<UL><LI>
-+<A HREF="#htoc8">2.2.1&nbsp;&nbsp;Installing from rpm</A>
-+<LI><A HREF="#htoc9">2.2.2&nbsp;&nbsp;Installing from a tarball</A>
-+</UL>
-+</UL>
-+<LI><A HREF="#htoc10">3&nbsp;&nbsp;Configuring the smbldap-tools</A>
-+<UL><LI>
-+<A HREF="#htoc11">3.1&nbsp;&nbsp;The smbldap.conf file</A>
-+<LI><A HREF="#htoc12">3.2&nbsp;&nbsp;The smbldap_bind.conf file</A>
-+</UL>
-+<LI><A HREF="#htoc13">4&nbsp;&nbsp;Using the scripts</A>
-+<UL><LI>
-+<A HREF="#htoc14">4.1&nbsp;&nbsp;Initial directory's population</A>
-+<LI><A HREF="#htoc15">4.2&nbsp;&nbsp;User management</A>
-+<UL><LI>
-+<A HREF="#htoc16">4.2.1&nbsp;&nbsp;Adding a user</A>
-+<LI><A HREF="#htoc17">4.2.2&nbsp;&nbsp;Removing a user</A>
-+<LI><A HREF="#htoc18">4.2.3&nbsp;&nbsp;Modifying a user</A>
-+</UL>
-+<LI><A HREF="#htoc19">4.3&nbsp;&nbsp;Group management</A>
-+<UL><LI>
-+<A HREF="#htoc20">4.3.1&nbsp;&nbsp;Adding a group</A>
-+<LI><A HREF="#htoc21">4.3.2&nbsp;&nbsp;Removing a group</A>
-+</UL>
-+<LI><A HREF="#htoc22">4.4&nbsp;&nbsp;Adding a interdomain trust account</A>
-+</UL>
-+<LI><A HREF="#htoc23">5&nbsp;&nbsp;Samba and the smbldap-tools scripts</A>
-+<UL><LI>
-+<A HREF="#htoc24">5.1&nbsp;&nbsp;General configuration</A>
-+<LI><A HREF="#htoc25">5.2&nbsp;&nbsp;Migrating an NT4 PDC to Samba3</A>
-+</UL>
-+<LI><A HREF="#htoc26">6&nbsp;&nbsp;Frequently Asked Questions</A>
-+<UL><LI>
-+<A HREF="#htoc27">6.1&nbsp;&nbsp;How can i use old released uidNumber and gidNumber ?</A>
-+<LI><A HREF="#htoc28">6.2&nbsp;&nbsp;I always have this error: "Can't locate IO/Socket/SSL.pm"</A>
-+<LI><A HREF="#htoc29">6.3&nbsp;&nbsp;I can't initialize the directory with <TT>smbldap-populate</TT></A>
-+<LI><A HREF="#htoc30">6.4&nbsp;&nbsp;I can't join the domain with the <TT>root</TT> account</A>
-+<LI><A HREF="#htoc31">6.5&nbsp;&nbsp;I have the <TT>sambaSamAccount</TT> but i can't logged in</A>
-+<LI><A HREF="#htoc32">6.6&nbsp;&nbsp;I want to create machine account on the fly, but it does
-+ not works or I must do it twice</A>
-+<LI><A HREF="#htoc33">6.7&nbsp;&nbsp;I can't manage the Oracle Internet Database</A>
-+<LI><A HREF="#htoc34">6.8&nbsp;&nbsp;The directive <TT>passwd program = /usr/local/sbin/smbldap-passwd -u %u</TT> is not
-+called, or i got a error message when changing the password from windows</A>
-+<LI><A HREF="#htoc35">6.9&nbsp;&nbsp;New computers account can't be set in ou=computers</A>
-+<LI><A HREF="#htoc36">6.10&nbsp;&nbsp;I can join the domain, but i can't log on</A>
-+<LI><A HREF="#htoc37">6.11&nbsp;&nbsp;I can't create a user with <TT>smbldap-useradd</TT></A>
-+<LI><A HREF="#htoc38">6.12&nbsp;&nbsp;smbldap-useradd: Can't call method "get_value" on an undefined value at
-+/usr/local/sbin/smbldap-useradd line 154</A>
-+<LI><A HREF="#htoc39">6.13&nbsp;&nbsp;Typical errors on creating a new user or a new group</A>
-+</UL>
-+<LI><A HREF="#htoc40">7&nbsp;&nbsp;Thanks</A>
-+<LI><A HREF="#htoc41">8&nbsp;&nbsp;Annexes</A>
-+<UL><LI>
-+<A HREF="#htoc42">8.1&nbsp;&nbsp;Full configuration files</A>
-+<UL><LI>
-+<A HREF="#htoc43">8.1.1&nbsp;&nbsp;The <TT>/etc/opt/IDEALX/smbldap-tools/smbldap.conf</TT> file</A>
-+<LI><A HREF="#htoc44">8.1.2&nbsp;&nbsp;The <TT>/etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf</TT> file</A>
-+<LI><A HREF="#htoc45">8.1.3&nbsp;&nbsp;The samba configuration file : <TT>/etc/samba/smb.conf</TT> </A>
-+<LI><A HREF="#htoc46">8.1.4&nbsp;&nbsp;The OpenLDAP configuration file : <TT>/etc/openldap/slapd.conf</TT></A>
-+</UL>
-+<LI><A HREF="#htoc47">8.2&nbsp;&nbsp;Changing the administrative account (<TT>ldap admin
-+ dn</TT> in <TT>smb.conf</TT> file)</A>
-+<LI><A HREF="#htoc48">8.3&nbsp;&nbsp;known bugs</A>
-+</UL>
-+</UL>
-+
-+
-+
-+<!--TOC section Introduction-->
-+
-+<H2><A NAME="htoc1">1</A>&nbsp;&nbsp;Introduction</H2><!--SEC END -->
-+
-+<A NAME="sec:intro"></A>
-+Smbldap-tools is a set of scripts designed to help integrate Samba and a
-+LDAP directory. They target both users and administrators of Linux systems.<BR>
-+<BR>
-+Users can change their password in a way similar to the standard ``passwd''
-+command.<BR>
-+<BR>
-+Administrators can perform user and group management command line actions
-+and synchronise Samba account management consistently.<BR>
-+<BR>
-+This document presents:
-+<UL><LI>
-+a detailled view of the smbldap-tools scripts
-+<LI>a step by step explanation of how to set up a Samba3 domain controller
-+</UL>
-+<!--TOC subsection Software requirements-->
-+
-+<H3><A NAME="htoc2">1.1</A>&nbsp;&nbsp;Software requirements</H3><!--SEC END -->
-+
-+The smbldap-tools have been developped and tested with the following configuration :
-+<UL><LI>
-+<FONT COLOR=purple><I>Linux</I></FONT> CentOS4 (be should work on any <FONT COLOR=purple><I>Linux</I></FONT> distribution)
-+<LI>	<FONT COLOR=purple>Samba</FONT> release 3.0.10,
-+<LI><FONT COLOR=purple>OpenLDAP</FONT> release 2.2.13
-+<LI><FONT COLOR=purple>Microsoft Windows NT</FONT> 4.0, Windows 2000 and Windows XP Workstations and Servers,
-+</UL>
-+This guide applies to <FONT COLOR=purple>smbldap-tools</FONT> <I>Release</I>: 0.9.3 .<BR>
-+<BR>
-+<!--TOC subsection Updates of this document-->
-+
-+<H3><A NAME="htoc3">1.2</A>&nbsp;&nbsp;Updates of this document</H3><!--SEC END -->
-+
-+The most up to date release of this document may be found on the 
-+smbldap-tools project page available at <A HREF="http://sourceforge.net/projects/smbldap-tools/"><TT>http://sourceforge.net/projects/smbldap-tools/</TT></A>.<BR>
-+<BR>
-+If you find any bugs in this document, or if you want this document to
-+integrate some additional infos, please drop me a mail with your bug report
-+and/or change request at <U>jtournier@gmail.com</U>.<BR>
-+<BR>
-+<!--TOC subsection Availability of this document-->
-+
-+<H3><A NAME="htoc4">1.3</A>&nbsp;&nbsp;Availability of this document</H3><!--SEC END -->
-+
-+This document is the property of <FONT COLOR=purple>IDEALX</FONT> (<A HREF="http://www.IDEALX.com/"><TT>http://www.IDEALX.com/</TT></A>). <BR>
-+<BR>
-+Permission is granted to distribute this document under the terms of the GNU 
-+Free Documentation License (See <A HREF="http://www.gnu.org/copyleft/fdl.html"><TT>http://www.gnu.org/copyleft/fdl.html</TT></A>).
-+ <!--TOC section Installation-->
-+
-+<H2><A NAME="htoc5">2</A>&nbsp;&nbsp;Installation</H2><!--SEC END -->
-+
-+<!--TOC subsection Requirements-->
-+
-+<H3><A NAME="htoc6">2.1</A>&nbsp;&nbsp;Requirements</H3><!--SEC END -->
-+
-+The main requirement for using smbldap-tools are the two perl module:
-+Net::LDAP and Crypt::SmbHash.
-+In most cases, you'll also need the IO-Socket-SSL Perl module to use
-+TLS functionnality.<BR>
-+<BR>
-+If you want samba to call the scripts so that you can use the User
-+Manager (or any other) under MS-Windows (to add, delete modify users and
-+groups), <FONT COLOR=purple>Samba</FONT> must be installed on the same computer.
-+Finally, <FONT COLOR=purple>OpenLDAP</FONT> can be installed on any computer. Please check that it
-+can be contacted by a standard LDAP client software.<BR>
-+<BR>
-+<FONT COLOR=purple>Samba</FONT> and <FONT COLOR=purple>OpenLDAP</FONT> installations will not be discussed
-+here. You can consult the howto also available on the
-+project page (<A HREF="http://sourceforge.net/projects/smbldap-tools/"><TT>http://sourceforge.net/projects/smbldap-tools/</TT></A>).<BR>
-+<BR>
-+<!--TOC subsection Installation-->
-+
-+<H3><A NAME="htoc7">2.2</A>&nbsp;&nbsp;Installation</H3><!--SEC END -->
-+
-+An archive of the <FONT COLOR=purple>smbldap-tools</FONT> scripts can be downloaded on our project
-+page <A HREF="http://sourceforge.net/projects/smbldap-tools/"><TT>http://sourceforge.net/projects/smbldap-tools/</TT></A>. Archive and RedHat packages are
-+available.
-+<BR>
-+If you are upgrading, look at the <TT>INSTALL</TT> file or read the link
-+<A HREF="#faq::error::add::user">6.13</A>.<BR>
-+<BR>
-+<!--TOC subsubsection Installing from rpm-->
-+
-+<H4><A NAME="htoc8">2.2.1</A>&nbsp;&nbsp;Installing from rpm</H4><!--SEC END -->
-+
-+To install the scripts on a RedHat system, download the RPM
-+package and run the following command:
-+<PRE>
-+rpm -Uvh smbldap-tools-0.9.3-1.i386.rpm
-+</PRE>
-+<!--TOC subsubsection Installing from a tarball-->
-+
-+<H4><A NAME="htoc9">2.2.2</A>&nbsp;&nbsp;Installing from a tarball</H4><!--SEC END -->
-+
-+On non RedHat system, download a source archive of the scripts. The current
-+archive is <TT>smbldap-tools-0.9.3.tar.gz</TT>.
-+Uncompress it and copy all of the Perl scripts in <TT>/usr/sbin</TT>
-+directory, and the two configuration files in
-+<TT>/etc/smbldap-tools/</TT> directory:
-+<PRE>
-+mkdir /etc/smbldap-tools/
-+cp *.conf /etc//smbldap-tools/
-+cp smbldap-* /usr/sbin/
-+</PRE>
-+The configuration is now based on two differents files:
-+<UL><LI>
-+<TT>smbldap.conf</TT>: define global parameter
-+<LI><TT>smbldap_bind.conf</TT>: define an administrative account to
-+ bind to the directory
-+</UL>
-+The second file <B>must</B> be readable only for 'root', as it contains
-+credentials allowing modifications on all the directory. Make sure the
-+files are protected by running the following commands:
-+<PRE>
-+chmod 644 /etc/smbldap-tools/smbldap.conf
-+chmod 600 /etc/smbldap-tools/smbldap_bind.conf
-+</PRE> <!--TOC section Configuring the smbldap-tools-->
-+
-+<H2><A NAME="htoc10">3</A>&nbsp;&nbsp;Configuring the smbldap-tools</H2><!--SEC END -->
-+
-+As mentioned in the previous section, you'll have to update two
-+configuration files. The first (<TT>smbldap.conf</TT>) allows you to
-+set global parameter that are readable by everybody, and the second
-+(<TT>smbldap_bind.conf</TT>) defines two administrative accounts to
-+bind to a slave and a master ldap server: this file must thus be
-+readable only by root.<BR>
-+<BR>
-+A script named <TT>configure.pl</TT> can help you to set their contents
-+up. It is located in the tarball
-+downloaded or in the documentation directory if you got the RPM
-+archive (see <TT>/usr/share/doc/smbldap-tools-0.9.3/</TT>). Just invoke it:
-+<PRE>
-+/usr/share/doc/smbldap-tools-0.9.3/configure.pl
-+</PRE>It will ask for the default values defined in your
-+<TT>smb.conf</TT> file, and will update the two configuration files used
-+by the scripts. Samba configuration file should then be already configured.
-+Note that you can stop the script at any moment with
-+the <TT>Crtl-c</TT> keys.<BR>
-+Before using this script :
-+<UL><LI>
-+the two configuration files <B>must</B> be present in the
-+ <TT>/etc/smbldap-tools/</TT> directory
-+<LI>check that samba is configured and running, as the script will try to
-+ get your workgroup's domain secure id (SID).
-+</UL>
-+In those files, parameters are defined like this:
-+<PRE>
-+key="value"
-+</PRE>Full example configuration files can be found at
-+<A HREF="#configuration::files">8.1</A>.<BR>
-+<BR>
-+<!--TOC subsection The smbldap.conf file-->
-+
-+<H3><A NAME="htoc11">3.1</A>&nbsp;&nbsp;The smbldap.conf file</H3><!--SEC END -->
-+
-+This file is used to define parameters that can be readable by
-+everybody. A full example file is available in section <A HREF="#configuration::file::smbldap">8.1.1</A>.<BR>
-+<BR>
-+Let's have a look at all available parameters.
-+<UL><LI>
-+<TT>UID_START</TT> and <TT>GID_START</TT>&nbsp;: parameters deprecated
-+ <UL><LI>
-+ Those parameters must be removed or commented.
-+ <LI>Available uid and gid are now defined in the default
-+ new entry <TT>sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"</TT>.
-+ See later for <TT>${sambaDomain}</TT> and <TT>${suffix}</TT> definitions.
-+ </UL>
-+<LI><TT>SID</TT>&nbsp;: Secure Identifier Domain
-+ <UL><LI>
-+ Example: <TT>SID="S-1-5-21-3703471949-3718591838-2324585696"</TT>
-+ <LI>Remark: you can get the SID for your domain using the "<TT>net getlocalsid</TT>"
-+ command. Samba must be up and running for this to work (it can take <B>several</B> minutes for a Samba server to correctly negotiate its status with other network servers).
-+ </UL>
-+<LI><TT>sambaDomain</TT>&nbsp;: Samba Domain the Samba server is in charge
-+ <UL><LI>
-+ Example: <TT>sambaDomain="DOMSMB"</TT>
-+ <LI>Remark: if not defined, parameter is taking from smb.conf configuration file
-+ </UL>
-+<LI><TT>slaveLDAP</TT>&nbsp;: slave LDAP server
-+ <UL><LI>
-+ Example: <TT>slaveLDAP="127.0.0.1"</TT>
-+ <LI>Remark: must be a resolvable DNS name or it's IP address
-+ </UL>
-+<LI><TT>slavePort</TT>&nbsp;: port to contact the slave server
-+ <UL><LI>
-+ Example: <TT>slavePort="389"</TT>
-+ </UL>
-+<LI><TT>masterLDAP</TT>&nbsp;: master LDAP server
-+ <UL><LI>
-+ Example: <TT>masterLDAP="127.0.0.1"</TT>
-+ </UL>
-+<LI><TT>masterPort</TT>&nbsp;: port to contact the master server
-+ <UL><LI>
-+ Example: <TT>masterPort="389"</TT>
-+ </UL>
-+<LI><TT>ldapTLS</TT>&nbsp;: should we use TLS connection to contact the
-+ ldap servers ?
-+ <UL><LI>
-+ Example: <TT>ldapTLS="1"</TT>
-+ <LI>Remark: the LDAP severs must be configured to accept TLS
-+ connections. See section the Samba-LDAP Howto for more
-+ details (<A HREF="http://samba.idealx.org/smbldap-howto.fr.html"><TT>http://samba.idealx.org/smbldap-howto.fr.html</TT></A>). If you are using TLS support, select port 389 to connect to
-+ the master and slave directories.
-+ </UL>
-+<LI><TT>verify</TT>&nbsp;: How to verify the server's certificate (none, optional or require).
-+ <UL><LI>
-+ Example: <TT>verify="require"</TT>
-+ <LI>Remarl: See ``man Net::LDAP'' in start_tls section for more details
-+ </UL> 
-+<LI><TT>cafile</TT>&nbsp;: the PEM-format file containing certificates
-+ for the CA that slapd will trust
-+ <UL><LI>
-+ Example: <TT>cafile="/etc/opt/IDEALX/smbldap-tools/ca.pem"</TT>
-+ </UL>
-+<LI><TT>clientcert</TT>&nbsp;: the file that contains the client certificate
-+ <UL><LI>
-+ Example: <TT>clientcert="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.iallanis.com.pem"</TT>
-+ </UL>
-+<LI><TT>clientkey</TT>&nbsp;: the file that contains the private key that
-+ matches the certificate stored in the clientcert file
-+ <UL><LI>
-+ Example: <TT>clientkey="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.iallanis.com.key"</TT>
-+ </UL>
-+<LI><TT>suffix</TT>&nbsp;: The distinguished name of the search base
-+ <UL><LI>
-+ Example: <TT>suffix="dc=idealx,dc=com"</TT>
-+ </UL>
-+<LI><TT>usersdn</TT>&nbsp;: branch in which users account can be found or
-+ must be added
-+ <UL><LI>
-+ Example: <TT>usersdn="ou=Users,${suffix}"</TT>
-+ <LI>Remark: this branch is <B>not</B> relative to the suffix value
-+ </UL>
-+<LI><TT>computersdn</TT>&nbsp;: branch in which computers account can be
-+ found or must be added
-+ <UL><LI>
-+ Example: <TT>computersdn"ou=Computers,${suffix}"</TT>
-+ <LI>Remark: this branch is <B>not</B> relative to the suffix value
-+ </UL>
-+<LI><TT>groupsdn</TT>&nbsp;: branch in which groups account can be found
-+ or must be added
-+ <UL><LI>
-+ Example: <TT>groupsdn="ou=Groups,${suffix}"</TT>
-+ <LI>Remarks: this branch is <B>not</B> relative to the suffix value
-+ </UL>
-+<LI><TT>idmapdn</TT>&nbsp;: where are stored Idmap entries (used if samba is a domain member server)
-+<UL><LI>
-+ Example: <TT>idmapdn="ou=Idmap,${suffix}"</TT>
-+ <LI>Remarks: this branch is <B>not</B> relative to the suffix value
-+</UL>
-+<LI><TT>sambaUnixIdPooldn</TT>&nbsp;: object in which next uidNumber and gidNumber available are stored
-+<UL><LI>
-+ Example: <TT>sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"</TT>
-+ <LI>Remarks: this branch is <B>not</B> relative to the suffix value
-+</UL>
-+<LI><TT>scope</TT>&nbsp;: the search scope.
-+<UL><LI>
-+ Example: <TT>scope="sub"</TT>
-+</UL>
-+<LI><TT>hash_encrypt</TT>&nbsp;: hash to be used when generating a
-+ user password.
-+ <UL><LI>
-+ Example: <TT>hash_encrypt="SSHA"</TT>
-+ <LI>Remark: This is used for the unix password stored in <I>userPassword</I> attribute.
-+ </UL>
-+<LI><TT>crypt_salt_format="%s"</TT>&nbsp;: if hash_encrypt is set to
-+ CRYPT, you may set a salt format. Default is "%s", but many systems
-+ will generate MD5 hashed passwords if you use "$1$%.8s". This
-+ parameter is optional.
-+<LI><TT>userLoginShell</TT>&nbsp;: default shell given to users.
-+ <UL><LI>
-+ Example: <TT>userLoginShell="/bin/bash"</TT>
-+ <LI>Remark: This is stored in <I>loginShell</I> attribute.
-+ </UL>
-+<LI><TT>userHome</TT>&nbsp;: default directory where users's home
-+ directory are located.
-+ <UL><LI>
-+ Example: <TT>userHome="/home/%U"</TT>
-+ <LI>Remark: This is stored in <TT>homeDirectory</TT> attribute.
-+ </UL>
-+<LI><TT>userGecos</TT>&nbsp;: gecos used for users
-+ <UL><LI>
-+ Example: <TT>userGecos="System User"</TT>
-+ </UL>
-+<LI><TT>defaultUserGid</TT>&nbsp;: default primary group set to users accounts
-+ <UL><LI>
-+ Example: <TT>defaultUserGid="513"</TT>
-+ <LI>Remark: this is stored in <I>gidNumber</I> attribute.
-+</UL>
-+<LI><TT>defaultComputerGid</TT>&nbsp;: default primary group set to
-+ computers accounts
-+ <UL><LI>
-+ Example: <TT>defaultComputerGid="550"</TT>
-+ <LI>Remark: this is stored in <I>gidNumber</I> attribute.
-+</UL>
-+<LI><TT>skeletonDir</TT>&nbsp;: skeleton directory used for users accounts
-+ <UL><LI>
-+ Example: <TT>skeletonDir="/etc/skel"</TT>
-+ <LI>Remark: this option is used only if you ask for home directory creation when adding a new user.
-+ </UL>
-+<LI><TT>defaultMaxPasswordAge</TT>&nbsp;: default validation time for Samba password (in days)
-+ <UL><LI>
-+ Example: <TT>defaultMaxPassword="55"</TT>
-+ </UL>
-+<LI><TT>userSmbHome</TT>&nbsp;: samba share used to store user's home directory
-+ <UL><LI>
-+ Example:
-+ <TT>userSmbHome="\\PDC-SMB3\ <I>home</I>\%<I>U</I>"</TT>
-+ <LI>Remark: this is stored in <I>sambaHomePath</I> attribute.
-+</UL>
-+<LI><TT>userProfile</TT>&nbsp;: samba share used to store user's profile
-+ <UL><LI>
-+ Example:
-+ <TT>userProfile="\\PDC-SMB3\ <I>profiles</I>\%<I>U</I>"</TT>
-+ <LI>Remark: this is stored in <I>sambaProfilePath</I> attribute.
-+ </UL>
-+<LI><TT>userHomeDrive</TT>&nbsp;: letter used on windows system to map
-+ the home directory
-+ <UL><LI>
-+ Example: <TT>userHomeDrive="K:"</TT>
-+ </UL>
-+<LI><TT>userScript</TT>&nbsp;: default user netlogon script name. If not used, will be automatically <I>username.cmd</I>
-+ <UL><LI>
-+ Example:
-+ <TT>userScript="%U"</TT>
-+ <LI>Remark: this is stored in <I>sambaProfilePath</I> attribute.
-+ </UL>
-+<LI><TT>mailDomain</TT>&nbsp;: Domain appended to the users "mail"
-+ attribute.
-+ <UL><LI>
-+ Example: <TT>mailDomain="idealx.org"</TT>
-+ </UL>
-+<LI><TT>with_smbpasswd</TT>&nbsp;: should we use the <I>smbpasswd</I> command
-+ to set the user's password (instead of the <I>mkntpwd</I> utility) ?
-+ <UL><LI>
-+ Example: <TT>with_smbpasswd="0"</TT>
-+ <LI>Remark: must be a boolean value (0 or 1).
-+ </UL>
-+<LI><TT>smbpasswd</TT>&nbsp;: path to the <TT>smbpasswd</TT> binary
-+ <UL><LI>
-+ Example: <TT>smbpasswd="/usr/bin/smbpasswd"</TT>
-+ </UL>
-+<LI><TT>with_slappasswd</TT>&nbsp;: should we use the <I>slappasswd</I> command
-+ to set the Unix user's password (instead of the <I>Crypt::</I> librairies) ?
-+ <UL><LI>
-+ Example: <TT>with_smbpasswd="0"</TT>
-+ <LI>Remark: must be a boolean value (0 or 1).
-+ </UL>
-+<LI><TT>slappasswd</TT>&nbsp;: path to the <TT>slappasswd</TT> binary
-+ <UL><LI>
-+ Example: <TT>smbpasswd="/usr/sbin/slappasswd"</TT>
-+ </UL>
-+</UL>
-+<!--TOC subsection The smbldap_bind.conf file-->
-+
-+<H3><A NAME="htoc12">3.2</A>&nbsp;&nbsp;The smbldap_bind.conf file</H3><!--SEC END -->
-+
-+This file is only used by <I>root</I> to give bind parameters to the directory when modifications are asked.
-+It contains distinguised names and credentials to connect to
-+both the master and slave directories. A full example file is available
-+in section <A HREF="#configuration::file::smbldap::bind">8.1.2</A>.<BR>
-+<BR>
-+Let's have a look at all available parameters.
-+<UL><LI>
-+<TT>slaveDN</TT>&nbsp;: distinguished name used to bind to the slave server 
-+ <UL><LI>
-+ Example 1: <TT>slaveDN="cn=Manager,dc=idealx,dc=com"</TT> 
-+ <LI>Example 2: <TT>slaveDN=""</TT>
-+ <LI>Remark: this can be the manager account of the directory or
-+ any LDAP account that has sufficient permissions to read the full
-+ directory (Slave directory is only used for reading). Anonymous
-+ connections uses the second example form.
-+ </UL>
-+<LI><TT>slavePw</TT>&nbsp;: the credentials to bind to the slave server
-+ <UL><LI>
-+ Example 1: <TT>slavePw="secret"</TT> 
-+ <LI>Example 2: <TT>slavePw=""</TT>
-+ <LI>Remark: the password must be stored here in clear form. This
-+ file must then be readable only by root! All anonymous connections
-+ use the second form provided in our example.
-+ </UL>
-+<LI><TT>masterDN</TT>&nbsp;: the distinguished name used to bind to the master server
-+ <UL><LI>
-+ Example: <TT>masterDN="cn=Manager,dc=idealx,dc=com"</TT>
-+ <LI>Remark: this can be the manager account of the directory or
-+ any LDAP account that has enough permissions to modify the content
-+ of the directory. Anonymous access does not make any sense here.
-+</UL>
-+<LI><TT>masterPw</TT>&nbsp;: the credentials to bind to the master server
-+ <UL><LI>
-+ Example: <TT>masterPw="secret"</TT>
-+ <LI>Remark: the password must be in clear text. Be sure to protect
-+ this file against unauthorized readers!
-+ </UL>
-+</UL>
-+ <!--TOC section Using the scripts-->
-+
-+<H2><A NAME="htoc13">4</A>&nbsp;&nbsp;Using the scripts</H2><!--SEC END -->
-+
-+<!--TOC subsection Initial directory's population-->
-+
-+<H3><A NAME="htoc14">4.1</A>&nbsp;&nbsp;Initial directory's population</H3><!--SEC END -->
-+
-+You can initialize the LDAP directory using the
-+<TT>smbldap-populate</TT> script. To do that, the account defined in
-+the <TT>/etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf</TT> to access the
-+master directory <B>must</B> must be the manager account defined in the
-+directory configuration. On RedHat system, this file is
-+<TT>/etc/openldap/slapd.conf</TT> and the account is defined with
-+<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0>
-+<TR><TD><TABLE BORDER=0 CELLPADDING=0
-+ CELLSPACING=0>
-+<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR>
-+<TR><TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+<TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
-+<TR><TD><PRE>
-+  rootdn          "cn=Manager,dc=idealx,dc=com"
-+  rootpw          secret
-+</PRE></TD>
-+</TR></TABLE></TD>
-+<TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR>
-+<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR></TABLE></TD>
-+</TR></TABLE>The <TT>smbldap_bind.conf</TT> file must then be configured so that
-+the parameters to connect to the master LDAP server match the previous ones:
-+<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0>
-+<TR><TD><TABLE BORDER=0 CELLPADDING=0
-+ CELLSPACING=0>
-+<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR>
-+<TR><TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+<TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
-+<TR><TD><PRE>
-+  masterDN="cn=Manager,dc=idealx,dc=com"
-+  masterPw="secret"
-+</PRE></TD>
-+</TR></TABLE></TD>
-+<TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR>
-+<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR></TABLE></TD>
-+</TR></TABLE><BR>
-+Available options for this script are summarized in the table <A HREF="#table::populate">1</A>:
-+<BLOCKQUOTE><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV>
-+ <A NAME="code_epsilon_var"></A>
-+ <DIV ALIGN=center>
-+ <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=1>
-+<TR><TD ALIGN=left NOWRAP>option</TD>
-+<TD ALIGN=left NOWRAP>definition</TD>
-+<TD ALIGN=left NOWRAP>default value</TD>
-+</TR>
-+<TR><TD ALIGN=left NOWRAP>-u <I>uidNumber</I></TD>
-+<TD ALIGN=left NOWRAP>first uidNumber to allocate</TD>
-+<TD ALIGN=left NOWRAP>1000</TD>
-+</TR>
-+<TR><TD ALIGN=left NOWRAP>-g <I>gidNumber</I></TD>
-+<TD ALIGN=left NOWRAP>first uidNumber to allocate</TD>
-+<TD ALIGN=left NOWRAP>1000</TD>
-+</TR>
-+<TR><TD ALIGN=left NOWRAP>-a <I>user</I></TD>
-+<TD ALIGN=left NOWRAP>administrator login name</TD>
-+<TD ALIGN=left NOWRAP>Administrator</TD>
-+</TR>
-+<TR><TD ALIGN=left NOWRAP>-b <I>user</I></TD>
-+<TD ALIGN=left NOWRAP>guest login name</TD>
-+<TD ALIGN=left NOWRAP>nobody</TD>
-+</TR>
-+<TR><TD ALIGN=left NOWRAP>-e <I>file</I></TD>
-+<TD ALIGN=left NOWRAP>export a init file</TD>
-+<TD ALIGN=left NOWRAP>&nbsp;</TD>
-+</TR>
-+<TR><TD ALIGN=left NOWRAP>-i <I>file</I></TD>
-+<TD ALIGN=left NOWRAP>import a init file</TD>
-+<TD ALIGN=left NOWRAP>&nbsp;</TD>
-+</TR></TABLE>
-+ </DIV>
-+ <BR>
-+<DIV ALIGN=center>Table 1: Options available for the <TT>smbldap-populate</TT> script</DIV><BR>
-+
-+ <A NAME="table::populate"></A>
-+<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></BLOCKQUOTE>
-+In the more general case, to set up your directory, simply use the
-+following command:
-+<PRE>
-+[root@etoile root]# smbldap-populate 
-+Using builtin directory structure
-+adding new entry: dc=idealx,dc=com
-+adding new entry: ou=Users,dc=idealx,dc=com
-+adding new entry: ou=Groups,dc=idealx,dc=com
-+adding new entry: ou=Computers,dc=idealx,dc=com
-+adding new entry: ou=Idmap,dc=idealx,dc=org
-+adding new entry: cn=NextFreeUnixId,dc=idealx,dc=org
-+adding new entry: uid=Administrator,ou=Users,dc=idealx,dc=com
-+adding new entry: uid=nobody,ou=Users,dc=idealx,dc=com
-+adding new entry: cn=Domain Admins,ou=Groups,dc=idealx,dc=com
-+adding new entry: cn=Domain Users,ou=Groups,dc=idealx,dc=com
-+adding new entry: cn=Domain Guests,ou=Groups,dc=idealx,dc=com
-+adding new entry: cn=Print Operators,ou=Groups,dc=idealx,dc=com
-+adding new entry: cn=Backup Operators,ou=Groups,dc=idealx,dc=com
-+adding new entry: cn=Replicator,ou=Groups,dc=idealx,dc=com
-+adding new entry: cn=Domain Computers,ou=Groups,dc=idealx,dc=com
-+</PRE>
-+After this step, if you don't want to use the <TT>cn=Manager,dc=idealx,dc=com</TT>
-+account anymore, you can create a dedicated account for Samba and the
-+smbldap-tools. See section <A HREF="#change::manager">8.2</A> for more details.<BR>
-+<BR>
-+The <TT>cn=NextFreeUnixId,dc=idealx,dc=org</TT> entry is only used to
-+defined the next uidNumber and gidNumber available for creating new
-+users and groups. The default values for those numbers are 1000. You
-+can change it with the <TT>-u</TT> and <TT>-g</TT> option. For
-+example, if you want the first available value for uidNumber and
-+gidNumber to be set to 1500, you can use the following command :
-+<PRE>
-+smbldap-populate -u 1550 -g 1500
-+</PRE>
-+<!--TOC subsection User management-->
-+
-+<H3><A NAME="htoc15">4.2</A>&nbsp;&nbsp;User management</H3><!--SEC END -->
-+
-+<!--TOC subsubsection Adding a user-->
-+
-+<H4><A NAME="htoc16">4.2.1</A>&nbsp;&nbsp;Adding a user</H4><!--SEC END -->
-+<A NAME="add::user"></A>
-+To add a user, use the <TT>smbldap-useradd</TT> script. Available
-+options are summarized in the table <A HREF="#table::add::user">2</A>. If applicable,
-+default values are mentionned in the third column. Any string beginning with a
-+$ symbol refers to a parameter defined in the
-+<TT>/etc/opt/IDEALX/smbldap-tools/smbldap.conf</TT> configuration file.
-+<BLOCKQUOTE><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV>
-+ <DIV ALIGN=center>
-+ <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=1>
-+<TR><TD VALIGN=top ALIGN=left>option</TD>
-+<TD VALIGN=top ALIGN=left>definition</TD>
-+<TD VALIGN=top ALIGN=left>example</TD>
-+<TD VALIGN=top ALIGN=left>default value</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-a</TD>
-+<TD VALIGN=top ALIGN=left>create a Windows account. Otherwise, only a Posix account
-+ is created</TD>
-+<TD VALIGN=top ALIGN=left>&nbsp;</TD>
-+<TD VALIGN=top ALIGN=left>&nbsp;</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-w</TD>
-+<TD VALIGN=top ALIGN=left>create a Windows Workstation account</TD>
-+<TD VALIGN=top ALIGN=left>&nbsp;</TD>
-+<TD VALIGN=top ALIGN=left>&nbsp;</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-i</TD>
-+<TD VALIGN=top ALIGN=left>create an interdomain trust account. See section
-+ <A HREF="#trust::account">4.4</A> for more details</TD>
-+<TD VALIGN=top ALIGN=left>&nbsp;</TD>
-+<TD VALIGN=top ALIGN=left>&nbsp;</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-u</TD>
-+<TD VALIGN=top ALIGN=left>set a uid value</TD>
-+<TD VALIGN=top ALIGN=left>-u 1003</TD>
-+<TD VALIGN=top ALIGN=left>first uid available</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-g</TD>
-+<TD VALIGN=top ALIGN=left>set a gid value</TD>
-+<TD VALIGN=top ALIGN=left>-g 1003</TD>
-+<TD VALIGN=top ALIGN=left>first gid available</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-G</TD>
-+<TD VALIGN=top ALIGN=left>add the new account to one or several supplementary
-+ groups (comma-separated)</TD>
-+<TD VALIGN=top ALIGN=left>-G 512,550</TD>
-+<TD VALIGN=top ALIGN=left>&nbsp;</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-d</TD>
-+<TD VALIGN=top ALIGN=left>set the home directory</TD>
-+<TD VALIGN=top ALIGN=left>-d /var/user</TD>
-+<TD VALIGN=top ALIGN=left>$userHomePrefix/user</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-s</TD>
-+<TD VALIGN=top ALIGN=left>set the login shell</TD>
-+<TD VALIGN=top ALIGN=left>-s /bin/ksh</TD>
-+<TD VALIGN=top ALIGN=left>$userLoginShell</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-c</TD>
-+<TD VALIGN=top ALIGN=left>set the user gecos</TD>
-+<TD VALIGN=top ALIGN=left>-c "admin user"</TD>
-+<TD VALIGN=top ALIGN=left>$userGecos</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-m</TD>
-+<TD VALIGN=top ALIGN=left>creates user's home directory and copies /etc/skel
-+ into it</TD>
-+<TD VALIGN=top ALIGN=left>&nbsp;</TD>
-+<TD VALIGN=top ALIGN=left>&nbsp;</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-k</TD>
-+<TD VALIGN=top ALIGN=left>set the skeleton dir (with -m)</TD>
-+<TD VALIGN=top ALIGN=left>-k /etc/skel2</TD>
-+<TD VALIGN=top ALIGN=left>$skeletonDir</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-P</TD>
-+<TD VALIGN=top ALIGN=left>ends by invoking smbldap-passwd to set the user's
-+ password</TD>
-+<TD VALIGN=top ALIGN=left>&nbsp;</TD>
-+<TD VALIGN=top ALIGN=left>&nbsp;</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-A</TD>
-+<TD VALIGN=top ALIGN=left>user can change password ? 0 if no, 1 if yes</TD>
-+<TD VALIGN=top ALIGN=left>-A 1</TD>
-+<TD VALIGN=top ALIGN=left>&nbsp;</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-B</TD>
-+<TD VALIGN=top ALIGN=left>user must change password at first session ? 0 if no, 1
-+ if yes</TD>
-+<TD VALIGN=top ALIGN=left>-B 1</TD>
-+<TD VALIGN=top ALIGN=left>&nbsp;</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-C</TD>
-+<TD VALIGN=top ALIGN=left>set the samba home share</TD>
-+<TD VALIGN=top ALIGN=left>-C \\PDC\homes</TD>
-+<TD VALIGN=top ALIGN=left>$userSmbHome</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-D</TD>
-+<TD VALIGN=top ALIGN=left>set a letter associated with the home share</TD>
-+<TD VALIGN=top ALIGN=left>-D H:</TD>
-+<TD VALIGN=top ALIGN=left>$userHomeDrive</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-E</TD>
-+<TD VALIGN=top ALIGN=left>set DOS script to execute on login</TD>
-+<TD VALIGN=top ALIGN=left>-E common.bat</TD>
-+<TD VALIGN=top ALIGN=left>$userScript</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-F</TD>
-+<TD VALIGN=top ALIGN=left>set the profile directory</TD>
-+<TD VALIGN=top ALIGN=left>-F \\PDC\profiles\user</TD>
-+<TD VALIGN=top ALIGN=left>$userProfile</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-H</TD>
-+<TD VALIGN=top ALIGN=left>set the samba account control bits
-+ like'[NDHTUMWSLKI]'</TD>
-+<TD VALIGN=top ALIGN=left>-H [X]</TD>
-+<TD VALIGN=top ALIGN=left>&nbsp;</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-N</TD>
-+<TD VALIGN=top ALIGN=left>set the canonical name of the user</TD>
-+<TD VALIGN=top ALIGN=left>&nbsp;</TD>
-+<TD VALIGN=top ALIGN=left>&nbsp;</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-S</TD>
-+<TD VALIGN=top ALIGN=left>set the surname of the user</TD>
-+<TD VALIGN=top ALIGN=left>&nbsp;</TD>
-+<TD VALIGN=top ALIGN=left>&nbsp;</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-M</TD>
-+<TD VALIGN=top ALIGN=left>local mailAddress (comma seperated)</TD>
-+<TD VALIGN=top ALIGN=left>-M testuser,aliasuser</TD>
-+<TD VALIGN=top ALIGN=left>&nbsp;</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-T</TD>
-+<TD VALIGN=top ALIGN=left>forward mail address (comma seperated)</TD>
-+<TD VALIGN=top ALIGN=left>-T
-+ testuser@domain.org</TD>
-+<TD VALIGN=top ALIGN=left>&nbsp;</TD>
-+</TR></TABLE>
-+ </DIV>
-+ <BR>
-+<DIV ALIGN=center>Table 2: Options available to the <TT>smbldap-useradd</TT> script</DIV><BR>
-+
-+ <A NAME="table::add::user"></A>
-+<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></BLOCKQUOTE>
-+
-+For example, if you want to add a user named <I>user_admin</I> and who : 
-+<UL><LI>
-+is a windows user
-+<LI>must belong to the group of gid=512 ('Domain Admins' group)
-+<LI>has a home directory
-+<LI>does not have a login shell
-+<LI>has a homeDirectory set to /dev/null
-+<LI>does not have a roaming profile
-+<LI>and for whom we want to set a first login password
-+</UL>
-+you must invoke:
-+<PRE>
-+smbldap-useradd -a -G 512 -m -s /bin/false -d /dev/null -F "" -P user_admin
-+</PRE>
-+<!--TOC subsubsection Removing a user-->
-+
-+<H4><A NAME="htoc17">4.2.2</A>&nbsp;&nbsp;Removing a user</H4><!--SEC END -->
-+
-+To remove a user account, use the <TT>smbldap-userdel</TT> script.
-+Available options are
-+<BLOCKQUOTE><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV>
-+ <DIV ALIGN=center>
-+ <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=1>
-+<TR><TD ALIGN=left NOWRAP>option</TD>
-+<TD ALIGN=left NOWRAP>definition</TD>
-+</TR>
-+<TR><TD ALIGN=left NOWRAP>-r</TD>
-+<TD ALIGN=left NOWRAP>remove home directory</TD>
-+</TR>
-+<TR><TD ALIGN=left NOWRAP>-R</TD>
-+<TD ALIGN=left NOWRAP>remove home directory interactively</TD>
-+</TR></TABLE>
-+ </DIV>
-+ <BR>
-+<DIV ALIGN=center>Table 3: Option available to the <TT>smbldap-userdel</TT> script</DIV><BR>
-+
-+ <A NAME="table::del::user"></A>
-+<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></BLOCKQUOTE>
-+For example, if you want to remove the <I>user1</I> account
-+from the LDAP directory, and if you also want to delete his home
-+directory, use the following command :
-+<PRE>
-+smbldap-userdel -r user1
-+</PRE>
-+Note: '-r' is dangerous as it may delete precious and unbackuped data,
-+please be careful.<BR>
-+<BR>
-+<!--TOC subsubsection Modifying a user-->
-+
-+<H4><A NAME="htoc18">4.2.3</A>&nbsp;&nbsp;Modifying a user</H4><!--SEC END -->
-+<A NAME="modify::user"></A>
-+To modify a user account, use the <TT>smbldap-usermod</TT> script.
-+Availables options are listed in the table <A HREF="#table::modify::user">4</A>.
-+<BLOCKQUOTE><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV>
-+ <DIV ALIGN=center>
-+ <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=1>
-+<TR><TD VALIGN=top ALIGN=left>option</TD>
-+<TD VALIGN=top ALIGN=left>definition</TD>
-+<TD VALIGN=top ALIGN=left>example</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-c</TD>
-+<TD VALIGN=top ALIGN=left>set the user gecos</TD>
-+<TD VALIGN=top ALIGN=left>-c "admin user"</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-d</TD>
-+<TD VALIGN=top ALIGN=left>set the home directory</TD>
-+<TD VALIGN=top ALIGN=left>-d /var/user</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-u</TD>
-+<TD VALIGN=top ALIGN=left>set a uid value</TD>
-+<TD VALIGN=top ALIGN=left>-u 1003</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-g</TD>
-+<TD VALIGN=top ALIGN=left>set a gid value</TD>
-+<TD VALIGN=top ALIGN=left>-g 1003</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-G</TD>
-+<TD VALIGN=top ALIGN=left>add the new account to one or several supplementary
-+ groups (comma-separated)</TD>
-+<TD VALIGN=top ALIGN=left>-G 512,550</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>	</TD>
-+<TD VALIGN=top ALIGN=left>			</TD>
-+<TD VALIGN=top ALIGN=left>-G -512,550</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>	</TD>
-+<TD VALIGN=top ALIGN=left>			</TD>
-+<TD VALIGN=top ALIGN=left>-G +512,550</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-s</TD>
-+<TD VALIGN=top ALIGN=left>set the login shell</TD>
-+<TD VALIGN=top ALIGN=left>-s /bin/ksh</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-N</TD>
-+<TD VALIGN=top ALIGN=left>set the canonical name of the user</TD>
-+<TD VALIGN=top ALIGN=left>&nbsp;</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-S</TD>
-+<TD VALIGN=top ALIGN=left>set the surname of the user</TD>
-+<TD VALIGN=top ALIGN=left>&nbsp;</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-P</TD>
-+<TD VALIGN=top ALIGN=left>ends by invoking smbldap-passwd to set the user's password</TD>
-+<TD VALIGN=top ALIGN=left>&nbsp;</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-a</TD>
-+<TD VALIGN=top ALIGN=left>add sambaSAMAccount objectclass</TD>
-+<TD VALIGN=top ALIGN=left>&nbsp;</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-e</TD>
-+<TD VALIGN=top ALIGN=left>set an expiration date for the password (format: YYYY-MM-DD HH:MM:SS)</TD>
-+<TD VALIGN=top ALIGN=left>&nbsp;</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-A</TD>
-+<TD VALIGN=top ALIGN=left>user can change password ? 0 if no, 1 if yes</TD>
-+<TD VALIGN=top ALIGN=left>-A 1</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-B</TD>
-+<TD VALIGN=top ALIGN=left>user must change password at first session ? 0 if no, 1
-+ if yes</TD>
-+<TD VALIGN=top ALIGN=left>-B 1</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-C</TD>
-+<TD VALIGN=top ALIGN=left>set the samba home share</TD>
-+<TD VALIGN=top ALIGN=left>-C \\PDC\homes</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>	</TD>
-+<TD VALIGN=top ALIGN=left>	</TD>
-+<TD VALIGN=top ALIGN=left>-C ""</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-D</TD>
-+<TD VALIGN=top ALIGN=left>set a letter associated with the home share</TD>
-+<TD VALIGN=top ALIGN=left>-D H:</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>	</TD>
-+<TD VALIGN=top ALIGN=left>	</TD>
-+<TD VALIGN=top ALIGN=left>-D ""</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-E</TD>
-+<TD VALIGN=top ALIGN=left>set DOS script to execute on login</TD>
-+<TD VALIGN=top ALIGN=left>-E common.bat</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>	</TD>
-+<TD VALIGN=top ALIGN=left>	</TD>
-+<TD VALIGN=top ALIGN=left>-E ""</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-F</TD>
-+<TD VALIGN=top ALIGN=left>set the profile directory</TD>
-+<TD VALIGN=top ALIGN=left>-F \\PDC\profiles\user</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>	</TD>
-+<TD VALIGN=top ALIGN=left>	</TD>
-+<TD VALIGN=top ALIGN=left>-F ""</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-H</TD>
-+<TD VALIGN=top ALIGN=left>set the samba account control bits like'[NDHTUMWSLKI]'</TD>
-+<TD VALIGN=top ALIGN=left>-H [X]</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-I</TD>
-+<TD VALIGN=top ALIGN=left>disable a user account</TD>
-+<TD VALIGN=top ALIGN=left>-I 1</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-J</TD>
-+<TD VALIGN=top ALIGN=left>enable a user</TD>
-+<TD VALIGN=top ALIGN=left>-J 1</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-M</TD>
-+<TD VALIGN=top ALIGN=left>local mailAddress (comma seperated)</TD>
-+<TD VALIGN=top ALIGN=left>-M testuser,aliasuser</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-T</TD>
-+<TD VALIGN=top ALIGN=left>forward mail address (comma seperated)</TD>
-+<TD VALIGN=top ALIGN=left>-T 
-+ testuser@domain.org</TD>
-+</TR></TABLE>
-+ </DIV>
-+ <BR>
-+<DIV ALIGN=center>Table 4: Options available to the <TT>smbldap-usermod</TT> script</DIV><BR>
-+
-+ <A NAME="table::modify::user"></A>
-+<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></BLOCKQUOTE>
-+You can also use the <TT>smbldap-userinfo</TT> script to update user's information. This script can
-+also be used by users themselves to update their own informations listed in the tables
-+<A HREF="#table::modify::self::user">5</A> (adequats ACL must be set in the directory server). Available
-+options are&nbsp;:
-+<BLOCKQUOTE><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV>
-+ <DIV ALIGN=center>
-+ <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=1>
-+<TR><TD VALIGN=top ALIGN=left>option</TD>
-+<TD VALIGN=top ALIGN=left>definition</TD>
-+<TD VALIGN=top ALIGN=left>example</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-f</TD>
-+<TD VALIGN=top ALIGN=left>set the full name's user</TD>
-+<TD VALIGN=top ALIGN=left>-f MyName</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-r</TD>
-+<TD VALIGN=top ALIGN=left>set the room number</TD>
-+<TD VALIGN=top ALIGN=left>-r 99</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-w</TD>
-+<TD VALIGN=top ALIGN=left>set the work phone number</TD>
-+<TD VALIGN=top ALIGN=left>-w 111111111</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-h</TD>
-+<TD VALIGN=top ALIGN=left>set the home phone number</TD>
-+<TD VALIGN=top ALIGN=left>-h 222222222</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-o</TD>
-+<TD VALIGN=top ALIGN=left>set other information (in gecos definition)</TD>
-+<TD VALIGN=top ALIGN=left>-o "second stage"</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left>-s</TD>
-+<TD VALIGN=top ALIGN=left>set the default bash</TD>
-+<TD VALIGN=top ALIGN=left>-s /bin/ksh</TD>
-+</TR></TABLE>
-+ </DIV>
-+ <BR>
-+<DIV ALIGN=center>Table 5: Options available to the <TT>smbldap-userinfo</TT> script</DIV><BR>
-+
-+ <A NAME="table::modify::self::user"></A>
-+<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></BLOCKQUOTE>
-+<!--TOC subsection Group management-->
-+
-+<H3><A NAME="htoc19">4.3</A>&nbsp;&nbsp;Group management</H3><!--SEC END -->
-+
-+<!--TOC subsubsection Adding a group-->
-+
-+<H4><A NAME="htoc20">4.3.1</A>&nbsp;&nbsp;Adding a group</H4><!--SEC END -->
-+
-+To add a new group in the LDAP directory, use the <TT>smbldap-groupadd</TT>
-+script. Available options are listed in the table
-+<A HREF="#table::add::group">6</A>.
-+<BLOCKQUOTE><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV>
-+ <DIV ALIGN=center>
-+ <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=1>
-+<TR><TD VALIGN=top ALIGN=left NOWRAP>option</TD>
-+<TD VALIGN=top ALIGN=left>definition</TD>
-+<TD VALIGN=top ALIGN=left NOWRAP>example</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left NOWRAP>-a</TD>
-+<TD VALIGN=top ALIGN=left>add automatic group mapping entry</TD>
-+<TD VALIGN=top ALIGN=left NOWRAP>&nbsp;</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left NOWRAP>-g <TT>gid</TT></TD>
-+<TD VALIGN=top ALIGN=left>set the <I>gidNumer</I> for this group to
-+ <I>gid</I></TD>
-+<TD VALIGN=top ALIGN=left NOWRAP><TT>-g 1002</TT></TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left NOWRAP>-o</TD>
-+<TD VALIGN=top ALIGN=left>gidNumber is not unique</TD>
-+<TD VALIGN=top ALIGN=left NOWRAP>&nbsp;</TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left NOWRAP>-r <TT>group-rid</TT></TD>
-+<TD VALIGN=top ALIGN=left>set the rid of the group to
-+ <I>group-rid</I></TD>
-+<TD VALIGN=top ALIGN=left NOWRAP><TT>-r 1002</TT></TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left NOWRAP>-s <TT>group-sid</TT></TD>
-+<TD VALIGN=top ALIGN=left>set the sid of the group to
-+ <I>group-sid</I></TD>
-+<TD VALIGN=top ALIGN=left NOWRAP><TT><FONT SIZE=1>-s
-+ S-1-5-21-3703471949-3718591838-2324585696-1002</FONT></TT></TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left NOWRAP>-t <TT>group-type</TT></TD>
-+<TD VALIGN=top ALIGN=left>set the <I>sambaGroupType</I> to
-+ <I>group-type</I></TD>
-+<TD VALIGN=top ALIGN=left NOWRAP><TT>-t 2</TT></TD>
-+</TR>
-+<TR><TD VALIGN=top ALIGN=left NOWRAP>-p</TD>
-+<TD VALIGN=top ALIGN=left>print the gidNumber to stdout</TD>
-+<TD VALIGN=top ALIGN=left NOWRAP>&nbsp;</TD>
-+</TR></TABLE>
-+ </DIV>
-+ <BR>
-+<DIV ALIGN=center>Table 6: Options available for the <TT>smbldap-groupadd</TT> script</DIV><BR>
-+
-+ <A NAME="table::add::group"></A>
-+<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></BLOCKQUOTE>
-+<!--TOC subsubsection Removing a group-->
-+
-+<H4><A NAME="htoc21">4.3.2</A>&nbsp;&nbsp;Removing a group</H4><!--SEC END -->
-+
-+To remove the group named <TT>group1</TT>, just use the following
-+command :
-+<PRE>
-+smbldap-userdel group1
-+</PRE>
-+<!--TOC subsection Adding a interdomain trust account-->
-+
-+<H3><A NAME="htoc22">4.4</A>&nbsp;&nbsp;Adding a interdomain trust account</H3><!--SEC END -->
-+<A NAME="trust::account"></A>
-+To add an interdomain trust account to the primary controller <I>trust-pdc</I>, use the <TT>-i</TT> option of
-+<TT>smbldap-useradd</TT> as follows :
-+<PRE>
-+[root@etoile root]# smbldap-useradd -i trust-pdc
-+New password : *******
-+Retype new password : *******
-+</PRE>
-+The script will terminate asking for a password for this trust
-+account. The account will be created in the directory branch where
-+all computer accounts are stored (<TT>ou=Computers</TT> by
-+default). The only two particularities of this account are that you are
-+setting a password for this account, and the flags of this account are
-+<TT>[I          ]</TT>.
-+ <!--TOC section Samba and the smbldap-tools scripts-->
-+
-+<H2><A NAME="htoc23">5</A>&nbsp;&nbsp;Samba and the smbldap-tools scripts</H2><!--SEC END -->
-+
-+<!--TOC subsection General configuration-->
-+
-+<H3><A NAME="htoc24">5.1</A>&nbsp;&nbsp;General configuration</H3><!--SEC END -->
-+
-+Samba can be configured to use the <FONT COLOR=purple>smbldap-tools</FONT> scripts. This allows
-+administrators to add, delete or modify user and group accounts for <FONT COLOR=purple>Microsoft Windows</FONT>
-+operating systems using, for example, User Manager utility under MS-Windows.
-+To enable the use of this utility, samba needs to be configured correctly. The
-+<TT>smb.conf</TT> configuration file must contain the following directives :
-+<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0>
-+<TR><TD><TABLE BORDER=0 CELLPADDING=0
-+ CELLSPACING=0>
-+<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR>
-+<TR><TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+<TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
-+<TR><TD><PRE>
-+ldap delete dn = Yes
-+add user script = /usr/local/sbin/smbldap-useradd -m "%u"
-+add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
-+add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
-+add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
-+delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
-+set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
-+</PRE></TD>
-+</TR></TABLE></TD>
-+<TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR>
-+<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR></TABLE></TD>
-+</TR></TABLE><BR>
-+Remark: the two directives <TT>delete user script</TT> et <TT>delete group
-+script</TT> can also be used. However, an error message can appear in User Manager
-+even if the operations actually succeed.
-+If you want to enable this behaviour, you need to add
-+<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0>
-+<TR><TD><TABLE BORDER=0 CELLPADDING=0
-+ CELLSPACING=0>
-+<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR>
-+<TR><TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+<TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
-+<TR><TD><PRE>
-+delete user script = /usr/local/sbin/smbldap-userdel "%u"
-+delete group script = /usr/local/sbin/smbldap-groupdel "%g"
-+</PRE></TD>
-+</TR></TABLE></TD>
-+<TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR>
-+<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR></TABLE></TD>
-+</TR></TABLE><BR>
-+<!--TOC subsection Migrating an NT4 PDC to Samba3-->
-+
-+<H3><A NAME="htoc25">5.2</A>&nbsp;&nbsp;Migrating an NT4 PDC to Samba3</H3><!--SEC END -->
-+
-+The account migration procedure becomes really simple when samba is configured to use
-+the <FONT COLOR=purple>smbldap-tools</FONT>. Samba configuration (smb.conf file) must contain the
-+directive defined above to properly call the script for managing users, groups and computer accounts.
-+The migration process is outlined in the chapter 30 of the samba howto
-+<A HREF="http://sambafr.idealx.org/samba/docs/man/Samba-HOWTO-Collection/NT4Migration.html"><TT>http://sambafr.idealx.org/samba/docs/man/Samba-HOWTO-Collection/NT4Migration.html</TT></A>.
-+ <BR>
-+<BR>
-+<!--TOC section Frequently Asked Questions-->
-+
-+<H2><A NAME="htoc26">6</A>&nbsp;&nbsp;Frequently Asked Questions</H2><!--SEC END -->
-+
-+<!--TOC subsection How can i use old released uidNumber and gidNumber ?-->
-+
-+<H3><A NAME="htoc27">6.1</A>&nbsp;&nbsp;How can i use old released uidNumber and gidNumber ?</H3><!--SEC END -->
-+
-+There are two way to do this :
-+<UL><LI>
-+modify the <TT>cn=NextFreeUnixId,dc=idealx,dc=org</TT> and
-+ change the <TT>uidNumber</TT> and/or <TT>gidNumber</TT> value. This
-+ must be done manually. For example, if you want to use all available
-+ uidNumber and gidNumber higher then 1500, you need to create a
-+ <TT>update-NextFreeUnixId.ldif</TT> file containing :
-+<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0>
-+<TR><TD><TABLE BORDER=0 CELLPADDING=0
-+ CELLSPACING=0>
-+<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR>
-+<TR><TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+<TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
-+<TR><TD><PRE>dn: cn=NextFreeUnixId,dc=idealx,dc=org
-+changetype: modify
-+uidNumber: 1500
-+gidNumber: 1500
-+</PRE></TD>
-+</TR></TABLE></TD>
-+<TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR>
-+<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR></TABLE></TD>
-+</TR></TABLE>
-+and then update the directory :
-+<PRE>
-+ldapmodify -x -D "cn=Manager,dc=idealx,dc=org" -w secret -f update-NextFreeUnixId.ldif
-+</PRE><LI>use the <TT>-u</TT> or <TT>-g</TT> option to the script you need to set the value you
-+ want to use
-+</UL>
-+<!--TOC subsection I always have this error: "Can't locate IO/Socket/SSL.pm"-->
-+
-+<H3><A NAME="htoc28">6.2</A>&nbsp;&nbsp;I always have this error: "Can't locate IO/Socket/SSL.pm"</H3><!--SEC END -->
-+
-+This happens when you want to use a certificate. In this case, you need to install the
-+IO-Socket-SSL Perl module.<BR>
-+<BR>
-+<!--TOC subsection I can't initialize the directory with <TT>smbldap-populate</TT>-->
-+
-+<H3><A NAME="htoc29">6.3</A>&nbsp;&nbsp;I can't initialize the directory with <TT>smbldap-populate</TT></H3><!--SEC END -->
-+
-+When I want to initialize the directory using the <TT>smbldap-populate</TT>
-+script, I get
-+<PRE>
-+[root@slave sbin]# smbldap-populate.pl
-+  Using builtin directory structure
-+  adding new entry: dc=IDEALX,dc=COM
-+  Can't call method "code" without a package or object reference at
-+  /usr/local/sbin/smbldap-populate.pl line 270, &lt;GEN1&gt; line 2.
-+</PRE>Answer: check the TLS configuration
-+<UL><LI>
-+if you don't want to use TLS support, set the <TT>/etc/opt/IDEALX/smbldap-tools/smbldap.conf</TT> file
-+with
-+<PRE>
-+ldapSSL="0"
-+</PRE><LI>if you want TLS support, set the <TT>/etc/opt/IDEALX/smbldap-tools/smbldap.conf</TT> file with
-+<PRE>
-+ldapSSL="1"
-+</PRE>and check that the directory server is configured to accept TLS connections.
-+</UL>
-+<!--TOC subsection I can't join the domain with the <TT>root</TT> account-->
-+
-+<H3><A NAME="htoc30">6.4</A>&nbsp;&nbsp;I can't join the domain with the <TT>root</TT> account</H3><!--SEC END -->
-+
-+<UL><LI>
-+check that the root account has the sambaSamAccount objectclass
-+<LI>check that the directive <TT>add machine script</TT> is present and configured
-+</UL>
-+<!--TOC subsection I have the <TT>sambaSamAccount</TT> but i can't logged in-->
-+
-+<H3><A NAME="htoc31">6.5</A>&nbsp;&nbsp;I have the <TT>sambaSamAccount</TT> but i can't logged in</H3><!--SEC END -->
-+
-+Check that the <TT>sambaPwdLastSet</TT> attribute is not null (equal to 0)<BR>
-+<BR>
-+<!--TOC subsection I want to create machine account on the fly, but it does
-+ not works or I must do it twice-->
-+
-+<H3><A NAME="htoc32">6.6</A>&nbsp;&nbsp;I want to create machine account on the fly, but it does
-+ not works or I must do it twice</H3><!--SEC END -->
-+
-+<UL><LI>
-+The script defined with the <TT>add machine script</TT> must not add
-+the <TT>sambaSAMAccount</TT> objectclass of the machine account. The
-+script must only add the Posix machine account. Samba will add the <TT>sambaSAMAccount</TT> when
-+joining the domain.
-+<LI>Check that the <TT>add <B>machine</B> script</TT> is present in samba
-+ configuration file.
-+</UL>
-+<!--TOC subsection I can't manage the Oracle Internet Database-->
-+
-+<H3><A NAME="htoc33">6.7</A>&nbsp;&nbsp;I can't manage the Oracle Internet Database</H3><!--SEC END -->
-+
-+If you have an error message like :
-+<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0>
-+<TR><TD><TABLE BORDER=0 CELLPADDING=0
-+ CELLSPACING=0>
-+<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR>
-+<TR><TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+<TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
-+<TR><TD><PRE>
-+Function Not Implemented at /usr/local/sbin/smbldap_tools.pm line 187.
-+Function Not Implemented at /usr/local/sbin/smbldap_tools.pm line 627.
-+</PRE></TD>
-+</TR></TABLE></TD>
-+<TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR>
-+<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR></TABLE></TD>
-+</TR></TABLE>For Oracle Database, all attributes that will be resquested to the directory must be indexed. Add a
-+new index for samba attributes and make sure that the following attributes are also indexed :
-+ uidNumber, gidNumber, memberUid, homedirectory, description, userPassword ...<BR>
-+<BR>
-+<!--TOC subsection The directive <TT>passwd program = /usr/local/sbin/smbldap-passwd -u %u</TT> is not
-+called, or i got a error message when changing the password from windows-->
-+
-+<H3><A NAME="htoc34">6.8</A>&nbsp;&nbsp;The directive <TT>passwd program = /usr/local/sbin/smbldap-passwd -u %u</TT> is not
-+called, or i got a error message when changing the password from windows</H3><!--SEC END -->
-+
-+The directive is called if you also set <TT>unix password sync = Yes</TT>.
-+Notes:
-+<UL><LI>
-+if you use OpenLDAP, none of those two options are needed. You just need <TT>ldap
-+passwd sync = Yes</TT>.
-+<LI>the script called here must only update the <TT>userPassword</TT> attribute. This is the
-+reason of the <TT>-u</TT> option. Samba passwords will be updated by samba itself.
-+<LI>the <TT>passwd chat</TT> directive must match what is prompted when using the
-+<TT>smbldap-passwd</TT> command
-+</UL>
-+<!--TOC subsection New computers account can't be set in ou=computers-->
-+
-+<H3><A NAME="htoc35">6.9</A>&nbsp;&nbsp;New computers account can't be set in ou=computers</H3><!--SEC END -->
-+<A NAME="sec::bug::ou::computer"></A>
-+This is a known samba bug. There's a workarround: look at
-+<A HREF="http://marc.theaimsgroup.com/?l=samba&m=108439612826440&w=2"><TT>http://marc.theaimsgroup.com/?l=samba&amp;m=108439612826440&amp;w=2</TT></A><BR>
-+<BR>
-+<!--TOC subsection I can join the domain, but i can't log on-->
-+
-+<H3><A NAME="htoc36">6.10</A>&nbsp;&nbsp;I can join the domain, but i can't log on</H3><!--SEC END -->
-+
-+look at section <A HREF="#sec::bug::ou::computer">6.9</A><BR>
-+<BR>
-+<!--TOC subsection I can't create a user with <TT>smbldap-useradd</TT>-->
-+
-+<H3><A NAME="htoc37">6.11</A>&nbsp;&nbsp;I can't create a user with <TT>smbldap-useradd</TT></H3><!--SEC END -->
-+
-+When creating a new user account I get the following error message:
-+<PRE>
-+/usr/local/sbin/smbldap-useradd.pl: unknown group SID not set for unix group 513
-+</PRE>Answer: 
-+<UL><LI>
-+is nss_ldap correctly configured ?
-+<LI>is the default group's users mapped to the 'Domain Users' NT group ?
-+<PRE>
-+net groupmap add rid=513 unixgroup="Domain Users" ntgroup="Domain Users"
-+</PRE></UL>
-+<!--TOC subsection smbldap-useradd: Can't call method "get_value" on an undefined value at
-+/usr/local/sbin/smbldap-useradd line 154-->
-+
-+<H3><A NAME="htoc38">6.12</A>&nbsp;&nbsp;smbldap-useradd: Can't call method "get_value" on an undefined value at
-+/usr/local/sbin/smbldap-useradd line 154</H3><!--SEC END -->
-+
-+<UL><LI>
-+does the default group defined in smbldap.conf exist
-+ (defaultUserGid="513") ?
-+<LI>does the NT "Domain Users" group mapped to a unix
-+ group of rid 513 (see option <I>-r</I> of <TT>smbldap-groupadd</TT> and
-+ <TT>smbldap-groupmod</TT> to set a rid) ?
-+</UL>
-+<!--TOC subsection Typical errors on creating a new user or a new group-->
-+
-+<H3><A NAME="htoc39">6.13</A>&nbsp;&nbsp;Typical errors on creating a new user or a new group</H3><!--SEC END -->
-+<A NAME="faq::error::add::user"></A>
-+<UL><LI>
-+i've got the following error: 
-+<PRE>
-+Could not find base dn, to get next uidNumber at /usr/local/sbin//smbldap_tools.pm line 909
-+</PRE><OL type=1><LI>
-+	you do not have created the object to defined the next uidNumber and gidNumber available.
-+	<UL><LI>
-+	for version 0.8.7&nbsp;: you can just run the <TT>smbldap-populate</TT> script that will
-+		update the sambaDomain entry to store those informations
-+	<LI>for version before 0.8.7&nbsp;: 
-+	You have updated the smbldap-tools to version 0.8.5 or newer.
-+	You have to do this manually. Create an file called <TT>add.ldif</TT> and containing
-+<PRE>
-+dn: cn=NextFreeUnixId,dc=idealx,dc=org
-+objectClass: inetOrgPerson
-+objectClass: sambaUnixIdPool
-+uidNumber: 1000
-+gidNumber: 1000
-+cn: NextFreeUnixId
-+sn: NextFreeUnixId
-+</PRE>	and then add the object with the ldapadd utility:
-+<PRE>
-+$ ldapadd -x -D "cn=Manager,dc=idealx,dc=org" -w secret -f add.ldif
-+</PRE>	Here, 1000 is the first available value for uidNumber and gidNumber (of course, if this value is
-+	already used by a user or a group, the first available after 1000 will be used).
-+	</UL><BR>
-+<BR>
-+<LI>The error also appear when there is a need for TLS (ldapTLS=1 in <TT>smbldap.conf</TT>) and
-+something is wrong with certificate naming or path settings.
-+</OL><BR>
-+<BR>
-+<LI>i've got the following error:
-+<PRE>
-+Use of uninitialized value in string at
-+/usr/local/sbin//smbldap\_tools.pm line 914.
-+Error: No DN specified at /usr/local/sbin//smbldap\_tools.pm line 919
-+</PRE>You have not updated the configuration file to defined the object where are sotred the next
-+uidNumber and gidNumber available. In our example, you have to add a nex entry in
-+<I>/etc/opt/IDEALX/smbldap-tools/smbldap.conf</I> containing :
-+<PRE>
-+# Where to store next uidNumber and gidNumber available
-+sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
-+</PRE>btw, a new option is now available too: the domain to append to users. You can add to the
-+configuration file the following lines:
-+<PRE>
-+# Domain appended to the users "mail"-attribute
-+# when smbldap-useradd -M is used mailDomain="idealx.com"
-+</PRE><BR>
-+<BR>
-+<LI>i've got the following error:
-+<PRE>
-+Use of uninitialized value in concatenation (.) or string at /usr/local/sbin/smbldap-useradd line 183.
-+Use of uninitialized value in substitution (s///) at /usr/local/sbin/smbldap-useradd line 185.
-+Use of uninitialized value in string at /usr/local/sbin/smbldap-useradd line 264.
-+failed to add entry: homedirectory: value #0 invalid per syntax at /usr/local/sbin/smbldap-useradd line 280.
-+userHomeDirectory=User "jto" already member of the group "513".
-+failed to add entry: No such object at /usr/local/sbin/smbldap-useradd line 382.
-+</PRE>you have to change the variable name <TT>userHomePrefix</TT> to <TT>userHome</TT> in
-+<I>/etc/opt/IDEALX/smbldap-tools/smbldap.conf</I><BR>
-+<BR>
-+<LI>i've got the following error:
-+<PRE>
-+failed to add entry: referral missing at /usr/local/sbin/smbldap-useradd line 279, &lt;DATA&gt; line 283.
-+</PRE>you have to update the configuration file that defined users, groups and computers dn. Those
-+parameters must not be relative to the <TT>suffix</TT> parameter. A typical
-+configuration look like this :
-+<PRE>
-+usersdn="ou=Users,${suffix}"
-+computersdn="ou=Computers,${suffix}"
-+groupsdn="ou=Groups,${suffix}"
-+</PRE><BR>
-+<BR>
-+<LI>i've got the following error:
-+<PRE>
-+erreur LDAP: Can't contact master ldap server (IO::Socket::INET: Bad protocol 'tcp')
-+at /usr/local/sbin//smbldap_tools.pm line 153.
-+</PRE>remove <I>ldap</I> from <I>/etc/nsswitch.conf</I> for <I>services</I> list of possible check. For
-+example, if your ldap directory is not configured to give services information, you must have 
-+<PRE>
-+services    files
-+</PRE>and not
-+<PRE>
-+services:   ldap [NOTFOUND=return] files
-+</PRE></UL>
-+
-+ 
-+<!--TOC section Thanks-->
-+
-+<H2><A NAME="htoc40">7</A>&nbsp;&nbsp;Thanks</H2><!--SEC END -->
-+
-+<A NAME="thanks"></A>
-+People who have worked on this document are
-+<UL><LI>
-+Jérôme Tournier &lt;jerome.tournier@IDEALX.com&gt;
-+<LI>David Barth &lt;david.barth@IDEALX.com&gt;
-+<LI>Nat Makarevitch &lt;nat@IDEALX.com&gt;
-+</UL>
-+The authors would like to thank the following people for providing help with 
-+some of the more complicated subjects, for clarifying some of the internal 
-+workings of <FONT COLOR=purple>Samba</FONT> or <FONT COLOR=purple>OpenLDAP</FONT>, for pointing out errors or mistakes in 
-+previous versions of this document, or generally for making
-+suggestions :
-+<UL><LI>
-+IDEALX team :
-+ <UL><LI>
-+ Roméo Adekambi &lt;romeo.adekambi@IDEALX.com&gt;
-+ <LI>Aurelien Degremont &lt;adegremont@IDEALX.com&gt;
-+ <LI>Renaud Renard &lt;rrenard@IDEALX.com&gt;
-+ </UL>
-+<LI>John H Terpstra &lt;jht@samba.org&gt;
-+</UL>
-+ <!--TOC section Annexes-->
-+
-+<H2><A NAME="htoc41">8</A>&nbsp;&nbsp;Annexes</H2><!--SEC END -->
-+
-+<!--TOC subsection Full configuration files-->
-+
-+<H3><A NAME="htoc42">8.1</A>&nbsp;&nbsp;Full configuration files</H3><!--SEC END -->
-+<A NAME="configuration::files"></A>
-+<!--TOC subsubsection The <TT>/etc/opt/IDEALX/smbldap-tools/smbldap.conf</TT> file-->
-+
-+<H4><A NAME="htoc43">8.1.1</A>&nbsp;&nbsp;The <TT>/etc/opt/IDEALX/smbldap-tools/smbldap.conf</TT> file</H4><!--SEC END -->
-+<A NAME="configuration::file::smbldap"></A>
-+<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0>
-+<TR><TD><TABLE BORDER=0 CELLPADDING=0
-+ CELLSPACING=0>
-+<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR>
-+<TR><TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+<TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
-+<TR><TD><PRE># $Source: $
-+# $Id: smbldap.conf,v 1.18 2005/05/27 14:28:47 jtournier Exp $
-+#
-+# smbldap-tools.conf : Q &amp; D configuration file for smbldap-tools
-+
-+#  This code was developped by IDEALX (http://IDEALX.org/) and
-+#  contributors (their names can be found in the CONTRIBUTORS file).
-+#
-+#                 Copyright (C) 2001-2002 IDEALX
-+#
-+#  This program is free software; you can redistribute it and/or
-+#  modify it under the terms of the GNU General Public License
-+#  as published by the Free Software Foundation; either version 2
-+#  of the License, or (at your option) any later version.
-+#
-+#  This program is distributed in the hope that it will be useful,
-+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+#  GNU General Public License for more details.
-+#
-+#  You should have received a copy of the GNU General Public License
-+#  along with this program; if not, write to the Free Software
-+#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-+#  USA.
-+
-+#  Purpose :
-+#       . be the configuration file for all smbldap-tools scripts
-+
-+##############################################################################
-+#
-+# General Configuration
-+#
-+##############################################################################
-+
-+# Put your own SID. To obtain this number do: "net getlocalsid".
-+# If not defined, parameter is taking from "net getlocalsid" return
-+SID="S-1-5-21-2252255531-4061614174-2474224977"
-+
-+# Domain name the Samba server is in charged.
-+# If not defined, parameter is taking from smb.conf configuration file
-+# Ex: sambaDomain="IDEALX-NT"
-+sambaDomain="DOMSMB"
-+
-+##############################################################################
-+#
-+# LDAP Configuration
-+#
-+##############################################################################
-+
-+# Notes: to use to dual ldap servers backend for Samba, you must patch
-+# Samba with the dual-head patch from IDEALX. If not using this patch
-+# just use the same server for slaveLDAP and masterLDAP.
-+# Those two servers declarations can also be used when you have 
-+# . one master LDAP server where all writing operations must be done
-+# . one slave LDAP server where all reading operations must be done
-+#   (typically a replication directory)
-+
-+# Slave LDAP server
-+# Ex: slaveLDAP=127.0.0.1
-+# If not defined, parameter is set to "127.0.0.1"
-+slaveLDAP="127.0.0.1"
-+
-+# Slave LDAP port
-+# If not defined, parameter is set to "389"
-+slavePort="389"
-+
-+# Master LDAP server: needed for write operations
-+# Ex: masterLDAP=127.0.0.1
-+# If not defined, parameter is set to "127.0.0.1"
-+masterLDAP="127.0.0.1"
-+
-+# Master LDAP port
-+# If not defined, parameter is set to "389"
-+masterPort="389"
-+
-+# Use TLS for LDAP
-+# If set to 1, this option will use start_tls for connection
-+# (you should also used the port 389)
-+# If not defined, parameter is set to "1"
-+ldapTLS="0"
-+
-+# How to verify the server's certificate (none, optional or require)
-+# see "man Net::LDAP" in start_tls section for more details
-+verify="require"
-+
-+# CA certificate
-+# see "man Net::LDAP" in start_tls section for more details
-+cafile="/etc/smbldap-tools/ca.pem"
-+
-+# certificate to use to connect to the ldap server
-+# see "man Net::LDAP" in start_tls section for more details
-+clientcert="/etc/smbldap-tools/smbldap-tools.pem"
-+
-+# key certificate to use to connect to the ldap server
-+# see "man Net::LDAP" in start_tls section for more details
-+clientkey="/etc/smbldap-tools/smbldap-tools.key"
-+
-+# LDAP Suffix
-+# Ex: suffix=dc=IDEALX,dc=ORG
-+suffix="dc=company,dc=com"
-+
-+# Where are stored Users
-+# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
-+# Warning: if 'suffix' is not set here, you must set the full dn for usersdn
-+usersdn="ou=Users,${suffix}"
-+
-+# Where are stored Computers
-+# Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"
-+# Warning: if 'suffix' is not set here, you must set the full dn for computersdn
-+computersdn="ou=Computers,${suffix}"
-+
-+# Where are stored Groups
-+# Ex: groupsdn="ou=Groups,dc=IDEALX,dc=ORG"
-+# Warning: if 'suffix' is not set here, you must set the full dn for groupsdn
-+groupsdn="ou=Groups,${suffix}"
-+
-+# Where are stored Idmap entries (used if samba is a domain member server)
-+# Ex: groupsdn="ou=Idmap,dc=IDEALX,dc=ORG"
-+# Warning: if 'suffix' is not set here, you must set the full dn for idmapdn
-+idmapdn="ou=Idmap,${suffix}"
-+
-+# Where to store next uidNumber and gidNumber available for new users and groups
-+# If not defined, entries are stored in sambaDomainName object.
-+# Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
-+# Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
-+sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
-+
-+# Default scope Used
-+scope="sub"
-+
-+# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
-+hash_encrypt="SSHA"
-+
-+# if hash_encrypt is set to CRYPT, you may set a salt format.
-+# default is "%s", but many systems will generate MD5 hashed
-+# passwords if you use "$1$%.8s". This parameter is optional!
-+crypt_salt_format="%s"
-+
-+##############################################################################
-+# 
-+# Unix Accounts Configuration
-+# 
-+##############################################################################
-+
-+# Login defs
-+# Default Login Shell
-+# Ex: userLoginShell="/bin/bash"
-+userLoginShell="/bin/bash"
-+
-+# Home directory
-+# Ex: userHome="/home/%U"
-+userHome="/home/%U"
-+
-+# Default mode used for user homeDirectory
-+userHomeDirectoryMode="700"
-+
-+# Gecos
-+userGecos="System User"
-+
-+# Default User (POSIX and Samba) GID
-+defaultUserGid="513"
-+
-+# Default Computer (Samba) GID
-+defaultComputerGid="515"
-+
-+# Skel dir
-+skeletonDir="/etc/skel"
-+
-+# Default password validation time (time in days) Comment the next line if
-+# you don't want password to be enable for defaultMaxPasswordAge days (be
-+# careful to the sambaPwdMustChange attribute's value)
-+defaultMaxPasswordAge="45"
-+
-+##############################################################################
-+#
-+# SAMBA Configuration
-+#
-+##############################################################################
-+
-+# The UNC path to home drives location (%U username substitution)
-+# Just set it to a null string if you want to use the smb.conf 'logon home'
-+# directive and/or disable roaming profiles
-+# Ex: userSmbHome="\\PDC-SMB3\%U"
-+userSmbHome="\\PDC-SRV\%U"
-+
-+# The UNC path to profiles locations (%U username substitution)
-+# Just set it to a null string if you want to use the smb.conf 'logon path'
-+# directive and/or disable roaming profiles
-+# Ex: userProfile="\\PDC-SMB3\profiles\%U"
-+userProfile="\\PDC-SRV\profiles\%U"
-+
-+# The default Home Drive Letter mapping
-+# (will be automatically mapped at logon time if home directory exist)
-+# Ex: userHomeDrive="H:"
-+userHomeDrive="H:"
-+
-+# The default user netlogon script name (%U username substitution)
-+# if not used, will be automatically username.cmd
-+# make sure script file is edited under dos
-+# Ex: userScript="startup.cmd" # make sure script file is edited under dos
-+userScript="logon.bat"
-+
-+# Domain appended to the users "mail"-attribute
-+# when smbldap-useradd -M is used
-+# Ex: mailDomain="idealx.com"
-+mailDomain="idealx.com"
-+
-+##############################################################################
-+#
-+# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
-+#
-+##############################################################################
-+
-+# Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but
-+# prefer Crypt::SmbHash library
-+with_smbpasswd="0"
-+smbpasswd="/usr/bin/smbpasswd"
-+
-+# Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)
-+# but prefer Crypt:: libraries
-+with_slappasswd="0"
-+slappasswd="/usr/sbin/slappasswd"
-+
-+# comment out the following line to get rid of the default banner
-+# no_banner="1"
-+
-+</PRE></TD>
-+</TR></TABLE></TD>
-+<TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR>
-+<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR></TABLE></TD>
-+</TR></TABLE><BR>
-+<!--TOC subsubsection The <TT>/etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf</TT> file-->
-+
-+<H4><A NAME="htoc44">8.1.2</A>&nbsp;&nbsp;The <TT>/etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf</TT> file</H4><!--SEC END -->
-+<A NAME="configuration::file::smbldap::bind"></A>
-+<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0>
-+<TR><TD><TABLE BORDER=0 CELLPADDING=0
-+ CELLSPACING=0>
-+<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR>
-+<TR><TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+<TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
-+<TR><TD><PRE>############################
-+# Credential Configuration #
-+############################
-+# Notes: you can specify two differents configuration if you use a
-+# master ldap for writing access and a slave ldap server for reading access
-+# By default, we will use the same DN (so it will work for standard Samba
-+# release)
-+slaveDN="cn=Manager,dc=company,dc=com"
-+slavePw="secret"
-+masterDN="cn=Manager,dc=company,dc=com"
-+masterPw="secret"
-+
-+</PRE></TD>
-+</TR></TABLE></TD>
-+<TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR>
-+<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR></TABLE></TD>
-+</TR></TABLE><BR>
-+<!--TOC subsubsection The samba configuration file : <TT>/etc/samba/smb.conf</TT> -->
-+
-+<H4><A NAME="htoc45">8.1.3</A>&nbsp;&nbsp;The samba configuration file : <TT>/etc/samba/smb.conf</TT> </H4><!--SEC END -->
-+
-+<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0>
-+<TR><TD><TABLE BORDER=0 CELLPADDING=0
-+ CELLSPACING=0>
-+<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR>
-+<TR><TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+<TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
-+<TR><TD><PRE># Global parameters
-+[global]
-+ workgroup = DOMSMB
-+ netbios name = PDC-SRV
-+ security = user
-+ enable privileges = yes
-+ #interfaces = 192.168.5.11
-+ #username map = /etc/samba/smbusers
-+ server string = Samba Server %v
-+ #security = ads
-+ encrypt passwords = Yes
-+ min passwd length = 3
-+ #pam password change = no
-+ #obey pam restrictions = No
-+
-+ # method 1:
-+ #unix password sync = no
-+ #ldap passwd sync = yes
-+
-+ # method 2:
-+ unix password sync = yes
-+ ldap passwd sync = no
-+ passwd program = /usr/sbin/smbldap-passwd -u "%u"
-+ passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n"
-+
-+ log level = 0
-+ syslog = 0
-+ log file = /var/log/samba/log.%U
-+ max log size = 100000
-+ time server = Yes
-+ socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
-+ mangling method = hash2
-+ Dos charset = 850
-+ Unix charset = ISO8859-1
-+
-+ logon script = logon.bat
-+ logon drive = H:
-+        logon home = 
-+        logon path = 
-+
-+ domain logons = Yes
-+ domain master = Yes
-+ os level = 65
-+ preferred master = Yes
-+ wins support = yes
-+ passdb backend = ldapsam:ldap://127.0.0.1/
-+ ldap admin dn = cn=Manager,dc=company,dc=com
-+ #ldap admin dn = cn=samba,ou=DSA,dc=company,dc=com
-+ ldap suffix = dc=company,dc=com
-+        ldap group suffix = ou=Groups
-+        ldap user suffix = ou=Users
-+        ldap machine suffix = ou=Computers
-+ #ldap idmap suffix = ou=Idmap
-+        add user script = /usr/sbin/smbldap-useradd -m "%u"
-+        #ldap delete dn = Yes
-+        delete user script = /usr/sbin/smbldap-userdel "%u"
-+        add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
-+        add group script = /usr/sbin/smbldap-groupadd -p "%g" 
-+        #delete group script = /usr/sbin/smbldap-groupdel "%g"
-+        add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
-+        delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
-+ set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
-+
-+ # printers configuration
-+ #printer admin = @"Print Operators"
-+ load printers = Yes
-+ create mask = 0640
-+ directory mask = 0750
-+ #force create mode = 0640
-+ #force directory mode = 0750
-+ nt acl support = No
-+ printing = cups
-+ printcap name = cups
-+ deadtime = 10
-+ guest account = nobody
-+ map to guest = Bad User
-+ dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
-+ show add printer wizard = yes
-+ ; to maintain capital letters in shortcuts in any of the profile folders:
-+ preserve case = yes
-+ short preserve case = yes
-+ case sensitive = no
-+
-+[netlogon]
-+ path = /home/netlogon/
-+ browseable = No
-+ read only = yes
-+
-+[profiles]
-+ path = /home/profiles
-+ read only = no
-+ create mask = 0600
-+ directory mask = 0700
-+ browseable = No
-+ guest ok = Yes
-+ profile acls = yes
-+ csc policy = disable
-+ # next line is a great way to secure the profiles 
-+ #force user = %U 
-+ # next line allows administrator to access all profiles 
-+ #valid users = %U "Domain Admins"
-+
-+[printers]
-+        comment = Network Printers
-+        #printer admin = @"Print Operators"
-+        guest ok = yes 
-+        printable = yes
-+        path = /home/spool/
-+        browseable = No
-+        read only  = Yes
-+        printable = Yes
-+        print command = /usr/bin/lpr -P%p -r %s
-+        lpq command = /usr/bin/lpq -P%p
-+        lprm command = /usr/bin/lprm -P%p %j
-+        # print command = /usr/bin/lpr -U%U@%M -P%p -r %s
-+        # lpq command = /usr/bin/lpq -U%U@%M -P%p
-+        # lprm command = /usr/bin/lprm -U%U@%M -P%p %j
-+        # lppause command = /usr/sbin/lpc -U%U@%M hold %p %j
-+        # lpresume command = /usr/sbin/lpc -U%U@%M release %p %j
-+        # queuepause command = /usr/sbin/lpc -U%U@%M stop %p
-+        # queueresume command = /usr/sbin/lpc -U%U@%M start %p
-+
-+[print$]
-+        path = /home/printers
-+        guest ok = No
-+        browseable = Yes
-+        read only = Yes
-+        valid users = @"Print Operators"
-+        write list = @"Print Operators"
-+        create mask = 0664
-+        directory mask = 0775
-+
-+[public]
-+ path = /tmp
-+ guest ok = yes
-+ browseable = Yes
-+ writable = yes
-+</PRE></TD>
-+</TR></TABLE></TD>
-+<TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR>
-+<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR></TABLE></TD>
-+</TR></TABLE><BR>
-+<!--TOC subsubsection The OpenLDAP configuration file : <TT>/etc/openldap/slapd.conf</TT>-->
-+
-+<H4><A NAME="htoc46">8.1.4</A>&nbsp;&nbsp;The OpenLDAP configuration file : <TT>/etc/openldap/slapd.conf</TT></H4><!--SEC END -->
-+
-+<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0>
-+<TR><TD><TABLE BORDER=0 CELLPADDING=0
-+ CELLSPACING=0>
-+<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR>
-+<TR><TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+<TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
-+<TR><TD><PRE>#
-+# See slapd.conf(5) for details on configuration options.
-+# This file should NOT be world readable.
-+#
-+include  /etc/openldap/schema/core.schema
-+include  /etc/openldap/schema/cosine.schema
-+include  /etc/openldap/schema/inetorgperson.schema
-+include  /etc/openldap/schema/nis.schema
-+include  /etc/openldap/schema/samba.schema
-+
-+schemacheck on
-+
-+# Allow LDAPv2 client connections.  This is NOT the default.
-+allow bind_v2
-+
-+# Do not enable referrals until AFTER you have a working directory
-+# service AND an understanding of referrals.
-+#referral ldap://root.openldap.org
-+
-+pidfile  /var/run/slapd.pid
-+argsfile /var/run/slapd.args
-+
-+# Load dynamic backend modules:
-+# modulepath /usr/sbin/openldap
-+# moduleload back_bdb.la
-+# moduleload back_ldap.la
-+# moduleload back_ldbm.la
-+# moduleload back_passwd.la
-+# moduleload back_shell.la
-+
-+# The next three lines allow use of TLS for encrypting connections using a
-+# dummy test certificate which you can generate by changing to
-+# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
-+# slapd.pem so that the ldap user or group can read it.  Your client software
-+# may balk at self-signed certificates, however.
-+#TLSCertificateFile /etc/openldap/ldap.company.com.pem
-+#TLSCertificateKeyFile /etc/openldap/ldap.company.com.key
-+#TLSCACertificateFile /etc/openldap/ca.pem
-+#TLSCipherSuite :SSLv3
-+
-+# Sample security restrictions
-+# Require integrity protection (prevent hijacking)
-+# Require 112-bit (3DES or better) encryption for updates
-+# Require 63-bit encryption for simple bind
-+# security ssf=1 update_ssf=112 simple_bind=64
-+
-+# Sample access control policy:
-+# Root DSE: allow anyone to read it
-+# Subschema (sub)entry DSE: allow anyone to read it
-+# Other DSEs:
-+#  Allow self write access
-+#  Allow authenticated users read access
-+#  Allow anonymous users to authenticate
-+# Directives needed to implement policy:
-+# access to dn.base="" by * read
-+# access to dn.base="cn=Subschema" by * read
-+# access to *
-+# by self write
-+# by users read
-+# by anonymous auth
-+#
-+# if no access controls are present, the default policy
-+# allows anyone and everyone to read anything but restricts
-+# updates to rootdn.  (e.g., "access to * by * read")
-+#
-+# rootdn can always read and write EVERYTHING!
-+
-+#######################################################################
-+# ldbm and/or bdb database definitions
-+#######################################################################
-+
-+database bdb
-+suffix  "dc=company,dc=com"
-+rootdn  "cn=Manager,dc=company,dc=com"
-+# Cleartext passwords, especially for the rootdn, should
-+# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
-+# Use of strong authentication encouraged.
-+rootpw  secret
-+# rootpw  {crypt}ijFYNcSNctBYg
-+
-+# The database directory MUST exist prior to running slapd AND 
-+# should only be accessible by the slapd and slap tools.
-+# Mode 700 recommended.
-+directory /var/lib/ldap
-+lastmod  on
-+
-+# Indices to maintain for this database
-+index objectClass                       eq,pres
-+index ou,cn,sn,mail,givenname    eq,pres,sub
-+index uidNumber,gidNumber,memberUid     eq,pres
-+index loginShell   eq,pres
-+## required to support pdb_getsampwnam
-+index uid                       pres,sub,eq
-+## required to support pdb_getsambapwrid()
-+index displayName               pres,sub,eq
-+index nisMapName,nisMapEntry            eq,pres,sub
-+index   sambaSID                eq,sub
-+index   sambaPrimaryGroupSID   eq
-+index   sambaDomainName         eq
-+index   default                sub
-+
-+
-+# users can authenticate and change their password
-+access to attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdMustChange,sambaPwdLastSet
-+      by dn="cn=Manager,dc=company,dc=com" write
-+      by self write
-+      by anonymous auth
-+      by * none
-+
-+# those 2 parameters must be world readable for password aging to work correctly
-+# (or use a priviledge account in /etc/ldap.conf to bind to the directory)
-+access to attrs=shadowLastChange,shadowMax
-+      by dn="cn=Manager,dc=company,dc=com" write
-+      by self write
-+      by * read
-+
-+
-+# all others attributes are readable to everybody
-+access to *
-+      by * read
-+
-+# Replicas of this database
-+#replogfile /var/lib/ldap/openldap-master-replog
-+#replica host=ldap-1.example.com:389 starttls=critical
-+#     bindmethod=sasl saslmech=GSSAPI
-+#     authcId=host/ldap-master.example.com@EXAMPLE.COM
-+</PRE></TD>
-+</TR></TABLE></TD>
-+<TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR>
-+<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR></TABLE></TD>
-+</TR></TABLE><BR>
-+<!--TOC subsection Changing the administrative account (<TT>ldap admin
-+ dn</TT> in <TT>smb.conf</TT> file)-->
-+
-+<H3><A NAME="htoc47">8.2</A>&nbsp;&nbsp;Changing the administrative account (<TT>ldap admin
-+ dn</TT> in <TT>smb.conf</TT> file)</H3><!--SEC END -->
-+<A NAME="change::manager"></A>
-+If you don't want to use the <TT>cn=Manager,dc=idealx,dc=com</TT>
-+account anymore, you can create a dedicated account for Samba and the
-+smbldap-tools scripts. To do
-+this, create an account named <I>samba</I> as follows (see
-+section <A HREF="#add::user">4.2.1</A> for a more detailed syntax) :
-+<PRE>
-+smbldap-useradd -s /bin/false -d /dev/null -P samba
-+</PRE>This command will ask you to set a password for this account. Let's
-+set it to <I>samba</I> for this example.
-+You then need to modify configuration files:
-+<UL><LI>
-+file <TT>/etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf</TT>
-+ <TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0>
-+<TR><TD><TABLE BORDER=0 CELLPADDING=0
-+ CELLSPACING=0>
-+<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR>
-+<TR><TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+<TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
-+<TR><TD><PRE>
-+    slaveDN="uid=samba,ou=Users,dc=idealx,dc=com"
-+    slavePw="samba"
-+    masterDN="uid=samba,ou=Users,dc=idealx,dc=com"
-+    masterPw="samba"
-+  </PRE></TD>
-+</TR></TABLE></TD>
-+<TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR>
-+<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR></TABLE></TD>
-+</TR></TABLE><LI>file <TT>/etc/samba/smb.conf</TT>
-+ <TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0>
-+<TR><TD><TABLE BORDER=0 CELLPADDING=0
-+ CELLSPACING=0>
-+<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR>
-+<TR><TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+<TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
-+<TR><TD><PRE>
-+    ldap admin dn = uid=samba,ou=Users,dc=idealx,dc=com
-+  </PRE></TD>
-+</TR></TABLE></TD>
-+<TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR>
-+<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR></TABLE></TD>
-+</TR></TABLE>don't forget to also set the samba account password in
-+ <TT>secrets.tdb</TT> file : 
-+<PRE>
-+smbpasswd -w samba
-+</PRE><LI>file <TT>/etc/openldap/slapd.conf</TT>: give to the
-+ <I>samba</I> user permissions to modify some attributes: this
-+ user needs to be able to modify all the samba attributes and some
-+ others (uidNumber, gidNumber ...) :
-+ <TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0>
-+<TR><TD><TABLE BORDER=0 CELLPADDING=0
-+ CELLSPACING=0>
-+<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR>
-+<TR><TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+<TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
-+<TR><TD><PRE>
-+# users can authenticate and change their password
-+access to attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,sambaPwdMustChange
-+      by dn="uid=samba,ou=Users,dc=idealx,dc=com" write
-+      by self write
-+      by anonymous auth
-+      by * none
-+# some attributes need to be readable anonymously so that 'id user' can answer correctly
-+access to attrs=objectClass,entry,gecos,homeDirectory,uid,uidNumber,gidNumber,cn,memberUid
-+      by dn="uid=samba,ou=Users,dc=idealx,dc=com" write
-+      by * read
-+# somme attributes can be writable by users themselves
-+access to attrs=description,telephoneNumber
-+      by dn="uid=samba,ou=Users,dc=idealx,dc=com" write
-+      by self write
-+      by * read
-+# some attributes need to be writable for samba
-+access to attrs=cn,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaLogonTime,sambaLogoffTime,sambaKickoffTime,sambaPwdCanChange,sambaPwdMustChange,sambaAcctFlags,displayName,sambaHomePath,sambaHomeDrive,sambaLogonScript,sambaProfilePath,description,sambaUserWorkstations,sambaPrimaryGroupSID,sambaDomainName,sambaSID,sambaGroupType,sambaNextRid,sambaNextGroupRid,sambaNextUserRid,sambaAlgorithmicRidBase
-+      by dn="uid=samba,ou=Users,dc=idealx,dc=com" write
-+      by self read
-+      by * none
-+# samba need to be able to create the samba domain account
-+access to dn.base="dc=idealx,dc=com"
-+      by dn="uid=samba,ou=Users,dc=idealx,dc=com" write
-+      by * none
-+# samba need to be able to create new users account
-+access to dn="ou=Users,dc=idealx,dc=com"
-+      by dn="uid=samba,ou=Users,dc=idealx,dc=com" write
-+      by * none
-+# samba need to be able to create new groups account
-+access to dn="ou=Groups,dc=idealx,dc=com"
-+      by dn="uid=samba,ou=Users,dc=idealx,dc=com" write
-+      by * none
-+# samba need to be able to create new computers account
-+access to dn="ou=Computers,dc=idealx,dc=com"
-+      by dn="uid=samba,ou=Users,dc=idealx,dc=com" write
-+      by * none
-+# this can be omitted but we leave it: there could be other branch
-+# in the directory
-+access to *
-+      by self read
-+      by * none
-+  </PRE></TD>
-+</TR></TABLE></TD>
-+<TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR>
-+<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
-+<TR><TD>
-+ </TD>
-+</TR></TABLE></TD>
-+</TR></TABLE></TD>
-+</TR></TABLE></UL>
-+<!--TOC subsection known bugs-->
-+
-+<H3><A NAME="htoc48">8.3</A>&nbsp;&nbsp;known bugs</H3><!--SEC END -->
-+
-+<UL><LI>
-+Option <I>-B</I> (user must change password) of
-+ <TT>smbldap-useradd</TT> does not have effect: when 
-+ <TT>smbldap-passwd</TT> script is called,
-+ <I>sambaPwdMustChange</I> attribute is rewrite.
-+</UL>
-+ 
-+<!--BEGIN NOTES document-->
-+<HR WIDTH="50%" SIZE=1><DL><DT><A NAME="note1" HREF="#text1"><FONT SIZE=5>1</FONT></A><DD><A HREF="http://IDEALX.com/"><TT>http://IDEALX.com/</TT></A>
-+</DL>
-+<!--END NOTES-->
-+<!--HTMLFOOT-->
-+
-+
-+<DIV class="piedpage">
-+<HR>
-+<P>Documents&nbsp;: Copyright © 2002 IDEALX S.A.S..
-+'IDEALX' is the property of IDEALX.
-+'Samba' is the property of Samba Team. All other trademarks belong to their respective owners.
-+</DIV>
-+
-+<!--ENDHTML-->
-+<!--FOOTER-->
-+<HR SIZE=2>
-+<BLOCKQUOTE><EM>This document was translated from L<sup>A</sup>T<sub>E</sub>X by
-+</EM><A HREF="http://pauillac.inria.fr/~maranget/hevea/index.html"><EM>H<FONT SIZE=2><sup>E</sup></FONT>V<FONT SIZE=2><sup>E</sup></FONT>A</EM></A><EM>.
-+</EM></BLOCKQUOTE>
-+</BODY>
-+</HTML>
diff -Nru smbldap-tools-0.9.5/debian/patches/0010_use-Digest-SHA.patch smbldap-tools-0.9.7/debian/patches/0010_use-Digest-SHA.patch
--- smbldap-tools-0.9.5/debian/patches/0010_use-Digest-SHA.patch	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/debian/patches/0010_use-Digest-SHA.patch	2011-09-27 09:55:33.000000000 +0200
@@ -0,0 +1,11 @@
+--- a/smbldap_tools.pl
++++ b/smbldap_tools.pl
+@@ -31,7 +31,7 @@ use Net::LDAP;
+ use Net::LDAP::Extension::SetPassword;
+ use Crypt::SmbHash;
+ use Digest::MD5 qw(md5);
+-use Digest::SHA1 qw(sha1);
++use Digest::SHA qw(sha1);
+ use MIME::Base64 qw(encode_base64);
+ 
+ use constant true => 1;
diff -Nru smbldap-tools-0.9.5/debian/patches/0011_fix_smbldap-grouplist_manpage.patch smbldap-tools-0.9.7/debian/patches/0011_fix_smbldap-grouplist_manpage.patch
--- smbldap-tools-0.9.5/debian/patches/0011_fix_smbldap-grouplist_manpage.patch	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/debian/patches/0011_fix_smbldap-grouplist_manpage.patch	2011-09-27 09:55:55.000000000 +0200
@@ -0,0 +1,11 @@
+--- a/smbldap-grouplist.pl
++++ b/smbldap-grouplist.pl
+@@ -166,7 +166,7 @@ foreach my $entry ($mesg->all_entries) {
+ 
+ =head1 NAME
+ 
+-smbldap-grouplist list groups
++smbldap-grouplist - list groups
+ 
+ =head1 SYNOPSIS
+ 
diff -Nru smbldap-tools-0.9.5/debian/patches/0020_original_doc_html_index.patch smbldap-tools-0.9.7/debian/patches/0020_original_doc_html_index.patch
--- smbldap-tools-0.9.5/debian/patches/0020_original_doc_html_index.patch	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/debian/patches/0020_original_doc_html_index.patch	2011-11-11 23:02:27.000000000 +0100
@@ -0,0 +1,2367 @@
+--- smbldap-tools-0.9.5.orig/doc/html/index.html
++++ smbldap-tools-0.9.5/doc/html/index.html
+@@ -0,0 +1,2364 @@
++<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
++            "http://www.w3.org/TR/REC-html40/loose.dtd">
++<HTML>
++<HEAD><TITLE>Smbldap-tools User Manual 
++(Release: 0.9.3 )</TITLE>
++
++<META http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
++<META name="GENERATOR" content="hevea 1.07">
++
++<link rel="stylesheet" href="IDXDOC.css">
++</HEAD>
++<BODY >
++<!--HEVEA command line is: hevea -fix -I ./styles -exec xxdate.exe -pedantic IDXDOC.hva smbldap-tools.tex -o smbldap-tools.html -->
++<!--HTMLHEAD-->
++
++
++  <DIV class="entete">
++  Copyright 2002 &copy; IDEALX S.A.S. - 
++  Contact:&nbsp;<A href="mailto:samba@IDEALX.org">samba@IDEALX.org</A>
++  </DIV>
++  <HR>
++<!--ENDHTML-->
++<!--PREFIX <ARG ></ARG>-->
++<!--CUT DEF section 1 -->
++
++
++
++
++
++<H1 ALIGN=center>Smbldap-tools User Manual<BR>
++(<I>Release</I>: 0.9.3 )</H1>
++
++<H3 ALIGN=center>Jérôme Tournier</H3>
++
++<H3 ALIGN=center><I>Revision</I>: 1.7 , generated July 12, 2007<BR>
++</H3>
++<DIV ALIGN=center>
++ 
++ <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=1>
++<TR><TD ALIGN=left NOWRAP bgcolor="#f2f2f2">Release:</TD>
++<TD ALIGN=left NOWRAP>&nbsp;</TD>
++</TR>
++<TR><TD ALIGN=left NOWRAP bgcolor="#f2f2f2">Reference:</TD>
++<TD ALIGN=left NOWRAP>&nbsp;</TD>
++</TR>
++<TR><TD ALIGN=left NOWRAP bgcolor="#f2f2f2">Publication date:</TD>
++<TD ALIGN=left NOWRAP>&nbsp;</TD>
++</TR>
++<TR><TD ALIGN=left NOWRAP bgcolor="#f2f2f2">Print date:</TD>
++<TD ALIGN=left NOWRAP>July 12, 2007</TD>
++</TR></TABLE>
++ </DIV>
++
++<BR>
++This document is the property of IDEALX<SUP><A NAME="text1" HREF="#note1">1</A></SUP>.
++Permission is granted to distribute this document under the terms of the GNU 
++Free Documentation License (<A HREF="http://www.gnu.org/copyleft/fdl.html"><TT>http://www.gnu.org/copyleft/fdl.html</TT></A>).<BR>
++<BR>
++<!--TOC section Table of Contents-->
++
++<H2>Table of Contents</H2><!--SEC END -->
++
++<UL><LI>
++<A HREF="#htoc1">1&nbsp;&nbsp;Introduction</A>
++<UL><LI>
++<A HREF="#htoc2">1.1&nbsp;&nbsp;Software requirements</A>
++<LI><A HREF="#htoc3">1.2&nbsp;&nbsp;Updates of this document</A>
++<LI><A HREF="#htoc4">1.3&nbsp;&nbsp;Availability of this document</A>
++</UL>
++<LI><A HREF="#htoc5">2&nbsp;&nbsp;Installation</A>
++<UL><LI>
++<A HREF="#htoc6">2.1&nbsp;&nbsp;Requirements</A>
++<LI><A HREF="#htoc7">2.2&nbsp;&nbsp;Installation</A>
++<UL><LI>
++<A HREF="#htoc8">2.2.1&nbsp;&nbsp;Installing from rpm</A>
++<LI><A HREF="#htoc9">2.2.2&nbsp;&nbsp;Installing from a tarball</A>
++</UL>
++</UL>
++<LI><A HREF="#htoc10">3&nbsp;&nbsp;Configuring the smbldap-tools</A>
++<UL><LI>
++<A HREF="#htoc11">3.1&nbsp;&nbsp;The smbldap.conf file</A>
++<LI><A HREF="#htoc12">3.2&nbsp;&nbsp;The smbldap_bind.conf file</A>
++</UL>
++<LI><A HREF="#htoc13">4&nbsp;&nbsp;Using the scripts</A>
++<UL><LI>
++<A HREF="#htoc14">4.1&nbsp;&nbsp;Initial directory's population</A>
++<LI><A HREF="#htoc15">4.2&nbsp;&nbsp;User management</A>
++<UL><LI>
++<A HREF="#htoc16">4.2.1&nbsp;&nbsp;Adding a user</A>
++<LI><A HREF="#htoc17">4.2.2&nbsp;&nbsp;Removing a user</A>
++<LI><A HREF="#htoc18">4.2.3&nbsp;&nbsp;Modifying a user</A>
++</UL>
++<LI><A HREF="#htoc19">4.3&nbsp;&nbsp;Group management</A>
++<UL><LI>
++<A HREF="#htoc20">4.3.1&nbsp;&nbsp;Adding a group</A>
++<LI><A HREF="#htoc21">4.3.2&nbsp;&nbsp;Removing a group</A>
++</UL>
++<LI><A HREF="#htoc22">4.4&nbsp;&nbsp;Adding a interdomain trust account</A>
++</UL>
++<LI><A HREF="#htoc23">5&nbsp;&nbsp;Samba and the smbldap-tools scripts</A>
++<UL><LI>
++<A HREF="#htoc24">5.1&nbsp;&nbsp;General configuration</A>
++<LI><A HREF="#htoc25">5.2&nbsp;&nbsp;Migrating an NT4 PDC to Samba3</A>
++</UL>
++<LI><A HREF="#htoc26">6&nbsp;&nbsp;Frequently Asked Questions</A>
++<UL><LI>
++<A HREF="#htoc27">6.1&nbsp;&nbsp;How can i use old released uidNumber and gidNumber ?</A>
++<LI><A HREF="#htoc28">6.2&nbsp;&nbsp;I always have this error: "Can't locate IO/Socket/SSL.pm"</A>
++<LI><A HREF="#htoc29">6.3&nbsp;&nbsp;I can't initialize the directory with <TT>smbldap-populate</TT></A>
++<LI><A HREF="#htoc30">6.4&nbsp;&nbsp;I can't join the domain with the <TT>root</TT> account</A>
++<LI><A HREF="#htoc31">6.5&nbsp;&nbsp;I have the <TT>sambaSamAccount</TT> but i can't logged in</A>
++<LI><A HREF="#htoc32">6.6&nbsp;&nbsp;I want to create machine account on the fly, but it does
++ not works or I must do it twice</A>
++<LI><A HREF="#htoc33">6.7&nbsp;&nbsp;I can't manage the Oracle Internet Database</A>
++<LI><A HREF="#htoc34">6.8&nbsp;&nbsp;The directive <TT>passwd program = /usr/local/sbin/smbldap-passwd -u %u</TT> is not
++called, or i got a error message when changing the password from windows</A>
++<LI><A HREF="#htoc35">6.9&nbsp;&nbsp;New computers account can't be set in ou=computers</A>
++<LI><A HREF="#htoc36">6.10&nbsp;&nbsp;I can join the domain, but i can't log on</A>
++<LI><A HREF="#htoc37">6.11&nbsp;&nbsp;I can't create a user with <TT>smbldap-useradd</TT></A>
++<LI><A HREF="#htoc38">6.12&nbsp;&nbsp;smbldap-useradd: Can't call method "get_value" on an undefined value at
++/usr/local/sbin/smbldap-useradd line 154</A>
++<LI><A HREF="#htoc39">6.13&nbsp;&nbsp;Typical errors on creating a new user or a new group</A>
++</UL>
++<LI><A HREF="#htoc40">7&nbsp;&nbsp;Thanks</A>
++<LI><A HREF="#htoc41">8&nbsp;&nbsp;Annexes</A>
++<UL><LI>
++<A HREF="#htoc42">8.1&nbsp;&nbsp;Full configuration files</A>
++<UL><LI>
++<A HREF="#htoc43">8.1.1&nbsp;&nbsp;The <TT>/etc/opt/IDEALX/smbldap-tools/smbldap.conf</TT> file</A>
++<LI><A HREF="#htoc44">8.1.2&nbsp;&nbsp;The <TT>/etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf</TT> file</A>
++<LI><A HREF="#htoc45">8.1.3&nbsp;&nbsp;The samba configuration file : <TT>/etc/samba/smb.conf</TT> </A>
++<LI><A HREF="#htoc46">8.1.4&nbsp;&nbsp;The OpenLDAP configuration file : <TT>/etc/openldap/slapd.conf</TT></A>
++</UL>
++<LI><A HREF="#htoc47">8.2&nbsp;&nbsp;Changing the administrative account (<TT>ldap admin
++ dn</TT> in <TT>smb.conf</TT> file)</A>
++<LI><A HREF="#htoc48">8.3&nbsp;&nbsp;known bugs</A>
++</UL>
++</UL>
++
++
++
++<!--TOC section Introduction-->
++
++<H2><A NAME="htoc1">1</A>&nbsp;&nbsp;Introduction</H2><!--SEC END -->
++
++<A NAME="sec:intro"></A>
++Smbldap-tools is a set of scripts designed to help integrate Samba and a
++LDAP directory. They target both users and administrators of Linux systems.<BR>
++<BR>
++Users can change their password in a way similar to the standard ``passwd''
++command.<BR>
++<BR>
++Administrators can perform user and group management command line actions
++and synchronise Samba account management consistently.<BR>
++<BR>
++This document presents:
++<UL><LI>
++a detailled view of the smbldap-tools scripts
++<LI>a step by step explanation of how to set up a Samba3 domain controller
++</UL>
++<!--TOC subsection Software requirements-->
++
++<H3><A NAME="htoc2">1.1</A>&nbsp;&nbsp;Software requirements</H3><!--SEC END -->
++
++The smbldap-tools have been developped and tested with the following configuration :
++<UL><LI>
++<FONT COLOR=purple><I>Linux</I></FONT> CentOS4 (be should work on any <FONT COLOR=purple><I>Linux</I></FONT> distribution)
++<LI>	<FONT COLOR=purple>Samba</FONT> release 3.0.10,
++<LI><FONT COLOR=purple>OpenLDAP</FONT> release 2.2.13
++<LI><FONT COLOR=purple>Microsoft Windows NT</FONT> 4.0, Windows 2000 and Windows XP Workstations and Servers,
++</UL>
++This guide applies to <FONT COLOR=purple>smbldap-tools</FONT> <I>Release</I>: 0.9.3 .<BR>
++<BR>
++<!--TOC subsection Updates of this document-->
++
++<H3><A NAME="htoc3">1.2</A>&nbsp;&nbsp;Updates of this document</H3><!--SEC END -->
++
++The most up to date release of this document may be found on the 
++smbldap-tools project page available at <A HREF="http://sourceforge.net/projects/smbldap-tools/"><TT>http://sourceforge.net/projects/smbldap-tools/</TT></A>.<BR>
++<BR>
++If you find any bugs in this document, or if you want this document to
++integrate some additional infos, please drop me a mail with your bug report
++and/or change request at <U>jtournier@gmail.com</U>.<BR>
++<BR>
++<!--TOC subsection Availability of this document-->
++
++<H3><A NAME="htoc4">1.3</A>&nbsp;&nbsp;Availability of this document</H3><!--SEC END -->
++
++This document is the property of <FONT COLOR=purple>IDEALX</FONT> (<A HREF="http://www.IDEALX.com/"><TT>http://www.IDEALX.com/</TT></A>). <BR>
++<BR>
++Permission is granted to distribute this document under the terms of the GNU 
++Free Documentation License (See <A HREF="http://www.gnu.org/copyleft/fdl.html"><TT>http://www.gnu.org/copyleft/fdl.html</TT></A>).
++ <!--TOC section Installation-->
++
++<H2><A NAME="htoc5">2</A>&nbsp;&nbsp;Installation</H2><!--SEC END -->
++
++<!--TOC subsection Requirements-->
++
++<H3><A NAME="htoc6">2.1</A>&nbsp;&nbsp;Requirements</H3><!--SEC END -->
++
++The main requirement for using smbldap-tools are the two perl module:
++Net::LDAP and Crypt::SmbHash.
++In most cases, you'll also need the IO-Socket-SSL Perl module to use
++TLS functionnality.<BR>
++<BR>
++If you want samba to call the scripts so that you can use the User
++Manager (or any other) under MS-Windows (to add, delete modify users and
++groups), <FONT COLOR=purple>Samba</FONT> must be installed on the same computer.
++Finally, <FONT COLOR=purple>OpenLDAP</FONT> can be installed on any computer. Please check that it
++can be contacted by a standard LDAP client software.<BR>
++<BR>
++<FONT COLOR=purple>Samba</FONT> and <FONT COLOR=purple>OpenLDAP</FONT> installations will not be discussed
++here. You can consult the howto also available on the
++project page (<A HREF="http://sourceforge.net/projects/smbldap-tools/"><TT>http://sourceforge.net/projects/smbldap-tools/</TT></A>).<BR>
++<BR>
++<!--TOC subsection Installation-->
++
++<H3><A NAME="htoc7">2.2</A>&nbsp;&nbsp;Installation</H3><!--SEC END -->
++
++An archive of the <FONT COLOR=purple>smbldap-tools</FONT> scripts can be downloaded on our project
++page <A HREF="http://sourceforge.net/projects/smbldap-tools/"><TT>http://sourceforge.net/projects/smbldap-tools/</TT></A>. Archive and RedHat packages are
++available.
++<BR>
++If you are upgrading, look at the <TT>INSTALL</TT> file or read the link
++<A HREF="#faq::error::add::user">6.13</A>.<BR>
++<BR>
++<!--TOC subsubsection Installing from rpm-->
++
++<H4><A NAME="htoc8">2.2.1</A>&nbsp;&nbsp;Installing from rpm</H4><!--SEC END -->
++
++To install the scripts on a RedHat system, download the RPM
++package and run the following command:
++<PRE>
++rpm -Uvh smbldap-tools-0.9.3-1.i386.rpm
++</PRE>
++<!--TOC subsubsection Installing from a tarball-->
++
++<H4><A NAME="htoc9">2.2.2</A>&nbsp;&nbsp;Installing from a tarball</H4><!--SEC END -->
++
++On non RedHat system, download a source archive of the scripts. The current
++archive is <TT>smbldap-tools-0.9.3.tar.gz</TT>.
++Uncompress it and copy all of the Perl scripts in <TT>/usr/sbin</TT>
++directory, and the two configuration files in
++<TT>/etc/smbldap-tools/</TT> directory:
++<PRE>
++mkdir /etc/smbldap-tools/
++cp *.conf /etc//smbldap-tools/
++cp smbldap-* /usr/sbin/
++</PRE>
++The configuration is now based on two differents files:
++<UL><LI>
++<TT>smbldap.conf</TT>: define global parameter
++<LI><TT>smbldap_bind.conf</TT>: define an administrative account to
++ bind to the directory
++</UL>
++The second file <B>must</B> be readable only for 'root', as it contains
++credentials allowing modifications on all the directory. Make sure the
++files are protected by running the following commands:
++<PRE>
++chmod 644 /etc/smbldap-tools/smbldap.conf
++chmod 600 /etc/smbldap-tools/smbldap_bind.conf
++</PRE> <!--TOC section Configuring the smbldap-tools-->
++
++<H2><A NAME="htoc10">3</A>&nbsp;&nbsp;Configuring the smbldap-tools</H2><!--SEC END -->
++
++As mentioned in the previous section, you'll have to update two
++configuration files. The first (<TT>smbldap.conf</TT>) allows you to
++set global parameter that are readable by everybody, and the second
++(<TT>smbldap_bind.conf</TT>) defines two administrative accounts to
++bind to a slave and a master ldap server: this file must thus be
++readable only by root.<BR>
++<BR>
++A script named <TT>configure.pl</TT> can help you to set their contents
++up. It is located in the tarball
++downloaded or in the documentation directory if you got the RPM
++archive (see <TT>/usr/share/doc/smbldap-tools-0.9.3/</TT>). Just invoke it:
++<PRE>
++/usr/share/doc/smbldap-tools-0.9.3/configure.pl
++</PRE>It will ask for the default values defined in your
++<TT>smb.conf</TT> file, and will update the two configuration files used
++by the scripts. Samba configuration file should then be already configured.
++Note that you can stop the script at any moment with
++the <TT>Crtl-c</TT> keys.<BR>
++Before using this script :
++<UL><LI>
++the two configuration files <B>must</B> be present in the
++ <TT>/etc/smbldap-tools/</TT> directory
++<LI>check that samba is configured and running, as the script will try to
++ get your workgroup's domain secure id (SID).
++</UL>
++In those files, parameters are defined like this:
++<PRE>
++key="value"
++</PRE>Full example configuration files can be found at
++<A HREF="#configuration::files">8.1</A>.<BR>
++<BR>
++<!--TOC subsection The smbldap.conf file-->
++
++<H3><A NAME="htoc11">3.1</A>&nbsp;&nbsp;The smbldap.conf file</H3><!--SEC END -->
++
++This file is used to define parameters that can be readable by
++everybody. A full example file is available in section <A HREF="#configuration::file::smbldap">8.1.1</A>.<BR>
++<BR>
++Let's have a look at all available parameters.
++<UL><LI>
++<TT>UID_START</TT> and <TT>GID_START</TT>&nbsp;: parameters deprecated
++ <UL><LI>
++ Those parameters must be removed or commented.
++ <LI>Available uid and gid are now defined in the default
++ new entry <TT>sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"</TT>.
++ See later for <TT>${sambaDomain}</TT> and <TT>${suffix}</TT> definitions.
++ </UL>
++<LI><TT>SID</TT>&nbsp;: Secure Identifier Domain
++ <UL><LI>
++ Example: <TT>SID="S-1-5-21-3703471949-3718591838-2324585696"</TT>
++ <LI>Remark: you can get the SID for your domain using the "<TT>net getlocalsid</TT>"
++ command. Samba must be up and running for this to work (it can take <B>several</B> minutes for a Samba server to correctly negotiate its status with other network servers).
++ </UL>
++<LI><TT>sambaDomain</TT>&nbsp;: Samba Domain the Samba server is in charge
++ <UL><LI>
++ Example: <TT>sambaDomain="DOMSMB"</TT>
++ <LI>Remark: if not defined, parameter is taking from smb.conf configuration file
++ </UL>
++<LI><TT>slaveLDAP</TT>&nbsp;: slave LDAP server
++ <UL><LI>
++ Example: <TT>slaveLDAP="127.0.0.1"</TT>
++ <LI>Remark: must be a resolvable DNS name or it's IP address
++ </UL>
++<LI><TT>slavePort</TT>&nbsp;: port to contact the slave server
++ <UL><LI>
++ Example: <TT>slavePort="389"</TT>
++ </UL>
++<LI><TT>masterLDAP</TT>&nbsp;: master LDAP server
++ <UL><LI>
++ Example: <TT>masterLDAP="127.0.0.1"</TT>
++ </UL>
++<LI><TT>masterPort</TT>&nbsp;: port to contact the master server
++ <UL><LI>
++ Example: <TT>masterPort="389"</TT>
++ </UL>
++<LI><TT>ldapTLS</TT>&nbsp;: should we use TLS connection to contact the
++ ldap servers ?
++ <UL><LI>
++ Example: <TT>ldapTLS="1"</TT>
++ <LI>Remark: the LDAP severs must be configured to accept TLS
++ connections. See section the Samba-LDAP Howto for more
++ details (<A HREF="http://samba.idealx.org/smbldap-howto.fr.html"><TT>http://samba.idealx.org/smbldap-howto.fr.html</TT></A>). If you are using TLS support, select port 389 to connect to
++ the master and slave directories.
++ </UL>
++<LI><TT>verify</TT>&nbsp;: How to verify the server's certificate (none, optional or require).
++ <UL><LI>
++ Example: <TT>verify="require"</TT>
++ <LI>Remarl: See ``man Net::LDAP'' in start_tls section for more details
++ </UL> 
++<LI><TT>cafile</TT>&nbsp;: the PEM-format file containing certificates
++ for the CA that slapd will trust
++ <UL><LI>
++ Example: <TT>cafile="/etc/opt/IDEALX/smbldap-tools/ca.pem"</TT>
++ </UL>
++<LI><TT>clientcert</TT>&nbsp;: the file that contains the client certificate
++ <UL><LI>
++ Example: <TT>clientcert="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.iallanis.com.pem"</TT>
++ </UL>
++<LI><TT>clientkey</TT>&nbsp;: the file that contains the private key that
++ matches the certificate stored in the clientcert file
++ <UL><LI>
++ Example: <TT>clientkey="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.iallanis.com.key"</TT>
++ </UL>
++<LI><TT>suffix</TT>&nbsp;: The distinguished name of the search base
++ <UL><LI>
++ Example: <TT>suffix="dc=idealx,dc=com"</TT>
++ </UL>
++<LI><TT>usersdn</TT>&nbsp;: branch in which users account can be found or
++ must be added
++ <UL><LI>
++ Example: <TT>usersdn="ou=Users,${suffix}"</TT>
++ <LI>Remark: this branch is <B>not</B> relative to the suffix value
++ </UL>
++<LI><TT>computersdn</TT>&nbsp;: branch in which computers account can be
++ found or must be added
++ <UL><LI>
++ Example: <TT>computersdn"ou=Computers,${suffix}"</TT>
++ <LI>Remark: this branch is <B>not</B> relative to the suffix value
++ </UL>
++<LI><TT>groupsdn</TT>&nbsp;: branch in which groups account can be found
++ or must be added
++ <UL><LI>
++ Example: <TT>groupsdn="ou=Groups,${suffix}"</TT>
++ <LI>Remarks: this branch is <B>not</B> relative to the suffix value
++ </UL>
++<LI><TT>idmapdn</TT>&nbsp;: where are stored Idmap entries (used if samba is a domain member server)
++<UL><LI>
++ Example: <TT>idmapdn="ou=Idmap,${suffix}"</TT>
++ <LI>Remarks: this branch is <B>not</B> relative to the suffix value
++</UL>
++<LI><TT>sambaUnixIdPooldn</TT>&nbsp;: object in which next uidNumber and gidNumber available are stored
++<UL><LI>
++ Example: <TT>sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"</TT>
++ <LI>Remarks: this branch is <B>not</B> relative to the suffix value
++</UL>
++<LI><TT>scope</TT>&nbsp;: the search scope.
++<UL><LI>
++ Example: <TT>scope="sub"</TT>
++</UL>
++<LI><TT>hash_encrypt</TT>&nbsp;: hash to be used when generating a
++ user password.
++ <UL><LI>
++ Example: <TT>hash_encrypt="SSHA"</TT>
++ <LI>Remark: This is used for the unix password stored in <I>userPassword</I> attribute.
++ </UL>
++<LI><TT>crypt_salt_format="%s"</TT>&nbsp;: if hash_encrypt is set to
++ CRYPT, you may set a salt format. Default is "%s", but many systems
++ will generate MD5 hashed passwords if you use "$1$%.8s". This
++ parameter is optional.
++<LI><TT>userLoginShell</TT>&nbsp;: default shell given to users.
++ <UL><LI>
++ Example: <TT>userLoginShell="/bin/bash"</TT>
++ <LI>Remark: This is stored in <I>loginShell</I> attribute.
++ </UL>
++<LI><TT>userHome</TT>&nbsp;: default directory where users's home
++ directory are located.
++ <UL><LI>
++ Example: <TT>userHome="/home/%U"</TT>
++ <LI>Remark: This is stored in <TT>homeDirectory</TT> attribute.
++ </UL>
++<LI><TT>userGecos</TT>&nbsp;: gecos used for users
++ <UL><LI>
++ Example: <TT>userGecos="System User"</TT>
++ </UL>
++<LI><TT>defaultUserGid</TT>&nbsp;: default primary group set to users accounts
++ <UL><LI>
++ Example: <TT>defaultUserGid="513"</TT>
++ <LI>Remark: this is stored in <I>gidNumber</I> attribute.
++</UL>
++<LI><TT>defaultComputerGid</TT>&nbsp;: default primary group set to
++ computers accounts
++ <UL><LI>
++ Example: <TT>defaultComputerGid="550"</TT>
++ <LI>Remark: this is stored in <I>gidNumber</I> attribute.
++</UL>
++<LI><TT>skeletonDir</TT>&nbsp;: skeleton directory used for users accounts
++ <UL><LI>
++ Example: <TT>skeletonDir="/etc/skel"</TT>
++ <LI>Remark: this option is used only if you ask for home directory creation when adding a new user.
++ </UL>
++<LI><TT>defaultMaxPasswordAge</TT>&nbsp;: default validation time for Samba password (in days)
++ <UL><LI>
++ Example: <TT>defaultMaxPassword="55"</TT>
++ </UL>
++<LI><TT>userSmbHome</TT>&nbsp;: samba share used to store user's home directory
++ <UL><LI>
++ Example:
++ <TT>userSmbHome="\\PDC-SMB3\ <I>home</I>\%<I>U</I>"</TT>
++ <LI>Remark: this is stored in <I>sambaHomePath</I> attribute.
++</UL>
++<LI><TT>userProfile</TT>&nbsp;: samba share used to store user's profile
++ <UL><LI>
++ Example:
++ <TT>userProfile="\\PDC-SMB3\ <I>profiles</I>\%<I>U</I>"</TT>
++ <LI>Remark: this is stored in <I>sambaProfilePath</I> attribute.
++ </UL>
++<LI><TT>userHomeDrive</TT>&nbsp;: letter used on windows system to map
++ the home directory
++ <UL><LI>
++ Example: <TT>userHomeDrive="K:"</TT>
++ </UL>
++<LI><TT>userScript</TT>&nbsp;: default user netlogon script name. If not used, will be automatically <I>username.cmd</I>
++ <UL><LI>
++ Example:
++ <TT>userScript="%U"</TT>
++ <LI>Remark: this is stored in <I>sambaProfilePath</I> attribute.
++ </UL>
++<LI><TT>mailDomain</TT>&nbsp;: Domain appended to the users "mail"
++ attribute.
++ <UL><LI>
++ Example: <TT>mailDomain="idealx.org"</TT>
++ </UL>
++<LI><TT>with_smbpasswd</TT>&nbsp;: should we use the <I>smbpasswd</I> command
++ to set the user's password (instead of the <I>mkntpwd</I> utility) ?
++ <UL><LI>
++ Example: <TT>with_smbpasswd="0"</TT>
++ <LI>Remark: must be a boolean value (0 or 1).
++ </UL>
++<LI><TT>smbpasswd</TT>&nbsp;: path to the <TT>smbpasswd</TT> binary
++ <UL><LI>
++ Example: <TT>smbpasswd="/usr/bin/smbpasswd"</TT>
++ </UL>
++<LI><TT>with_slappasswd</TT>&nbsp;: should we use the <I>slappasswd</I> command
++ to set the Unix user's password (instead of the <I>Crypt::</I> librairies) ?
++ <UL><LI>
++ Example: <TT>with_smbpasswd="0"</TT>
++ <LI>Remark: must be a boolean value (0 or 1).
++ </UL>
++<LI><TT>slappasswd</TT>&nbsp;: path to the <TT>slappasswd</TT> binary
++ <UL><LI>
++ Example: <TT>smbpasswd="/usr/sbin/slappasswd"</TT>
++ </UL>
++</UL>
++<!--TOC subsection The smbldap_bind.conf file-->
++
++<H3><A NAME="htoc12">3.2</A>&nbsp;&nbsp;The smbldap_bind.conf file</H3><!--SEC END -->
++
++This file is only used by <I>root</I> to give bind parameters to the directory when modifications are asked.
++It contains distinguised names and credentials to connect to
++both the master and slave directories. A full example file is available
++in section <A HREF="#configuration::file::smbldap::bind">8.1.2</A>.<BR>
++<BR>
++Let's have a look at all available parameters.
++<UL><LI>
++<TT>slaveDN</TT>&nbsp;: distinguished name used to bind to the slave server 
++ <UL><LI>
++ Example 1: <TT>slaveDN="cn=Manager,dc=idealx,dc=com"</TT> 
++ <LI>Example 2: <TT>slaveDN=""</TT>
++ <LI>Remark: this can be the manager account of the directory or
++ any LDAP account that has sufficient permissions to read the full
++ directory (Slave directory is only used for reading). Anonymous
++ connections uses the second example form.
++ </UL>
++<LI><TT>slavePw</TT>&nbsp;: the credentials to bind to the slave server
++ <UL><LI>
++ Example 1: <TT>slavePw="secret"</TT> 
++ <LI>Example 2: <TT>slavePw=""</TT>
++ <LI>Remark: the password must be stored here in clear form. This
++ file must then be readable only by root! All anonymous connections
++ use the second form provided in our example.
++ </UL>
++<LI><TT>masterDN</TT>&nbsp;: the distinguished name used to bind to the master server
++ <UL><LI>
++ Example: <TT>masterDN="cn=Manager,dc=idealx,dc=com"</TT>
++ <LI>Remark: this can be the manager account of the directory or
++ any LDAP account that has enough permissions to modify the content
++ of the directory. Anonymous access does not make any sense here.
++</UL>
++<LI><TT>masterPw</TT>&nbsp;: the credentials to bind to the master server
++ <UL><LI>
++ Example: <TT>masterPw="secret"</TT>
++ <LI>Remark: the password must be in clear text. Be sure to protect
++ this file against unauthorized readers!
++ </UL>
++</UL>
++ <!--TOC section Using the scripts-->
++
++<H2><A NAME="htoc13">4</A>&nbsp;&nbsp;Using the scripts</H2><!--SEC END -->
++
++<!--TOC subsection Initial directory's population-->
++
++<H3><A NAME="htoc14">4.1</A>&nbsp;&nbsp;Initial directory's population</H3><!--SEC END -->
++
++You can initialize the LDAP directory using the
++<TT>smbldap-populate</TT> script. To do that, the account defined in
++the <TT>/etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf</TT> to access the
++master directory <B>must</B> must be the manager account defined in the
++directory configuration. On RedHat system, this file is
++<TT>/etc/openldap/slapd.conf</TT> and the account is defined with
++<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0>
++<TR><TD><TABLE BORDER=0 CELLPADDING=0
++ CELLSPACING=0>
++<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR>
++<TR><TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++<TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
++<TR><TD><PRE>
++  rootdn          "cn=Manager,dc=idealx,dc=com"
++  rootpw          secret
++</PRE></TD>
++</TR></TABLE></TD>
++<TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR>
++<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR></TABLE></TD>
++</TR></TABLE>The <TT>smbldap_bind.conf</TT> file must then be configured so that
++the parameters to connect to the master LDAP server match the previous ones:
++<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0>
++<TR><TD><TABLE BORDER=0 CELLPADDING=0
++ CELLSPACING=0>
++<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR>
++<TR><TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++<TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
++<TR><TD><PRE>
++  masterDN="cn=Manager,dc=idealx,dc=com"
++  masterPw="secret"
++</PRE></TD>
++</TR></TABLE></TD>
++<TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR>
++<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR></TABLE></TD>
++</TR></TABLE><BR>
++Available options for this script are summarized in the table <A HREF="#table::populate">1</A>:
++<BLOCKQUOTE><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV>
++ <A NAME="code_epsilon_var"></A>
++ <DIV ALIGN=center>
++ <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=1>
++<TR><TD ALIGN=left NOWRAP>option</TD>
++<TD ALIGN=left NOWRAP>definition</TD>
++<TD ALIGN=left NOWRAP>default value</TD>
++</TR>
++<TR><TD ALIGN=left NOWRAP>-u <I>uidNumber</I></TD>
++<TD ALIGN=left NOWRAP>first uidNumber to allocate</TD>
++<TD ALIGN=left NOWRAP>1000</TD>
++</TR>
++<TR><TD ALIGN=left NOWRAP>-g <I>gidNumber</I></TD>
++<TD ALIGN=left NOWRAP>first uidNumber to allocate</TD>
++<TD ALIGN=left NOWRAP>1000</TD>
++</TR>
++<TR><TD ALIGN=left NOWRAP>-a <I>user</I></TD>
++<TD ALIGN=left NOWRAP>administrator login name</TD>
++<TD ALIGN=left NOWRAP>Administrator</TD>
++</TR>
++<TR><TD ALIGN=left NOWRAP>-b <I>user</I></TD>
++<TD ALIGN=left NOWRAP>guest login name</TD>
++<TD ALIGN=left NOWRAP>nobody</TD>
++</TR>
++<TR><TD ALIGN=left NOWRAP>-e <I>file</I></TD>
++<TD ALIGN=left NOWRAP>export a init file</TD>
++<TD ALIGN=left NOWRAP>&nbsp;</TD>
++</TR>
++<TR><TD ALIGN=left NOWRAP>-i <I>file</I></TD>
++<TD ALIGN=left NOWRAP>import a init file</TD>
++<TD ALIGN=left NOWRAP>&nbsp;</TD>
++</TR></TABLE>
++ </DIV>
++ <BR>
++<DIV ALIGN=center>Table 1: Options available for the <TT>smbldap-populate</TT> script</DIV><BR>
++
++ <A NAME="table::populate"></A>
++<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></BLOCKQUOTE>
++In the more general case, to set up your directory, simply use the
++following command:
++<PRE>
++[root@etoile root]# smbldap-populate 
++Using builtin directory structure
++adding new entry: dc=idealx,dc=com
++adding new entry: ou=Users,dc=idealx,dc=com
++adding new entry: ou=Groups,dc=idealx,dc=com
++adding new entry: ou=Computers,dc=idealx,dc=com
++adding new entry: ou=Idmap,dc=idealx,dc=org
++adding new entry: cn=NextFreeUnixId,dc=idealx,dc=org
++adding new entry: uid=Administrator,ou=Users,dc=idealx,dc=com
++adding new entry: uid=nobody,ou=Users,dc=idealx,dc=com
++adding new entry: cn=Domain Admins,ou=Groups,dc=idealx,dc=com
++adding new entry: cn=Domain Users,ou=Groups,dc=idealx,dc=com
++adding new entry: cn=Domain Guests,ou=Groups,dc=idealx,dc=com
++adding new entry: cn=Print Operators,ou=Groups,dc=idealx,dc=com
++adding new entry: cn=Backup Operators,ou=Groups,dc=idealx,dc=com
++adding new entry: cn=Replicator,ou=Groups,dc=idealx,dc=com
++adding new entry: cn=Domain Computers,ou=Groups,dc=idealx,dc=com
++</PRE>
++After this step, if you don't want to use the <TT>cn=Manager,dc=idealx,dc=com</TT>
++account anymore, you can create a dedicated account for Samba and the
++smbldap-tools. See section <A HREF="#change::manager">8.2</A> for more details.<BR>
++<BR>
++The <TT>cn=NextFreeUnixId,dc=idealx,dc=org</TT> entry is only used to
++defined the next uidNumber and gidNumber available for creating new
++users and groups. The default values for those numbers are 1000. You
++can change it with the <TT>-u</TT> and <TT>-g</TT> option. For
++example, if you want the first available value for uidNumber and
++gidNumber to be set to 1500, you can use the following command :
++<PRE>
++smbldap-populate -u 1550 -g 1500
++</PRE>
++<!--TOC subsection User management-->
++
++<H3><A NAME="htoc15">4.2</A>&nbsp;&nbsp;User management</H3><!--SEC END -->
++
++<!--TOC subsubsection Adding a user-->
++
++<H4><A NAME="htoc16">4.2.1</A>&nbsp;&nbsp;Adding a user</H4><!--SEC END -->
++<A NAME="add::user"></A>
++To add a user, use the <TT>smbldap-useradd</TT> script. Available
++options are summarized in the table <A HREF="#table::add::user">2</A>. If applicable,
++default values are mentionned in the third column. Any string beginning with a
++$ symbol refers to a parameter defined in the
++<TT>/etc/opt/IDEALX/smbldap-tools/smbldap.conf</TT> configuration file.
++<BLOCKQUOTE><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV>
++ <DIV ALIGN=center>
++ <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=1>
++<TR><TD VALIGN=top ALIGN=left>option</TD>
++<TD VALIGN=top ALIGN=left>definition</TD>
++<TD VALIGN=top ALIGN=left>example</TD>
++<TD VALIGN=top ALIGN=left>default value</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-a</TD>
++<TD VALIGN=top ALIGN=left>create a Windows account. Otherwise, only a Posix account
++ is created</TD>
++<TD VALIGN=top ALIGN=left>&nbsp;</TD>
++<TD VALIGN=top ALIGN=left>&nbsp;</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-w</TD>
++<TD VALIGN=top ALIGN=left>create a Windows Workstation account</TD>
++<TD VALIGN=top ALIGN=left>&nbsp;</TD>
++<TD VALIGN=top ALIGN=left>&nbsp;</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-i</TD>
++<TD VALIGN=top ALIGN=left>create an interdomain trust account. See section
++ <A HREF="#trust::account">4.4</A> for more details</TD>
++<TD VALIGN=top ALIGN=left>&nbsp;</TD>
++<TD VALIGN=top ALIGN=left>&nbsp;</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-u</TD>
++<TD VALIGN=top ALIGN=left>set a uid value</TD>
++<TD VALIGN=top ALIGN=left>-u 1003</TD>
++<TD VALIGN=top ALIGN=left>first uid available</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-g</TD>
++<TD VALIGN=top ALIGN=left>set a gid value</TD>
++<TD VALIGN=top ALIGN=left>-g 1003</TD>
++<TD VALIGN=top ALIGN=left>first gid available</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-G</TD>
++<TD VALIGN=top ALIGN=left>add the new account to one or several supplementary
++ groups (comma-separated)</TD>
++<TD VALIGN=top ALIGN=left>-G 512,550</TD>
++<TD VALIGN=top ALIGN=left>&nbsp;</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-d</TD>
++<TD VALIGN=top ALIGN=left>set the home directory</TD>
++<TD VALIGN=top ALIGN=left>-d /var/user</TD>
++<TD VALIGN=top ALIGN=left>$userHomePrefix/user</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-s</TD>
++<TD VALIGN=top ALIGN=left>set the login shell</TD>
++<TD VALIGN=top ALIGN=left>-s /bin/ksh</TD>
++<TD VALIGN=top ALIGN=left>$userLoginShell</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-c</TD>
++<TD VALIGN=top ALIGN=left>set the user gecos</TD>
++<TD VALIGN=top ALIGN=left>-c "admin user"</TD>
++<TD VALIGN=top ALIGN=left>$userGecos</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-m</TD>
++<TD VALIGN=top ALIGN=left>creates user's home directory and copies /etc/skel
++ into it</TD>
++<TD VALIGN=top ALIGN=left>&nbsp;</TD>
++<TD VALIGN=top ALIGN=left>&nbsp;</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-k</TD>
++<TD VALIGN=top ALIGN=left>set the skeleton dir (with -m)</TD>
++<TD VALIGN=top ALIGN=left>-k /etc/skel2</TD>
++<TD VALIGN=top ALIGN=left>$skeletonDir</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-P</TD>
++<TD VALIGN=top ALIGN=left>ends by invoking smbldap-passwd to set the user's
++ password</TD>
++<TD VALIGN=top ALIGN=left>&nbsp;</TD>
++<TD VALIGN=top ALIGN=left>&nbsp;</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-A</TD>
++<TD VALIGN=top ALIGN=left>user can change password ? 0 if no, 1 if yes</TD>
++<TD VALIGN=top ALIGN=left>-A 1</TD>
++<TD VALIGN=top ALIGN=left>&nbsp;</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-B</TD>
++<TD VALIGN=top ALIGN=left>user must change password at first session ? 0 if no, 1
++ if yes</TD>
++<TD VALIGN=top ALIGN=left>-B 1</TD>
++<TD VALIGN=top ALIGN=left>&nbsp;</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-C</TD>
++<TD VALIGN=top ALIGN=left>set the samba home share</TD>
++<TD VALIGN=top ALIGN=left>-C \\PDC\homes</TD>
++<TD VALIGN=top ALIGN=left>$userSmbHome</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-D</TD>
++<TD VALIGN=top ALIGN=left>set a letter associated with the home share</TD>
++<TD VALIGN=top ALIGN=left>-D H:</TD>
++<TD VALIGN=top ALIGN=left>$userHomeDrive</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-E</TD>
++<TD VALIGN=top ALIGN=left>set DOS script to execute on login</TD>
++<TD VALIGN=top ALIGN=left>-E common.bat</TD>
++<TD VALIGN=top ALIGN=left>$userScript</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-F</TD>
++<TD VALIGN=top ALIGN=left>set the profile directory</TD>
++<TD VALIGN=top ALIGN=left>-F \\PDC\profiles\user</TD>
++<TD VALIGN=top ALIGN=left>$userProfile</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-H</TD>
++<TD VALIGN=top ALIGN=left>set the samba account control bits
++ like'[NDHTUMWSLKI]'</TD>
++<TD VALIGN=top ALIGN=left>-H [X]</TD>
++<TD VALIGN=top ALIGN=left>&nbsp;</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-N</TD>
++<TD VALIGN=top ALIGN=left>set the canonical name of the user</TD>
++<TD VALIGN=top ALIGN=left>&nbsp;</TD>
++<TD VALIGN=top ALIGN=left>&nbsp;</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-S</TD>
++<TD VALIGN=top ALIGN=left>set the surname of the user</TD>
++<TD VALIGN=top ALIGN=left>&nbsp;</TD>
++<TD VALIGN=top ALIGN=left>&nbsp;</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-M</TD>
++<TD VALIGN=top ALIGN=left>local mailAddress (comma seperated)</TD>
++<TD VALIGN=top ALIGN=left>-M testuser,aliasuser</TD>
++<TD VALIGN=top ALIGN=left>&nbsp;</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-T</TD>
++<TD VALIGN=top ALIGN=left>forward mail address (comma seperated)</TD>
++<TD VALIGN=top ALIGN=left>-T
++ testuser@domain.org</TD>
++<TD VALIGN=top ALIGN=left>&nbsp;</TD>
++</TR></TABLE>
++ </DIV>
++ <BR>
++<DIV ALIGN=center>Table 2: Options available to the <TT>smbldap-useradd</TT> script</DIV><BR>
++
++ <A NAME="table::add::user"></A>
++<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></BLOCKQUOTE>
++
++For example, if you want to add a user named <I>user_admin</I> and who : 
++<UL><LI>
++is a windows user
++<LI>must belong to the group of gid=512 ('Domain Admins' group)
++<LI>has a home directory
++<LI>does not have a login shell
++<LI>has a homeDirectory set to /dev/null
++<LI>does not have a roaming profile
++<LI>and for whom we want to set a first login password
++</UL>
++you must invoke:
++<PRE>
++smbldap-useradd -a -G 512 -m -s /bin/false -d /dev/null -F "" -P user_admin
++</PRE>
++<!--TOC subsubsection Removing a user-->
++
++<H4><A NAME="htoc17">4.2.2</A>&nbsp;&nbsp;Removing a user</H4><!--SEC END -->
++
++To remove a user account, use the <TT>smbldap-userdel</TT> script.
++Available options are
++<BLOCKQUOTE><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV>
++ <DIV ALIGN=center>
++ <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=1>
++<TR><TD ALIGN=left NOWRAP>option</TD>
++<TD ALIGN=left NOWRAP>definition</TD>
++</TR>
++<TR><TD ALIGN=left NOWRAP>-r</TD>
++<TD ALIGN=left NOWRAP>remove home directory</TD>
++</TR>
++<TR><TD ALIGN=left NOWRAP>-R</TD>
++<TD ALIGN=left NOWRAP>remove home directory interactively</TD>
++</TR></TABLE>
++ </DIV>
++ <BR>
++<DIV ALIGN=center>Table 3: Option available to the <TT>smbldap-userdel</TT> script</DIV><BR>
++
++ <A NAME="table::del::user"></A>
++<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></BLOCKQUOTE>
++For example, if you want to remove the <I>user1</I> account
++from the LDAP directory, and if you also want to delete his home
++directory, use the following command :
++<PRE>
++smbldap-userdel -r user1
++</PRE>
++Note: '-r' is dangerous as it may delete precious and unbackuped data,
++please be careful.<BR>
++<BR>
++<!--TOC subsubsection Modifying a user-->
++
++<H4><A NAME="htoc18">4.2.3</A>&nbsp;&nbsp;Modifying a user</H4><!--SEC END -->
++<A NAME="modify::user"></A>
++To modify a user account, use the <TT>smbldap-usermod</TT> script.
++Availables options are listed in the table <A HREF="#table::modify::user">4</A>.
++<BLOCKQUOTE><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV>
++ <DIV ALIGN=center>
++ <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=1>
++<TR><TD VALIGN=top ALIGN=left>option</TD>
++<TD VALIGN=top ALIGN=left>definition</TD>
++<TD VALIGN=top ALIGN=left>example</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-c</TD>
++<TD VALIGN=top ALIGN=left>set the user gecos</TD>
++<TD VALIGN=top ALIGN=left>-c "admin user"</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-d</TD>
++<TD VALIGN=top ALIGN=left>set the home directory</TD>
++<TD VALIGN=top ALIGN=left>-d /var/user</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-u</TD>
++<TD VALIGN=top ALIGN=left>set a uid value</TD>
++<TD VALIGN=top ALIGN=left>-u 1003</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-g</TD>
++<TD VALIGN=top ALIGN=left>set a gid value</TD>
++<TD VALIGN=top ALIGN=left>-g 1003</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-G</TD>
++<TD VALIGN=top ALIGN=left>add the new account to one or several supplementary
++ groups (comma-separated)</TD>
++<TD VALIGN=top ALIGN=left>-G 512,550</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>	</TD>
++<TD VALIGN=top ALIGN=left>			</TD>
++<TD VALIGN=top ALIGN=left>-G -512,550</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>	</TD>
++<TD VALIGN=top ALIGN=left>			</TD>
++<TD VALIGN=top ALIGN=left>-G +512,550</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-s</TD>
++<TD VALIGN=top ALIGN=left>set the login shell</TD>
++<TD VALIGN=top ALIGN=left>-s /bin/ksh</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-N</TD>
++<TD VALIGN=top ALIGN=left>set the canonical name of the user</TD>
++<TD VALIGN=top ALIGN=left>&nbsp;</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-S</TD>
++<TD VALIGN=top ALIGN=left>set the surname of the user</TD>
++<TD VALIGN=top ALIGN=left>&nbsp;</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-P</TD>
++<TD VALIGN=top ALIGN=left>ends by invoking smbldap-passwd to set the user's password</TD>
++<TD VALIGN=top ALIGN=left>&nbsp;</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-a</TD>
++<TD VALIGN=top ALIGN=left>add sambaSAMAccount objectclass</TD>
++<TD VALIGN=top ALIGN=left>&nbsp;</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-e</TD>
++<TD VALIGN=top ALIGN=left>set an expiration date for the password (format: YYYY-MM-DD HH:MM:SS)</TD>
++<TD VALIGN=top ALIGN=left>&nbsp;</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-A</TD>
++<TD VALIGN=top ALIGN=left>user can change password ? 0 if no, 1 if yes</TD>
++<TD VALIGN=top ALIGN=left>-A 1</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-B</TD>
++<TD VALIGN=top ALIGN=left>user must change password at first session ? 0 if no, 1
++ if yes</TD>
++<TD VALIGN=top ALIGN=left>-B 1</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-C</TD>
++<TD VALIGN=top ALIGN=left>set the samba home share</TD>
++<TD VALIGN=top ALIGN=left>-C \\PDC\homes</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>	</TD>
++<TD VALIGN=top ALIGN=left>	</TD>
++<TD VALIGN=top ALIGN=left>-C ""</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-D</TD>
++<TD VALIGN=top ALIGN=left>set a letter associated with the home share</TD>
++<TD VALIGN=top ALIGN=left>-D H:</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>	</TD>
++<TD VALIGN=top ALIGN=left>	</TD>
++<TD VALIGN=top ALIGN=left>-D ""</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-E</TD>
++<TD VALIGN=top ALIGN=left>set DOS script to execute on login</TD>
++<TD VALIGN=top ALIGN=left>-E common.bat</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>	</TD>
++<TD VALIGN=top ALIGN=left>	</TD>
++<TD VALIGN=top ALIGN=left>-E ""</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-F</TD>
++<TD VALIGN=top ALIGN=left>set the profile directory</TD>
++<TD VALIGN=top ALIGN=left>-F \\PDC\profiles\user</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>	</TD>
++<TD VALIGN=top ALIGN=left>	</TD>
++<TD VALIGN=top ALIGN=left>-F ""</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-H</TD>
++<TD VALIGN=top ALIGN=left>set the samba account control bits like'[NDHTUMWSLKI]'</TD>
++<TD VALIGN=top ALIGN=left>-H [X]</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-I</TD>
++<TD VALIGN=top ALIGN=left>disable a user account</TD>
++<TD VALIGN=top ALIGN=left>-I 1</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-J</TD>
++<TD VALIGN=top ALIGN=left>enable a user</TD>
++<TD VALIGN=top ALIGN=left>-J 1</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-M</TD>
++<TD VALIGN=top ALIGN=left>local mailAddress (comma seperated)</TD>
++<TD VALIGN=top ALIGN=left>-M testuser,aliasuser</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-T</TD>
++<TD VALIGN=top ALIGN=left>forward mail address (comma seperated)</TD>
++<TD VALIGN=top ALIGN=left>-T 
++ testuser@domain.org</TD>
++</TR></TABLE>
++ </DIV>
++ <BR>
++<DIV ALIGN=center>Table 4: Options available to the <TT>smbldap-usermod</TT> script</DIV><BR>
++
++ <A NAME="table::modify::user"></A>
++<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></BLOCKQUOTE>
++You can also use the <TT>smbldap-userinfo</TT> script to update user's information. This script can
++also be used by users themselves to update their own informations listed in the tables
++<A HREF="#table::modify::self::user">5</A> (adequats ACL must be set in the directory server). Available
++options are&nbsp;:
++<BLOCKQUOTE><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV>
++ <DIV ALIGN=center>
++ <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=1>
++<TR><TD VALIGN=top ALIGN=left>option</TD>
++<TD VALIGN=top ALIGN=left>definition</TD>
++<TD VALIGN=top ALIGN=left>example</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-f</TD>
++<TD VALIGN=top ALIGN=left>set the full name's user</TD>
++<TD VALIGN=top ALIGN=left>-f MyName</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-r</TD>
++<TD VALIGN=top ALIGN=left>set the room number</TD>
++<TD VALIGN=top ALIGN=left>-r 99</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-w</TD>
++<TD VALIGN=top ALIGN=left>set the work phone number</TD>
++<TD VALIGN=top ALIGN=left>-w 111111111</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-h</TD>
++<TD VALIGN=top ALIGN=left>set the home phone number</TD>
++<TD VALIGN=top ALIGN=left>-h 222222222</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-o</TD>
++<TD VALIGN=top ALIGN=left>set other information (in gecos definition)</TD>
++<TD VALIGN=top ALIGN=left>-o "second stage"</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left>-s</TD>
++<TD VALIGN=top ALIGN=left>set the default bash</TD>
++<TD VALIGN=top ALIGN=left>-s /bin/ksh</TD>
++</TR></TABLE>
++ </DIV>
++ <BR>
++<DIV ALIGN=center>Table 5: Options available to the <TT>smbldap-userinfo</TT> script</DIV><BR>
++
++ <A NAME="table::modify::self::user"></A>
++<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></BLOCKQUOTE>
++<!--TOC subsection Group management-->
++
++<H3><A NAME="htoc19">4.3</A>&nbsp;&nbsp;Group management</H3><!--SEC END -->
++
++<!--TOC subsubsection Adding a group-->
++
++<H4><A NAME="htoc20">4.3.1</A>&nbsp;&nbsp;Adding a group</H4><!--SEC END -->
++
++To add a new group in the LDAP directory, use the <TT>smbldap-groupadd</TT>
++script. Available options are listed in the table
++<A HREF="#table::add::group">6</A>.
++<BLOCKQUOTE><DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV>
++ <DIV ALIGN=center>
++ <TABLE BORDER=1 CELLSPACING=0 CELLPADDING=1>
++<TR><TD VALIGN=top ALIGN=left NOWRAP>option</TD>
++<TD VALIGN=top ALIGN=left>definition</TD>
++<TD VALIGN=top ALIGN=left NOWRAP>example</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left NOWRAP>-a</TD>
++<TD VALIGN=top ALIGN=left>add automatic group mapping entry</TD>
++<TD VALIGN=top ALIGN=left NOWRAP>&nbsp;</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left NOWRAP>-g <TT>gid</TT></TD>
++<TD VALIGN=top ALIGN=left>set the <I>gidNumer</I> for this group to
++ <I>gid</I></TD>
++<TD VALIGN=top ALIGN=left NOWRAP><TT>-g 1002</TT></TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left NOWRAP>-o</TD>
++<TD VALIGN=top ALIGN=left>gidNumber is not unique</TD>
++<TD VALIGN=top ALIGN=left NOWRAP>&nbsp;</TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left NOWRAP>-r <TT>group-rid</TT></TD>
++<TD VALIGN=top ALIGN=left>set the rid of the group to
++ <I>group-rid</I></TD>
++<TD VALIGN=top ALIGN=left NOWRAP><TT>-r 1002</TT></TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left NOWRAP>-s <TT>group-sid</TT></TD>
++<TD VALIGN=top ALIGN=left>set the sid of the group to
++ <I>group-sid</I></TD>
++<TD VALIGN=top ALIGN=left NOWRAP><TT><FONT SIZE=1>-s
++ S-1-5-21-3703471949-3718591838-2324585696-1002</FONT></TT></TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left NOWRAP>-t <TT>group-type</TT></TD>
++<TD VALIGN=top ALIGN=left>set the <I>sambaGroupType</I> to
++ <I>group-type</I></TD>
++<TD VALIGN=top ALIGN=left NOWRAP><TT>-t 2</TT></TD>
++</TR>
++<TR><TD VALIGN=top ALIGN=left NOWRAP>-p</TD>
++<TD VALIGN=top ALIGN=left>print the gidNumber to stdout</TD>
++<TD VALIGN=top ALIGN=left NOWRAP>&nbsp;</TD>
++</TR></TABLE>
++ </DIV>
++ <BR>
++<DIV ALIGN=center>Table 6: Options available for the <TT>smbldap-groupadd</TT> script</DIV><BR>
++
++ <A NAME="table::add::group"></A>
++<DIV ALIGN=center><HR WIDTH="80%" SIZE=2></DIV></BLOCKQUOTE>
++<!--TOC subsubsection Removing a group-->
++
++<H4><A NAME="htoc21">4.3.2</A>&nbsp;&nbsp;Removing a group</H4><!--SEC END -->
++
++To remove the group named <TT>group1</TT>, just use the following
++command :
++<PRE>
++smbldap-userdel group1
++</PRE>
++<!--TOC subsection Adding a interdomain trust account-->
++
++<H3><A NAME="htoc22">4.4</A>&nbsp;&nbsp;Adding a interdomain trust account</H3><!--SEC END -->
++<A NAME="trust::account"></A>
++To add an interdomain trust account to the primary controller <I>trust-pdc</I>, use the <TT>-i</TT> option of
++<TT>smbldap-useradd</TT> as follows :
++<PRE>
++[root@etoile root]# smbldap-useradd -i trust-pdc
++New password : *******
++Retype new password : *******
++</PRE>
++The script will terminate asking for a password for this trust
++account. The account will be created in the directory branch where
++all computer accounts are stored (<TT>ou=Computers</TT> by
++default). The only two particularities of this account are that you are
++setting a password for this account, and the flags of this account are
++<TT>[I          ]</TT>.
++ <!--TOC section Samba and the smbldap-tools scripts-->
++
++<H2><A NAME="htoc23">5</A>&nbsp;&nbsp;Samba and the smbldap-tools scripts</H2><!--SEC END -->
++
++<!--TOC subsection General configuration-->
++
++<H3><A NAME="htoc24">5.1</A>&nbsp;&nbsp;General configuration</H3><!--SEC END -->
++
++Samba can be configured to use the <FONT COLOR=purple>smbldap-tools</FONT> scripts. This allows
++administrators to add, delete or modify user and group accounts for <FONT COLOR=purple>Microsoft Windows</FONT>
++operating systems using, for example, User Manager utility under MS-Windows.
++To enable the use of this utility, samba needs to be configured correctly. The
++<TT>smb.conf</TT> configuration file must contain the following directives :
++<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0>
++<TR><TD><TABLE BORDER=0 CELLPADDING=0
++ CELLSPACING=0>
++<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR>
++<TR><TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++<TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
++<TR><TD><PRE>
++ldap delete dn = Yes
++add user script = /usr/local/sbin/smbldap-useradd -m "%u"
++add machine script = /usr/local/sbin/smbldap-useradd -w "%u"
++add group script = /usr/local/sbin/smbldap-groupadd -p "%g"
++add user to group script = /usr/local/sbin/smbldap-groupmod -m "%u" "%g"
++delete user from group script = /usr/local/sbin/smbldap-groupmod -x "%u" "%g"
++set primary group script = /usr/local/sbin/smbldap-usermod -g "%g" "%u"
++</PRE></TD>
++</TR></TABLE></TD>
++<TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR>
++<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR></TABLE></TD>
++</TR></TABLE><BR>
++Remark: the two directives <TT>delete user script</TT> et <TT>delete group
++script</TT> can also be used. However, an error message can appear in User Manager
++even if the operations actually succeed.
++If you want to enable this behaviour, you need to add
++<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0>
++<TR><TD><TABLE BORDER=0 CELLPADDING=0
++ CELLSPACING=0>
++<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR>
++<TR><TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++<TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
++<TR><TD><PRE>
++delete user script = /usr/local/sbin/smbldap-userdel "%u"
++delete group script = /usr/local/sbin/smbldap-groupdel "%g"
++</PRE></TD>
++</TR></TABLE></TD>
++<TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR>
++<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR></TABLE></TD>
++</TR></TABLE><BR>
++<!--TOC subsection Migrating an NT4 PDC to Samba3-->
++
++<H3><A NAME="htoc25">5.2</A>&nbsp;&nbsp;Migrating an NT4 PDC to Samba3</H3><!--SEC END -->
++
++The account migration procedure becomes really simple when samba is configured to use
++the <FONT COLOR=purple>smbldap-tools</FONT>. Samba configuration (smb.conf file) must contain the
++directive defined above to properly call the script for managing users, groups and computer accounts.
++The migration process is outlined in the chapter 30 of the samba howto
++<A HREF="http://sambafr.idealx.org/samba/docs/man/Samba-HOWTO-Collection/NT4Migration.html"><TT>http://sambafr.idealx.org/samba/docs/man/Samba-HOWTO-Collection/NT4Migration.html</TT></A>.
++ <BR>
++<BR>
++<!--TOC section Frequently Asked Questions-->
++
++<H2><A NAME="htoc26">6</A>&nbsp;&nbsp;Frequently Asked Questions</H2><!--SEC END -->
++
++<!--TOC subsection How can i use old released uidNumber and gidNumber ?-->
++
++<H3><A NAME="htoc27">6.1</A>&nbsp;&nbsp;How can i use old released uidNumber and gidNumber ?</H3><!--SEC END -->
++
++There are two way to do this :
++<UL><LI>
++modify the <TT>cn=NextFreeUnixId,dc=idealx,dc=org</TT> and
++ change the <TT>uidNumber</TT> and/or <TT>gidNumber</TT> value. This
++ must be done manually. For example, if you want to use all available
++ uidNumber and gidNumber higher then 1500, you need to create a
++ <TT>update-NextFreeUnixId.ldif</TT> file containing :
++<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0>
++<TR><TD><TABLE BORDER=0 CELLPADDING=0
++ CELLSPACING=0>
++<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR>
++<TR><TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++<TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
++<TR><TD><PRE>dn: cn=NextFreeUnixId,dc=idealx,dc=org
++changetype: modify
++uidNumber: 1500
++gidNumber: 1500
++</PRE></TD>
++</TR></TABLE></TD>
++<TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR>
++<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR></TABLE></TD>
++</TR></TABLE>
++and then update the directory :
++<PRE>
++ldapmodify -x -D "cn=Manager,dc=idealx,dc=org" -w secret -f update-NextFreeUnixId.ldif
++</PRE><LI>use the <TT>-u</TT> or <TT>-g</TT> option to the script you need to set the value you
++ want to use
++</UL>
++<!--TOC subsection I always have this error: "Can't locate IO/Socket/SSL.pm"-->
++
++<H3><A NAME="htoc28">6.2</A>&nbsp;&nbsp;I always have this error: "Can't locate IO/Socket/SSL.pm"</H3><!--SEC END -->
++
++This happens when you want to use a certificate. In this case, you need to install the
++IO-Socket-SSL Perl module.<BR>
++<BR>
++<!--TOC subsection I can't initialize the directory with <TT>smbldap-populate</TT>-->
++
++<H3><A NAME="htoc29">6.3</A>&nbsp;&nbsp;I can't initialize the directory with <TT>smbldap-populate</TT></H3><!--SEC END -->
++
++When I want to initialize the directory using the <TT>smbldap-populate</TT>
++script, I get
++<PRE>
++[root@slave sbin]# smbldap-populate.pl
++  Using builtin directory structure
++  adding new entry: dc=IDEALX,dc=COM
++  Can't call method "code" without a package or object reference at
++  /usr/local/sbin/smbldap-populate.pl line 270, &lt;GEN1&gt; line 2.
++</PRE>Answer: check the TLS configuration
++<UL><LI>
++if you don't want to use TLS support, set the <TT>/etc/opt/IDEALX/smbldap-tools/smbldap.conf</TT> file
++with
++<PRE>
++ldapSSL="0"
++</PRE><LI>if you want TLS support, set the <TT>/etc/opt/IDEALX/smbldap-tools/smbldap.conf</TT> file with
++<PRE>
++ldapSSL="1"
++</PRE>and check that the directory server is configured to accept TLS connections.
++</UL>
++<!--TOC subsection I can't join the domain with the <TT>root</TT> account-->
++
++<H3><A NAME="htoc30">6.4</A>&nbsp;&nbsp;I can't join the domain with the <TT>root</TT> account</H3><!--SEC END -->
++
++<UL><LI>
++check that the root account has the sambaSamAccount objectclass
++<LI>check that the directive <TT>add machine script</TT> is present and configured
++</UL>
++<!--TOC subsection I have the <TT>sambaSamAccount</TT> but i can't logged in-->
++
++<H3><A NAME="htoc31">6.5</A>&nbsp;&nbsp;I have the <TT>sambaSamAccount</TT> but i can't logged in</H3><!--SEC END -->
++
++Check that the <TT>sambaPwdLastSet</TT> attribute is not null (equal to 0)<BR>
++<BR>
++<!--TOC subsection I want to create machine account on the fly, but it does
++ not works or I must do it twice-->
++
++<H3><A NAME="htoc32">6.6</A>&nbsp;&nbsp;I want to create machine account on the fly, but it does
++ not works or I must do it twice</H3><!--SEC END -->
++
++<UL><LI>
++The script defined with the <TT>add machine script</TT> must not add
++the <TT>sambaSAMAccount</TT> objectclass of the machine account. The
++script must only add the Posix machine account. Samba will add the <TT>sambaSAMAccount</TT> when
++joining the domain.
++<LI>Check that the <TT>add <B>machine</B> script</TT> is present in samba
++ configuration file.
++</UL>
++<!--TOC subsection I can't manage the Oracle Internet Database-->
++
++<H3><A NAME="htoc33">6.7</A>&nbsp;&nbsp;I can't manage the Oracle Internet Database</H3><!--SEC END -->
++
++If you have an error message like :
++<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0>
++<TR><TD><TABLE BORDER=0 CELLPADDING=0
++ CELLSPACING=0>
++<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR>
++<TR><TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++<TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
++<TR><TD><PRE>
++Function Not Implemented at /usr/local/sbin/smbldap_tools.pm line 187.
++Function Not Implemented at /usr/local/sbin/smbldap_tools.pm line 627.
++</PRE></TD>
++</TR></TABLE></TD>
++<TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR>
++<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR></TABLE></TD>
++</TR></TABLE>For Oracle Database, all attributes that will be resquested to the directory must be indexed. Add a
++new index for samba attributes and make sure that the following attributes are also indexed :
++ uidNumber, gidNumber, memberUid, homedirectory, description, userPassword ...<BR>
++<BR>
++<!--TOC subsection The directive <TT>passwd program = /usr/local/sbin/smbldap-passwd -u %u</TT> is not
++called, or i got a error message when changing the password from windows-->
++
++<H3><A NAME="htoc34">6.8</A>&nbsp;&nbsp;The directive <TT>passwd program = /usr/local/sbin/smbldap-passwd -u %u</TT> is not
++called, or i got a error message when changing the password from windows</H3><!--SEC END -->
++
++The directive is called if you also set <TT>unix password sync = Yes</TT>.
++Notes:
++<UL><LI>
++if you use OpenLDAP, none of those two options are needed. You just need <TT>ldap
++passwd sync = Yes</TT>.
++<LI>the script called here must only update the <TT>userPassword</TT> attribute. This is the
++reason of the <TT>-u</TT> option. Samba passwords will be updated by samba itself.
++<LI>the <TT>passwd chat</TT> directive must match what is prompted when using the
++<TT>smbldap-passwd</TT> command
++</UL>
++<!--TOC subsection New computers account can't be set in ou=computers-->
++
++<H3><A NAME="htoc35">6.9</A>&nbsp;&nbsp;New computers account can't be set in ou=computers</H3><!--SEC END -->
++<A NAME="sec::bug::ou::computer"></A>
++This is a known samba bug. There's a workarround: look at
++<A HREF="http://marc.theaimsgroup.com/?l=samba&m=108439612826440&w=2"><TT>http://marc.theaimsgroup.com/?l=samba&amp;m=108439612826440&amp;w=2</TT></A><BR>
++<BR>
++<!--TOC subsection I can join the domain, but i can't log on-->
++
++<H3><A NAME="htoc36">6.10</A>&nbsp;&nbsp;I can join the domain, but i can't log on</H3><!--SEC END -->
++
++look at section <A HREF="#sec::bug::ou::computer">6.9</A><BR>
++<BR>
++<!--TOC subsection I can't create a user with <TT>smbldap-useradd</TT>-->
++
++<H3><A NAME="htoc37">6.11</A>&nbsp;&nbsp;I can't create a user with <TT>smbldap-useradd</TT></H3><!--SEC END -->
++
++When creating a new user account I get the following error message:
++<PRE>
++/usr/local/sbin/smbldap-useradd.pl: unknown group SID not set for unix group 513
++</PRE>Answer: 
++<UL><LI>
++is nss_ldap correctly configured ?
++<LI>is the default group's users mapped to the 'Domain Users' NT group ?
++<PRE>
++net groupmap add rid=513 unixgroup="Domain Users" ntgroup="Domain Users"
++</PRE></UL>
++<!--TOC subsection smbldap-useradd: Can't call method "get_value" on an undefined value at
++/usr/local/sbin/smbldap-useradd line 154-->
++
++<H3><A NAME="htoc38">6.12</A>&nbsp;&nbsp;smbldap-useradd: Can't call method "get_value" on an undefined value at
++/usr/local/sbin/smbldap-useradd line 154</H3><!--SEC END -->
++
++<UL><LI>
++does the default group defined in smbldap.conf exist
++ (defaultUserGid="513") ?
++<LI>does the NT "Domain Users" group mapped to a unix
++ group of rid 513 (see option <I>-r</I> of <TT>smbldap-groupadd</TT> and
++ <TT>smbldap-groupmod</TT> to set a rid) ?
++</UL>
++<!--TOC subsection Typical errors on creating a new user or a new group-->
++
++<H3><A NAME="htoc39">6.13</A>&nbsp;&nbsp;Typical errors on creating a new user or a new group</H3><!--SEC END -->
++<A NAME="faq::error::add::user"></A>
++<UL><LI>
++i've got the following error: 
++<PRE>
++Could not find base dn, to get next uidNumber at /usr/local/sbin//smbldap_tools.pm line 909
++</PRE><OL type=1><LI>
++	you do not have created the object to defined the next uidNumber and gidNumber available.
++	<UL><LI>
++	for version 0.8.7&nbsp;: you can just run the <TT>smbldap-populate</TT> script that will
++		update the sambaDomain entry to store those informations
++	<LI>for version before 0.8.7&nbsp;: 
++	You have updated the smbldap-tools to version 0.8.5 or newer.
++	You have to do this manually. Create an file called <TT>add.ldif</TT> and containing
++<PRE>
++dn: cn=NextFreeUnixId,dc=idealx,dc=org
++objectClass: inetOrgPerson
++objectClass: sambaUnixIdPool
++uidNumber: 1000
++gidNumber: 1000
++cn: NextFreeUnixId
++sn: NextFreeUnixId
++</PRE>	and then add the object with the ldapadd utility:
++<PRE>
++$ ldapadd -x -D "cn=Manager,dc=idealx,dc=org" -w secret -f add.ldif
++</PRE>	Here, 1000 is the first available value for uidNumber and gidNumber (of course, if this value is
++	already used by a user or a group, the first available after 1000 will be used).
++	</UL><BR>
++<BR>
++<LI>The error also appear when there is a need for TLS (ldapTLS=1 in <TT>smbldap.conf</TT>) and
++something is wrong with certificate naming or path settings.
++</OL><BR>
++<BR>
++<LI>i've got the following error:
++<PRE>
++Use of uninitialized value in string at
++/usr/local/sbin//smbldap\_tools.pm line 914.
++Error: No DN specified at /usr/local/sbin//smbldap\_tools.pm line 919
++</PRE>You have not updated the configuration file to defined the object where are sotred the next
++uidNumber and gidNumber available. In our example, you have to add a nex entry in
++<I>/etc/opt/IDEALX/smbldap-tools/smbldap.conf</I> containing :
++<PRE>
++# Where to store next uidNumber and gidNumber available
++sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
++</PRE>btw, a new option is now available too: the domain to append to users. You can add to the
++configuration file the following lines:
++<PRE>
++# Domain appended to the users "mail"-attribute
++# when smbldap-useradd -M is used mailDomain="idealx.com"
++</PRE><BR>
++<BR>
++<LI>i've got the following error:
++<PRE>
++Use of uninitialized value in concatenation (.) or string at /usr/local/sbin/smbldap-useradd line 183.
++Use of uninitialized value in substitution (s///) at /usr/local/sbin/smbldap-useradd line 185.
++Use of uninitialized value in string at /usr/local/sbin/smbldap-useradd line 264.
++failed to add entry: homedirectory: value #0 invalid per syntax at /usr/local/sbin/smbldap-useradd line 280.
++userHomeDirectory=User "jto" already member of the group "513".
++failed to add entry: No such object at /usr/local/sbin/smbldap-useradd line 382.
++</PRE>you have to change the variable name <TT>userHomePrefix</TT> to <TT>userHome</TT> in
++<I>/etc/opt/IDEALX/smbldap-tools/smbldap.conf</I><BR>
++<BR>
++<LI>i've got the following error:
++<PRE>
++failed to add entry: referral missing at /usr/local/sbin/smbldap-useradd line 279, &lt;DATA&gt; line 283.
++</PRE>you have to update the configuration file that defined users, groups and computers dn. Those
++parameters must not be relative to the <TT>suffix</TT> parameter. A typical
++configuration look like this :
++<PRE>
++usersdn="ou=Users,${suffix}"
++computersdn="ou=Computers,${suffix}"
++groupsdn="ou=Groups,${suffix}"
++</PRE><BR>
++<BR>
++<LI>i've got the following error:
++<PRE>
++erreur LDAP: Can't contact master ldap server (IO::Socket::INET: Bad protocol 'tcp')
++at /usr/local/sbin//smbldap_tools.pm line 153.
++</PRE>remove <I>ldap</I> from <I>/etc/nsswitch.conf</I> for <I>services</I> list of possible check. For
++example, if your ldap directory is not configured to give services information, you must have 
++<PRE>
++services    files
++</PRE>and not
++<PRE>
++services:   ldap [NOTFOUND=return] files
++</PRE></UL>
++
++ 
++<!--TOC section Thanks-->
++
++<H2><A NAME="htoc40">7</A>&nbsp;&nbsp;Thanks</H2><!--SEC END -->
++
++<A NAME="thanks"></A>
++People who have worked on this document are
++<UL><LI>
++Jérôme Tournier &lt;jerome.tournier@IDEALX.com&gt;
++<LI>David Barth &lt;david.barth@IDEALX.com&gt;
++<LI>Nat Makarevitch &lt;nat@IDEALX.com&gt;
++</UL>
++The authors would like to thank the following people for providing help with 
++some of the more complicated subjects, for clarifying some of the internal 
++workings of <FONT COLOR=purple>Samba</FONT> or <FONT COLOR=purple>OpenLDAP</FONT>, for pointing out errors or mistakes in 
++previous versions of this document, or generally for making
++suggestions :
++<UL><LI>
++IDEALX team :
++ <UL><LI>
++ Roméo Adekambi &lt;romeo.adekambi@IDEALX.com&gt;
++ <LI>Aurelien Degremont &lt;adegremont@IDEALX.com&gt;
++ <LI>Renaud Renard &lt;rrenard@IDEALX.com&gt;
++ </UL>
++<LI>John H Terpstra &lt;jht@samba.org&gt;
++</UL>
++ <!--TOC section Annexes-->
++
++<H2><A NAME="htoc41">8</A>&nbsp;&nbsp;Annexes</H2><!--SEC END -->
++
++<!--TOC subsection Full configuration files-->
++
++<H3><A NAME="htoc42">8.1</A>&nbsp;&nbsp;Full configuration files</H3><!--SEC END -->
++<A NAME="configuration::files"></A>
++<!--TOC subsubsection The <TT>/etc/opt/IDEALX/smbldap-tools/smbldap.conf</TT> file-->
++
++<H4><A NAME="htoc43">8.1.1</A>&nbsp;&nbsp;The <TT>/etc/opt/IDEALX/smbldap-tools/smbldap.conf</TT> file</H4><!--SEC END -->
++<A NAME="configuration::file::smbldap"></A>
++<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0>
++<TR><TD><TABLE BORDER=0 CELLPADDING=0
++ CELLSPACING=0>
++<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR>
++<TR><TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++<TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
++<TR><TD><PRE># $Source: $
++# $Id: smbldap.conf,v 1.18 2005/05/27 14:28:47 jtournier Exp $
++#
++# smbldap-tools.conf : Q &amp; D configuration file for smbldap-tools
++
++#  This code was developped by IDEALX (http://IDEALX.org/) and
++#  contributors (their names can be found in the CONTRIBUTORS file).
++#
++#                 Copyright (C) 2001-2002 IDEALX
++#
++#  This program is free software; you can redistribute it and/or
++#  modify it under the terms of the GNU General Public License
++#  as published by the Free Software Foundation; either version 2
++#  of the License, or (at your option) any later version.
++#
++#  This program is distributed in the hope that it will be useful,
++#  but WITHOUT ANY WARRANTY; without even the implied warranty of
++#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++#  GNU General Public License for more details.
++#
++#  You should have received a copy of the GNU General Public License
++#  along with this program; if not, write to the Free Software
++#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
++#  USA.
++
++#  Purpose :
++#       . be the configuration file for all smbldap-tools scripts
++
++##############################################################################
++#
++# General Configuration
++#
++##############################################################################
++
++# Put your own SID. To obtain this number do: "net getlocalsid".
++# If not defined, parameter is taking from "net getlocalsid" return
++SID="S-1-5-21-2252255531-4061614174-2474224977"
++
++# Domain name the Samba server is in charged.
++# If not defined, parameter is taking from smb.conf configuration file
++# Ex: sambaDomain="IDEALX-NT"
++sambaDomain="DOMSMB"
++
++##############################################################################
++#
++# LDAP Configuration
++#
++##############################################################################
++
++# Notes: to use to dual ldap servers backend for Samba, you must patch
++# Samba with the dual-head patch from IDEALX. If not using this patch
++# just use the same server for slaveLDAP and masterLDAP.
++# Those two servers declarations can also be used when you have 
++# . one master LDAP server where all writing operations must be done
++# . one slave LDAP server where all reading operations must be done
++#   (typically a replication directory)
++
++# Slave LDAP server
++# Ex: slaveLDAP=127.0.0.1
++# If not defined, parameter is set to "127.0.0.1"
++slaveLDAP="127.0.0.1"
++
++# Slave LDAP port
++# If not defined, parameter is set to "389"
++slavePort="389"
++
++# Master LDAP server: needed for write operations
++# Ex: masterLDAP=127.0.0.1
++# If not defined, parameter is set to "127.0.0.1"
++masterLDAP="127.0.0.1"
++
++# Master LDAP port
++# If not defined, parameter is set to "389"
++masterPort="389"
++
++# Use TLS for LDAP
++# If set to 1, this option will use start_tls for connection
++# (you should also used the port 389)
++# If not defined, parameter is set to "1"
++ldapTLS="0"
++
++# How to verify the server's certificate (none, optional or require)
++# see "man Net::LDAP" in start_tls section for more details
++verify="require"
++
++# CA certificate
++# see "man Net::LDAP" in start_tls section for more details
++cafile="/etc/smbldap-tools/ca.pem"
++
++# certificate to use to connect to the ldap server
++# see "man Net::LDAP" in start_tls section for more details
++clientcert="/etc/smbldap-tools/smbldap-tools.pem"
++
++# key certificate to use to connect to the ldap server
++# see "man Net::LDAP" in start_tls section for more details
++clientkey="/etc/smbldap-tools/smbldap-tools.key"
++
++# LDAP Suffix
++# Ex: suffix=dc=IDEALX,dc=ORG
++suffix="dc=company,dc=com"
++
++# Where are stored Users
++# Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
++# Warning: if 'suffix' is not set here, you must set the full dn for usersdn
++usersdn="ou=Users,${suffix}"
++
++# Where are stored Computers
++# Ex: computersdn="ou=Computers,dc=IDEALX,dc=ORG"
++# Warning: if 'suffix' is not set here, you must set the full dn for computersdn
++computersdn="ou=Computers,${suffix}"
++
++# Where are stored Groups
++# Ex: groupsdn="ou=Groups,dc=IDEALX,dc=ORG"
++# Warning: if 'suffix' is not set here, you must set the full dn for groupsdn
++groupsdn="ou=Groups,${suffix}"
++
++# Where are stored Idmap entries (used if samba is a domain member server)
++# Ex: groupsdn="ou=Idmap,dc=IDEALX,dc=ORG"
++# Warning: if 'suffix' is not set here, you must set the full dn for idmapdn
++idmapdn="ou=Idmap,${suffix}"
++
++# Where to store next uidNumber and gidNumber available for new users and groups
++# If not defined, entries are stored in sambaDomainName object.
++# Ex: sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
++# Ex: sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
++sambaUnixIdPooldn="sambaDomainName=${sambaDomain},${suffix}"
++
++# Default scope Used
++scope="sub"
++
++# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
++hash_encrypt="SSHA"
++
++# if hash_encrypt is set to CRYPT, you may set a salt format.
++# default is "%s", but many systems will generate MD5 hashed
++# passwords if you use "$1$%.8s". This parameter is optional!
++crypt_salt_format="%s"
++
++##############################################################################
++# 
++# Unix Accounts Configuration
++# 
++##############################################################################
++
++# Login defs
++# Default Login Shell
++# Ex: userLoginShell="/bin/bash"
++userLoginShell="/bin/bash"
++
++# Home directory
++# Ex: userHome="/home/%U"
++userHome="/home/%U"
++
++# Default mode used for user homeDirectory
++userHomeDirectoryMode="700"
++
++# Gecos
++userGecos="System User"
++
++# Default User (POSIX and Samba) GID
++defaultUserGid="513"
++
++# Default Computer (Samba) GID
++defaultComputerGid="515"
++
++# Skel dir
++skeletonDir="/etc/skel"
++
++# Default password validation time (time in days) Comment the next line if
++# you don't want password to be enable for defaultMaxPasswordAge days (be
++# careful to the sambaPwdMustChange attribute's value)
++defaultMaxPasswordAge="45"
++
++##############################################################################
++#
++# SAMBA Configuration
++#
++##############################################################################
++
++# The UNC path to home drives location (%U username substitution)
++# Just set it to a null string if you want to use the smb.conf 'logon home'
++# directive and/or disable roaming profiles
++# Ex: userSmbHome="\\PDC-SMB3\%U"
++userSmbHome="\\PDC-SRV\%U"
++
++# The UNC path to profiles locations (%U username substitution)
++# Just set it to a null string if you want to use the smb.conf 'logon path'
++# directive and/or disable roaming profiles
++# Ex: userProfile="\\PDC-SMB3\profiles\%U"
++userProfile="\\PDC-SRV\profiles\%U"
++
++# The default Home Drive Letter mapping
++# (will be automatically mapped at logon time if home directory exist)
++# Ex: userHomeDrive="H:"
++userHomeDrive="H:"
++
++# The default user netlogon script name (%U username substitution)
++# if not used, will be automatically username.cmd
++# make sure script file is edited under dos
++# Ex: userScript="startup.cmd" # make sure script file is edited under dos
++userScript="logon.bat"
++
++# Domain appended to the users "mail"-attribute
++# when smbldap-useradd -M is used
++# Ex: mailDomain="idealx.com"
++mailDomain="idealx.com"
++
++##############################################################################
++#
++# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
++#
++##############################################################################
++
++# Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but
++# prefer Crypt::SmbHash library
++with_smbpasswd="0"
++smbpasswd="/usr/bin/smbpasswd"
++
++# Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)
++# but prefer Crypt:: libraries
++with_slappasswd="0"
++slappasswd="/usr/sbin/slappasswd"
++
++# comment out the following line to get rid of the default banner
++# no_banner="1"
++
++</PRE></TD>
++</TR></TABLE></TD>
++<TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR>
++<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR></TABLE></TD>
++</TR></TABLE><BR>
++<!--TOC subsubsection The <TT>/etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf</TT> file-->
++
++<H4><A NAME="htoc44">8.1.2</A>&nbsp;&nbsp;The <TT>/etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf</TT> file</H4><!--SEC END -->
++<A NAME="configuration::file::smbldap::bind"></A>
++<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0>
++<TR><TD><TABLE BORDER=0 CELLPADDING=0
++ CELLSPACING=0>
++<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR>
++<TR><TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++<TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
++<TR><TD><PRE>############################
++# Credential Configuration #
++############################
++# Notes: you can specify two differents configuration if you use a
++# master ldap for writing access and a slave ldap server for reading access
++# By default, we will use the same DN (so it will work for standard Samba
++# release)
++slaveDN="cn=Manager,dc=company,dc=com"
++slavePw="secret"
++masterDN="cn=Manager,dc=company,dc=com"
++masterPw="secret"
++
++</PRE></TD>
++</TR></TABLE></TD>
++<TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR>
++<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR></TABLE></TD>
++</TR></TABLE><BR>
++<!--TOC subsubsection The samba configuration file : <TT>/etc/samba/smb.conf</TT> -->
++
++<H4><A NAME="htoc45">8.1.3</A>&nbsp;&nbsp;The samba configuration file : <TT>/etc/samba/smb.conf</TT> </H4><!--SEC END -->
++
++<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0>
++<TR><TD><TABLE BORDER=0 CELLPADDING=0
++ CELLSPACING=0>
++<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR>
++<TR><TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++<TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
++<TR><TD><PRE># Global parameters
++[global]
++ workgroup = DOMSMB
++ netbios name = PDC-SRV
++ security = user
++ enable privileges = yes
++ #interfaces = 192.168.5.11
++ #username map = /etc/samba/smbusers
++ server string = Samba Server %v
++ #security = ads
++ encrypt passwords = Yes
++ min passwd length = 3
++ #pam password change = no
++ #obey pam restrictions = No
++
++ # method 1:
++ #unix password sync = no
++ #ldap passwd sync = yes
++
++ # method 2:
++ unix password sync = yes
++ ldap passwd sync = no
++ passwd program = /usr/sbin/smbldap-passwd -u "%u"
++ passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n"
++
++ log level = 0
++ syslog = 0
++ log file = /var/log/samba/log.%U
++ max log size = 100000
++ time server = Yes
++ socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
++ mangling method = hash2
++ Dos charset = 850
++ Unix charset = ISO8859-1
++
++ logon script = logon.bat
++ logon drive = H:
++        logon home = 
++        logon path = 
++
++ domain logons = Yes
++ domain master = Yes
++ os level = 65
++ preferred master = Yes
++ wins support = yes
++ passdb backend = ldapsam:ldap://127.0.0.1/
++ ldap admin dn = cn=Manager,dc=company,dc=com
++ #ldap admin dn = cn=samba,ou=DSA,dc=company,dc=com
++ ldap suffix = dc=company,dc=com
++        ldap group suffix = ou=Groups
++        ldap user suffix = ou=Users
++        ldap machine suffix = ou=Computers
++ #ldap idmap suffix = ou=Idmap
++        add user script = /usr/sbin/smbldap-useradd -m "%u"
++        #ldap delete dn = Yes
++        delete user script = /usr/sbin/smbldap-userdel "%u"
++        add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
++        add group script = /usr/sbin/smbldap-groupadd -p "%g" 
++        #delete group script = /usr/sbin/smbldap-groupdel "%g"
++        add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
++        delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
++ set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
++
++ # printers configuration
++ #printer admin = @"Print Operators"
++ load printers = Yes
++ create mask = 0640
++ directory mask = 0750
++ #force create mode = 0640
++ #force directory mode = 0750
++ nt acl support = No
++ printing = cups
++ printcap name = cups
++ deadtime = 10
++ guest account = nobody
++ map to guest = Bad User
++ dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
++ show add printer wizard = yes
++ ; to maintain capital letters in shortcuts in any of the profile folders:
++ preserve case = yes
++ short preserve case = yes
++ case sensitive = no
++
++[netlogon]
++ path = /home/netlogon/
++ browseable = No
++ read only = yes
++
++[profiles]
++ path = /home/profiles
++ read only = no
++ create mask = 0600
++ directory mask = 0700
++ browseable = No
++ guest ok = Yes
++ profile acls = yes
++ csc policy = disable
++ # next line is a great way to secure the profiles 
++ #force user = %U 
++ # next line allows administrator to access all profiles 
++ #valid users = %U "Domain Admins"
++
++[printers]
++        comment = Network Printers
++        #printer admin = @"Print Operators"
++        guest ok = yes 
++        printable = yes
++        path = /home/spool/
++        browseable = No
++        read only  = Yes
++        printable = Yes
++        print command = /usr/bin/lpr -P%p -r %s
++        lpq command = /usr/bin/lpq -P%p
++        lprm command = /usr/bin/lprm -P%p %j
++        # print command = /usr/bin/lpr -U%U@%M -P%p -r %s
++        # lpq command = /usr/bin/lpq -U%U@%M -P%p
++        # lprm command = /usr/bin/lprm -U%U@%M -P%p %j
++        # lppause command = /usr/sbin/lpc -U%U@%M hold %p %j
++        # lpresume command = /usr/sbin/lpc -U%U@%M release %p %j
++        # queuepause command = /usr/sbin/lpc -U%U@%M stop %p
++        # queueresume command = /usr/sbin/lpc -U%U@%M start %p
++
++[print$]
++        path = /home/printers
++        guest ok = No
++        browseable = Yes
++        read only = Yes
++        valid users = @"Print Operators"
++        write list = @"Print Operators"
++        create mask = 0664
++        directory mask = 0775
++
++[public]
++ path = /tmp
++ guest ok = yes
++ browseable = Yes
++ writable = yes
++</PRE></TD>
++</TR></TABLE></TD>
++<TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR>
++<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR></TABLE></TD>
++</TR></TABLE><BR>
++<!--TOC subsubsection The OpenLDAP configuration file : <TT>/etc/openldap/slapd.conf</TT>-->
++
++<H4><A NAME="htoc46">8.1.4</A>&nbsp;&nbsp;The OpenLDAP configuration file : <TT>/etc/openldap/slapd.conf</TT></H4><!--SEC END -->
++
++<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0>
++<TR><TD><TABLE BORDER=0 CELLPADDING=0
++ CELLSPACING=0>
++<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR>
++<TR><TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++<TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
++<TR><TD><PRE>#
++# See slapd.conf(5) for details on configuration options.
++# This file should NOT be world readable.
++#
++include  /etc/openldap/schema/core.schema
++include  /etc/openldap/schema/cosine.schema
++include  /etc/openldap/schema/inetorgperson.schema
++include  /etc/openldap/schema/nis.schema
++include  /etc/openldap/schema/samba.schema
++
++schemacheck on
++
++# Allow LDAPv2 client connections.  This is NOT the default.
++allow bind_v2
++
++# Do not enable referrals until AFTER you have a working directory
++# service AND an understanding of referrals.
++#referral ldap://root.openldap.org
++
++pidfile  /var/run/slapd.pid
++argsfile /var/run/slapd.args
++
++# Load dynamic backend modules:
++# modulepath /usr/sbin/openldap
++# moduleload back_bdb.la
++# moduleload back_ldap.la
++# moduleload back_ldbm.la
++# moduleload back_passwd.la
++# moduleload back_shell.la
++
++# The next three lines allow use of TLS for encrypting connections using a
++# dummy test certificate which you can generate by changing to
++# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
++# slapd.pem so that the ldap user or group can read it.  Your client software
++# may balk at self-signed certificates, however.
++#TLSCertificateFile /etc/openldap/ldap.company.com.pem
++#TLSCertificateKeyFile /etc/openldap/ldap.company.com.key
++#TLSCACertificateFile /etc/openldap/ca.pem
++#TLSCipherSuite :SSLv3
++
++# Sample security restrictions
++# Require integrity protection (prevent hijacking)
++# Require 112-bit (3DES or better) encryption for updates
++# Require 63-bit encryption for simple bind
++# security ssf=1 update_ssf=112 simple_bind=64
++
++# Sample access control policy:
++# Root DSE: allow anyone to read it
++# Subschema (sub)entry DSE: allow anyone to read it
++# Other DSEs:
++#  Allow self write access
++#  Allow authenticated users read access
++#  Allow anonymous users to authenticate
++# Directives needed to implement policy:
++# access to dn.base="" by * read
++# access to dn.base="cn=Subschema" by * read
++# access to *
++# by self write
++# by users read
++# by anonymous auth
++#
++# if no access controls are present, the default policy
++# allows anyone and everyone to read anything but restricts
++# updates to rootdn.  (e.g., "access to * by * read")
++#
++# rootdn can always read and write EVERYTHING!
++
++#######################################################################
++# ldbm and/or bdb database definitions
++#######################################################################
++
++database bdb
++suffix  "dc=company,dc=com"
++rootdn  "cn=Manager,dc=company,dc=com"
++# Cleartext passwords, especially for the rootdn, should
++# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
++# Use of strong authentication encouraged.
++rootpw  secret
++# rootpw  {crypt}ijFYNcSNctBYg
++
++# The database directory MUST exist prior to running slapd AND 
++# should only be accessible by the slapd and slap tools.
++# Mode 700 recommended.
++directory /var/lib/ldap
++lastmod  on
++
++# Indices to maintain for this database
++index objectClass                       eq,pres
++index ou,cn,sn,mail,givenname    eq,pres,sub
++index uidNumber,gidNumber,memberUid     eq,pres
++index loginShell   eq,pres
++## required to support pdb_getsampwnam
++index uid                       pres,sub,eq
++## required to support pdb_getsambapwrid()
++index displayName               pres,sub,eq
++index nisMapName,nisMapEntry            eq,pres,sub
++index   sambaSID                eq,sub
++index   sambaPrimaryGroupSID   eq
++index   sambaDomainName         eq
++index   default                sub
++
++
++# users can authenticate and change their password
++access to attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdMustChange,sambaPwdLastSet
++      by dn="cn=Manager,dc=company,dc=com" write
++      by self write
++      by anonymous auth
++      by * none
++
++# those 2 parameters must be world readable for password aging to work correctly
++# (or use a priviledge account in /etc/ldap.conf to bind to the directory)
++access to attrs=shadowLastChange,shadowMax
++      by dn="cn=Manager,dc=company,dc=com" write
++      by self write
++      by * read
++
++
++# all others attributes are readable to everybody
++access to *
++      by * read
++
++# Replicas of this database
++#replogfile /var/lib/ldap/openldap-master-replog
++#replica host=ldap-1.example.com:389 starttls=critical
++#     bindmethod=sasl saslmech=GSSAPI
++#     authcId=host/ldap-master.example.com@EXAMPLE.COM
++</PRE></TD>
++</TR></TABLE></TD>
++<TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR>
++<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR></TABLE></TD>
++</TR></TABLE><BR>
++<!--TOC subsection Changing the administrative account (<TT>ldap admin
++ dn</TT> in <TT>smb.conf</TT> file)-->
++
++<H3><A NAME="htoc47">8.2</A>&nbsp;&nbsp;Changing the administrative account (<TT>ldap admin
++ dn</TT> in <TT>smb.conf</TT> file)</H3><!--SEC END -->
++<A NAME="change::manager"></A>
++If you don't want to use the <TT>cn=Manager,dc=idealx,dc=com</TT>
++account anymore, you can create a dedicated account for Samba and the
++smbldap-tools scripts. To do
++this, create an account named <I>samba</I> as follows (see
++section <A HREF="#add::user">4.2.1</A> for a more detailed syntax) :
++<PRE>
++smbldap-useradd -s /bin/false -d /dev/null -P samba
++</PRE>This command will ask you to set a password for this account. Let's
++set it to <I>samba</I> for this example.
++You then need to modify configuration files:
++<UL><LI>
++file <TT>/etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf</TT>
++ <TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0>
++<TR><TD><TABLE BORDER=0 CELLPADDING=0
++ CELLSPACING=0>
++<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR>
++<TR><TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++<TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
++<TR><TD><PRE>
++    slaveDN="uid=samba,ou=Users,dc=idealx,dc=com"
++    slavePw="samba"
++    masterDN="uid=samba,ou=Users,dc=idealx,dc=com"
++    masterPw="samba"
++  </PRE></TD>
++</TR></TABLE></TD>
++<TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR>
++<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR></TABLE></TD>
++</TR></TABLE><LI>file <TT>/etc/samba/smb.conf</TT>
++ <TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0>
++<TR><TD><TABLE BORDER=0 CELLPADDING=0
++ CELLSPACING=0>
++<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR>
++<TR><TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++<TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
++<TR><TD><PRE>
++    ldap admin dn = uid=samba,ou=Users,dc=idealx,dc=com
++  </PRE></TD>
++</TR></TABLE></TD>
++<TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR>
++<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR></TABLE></TD>
++</TR></TABLE>don't forget to also set the samba account password in
++ <TT>secrets.tdb</TT> file : 
++<PRE>
++smbpasswd -w samba
++</PRE><LI>file <TT>/etc/openldap/slapd.conf</TT>: give to the
++ <I>samba</I> user permissions to modify some attributes: this
++ user needs to be able to modify all the samba attributes and some
++ others (uidNumber, gidNumber ...) :
++ <TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0>
++<TR><TD><TABLE BORDER=0 CELLPADDING=0
++ CELLSPACING=0>
++<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR>
++<TR><TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++<TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
++<TR><TD><PRE>
++# users can authenticate and change their password
++access to attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,sambaPwdMustChange
++      by dn="uid=samba,ou=Users,dc=idealx,dc=com" write
++      by self write
++      by anonymous auth
++      by * none
++# some attributes need to be readable anonymously so that 'id user' can answer correctly
++access to attrs=objectClass,entry,gecos,homeDirectory,uid,uidNumber,gidNumber,cn,memberUid
++      by dn="uid=samba,ou=Users,dc=idealx,dc=com" write
++      by * read
++# somme attributes can be writable by users themselves
++access to attrs=description,telephoneNumber
++      by dn="uid=samba,ou=Users,dc=idealx,dc=com" write
++      by self write
++      by * read
++# some attributes need to be writable for samba
++access to attrs=cn,sambaLMPassword,sambaNTPassword,sambaPwdLastSet,sambaLogonTime,sambaLogoffTime,sambaKickoffTime,sambaPwdCanChange,sambaPwdMustChange,sambaAcctFlags,displayName,sambaHomePath,sambaHomeDrive,sambaLogonScript,sambaProfilePath,description,sambaUserWorkstations,sambaPrimaryGroupSID,sambaDomainName,sambaSID,sambaGroupType,sambaNextRid,sambaNextGroupRid,sambaNextUserRid,sambaAlgorithmicRidBase
++      by dn="uid=samba,ou=Users,dc=idealx,dc=com" write
++      by self read
++      by * none
++# samba need to be able to create the samba domain account
++access to dn.base="dc=idealx,dc=com"
++      by dn="uid=samba,ou=Users,dc=idealx,dc=com" write
++      by * none
++# samba need to be able to create new users account
++access to dn="ou=Users,dc=idealx,dc=com"
++      by dn="uid=samba,ou=Users,dc=idealx,dc=com" write
++      by * none
++# samba need to be able to create new groups account
++access to dn="ou=Groups,dc=idealx,dc=com"
++      by dn="uid=samba,ou=Users,dc=idealx,dc=com" write
++      by * none
++# samba need to be able to create new computers account
++access to dn="ou=Computers,dc=idealx,dc=com"
++      by dn="uid=samba,ou=Users,dc=idealx,dc=com" write
++      by * none
++# this can be omitted but we leave it: there could be other branch
++# in the directory
++access to *
++      by self read
++      by * none
++  </PRE></TD>
++</TR></TABLE></TD>
++<TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR>
++<TR><TD BGCOLOR=black COLSPAN="3"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
++<TR><TD>
++ </TD>
++</TR></TABLE></TD>
++</TR></TABLE></TD>
++</TR></TABLE></UL>
++<!--TOC subsection known bugs-->
++
++<H3><A NAME="htoc48">8.3</A>&nbsp;&nbsp;known bugs</H3><!--SEC END -->
++
++<UL><LI>
++Option <I>-B</I> (user must change password) of
++ <TT>smbldap-useradd</TT> does not have effect: when 
++ <TT>smbldap-passwd</TT> script is called,
++ <I>sambaPwdMustChange</I> attribute is rewrite.
++</UL>
++ 
++<!--BEGIN NOTES document-->
++<HR WIDTH="50%" SIZE=1><DL><DT><A NAME="note1" HREF="#text1"><FONT SIZE=5>1</FONT></A><DD><A HREF="http://IDEALX.com/"><TT>http://IDEALX.com/</TT></A>
++</DL>
++<!--END NOTES-->
++<!--HTMLFOOT-->
++
++
++<DIV class="piedpage">
++<HR>
++<P>Documents&nbsp;: Copyright © 2002 IDEALX S.A.S..
++'IDEALX' is the property of IDEALX.
++'Samba' is the property of Samba Team. All other trademarks belong to their respective owners.
++</DIV>
++
++<!--ENDHTML-->
++<!--FOOTER-->
++<HR SIZE=2>
++<BLOCKQUOTE><EM>This document was translated from L<sup>A</sup>T<sub>E</sub>X by
++</EM><A HREF="http://pauillac.inria.fr/~maranget/hevea/index.html"><EM>H<FONT SIZE=2><sup>E</sup></FONT>V<FONT SIZE=2><sup>E</sup></FONT>A</EM></A><EM>.
++</EM></BLOCKQUOTE>
++</BODY>
++</HTML>
diff -Nru smbldap-tools-0.9.5/debian/patches/0021_smbldap-useradd_flush_nscd_cache.patch smbldap-tools-0.9.7/debian/patches/0021_smbldap-useradd_flush_nscd_cache.patch
--- smbldap-tools-0.9.5/debian/patches/0021_smbldap-useradd_flush_nscd_cache.patch	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/debian/patches/0021_smbldap-useradd_flush_nscd_cache.patch	2011-11-11 23:12:55.000000000 +0100
@@ -0,0 +1,19 @@
+Description: Force an nss flush to fix failure to join a Windows 7 or Windows 2008 machine to Samba domain
+Forwarded: no
+Author: rdratlos
+Origin: rdratlos, https://bugs.launchpad.net/ubuntu/+source/smbldap-tools/+bug/814898/+attachment/2226951/+files/smbldap-useradd_flush_nscd_cache.patch
+Reviewed-By: Daniel T Chen <crimsun@ubuntu.com>
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/smbldap-tools/+bug/814898
+Last-Update: 2011-08-01
+--- a/smbldap-useradd.pl
++++ b/smbldap-useradd.pl
+@@ -402,6 +402,9 @@
+     }
+ 
+     $ldap_master->unbind;
++    # Flush nscd cache to be aligned with the LDAP directory change
++    system "[ -x /usr/sbin/nscd ] && /usr/sbin/nscd -i passwd 2>/dev/null";
++    system "[ -x /usr/sbin/nscd ] && /usr/sbin/nscd -i group 2>/dev/null";
+     exit 0;
+ }
+ 
diff -Nru smbldap-tools-0.9.5/debian/patches/series smbldap-tools-0.9.7/debian/patches/series
--- smbldap-tools-0.9.5/debian/patches/series	2011-11-12 11:21:15.000000000 +0100
+++ smbldap-tools-0.9.7/debian/patches/series	2011-11-12 11:05:08.000000000 +0100
@@ -1,4 +1,6 @@
 0001_debian_nobody.patch
 0002_smbldap-userlist_manpage_fix.patch
-0009_original_doc_html_index.patch
-0010_smbldap-useradd_flush_nscd_cache.patch
+0010_use-Digest-SHA.patch
+0011_fix_smbldap-grouplist_manpage.patch
+0020_original_doc_html_index.patch
+0021_smbldap-useradd_flush_nscd_cache.patch
diff -Nru smbldap-tools-0.9.5/debian/README.Debian smbldap-tools-0.9.7/debian/README.Debian
--- smbldap-tools-0.9.5/debian/README.Debian	2011-11-12 11:21:15.000000000 +0100
+++ smbldap-tools-0.9.7/debian/README.Debian	2011-09-27 20:05:13.000000000 +0200
@@ -136,5 +136,18 @@
 default), if you want to start from different numbers you can use "-g
 <firstgid>" or "-u <firstuid>" as options to smbldap-populate.
 
+Upgrade from release 0.9.6
+==========================
+
+smbldap-tools 0.9.7 now support sambaNextRid attribute and its value
+in sambaDomain object for new RID allocation instead of obsolete RID
+algorithm by default. (It is for compatibility with Samba 3.0.23c and later.)
+
+If you are upgrading from smbldap-tools 0.9.6 (or older) and/or you
+want to use legacy RID algorithm for new RID allocation, you must
+add "sambaAlgorithmicRidBase: 1000" to your sambaDomain object.
+You can do that by running the `smbldap-upgrade-0.9.6.cmd` 
+available on the `/usr/share/doc/smbldap-tools/` directory.
+
 --
-Sergio Talens-Oliag <sto@debian.org>,  Mon, 24 Sep 2007 12:50:06 +0200
+Sergio Talens-Oliag <sto@debian.org>,  Tue, 27 Sep 2011 10:42:30 +0200
diff -Nru smbldap-tools-0.9.5/debian/rules smbldap-tools-0.9.7/debian/rules
--- smbldap-tools-0.9.5/debian/rules	2011-11-12 11:21:15.000000000 +0100
+++ smbldap-tools-0.9.7/debian/rules	2011-09-27 20:05:13.000000000 +0200
@@ -1,30 +1,6 @@
 #!/usr/bin/make -f
 # -*- mode: makefile; coding: utf-8 -*-
-# Copyright © 2009 Sergio Talens-Oliag <sto@debian.org>
+# Copyright © 2009-2011 Sergio Talens-Oliag <sto@debian.org>
 
 %:
 	dh --with quilt $@
-
-# Remove the dh_auto_build and dh_auto_install step
-override_dh_auto_build:
-override_dh_auto_install:
-
-
-# Hook to create manpages from the perl files
-override_dh_installman:
-	rm -f debian/manpages
-	test -d debian/pod2man || mkdir debian/pod2man
-	for i in smbldap-[gpu]*; do \
-		pod2man --section=8 $$i > debian/pod2man/$$i.8; \
-		echo debian/pod2man/$$i.8 >> debian/manpages;   \
-	done
-	dh_installman
-	
-# Clean the generated manpages
-override_dh_clean:
-	rm -f debian/manpages
-	rm -rf debian/pod2man
-	rm -rf doc/html
-	dh_clean
-
-# Really short debian/rules ... dh rules more than cdbs!!!
diff -Nru smbldap-tools-0.9.5/debian/source/format smbldap-tools-0.9.7/debian/source/format
--- smbldap-tools-0.9.5/debian/source/format	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/debian/source/format	2011-09-27 10:30:31.000000000 +0200
@@ -0,0 +1 @@
+3.0 (quilt)
diff -Nru smbldap-tools-0.9.5/debian/watch smbldap-tools-0.9.7/debian/watch
--- smbldap-tools-0.9.5/debian/watch	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/debian/watch	2011-09-27 00:49:13.000000000 +0200
@@ -0,0 +1,9 @@
+# Example watch control file for uscan
+# Rename this file to "watch" and then you can run the "uscan" command
+# to check for upstream updates and more.
+# See uscan(1) for format
+
+# Compulsory line, this is a version 3 file
+version=3
+
+http://download.gna.org/smbldap-tools/sources/latest/smbldap-tools-([0-9].*)\.tar\.gz
diff -Nru smbldap-tools-0.9.5/doc/migration_scripts/smbldap-migrate-pwdump-accounts smbldap-tools-0.9.7/doc/migration_scripts/smbldap-migrate-pwdump-accounts
--- smbldap-tools-0.9.5/doc/migration_scripts/smbldap-migrate-pwdump-accounts	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/doc/migration_scripts/smbldap-migrate-pwdump-accounts	2011-07-12 15:29:04.000000000 +0200
@@ -1,6 +1,6 @@
 #!/usr/bin/perl -w
 
-# $Id: smbldap-migrate-pwdump-accounts,v 1.1 2005/03/08 09:29:47 jtournier Exp $
+# $Id$
 #
 #  This code was developped by IDEALX (http://IDEALX.org/) and
 #  contributors (their names can be found in the CONTRIBUTORS file).
diff -Nru smbldap-tools-0.9.5/doc/migration_scripts/smbldap-migrate-pwdump-groups smbldap-tools-0.9.7/doc/migration_scripts/smbldap-migrate-pwdump-groups
--- smbldap-tools-0.9.5/doc/migration_scripts/smbldap-migrate-pwdump-groups	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/doc/migration_scripts/smbldap-migrate-pwdump-groups	2011-07-12 15:29:04.000000000 +0200
@@ -1,6 +1,6 @@
 #!/usr/bin/perl
 
-# $Id: smbldap-migrate-pwdump-groups,v 1.1 2005/03/08 09:29:47 jtournier Exp $
+# $Id$
 #
 #  This code was developped by IDEALX (http://IDEALX.org/) and
 #  contributors (their names can be found in the CONTRIBUTORS file).
diff -Nru smbldap-tools-0.9.5/doc/migration_scripts/smbldap-migrate-unix-accounts smbldap-tools-0.9.7/doc/migration_scripts/smbldap-migrate-unix-accounts
--- smbldap-tools-0.9.5/doc/migration_scripts/smbldap-migrate-unix-accounts	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/doc/migration_scripts/smbldap-migrate-unix-accounts	2011-07-12 15:29:04.000000000 +0200
@@ -1,5 +1,7 @@
 #!/usr/bin/perl -w
 
+# $Id$
+
 # Created by P.Wieleba@iem.pw.edu.pl in 2004
 
 use strict;
diff -Nru smbldap-tools-0.9.5/doc/migration_scripts/smbldap-migrate-unix-groups smbldap-tools-0.9.7/doc/migration_scripts/smbldap-migrate-unix-groups
--- smbldap-tools-0.9.5/doc/migration_scripts/smbldap-migrate-unix-groups	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/doc/migration_scripts/smbldap-migrate-unix-groups	2011-07-12 15:29:04.000000000 +0200
@@ -1,5 +1,7 @@
 #!/usr/bin/perl -w
 
+# $Id$
+
 # Created by P.Wieleba@iem.pw.edu.pl in 2004
 
 use strict;
diff -Nru smbldap-tools-0.9.5/doc/slapd.conf smbldap-tools-0.9.7/doc/slapd.conf
--- smbldap-tools-0.9.5/doc/slapd.conf	2008-04-22 10:13:30.000000000 +0200
+++ smbldap-tools-0.9.7/doc/slapd.conf	1970-01-01 01:00:00.000000000 +0100
@@ -1,125 +0,0 @@
-#
-# See slapd.conf(5) for details on configuration options.
-# This file should NOT be world readable.
-#
-include		/etc/openldap/schema/core.schema
-include		/etc/openldap/schema/cosine.schema
-include		/etc/openldap/schema/inetorgperson.schema
-include		/etc/openldap/schema/nis.schema
-include		/etc/openldap/schema/samba.schema
-
-schemacheck	on
-
-# Allow LDAPv2 client connections.  This is NOT the default.
-allow bind_v2
-
-# Do not enable referrals until AFTER you have a working directory
-# service AND an understanding of referrals.
-#referral	ldap://root.openldap.org
-
-pidfile		/var/run/slapd.pid
-argsfile	/var/run/slapd.args
-
-# Load dynamic backend modules:
-# modulepath	/usr/sbin/openldap
-# moduleload	back_bdb.la
-# moduleload	back_ldap.la
-# moduleload	back_ldbm.la
-# moduleload	back_passwd.la
-# moduleload	back_shell.la
-
-# The next three lines allow use of TLS for encrypting connections using a
-# dummy test certificate which you can generate by changing to
-# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
-# slapd.pem so that the ldap user or group can read it.  Your client software
-# may balk at self-signed certificates, however.
-#TLSCertificateFile /etc/openldap/ldap.company.com.pem
-#TLSCertificateKeyFile /etc/openldap/ldap.company.com.key
-#TLSCACertificateFile /etc/openldap/ca.pem
-#TLSCipherSuite :SSLv3
-
-# Sample security restrictions
-#	Require integrity protection (prevent hijacking)
-#	Require 112-bit (3DES or better) encryption for updates
-#	Require 63-bit encryption for simple bind
-# security ssf=1 update_ssf=112 simple_bind=64
-
-# Sample access control policy:
-#	Root DSE: allow anyone to read it
-#	Subschema (sub)entry DSE: allow anyone to read it
-#	Other DSEs:
-#		Allow self write access
-#		Allow authenticated users read access
-#		Allow anonymous users to authenticate
-#	Directives needed to implement policy:
-# access to dn.base="" by * read
-# access to dn.base="cn=Subschema" by * read
-# access to *
-#	by self write
-#	by users read
-#	by anonymous auth
-#
-# if no access controls are present, the default policy
-# allows anyone and everyone to read anything but restricts
-# updates to rootdn.  (e.g., "access to * by * read")
-#
-# rootdn can always read and write EVERYTHING!
-
-#######################################################################
-# ldbm and/or bdb database definitions
-#######################################################################
-
-database	bdb
-suffix		"dc=company,dc=com"
-rootdn		"cn=Manager,dc=company,dc=com"
-# Cleartext passwords, especially for the rootdn, should
-# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
-# Use of strong authentication encouraged.
-rootpw		secret
-# rootpw		{crypt}ijFYNcSNctBYg
-
-# The database directory MUST exist prior to running slapd AND 
-# should only be accessible by the slapd and slap tools.
-# Mode 700 recommended.
-directory	/var/lib/ldap
-lastmod		on
-
-# Indices to maintain for this database
-index objectClass                       eq,pres
-index ou,cn,sn,mail,givenname   	eq,pres,sub
-index uidNumber,gidNumber,memberUid     eq,pres
-index loginShell			eq,pres
-## required to support pdb_getsampwnam
-index uid                     		pres,sub,eq
-## required to support pdb_getsambapwrid()
-index displayName             		pres,sub,eq
-index nisMapName,nisMapEntry            eq,pres,sub
-index sambaSID              		eq
-index sambaPrimaryGroupSID 		eq
-index sambaDomainName       		eq
-index default              		sub
-
-
-# users can authenticate and change their password
-access to attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdMustChange,sambaPwdLastSet
-      by dn="cn=Manager,dc=company,dc=com" write
-      by self write
-      by anonymous auth
-      by * none
-
-# those 2 parameters must be world readable for password aging to work correctly
-# (or use a priviledge account in /etc/ldap.conf to bind to the directory)
-access to attrs=shadowLastChange,shadowMax
-      by dn="cn=Manager,dc=company,dc=com" write
-      by self write
-      by * read
-
-# all others attributes are readable to everybody
-access to *
-      by * read
-
-# Replicas of this database
-#replogfile /var/lib/ldap/openldap-master-replog
-#replica host=ldap-1.example.com:389 starttls=critical
-#     bindmethod=sasl saslmech=GSSAPI
-#     authcId=host/ldap-master.example.com@EXAMPLE.COM
diff -Nru smbldap-tools-0.9.5/doc/slapd.conf.example smbldap-tools-0.9.7/doc/slapd.conf.example
--- smbldap-tools-0.9.5/doc/slapd.conf.example	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/doc/slapd.conf.example	2011-09-02 10:18:07.000000000 +0200
@@ -0,0 +1,125 @@
+#
+# See slapd.conf(5) for details on configuration options.
+# This file should NOT be world readable.
+#
+include		/etc/openldap/schema/core.schema
+include		/etc/openldap/schema/cosine.schema
+include		/etc/openldap/schema/inetorgperson.schema
+include		/etc/openldap/schema/nis.schema
+include		/etc/openldap/schema/samba.schema
+
+schemacheck	on
+
+# Allow LDAPv2 client connections.  This is NOT the default.
+allow bind_v2
+
+# Do not enable referrals until AFTER you have a working directory
+# service AND an understanding of referrals.
+#referral	ldap://root.openldap.org
+
+pidfile		/var/run/slapd.pid
+argsfile	/var/run/slapd.args
+
+# Load dynamic backend modules:
+# modulepath	/usr/sbin/openldap
+# moduleload	back_bdb.la
+# moduleload	back_ldap.la
+# moduleload	back_ldbm.la
+# moduleload	back_passwd.la
+# moduleload	back_shell.la
+
+# The next three lines allow use of TLS for encrypting connections using a
+# dummy test certificate which you can generate by changing to
+# /usr/share/ssl/certs, running "make slapd.pem", and fixing permissions on
+# slapd.pem so that the ldap user or group can read it.  Your client software
+# may balk at self-signed certificates, however.
+#TLSCertificateFile /etc/openldap/ldap.example.com.pem
+#TLSCertificateKeyFile /etc/openldap/ldap.example.com.key
+#TLSCACertificateFile /etc/openldap/ca.pem
+#TLSCipherSuite :SSLv3
+
+# Sample security restrictions
+#	Require integrity protection (prevent hijacking)
+#	Require 112-bit (3DES or better) encryption for updates
+#	Require 63-bit encryption for simple bind
+# security ssf=1 update_ssf=112 simple_bind=64
+
+# Sample access control policy:
+#	Root DSE: allow anyone to read it
+#	Subschema (sub)entry DSE: allow anyone to read it
+#	Other DSEs:
+#		Allow self write access
+#		Allow authenticated users read access
+#		Allow anonymous users to authenticate
+#	Directives needed to implement policy:
+# access to dn.base="" by * read
+# access to dn.base="cn=Subschema" by * read
+# access to *
+#	by self write
+#	by users read
+#	by anonymous auth
+#
+# if no access controls are present, the default policy
+# allows anyone and everyone to read anything but restricts
+# updates to rootdn.  (e.g., "access to * by * read")
+#
+# rootdn can always read and write EVERYTHING!
+
+#######################################################################
+# ldbm and/or bdb database definitions
+#######################################################################
+
+database	bdb
+suffix		"dc=example,dc=com"
+rootdn		"cn=Manager,dc=example,dc=com"
+# Cleartext passwords, especially for the rootdn, should
+# be avoided.  See slappasswd(8) and slapd.conf(5) for details.
+# Use of strong authentication encouraged.
+rootpw		secret
+#rootpw		{crypt}ijFYNcSNctBYg
+
+# The database directory MUST exist prior to running slapd AND 
+# should only be accessible by the slapd and slap tools.
+# Mode 700 recommended.
+directory	/var/lib/ldap
+lastmod		on
+
+# Indices to maintain for this database
+index objectClass                       eq,pres
+index ou,cn,sn,mail,givenname   	eq,pres,sub
+index uidNumber,gidNumber,memberUid     eq,pres
+index loginShell			eq,pres
+## required to support pdb_getsampwnam
+index uid                     		pres,sub,eq
+## required to support pdb_getsambapwrid()
+index displayName             		pres,sub,eq
+index sambaSID              		eq
+index sambaPrimaryGroupSID 		eq
+index sambaDomainName       		eq
+index sambaGroupType       		eq
+index sambaSIDList       		eq
+
+
+# users can authenticate and change their password
+access to attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPasswordHistory,sambaPwdMustChange,sambaPwdLastSet
+      by dn="cn=Manager,dc=example,dc=com" write
+      by self write
+      by anonymous auth
+      by * none
+
+# those 2 parameters must be world readable for password aging to work correctly
+# (or use a priviledge account in /etc/ldap.conf to bind to the directory)
+access to attrs=shadowLastChange,shadowMax
+      by dn="cn=Manager,dc=example,dc=com" write
+      by self write
+      by * read
+
+# all others attributes are readable to everybody
+access to *
+      by * read
+
+# Replicas of this database
+#replogfile /var/lib/ldap/openldap-master-replog
+#replica host=ldap-1.example.com:389 starttls=critical
+#     bindmethod=sasl saslmech=GSSAPI
+#     authcId=host/ldap-master.example.com@EXAMPLE.COM
diff -Nru smbldap-tools-0.9.5/doc/smb.conf smbldap-tools-0.9.7/doc/smb.conf
--- smbldap-tools-0.9.5/doc/smb.conf	2008-04-22 10:13:30.000000000 +0200
+++ smbldap-tools-0.9.7/doc/smb.conf	1970-01-01 01:00:00.000000000 +0100
@@ -1,138 +0,0 @@
-# Global parameters
-[global]
-	workgroup = DOMSMB
-	netbios name = PDC-SRV
-	security = user
-	enable privileges = yes
-	#interfaces = 192.168.5.11
-	#username map = /etc/samba/smbusers
-	server string = Samba Server %v
-	#security = ads
-	encrypt passwords = Yes
-	min passwd length = 3
-	#pam password change = no
-	#obey pam restrictions = No
-
-	# method 1:
-	#unix password sync = no
-	#ldap passwd sync = yes
-
-	# method 2:
-	unix password sync = yes
-	ldap passwd sync = no
-	passwd program = /usr/sbin/smbldap-passwd -u "%u"
-	passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n"
-
-	log level = 0
-	syslog = 0
-	log file = /var/log/samba/log.%U
-	max log size = 100000
-	time server = Yes
-	socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
-	mangling method = hash2
-	Dos charset = 850
-	Unix charset = ISO8859-1
-
-	logon script = logon.bat
-	logon drive = H:
-        logon home = 
-        logon path = 
-
-	domain logons = Yes
-	domain master = Yes
-	os level = 65
-	preferred master = Yes
-	wins support = yes
-	# passdb backend = ldapsam:"ldap://ldap1.company.com ldap://ldap2.company.com"
-	passdb backend = ldapsam:ldap://127.0.0.1/
-	ldap admin dn = cn=Manager,dc=company,dc=com
-	#ldap admin dn = cn=samba,ou=DSA,dc=company,dc=com
-	ldap suffix = dc=company,dc=com
-        ldap group suffix = ou=Groups
-        ldap user suffix = ou=Users
-        ldap machine suffix = ou=Computers
-	#ldap idmap suffix = ou=Idmap
-        add user script = /usr/sbin/smbldap-useradd -m "%u"
-        #ldap delete dn = Yes
-        delete user script = /usr/sbin/smbldap-userdel "%u"
-        add machine script = /usr/sbin/smbldap-useradd -t 0 -w "%u"
-        add group script = /usr/sbin/smbldap-groupadd -p "%g" 
-        #delete group script = /usr/sbin/smbldap-groupdel "%g"
-        add user to group script = /usr/sbin/smbldap-groupmod -m "%u" "%g"
-        delete user from group script = /usr/sbin/smbldap-groupmod -x "%u" "%g"
-	set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
-
-	# printers configuration
-	#printer admin = @"Print Operators"
-	load printers = Yes
-	create mask = 0640
-	directory mask = 0750
-	#force create mode = 0640
-	#force directory mode = 0750
-	nt acl support = No
-	printing = cups
-	printcap name = cups
-	deadtime = 10
-	guest account = nobody
-	map to guest = Bad User
-	dont descend = /proc,/dev,/etc,/lib,/lost+found,/initrd
-	show add printer wizard = yes
-	; to maintain capital letters in shortcuts in any of the profile folders:
-	preserve case = yes
-	short preserve case = yes
-	case sensitive = no
-
-[netlogon]
-	path = /home/netlogon/
-	browseable = No
-	read only = yes
-
-[profiles]
-	path = /home/profiles
-	read only = no
-	create mask = 0600
-	directory mask = 0700
-	browseable = No
-	guest ok = Yes
-	profile acls = yes
-	csc policy = disable
-	# next line is a great way to secure the profiles 
-	#force user = %U 
-	# next line allows administrator to access all profiles 
-	#valid users = %U "Domain Admins"
-
-[printers]
-        comment = Network Printers
-        #printer admin = @"Print Operators"
-        guest ok = yes 
-        printable = yes
-        path = /home/spool/
-        browseable = No
-        read only  = Yes
-        printable = Yes
-        print command = /usr/bin/lpr -P%p -r %s
-        lpq command = /usr/bin/lpq -P%p
-        lprm command = /usr/bin/lprm -P%p %j
-        # print command = /usr/bin/lpr -U%U@%M -P%p -r %s
-        # lpq command = /usr/bin/lpq -U%U@%M -P%p
-        # lprm command = /usr/bin/lprm -U%U@%M -P%p %j
-        # lppause command = /usr/sbin/lpc -U%U@%M hold %p %j
-        # lpresume command = /usr/sbin/lpc -U%U@%M release %p %j
-        # queuepause command = /usr/sbin/lpc -U%U@%M stop %p
-        # queueresume command = /usr/sbin/lpc -U%U@%M start %p
-
-[print$]
-        path = /home/printers
-        guest ok = No
-        browseable = Yes
-        read only = Yes
-        valid users = @"Print Operators"
-        write list = @"Print Operators"
-        create mask = 0664
-        directory mask = 0775
-
-[public]
-	path = /tmp
-	guest ok = yes
-	browseable = Yes
-	writable = yes
diff -Nru smbldap-tools-0.9.5/doc/smb.conf.tmpl smbldap-tools-0.9.7/doc/smb.conf.tmpl
--- smbldap-tools-0.9.5/doc/smb.conf.tmpl	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/doc/smb.conf.tmpl	2011-09-02 11:12:55.000000000 +0200
@@ -0,0 +1,68 @@
+[global]
+	workgroup = DOMSMB
+	netbios name = PDC-SRV
+
+	deadtime = 10
+
+	log level = 1
+	log file = /var/log/samba/log.%m
+	max log size = 5000
+	debug pid = yes
+	debug uid = yes
+	syslog = 0
+	utmp = yes
+
+	security = user
+	domain logons = yes
+	os level = 64
+	logon path =
+	logon home =
+	logon drive =
+	logon script =
+
+	passdb backend = ldapsam:"ldap://ldap.example.com/"
+	ldap ssl = start tls
+	ldap admin dn = cn=Manager,dc=example,dc=com
+	ldap delete dn = no
+
+	## Sync UNIX password with Samba password
+	## Method 1:
+	ldap password sync = yes
+	## Method 2:
+	;ldap password sync = no
+	;unix password sync = yes
+	;passwd program = @SBINDIR@/smbldap-passwd -u '%u'
+	;passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*" %n\n"
+
+	ldap suffix = dc=example,dc=com
+	ldap user suffix = ou=Users
+	ldap group suffix = ou=Groups
+	ldap machine suffix = ou=Computers
+	ldap idmap suffix = ou=Idmap
+
+	add user script = @SBINDIR@/smbldap-useradd -m '%u' -t 1
+	rename user script = @SBINDIR@/smbldap-usermod -r '%unew' '%uold'
+	delete user script = @SBINDIR@/smbldap-userdel '%u'
+	set primary group script = @SBINDIR@/smbldap-usermod -g '%g' '%u'
+	add group script = @SBINDIR@/smbldap-groupadd -p '%g'
+	delete group script = @SBINDIR@/smbldap-groupdel '%g'
+	add user to group script = @SBINDIR@/smbldap-groupmod -m '%u' '%g'
+	delete user from group script = @SBINDIR@/smbldap-groupmod -x '%u' '%g'
+	add machine script = @SBINDIR@/smbldap-useradd -w '%u' -t 1
+
+[NETLOGON]
+	path = /var/lib/samba/netlogon
+	browseable = no
+	share modes = no
+
+[PROFILES]
+	path = /var/lib/samba/profiles
+	browseable = no
+	writeable = yes
+	create mask = 0611
+	directory mask = 0700
+	profile acls = yes
+	csc policy = disable
+	map system = yes
+	map hidden = yes
+
diff -Nru smbldap-tools-0.9.5/doc/smbldap-tools.html smbldap-tools-0.9.7/doc/smbldap-tools.html
--- smbldap-tools-0.9.5/doc/smbldap-tools.html	2008-04-22 10:13:30.000000000 +0200
+++ smbldap-tools-0.9.7/doc/smbldap-tools.html	2011-09-02 10:30:14.000000000 +0200
@@ -1,10 +1,11 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
             "http://www.w3.org/TR/REC-html40/loose.dtd">
+<!-- $Id$ -->
 <HTML>
 <HEAD><TITLE>Smbldap-tools User Manual 
 (Release: 0.9.3 )</TITLE>
 
-<META http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
+<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
 <META name="GENERATOR" content="hevea 1.07">
 
 <link rel="stylesheet" href="IDXDOC.css">
@@ -30,7 +31,7 @@
 <H1 ALIGN=center>Smbldap-tools User Manual<BR>
 (<I>Release</I>: 0.9.3 )</H1>
 
-<H3 ALIGN=center>Jérôme Tournier</H3>
+<H3 ALIGN=center>Jérôme Tournier</H3>
 
 <H3 ALIGN=center><I>Revision</I>: 1.7 , generated April 22, 2008<BR>
 </H3>
@@ -359,16 +360,16 @@
  </UL>
 <LI><TT>clientcert</TT>&nbsp;: the file that contains the client certificate
  <UL><LI>
- Example: <TT>clientcert="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.iallanis.com.pem"</TT>
+ Example: <TT>clientcert="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.example.com.pem"</TT>
  </UL>
 <LI><TT>clientkey</TT>&nbsp;: the file that contains the private key that
  matches the certificate stored in the clientcert file
  <UL><LI>
- Example: <TT>clientkey="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.iallanis.com.key"</TT>
+ Example: <TT>clientkey="/etc/opt/IDEALX/smbldap-tools/smbldap-tools.example.com.key"</TT>
  </UL>
 <LI><TT>suffix</TT>&nbsp;: The distinguished name of the search base
  <UL><LI>
- Example: <TT>suffix="dc=idealx,dc=com"</TT>
+ Example: <TT>suffix="dc=example,dc=com"</TT>
  </UL>
 <LI><TT>usersdn</TT>&nbsp;: branch in which users account can be found or
  must be added
@@ -509,7 +510,7 @@
 <UL><LI>
 <TT>slaveDN</TT>&nbsp;: distinguished name used to bind to the slave server 
  <UL><LI>
- Example 1: <TT>slaveDN="cn=Manager,dc=idealx,dc=com"</TT> 
+ Example 1: <TT>slaveDN="cn=Manager,dc=example,dc=com"</TT> 
  <LI>Example 2: <TT>slaveDN=""</TT>
  <LI>Remark: this can be the manager account of the directory or
  any LDAP account that has sufficient permissions to read the full
@@ -526,7 +527,7 @@
  </UL>
 <LI><TT>masterDN</TT>&nbsp;: the distinguished name used to bind to the master server
  <UL><LI>
- Example: <TT>masterDN="cn=Manager,dc=idealx,dc=com"</TT>
+ Example: <TT>masterDN="cn=Manager,dc=example,dc=com"</TT>
  <LI>Remark: this can be the manager account of the directory or
  any LDAP account that has enough permissions to modify the content
  of the directory. Anonymous access does not make any sense here.
@@ -566,7 +567,7 @@
 </TR></TABLE></TD>
 <TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
 <TR><TD><PRE>
-  rootdn          "cn=Manager,dc=idealx,dc=com"
+  rootdn          "cn=Manager,dc=example,dc=com"
   rootpw          secret
 </PRE></TD>
 </TR></TABLE></TD>
@@ -596,7 +597,7 @@
 </TR></TABLE></TD>
 <TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
 <TR><TD><PRE>
-  masterDN="cn=Manager,dc=idealx,dc=com"
+  masterDN="cn=Manager,dc=example,dc=com"
   masterPw="secret"
 </PRE></TD>
 </TR></TABLE></TD>
@@ -655,27 +656,27 @@
 <PRE>
 [root@etoile root]# smbldap-populate 
 Using builtin directory structure
-adding new entry: dc=idealx,dc=com
-adding new entry: ou=Users,dc=idealx,dc=com
-adding new entry: ou=Groups,dc=idealx,dc=com
-adding new entry: ou=Computers,dc=idealx,dc=com
-adding new entry: ou=Idmap,dc=idealx,dc=org
-adding new entry: cn=NextFreeUnixId,dc=idealx,dc=org
-adding new entry: uid=Administrator,ou=Users,dc=idealx,dc=com
-adding new entry: uid=nobody,ou=Users,dc=idealx,dc=com
-adding new entry: cn=Domain Admins,ou=Groups,dc=idealx,dc=com
-adding new entry: cn=Domain Users,ou=Groups,dc=idealx,dc=com
-adding new entry: cn=Domain Guests,ou=Groups,dc=idealx,dc=com
-adding new entry: cn=Print Operators,ou=Groups,dc=idealx,dc=com
-adding new entry: cn=Backup Operators,ou=Groups,dc=idealx,dc=com
-adding new entry: cn=Replicator,ou=Groups,dc=idealx,dc=com
-adding new entry: cn=Domain Computers,ou=Groups,dc=idealx,dc=com
+adding new entry: dc=example,dc=com
+adding new entry: ou=Users,dc=example,dc=com
+adding new entry: ou=Groups,dc=example,dc=com
+adding new entry: ou=Computers,dc=example,dc=com
+adding new entry: ou=Idmap,dc=example,dc=org
+adding new entry: cn=NextFreeUnixId,dc=example,dc=org
+adding new entry: uid=Administrator,ou=Users,dc=example,dc=com
+adding new entry: uid=nobody,ou=Users,dc=example,dc=com
+adding new entry: cn=Domain Admins,ou=Groups,dc=example,dc=com
+adding new entry: cn=Domain Users,ou=Groups,dc=example,dc=com
+adding new entry: cn=Domain Guests,ou=Groups,dc=example,dc=com
+adding new entry: cn=Print Operators,ou=Groups,dc=example,dc=com
+adding new entry: cn=Backup Operators,ou=Groups,dc=example,dc=com
+adding new entry: cn=Replicator,ou=Groups,dc=example,dc=com
+adding new entry: cn=Domain Computers,ou=Groups,dc=example,dc=com
 </PRE>
-After this step, if you don't want to use the <TT>cn=Manager,dc=idealx,dc=com</TT>
+After this step, if you don't want to use the <TT>cn=Manager,dc=example,dc=com</TT>
 account anymore, you can create a dedicated account for Samba and the
 smbldap-tools. See section <A HREF="#change::manager">8.2</A> for more details.<BR>
 <BR>
-The <TT>cn=NextFreeUnixId,dc=idealx,dc=org</TT> entry is only used to
+The <TT>cn=NextFreeUnixId,dc=example,dc=org</TT> entry is only used to
 defined the next uidNumber and gidNumber available for creating new
 users and groups. The default values for those numbers are 1000. You
 can change it with the <TT>-u</TT> and <TT>-g</TT> option. For
@@ -1241,7 +1242,7 @@
 
 There are two way to do this :
 <UL><LI>
-modify the <TT>cn=NextFreeUnixId,dc=idealx,dc=org</TT> and
+modify the <TT>cn=NextFreeUnixId,dc=example,dc=org</TT> and
  change the <TT>uidNumber</TT> and/or <TT>gidNumber</TT> value. This
  must be done manually. For example, if you want to use all available
  uidNumber and gidNumber higher then 1500, you need to create a
@@ -1259,7 +1260,7 @@
  </TD>
 </TR></TABLE></TD>
 <TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
-<TR><TD><PRE>dn: cn=NextFreeUnixId,dc=idealx,dc=org
+<TR><TD><PRE>dn: cn=NextFreeUnixId,dc=example,dc=org
 changetype: modify
 uidNumber: 1500
 gidNumber: 1500
@@ -1278,7 +1279,7 @@
 </TR></TABLE>
 and then update the directory :
 <PRE>
-ldapmodify -x -D "cn=Manager,dc=idealx,dc=org" -w secret -f update-NextFreeUnixId.ldif
+ldapmodify -x -D "cn=Manager,dc=example,dc=org" -w secret -f update-NextFreeUnixId.ldif
 </PRE><LI>use the <TT>-u</TT> or <TT>-g</TT> option to the script you need to set the value you
  want to use
 </UL>
@@ -1298,7 +1299,7 @@
 <PRE>
 [root@slave sbin]# smbldap-populate.pl
   Using builtin directory structure
-  adding new entry: dc=IDEALX,dc=COM
+  adding new entry: dc=example,dc=org
   Can't call method "code" without a package or object reference at
   /usr/local/sbin/smbldap-populate.pl line 270, &lt;GEN1&gt; line 2.
 </PRE>Answer: check the TLS configuration
@@ -1450,7 +1451,7 @@
 	You have updated the smbldap-tools to version 0.8.5 or newer.
 	You have to do this manually. Create an file called <TT>add.ldif</TT> and containing
 <PRE>
-dn: cn=NextFreeUnixId,dc=idealx,dc=org
+dn: cn=NextFreeUnixId,dc=example,dc=org
 objectClass: inetOrgPerson
 objectClass: sambaUnixIdPool
 uidNumber: 1000
@@ -1459,7 +1460,7 @@
 sn: NextFreeUnixId
 </PRE>	and then add the object with the ldapadd utility:
 <PRE>
-$ ldapadd -x -D "cn=Manager,dc=idealx,dc=org" -w secret -f add.ldif
+$ ldapadd -x -D "cn=Manager,dc=example,dc=org" -w secret -f add.ldif
 </PRE>	Here, 1000 is the first available value for uidNumber and gidNumber (of course, if this value is
 	already used by a user or a group, the first available after 1000 will be used).
 	</UL><BR>
@@ -1530,7 +1531,7 @@
 <A NAME="thanks"></A>
 People who have worked on this document are
 <UL><LI>
-Jérôme Tournier &lt;jerome.tournier@IDEALX.com&gt;
+Jérôme Tournier &lt;jerome.tournier@IDEALX.com&gt;
 <LI>David Barth &lt;david.barth@IDEALX.com&gt;
 <LI>Nat Makarevitch &lt;nat@IDEALX.com&gt;
 </UL>
@@ -1542,7 +1543,7 @@
 <UL><LI>
 IDEALX team :
  <UL><LI>
- Roméo Adekambi &lt;romeo.adekambi@IDEALX.com&gt;
+ Roméo Adekambi &lt;romeo.adekambi@IDEALX.com&gt;
  <LI>Aurelien Degremont &lt;adegremont@IDEALX.com&gt;
  <LI>Renaud Renard &lt;rrenard@IDEALX.com&gt;
  </UL>
@@ -1574,7 +1575,7 @@
 </TR></TABLE></TD>
 <TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
 <TR><TD><PRE># $Source: $
-# $Id: smbldap.conf,v 1.18 2005/05/27 14:28:47 jtournier Exp $
+# $Id$
 #
 # smbldap-tools.conf : Q &amp; D configuration file for smbldap-tools
 
@@ -1633,7 +1634,7 @@
 # Slave LDAP server
 # Ex: slaveLDAP=127.0.0.1
 # If not defined, parameter is set to "127.0.0.1"
-slaveLDAP="ldap.iallanis.info"
+slaveLDAP="ldap.example.info"
 
 # Slave LDAP port
 # If not defined, parameter is set to "389"
@@ -1642,7 +1643,7 @@
 # Master LDAP server: needed for write operations
 # Ex: masterLDAP=127.0.0.1
 # If not defined, parameter is set to "127.0.0.1"
-masterLDAP="ldap.iallanis.info"
+masterLDAP="ldap.example.info"
 
 # Master LDAP port
 # If not defined, parameter is set to "389"
@@ -1671,15 +1672,15 @@
 
 # certificate to use to connect to the ldap server
 # see "man Net::LDAP" in start_tls section for more details
-clientcert="/etc/smbldap-tools/smbldap-tools.iallanis.info.pem"
+clientcert="/etc/smbldap-tools/smbldap-tools.example.info.pem"
 
 # key certificate to use to connect to the ldap server
 # see "man Net::LDAP" in start_tls section for more details
-clientkey="/etc/smbldap-tools/smbldap-tools.iallanis.info.key"
+clientkey="/etc/smbldap-tools/smbldap-tools.example.info.key"
 
 # LDAP Suffix
 # Ex: suffix=dc=IDEALX,dc=ORG
-suffix="dc=iallanis,dc=info"
+suffix="dc=example,dc=info"
 
 # Where are stored Users
 # Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
@@ -1785,7 +1786,7 @@
 # Domain appended to the users "mail"-attribute
 # when smbldap-useradd -M is used
 # Ex: mailDomain="idealx.com"
-mailDomain="iallanis.info"
+mailDomain="example.info"
 
 ##############################################################################
 #
@@ -1793,12 +1794,12 @@
 #
 ##############################################################################
 
-# Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but
+# Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap.conf) but
 # prefer Crypt::SmbHash library
 with_smbpasswd="0"
 smbpasswd="/usr/bin/smbpasswd"
 
-# Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)
+# Allows not to use slappasswd (if with_slappasswd == 0 in smbldap.conf)
 # but prefer Crypt:: libraries
 with_slappasswd="0"
 slappasswd="/usr/sbin/slappasswd"
@@ -1843,9 +1844,9 @@
 # master ldap for writing access and a slave ldap server for reading access
 # By default, we will use the same DN (so it will work for standard Samba
 # release)
-slaveDN="cn=Manager,dc=iallanis,dc=info"
+slaveDN="cn=Manager,dc=example,dc=info"
 slavePw="secret"
-masterDN="cn=Manager,dc=iallanis,dc=info"
+masterDN="cn=Manager,dc=example,dc=info"
 masterPw="secret"
 </PRE></TD>
 </TR></TABLE></TD>
@@ -2189,7 +2190,7 @@
 <H3><A NAME="htoc47">8.2</A>&nbsp;&nbsp;Changing the administrative account (<TT>ldap admin
  dn</TT> in <TT>smb.conf</TT> file)</H3><!--SEC END -->
 <A NAME="change::manager"></A>
-If you don't want to use the <TT>cn=Manager,dc=idealx,dc=com</TT>
+If you don't want to use the <TT>cn=Manager,dc=example,dc=com</TT>
 account anymore, you can create a dedicated account for Samba and the
 smbldap-tools scripts. To do
 this, create an account named <I>samba</I> as follows (see
@@ -2215,9 +2216,9 @@
 </TR></TABLE></TD>
 <TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
 <TR><TD><PRE>
-    slaveDN="uid=samba,ou=Users,dc=idealx,dc=com"
+    slaveDN="uid=samba,ou=Users,dc=example,dc=com"
     slavePw="samba"
-    masterDN="uid=samba,ou=Users,dc=idealx,dc=com"
+    masterDN="uid=samba,ou=Users,dc=example,dc=com"
     masterPw="samba"
   </PRE></TD>
 </TR></TABLE></TD>
@@ -2246,7 +2247,7 @@
 </TR></TABLE></TD>
 <TD><TABLE BORDER=0 CELLPADDING="1" CELLSPACING=0>
 <TR><TD><PRE>
-    ldap admin dn = uid=samba,ou=Users,dc=idealx,dc=com
+    ldap admin dn = uid=samba,ou=Users,dc=example,dc=com
   </PRE></TD>
 </TR></TABLE></TD>
 <TD BGCOLOR=black COLSPAN="1"><TABLE CELLSPACING="1" CELLPADDING=0 BORDER=0>
@@ -2283,17 +2284,17 @@
 <TR><TD><PRE>
 # users can authenticate and change their password
 access to attrs=userPassword,sambaNTPassword,sambaLMPassword,sambaPwdLastSet,sambaPwdMustChange
-      by dn="uid=samba,ou=Users,dc=idealx,dc=com" write
+      by dn="uid=samba,ou=Users,dc=example,dc=com" write
       by self write
       by anonymous auth
       by * none
 # some attributes need to be readable anonymously so that 'id user' can answer correctly
 access to attrs=objectClass,entry,gecos,homeDirectory,uid,uidNumber,gidNumber,cn,memberUid
-      by dn="uid=samba,ou=Users,dc=idealx,dc=com" write
+      by dn="uid=samba,ou=Users,dc=example,dc=com" write
       by * read
 # somme attributes can be writable by users themselves
 access to attrs=description,telephoneNumber
-      by dn="uid=samba,ou=Users,dc=idealx,dc=com" write
+      by dn="uid=samba,ou=Users,dc=example,dc=com" write
       by self write
       by * read
 # some attributes need to be writable for samba
@@ -2301,24 +2302,24 @@
  sambaPwdCanChange,sambaPwdMustChange,sambaAcctFlags,displayName,sambaHomePath,sambaHomeDrive,sambaLogonScript,
  sambaProfilePath,description,sambaUserWorkstations,sambaPrimaryGroupSID,sambaDomainName,sambaSID,sambaGroupType,
  sambaNextRid,sambaNextGroupRid,sambaNextUserRid,sambaAlgorithmicRidBase
-      by dn="uid=samba,ou=Users,dc=idealx,dc=com" write
+      by dn="uid=samba,ou=Users,dc=example,dc=com" write
       by self read
       by * none
 # samba need to be able to create the samba domain account
-access to dn.base="dc=idealx,dc=com"
-      by dn="uid=samba,ou=Users,dc=idealx,dc=com" write
+access to dn.base="dc=example,dc=com"
+      by dn="uid=samba,ou=Users,dc=example,dc=com" write
       by * none
 # samba need to be able to create new users account
-access to dn="ou=Users,dc=idealx,dc=com"
-      by dn="uid=samba,ou=Users,dc=idealx,dc=com" write
+access to dn="ou=Users,dc=example,dc=com"
+      by dn="uid=samba,ou=Users,dc=example,dc=com" write
       by * none
 # samba need to be able to create new groups account
-access to dn="ou=Groups,dc=idealx,dc=com"
-      by dn="uid=samba,ou=Users,dc=idealx,dc=com" write
+access to dn="ou=Groups,dc=example,dc=com"
+      by dn="uid=samba,ou=Users,dc=example,dc=com" write
       by * none
 # samba need to be able to create new computers account
-access to dn="ou=Computers,dc=idealx,dc=com"
-      by dn="uid=samba,ou=Users,dc=idealx,dc=com" write
+access to dn="ou=Computers,dc=example,dc=com"
+      by dn="uid=samba,ou=Users,dc=example,dc=com" write
       by * none
 # this can be omitted but we leave it: there could be other branch
 # in the directory
@@ -2358,7 +2359,7 @@
 
 <DIV class="piedpage">
 <HR>
-<P>Documents&nbsp;: Copyright © 2002 IDEALX S.A.S..
+<P>Documents&nbsp;: Copyright &copy; 2002 IDEALX S.A.S..
 'IDEALX' is the property of IDEALX.
 'Samba' is the property of Samba Team. All other trademarks belong to their respective owners.
 </DIV>
diff -Nru smbldap-tools-0.9.5/doc/smb.smbldap.conf.tmpl smbldap-tools-0.9.7/doc/smb.smbldap.conf.tmpl
--- smbldap-tools-0.9.5/doc/smb.smbldap.conf.tmpl	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/doc/smb.smbldap.conf.tmpl	2011-07-12 15:29:04.000000000 +0200
@@ -0,0 +1,13 @@
+## Put 'include = @SAMBA_SYSCONFDIR@/smb.smbldap.conf' into
+## your @SAMBA_SYSCONFDIR@/smb.conf file to enable smbldap-tools
+[global]
+add user script = @sbindir@/smbldap-useradd -m '%u' -t 1
+rename user script = @sbindir@/smbldap-usermod -r '%unew' '%uold'
+delete user script = @sbindir@/smbldap-userdel '%u'
+set primary group script = @sbindir@/smbldap-usermod -g '%g' '%u'
+add group script = @sbindir@/smbldap-groupadd -p '%g'
+delete group script = @sbindir@/smbldap-groupdel '%g'
+add user to group script = @sbindir@/smbldap-groupmod -m '%u' '%g'
+delete user from group script = @sbindir@/smbldap-groupmod -x '%u' '%g'
+add machine script = @sbindir@/smbldap-useradd -w '%u' -t 1
+
diff -Nru smbldap-tools-0.9.5/FILES smbldap-tools-0.9.7/FILES
--- smbldap-tools-0.9.5/FILES	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/FILES	2011-09-02 09:17:49.000000000 +0200
@@ -1,5 +1,4 @@
-# $Id: $
-# $Source: $
+# $Id$
 #
 ## File listing for SMBLDAP-TOOLS
 
@@ -9,37 +8,41 @@
 README			: introduction and usage
 TODO			: feature request and bug report list
 ChangeLog		: changelog
-configure.pl		: script to configure the smbldap_conf.pl
+smbldap-config		: script to configure the smbldap.conf
 
 Core:
 =-=-=
-smbldap-groupadd    : to add a new group
-			 (objectclass: posixGroup)
-smbldap-groupdel    : to delete a group
-			 (objectclass: posixGroup)
-smbldap-groupmod    : to modify a group (mostly used to add user to a group)
-			 (objectclass: posixGroup)
-smbldap-groupshow   : to view a group
-			 (objectclass: posixGroup)
-smbldap_conf.pm     : global configuration datas
+smbldap-groupadd    : add a new LDAP group entry
+			(objectclass: posixGroup)
+smbldap-groupdel    : delete a LDAP group entry
+			(objectclass: posixGroup)
+smbldap-grouplist   : list LDAP group entries
+			(objectclass: posixGroup)
+smbldap-groupmod    : modify a LDAP group entry (or its members)
+			(objectclass: posixGroup)
+smbldap-groupshow   : view a LDAP group entry
+			(objectclass: posixGroup)
+smbldap.conf        : global configuration
+smbldap_bind.conf   : LDAP binding configuration
 smbldap_tools.pm    : functions
-smbldap-useradd     : to add a new user
-			 (objectclass: posixAccount and/or sambaAccount)
-smbldap-userdel     : to delete a user
-			 (objectclass: posixAccount and/or sambaAccount)
-smbldap-usermod     : to modify a user datas
-			 (objectclass: posixAccount and/or sambaAccount)
-smbldap-usershow    : to view an user datas
-			 (objectclass: posixAccount and/or sambaAccount)
-smbldap-passwd      : to sync passwd (Unix and Samba)
-			 (a replacement for the system passwd utility)
-smbldap-populate    : to add a builtin ldif to initialize your LDAP master for
-                         smbldap use, or to add a specified ldif
-smbldap-tools.spec  : SPEC file for RedHat RPM package format
+smbldap-useradd     : add a new LDAP user
+			(objectclass: posixAccount and/or sambaSamAccount)
+smbldap-userdel     : delete a LDAP user
+			(objectclass: posixAccount and/or sambaSamAccount)
+smbldap-userlist    : list LDAP users
+			(objectclass: posixAccount and/or sambaSamAccount)
+smbldap-usermod     : modify a LDAP user entry
+			(objectclass: posixAccount and/or sambaSamAccount)
+smbldap-usershow    : view a LDAP user entry
+			(objectclass: posixAccount and/or sambaSamAccount)
+smbldap-passwd      : set and sync LDAP passwdords (Unix and Samba)
+			(replacement for the system passwd utility)
+smbldap-populate    : add a builtin ldif to initialize your LDAP master for
+			smbldap use, or to add a specified ldif
+smbldap-tools.spec  : SPEC file for Red Hat RPM package format
 
 Migration:
 =-=-=-=-=-
 smbldap-migrate-accounts     : add NT sam entries from pwdump to ldap
-smbldap-migrate-groups       : add any LDAP posixGroups from the output of the 'net group' NT command
-
-# - The End
+smbldap-migrate-groups       : add any LDAP posixGroups from the output of the
+				'net group' NT command
diff -Nru smbldap-tools-0.9.5/INFRA smbldap-tools-0.9.7/INFRA
--- smbldap-tools-0.9.5/INFRA	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/INFRA	2011-07-14 04:19:08.000000000 +0200
@@ -1,5 +1,4 @@
-# $Id: $
-# $Source: $
+# $Id$
 #
 ## Some notes about the architecture
 
@@ -12,83 +11,63 @@
 simplier enought to let you customize them to you needs.
 
 They need the following objectClasses to work:
- . sambaAccount: from samba.schema for Samba 2.2 branch
+ . sambaSamAccount: from samba.schema for Samba 3.2 or later
  . posixAccount and posixGroup : from nis.schema
  . organizationalUnit and dcObject: from core.schema
 
 They will probably use in a near future some additional objectClasses
-to support : 
+to support :
  . mail features (sendmail/postfix/qmail/courier).
  . conform to RFC2307 best practices (and so some maps too like merging
-   Netbios computers (sambaAccounts) with ipHosts
+   NetBIOS computers (sambaSamAccount) with ipHosts
 
 For ease of visualization of the LDAP objects by human standards, we
 used a DIT like this one :
- . dc=IDEALX,dc=org : the company/organization suffix
+ . dc=example,dc=com : the company/organization suffix
 	. ou=Users : to store users accounts
 	. ou=Computers : to store computers accounts
 	. ou=Groups : to store system groups
 Of course, you're free to use a different naming scheme and DIT (see
-smbldap_conf.pm).
+smbldap.conf).
 
 
-Built in groups initial population 
+Built in groups initial population
 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 
-smbldap-populate.pl populate the LDAP directory with some built in groups 
-using gidNumber according to Well Know RID of Windows NT4 Srv. In fact, As
-far a Samba 2.2.x is concerned, only the 'Domain Admins' (gidNumber 512) have 
-real inpact on the Samba and Windows population. To activate this group as 
-the Domain Administrators Group, use the following smb.conf directive (see 
+smbldap-populate populate the LDAP directory with some built in groups
+using gidNumber according to Well Know RID of Windows NT 4 Server. In fact,
+As far a Samba 3 is concerned, only the 'Domain Admins' (gidNumber 512) have
+real inpact on the Samba and Windows population. To activate this group as
+the Domain Administrators Group, use the following smb.conf directive (see
 man smb.conf for more):
 
 	domain admin group = " @"Domain Admins" "
 
-However, to make pdb_ldap accept bind without being uid=0, a quick and
-dirty patch must be applied to 2.2.4 (see samba-2.2.4-ldapbindnotuid0.patch).
-This patch is Q&D because the check is there because Samba store admin 
-credentials to establish the LDAP connection. The uid == 0 check was to 
-ensure that a normal user could not get write access to the LDAP backend.
-A more logical situation should be done for 2.2.5 by checking if the user
-is a member of the domain admin group (reported to Jerremy and Gerald 
-2002-05-28).
-
 Other built in groups are really cosmetic ones with Samba 2.2.x. We did not
-removed them because one of these days, we whish to use Samba 3.0 where 
+removed them because one of these days, we whish to use Samba 3.0 where
 Windows Group Support should be operational.
 
 Why these specific gidNumbers ?
-It's about unix/windows mapping of numerical ids with Samba. Ids below 1024 
-are NT special ids. In fact, 512 is the RID (Windows uid/gid) for the 
-"Domain Administrators" NT group. The magic number is found in Samba sources 
+It's about Unix/Windows mapping of numerical IDs with Samba. IDs below 1024
+are NT special IDs. In fact, 512 is the RID (Windows UID/GID) for the
+"Domain Administrators" NT group. The magic number is found in Samba sources
 and possibly other Samba/Windows documentations.
 
-The goal is to have a set of Unix users who are Domain Administrators and can 
-modify Samba datas (eg. LDAP content), with commandline tools or within 
+The goal is to have a set of Unix users who are Domain Administrators and
+can modify Samba datas (eg. LDAP content), with commandline tools or within
 Windows via Samba.
 
-Say you want to add a NT4 ws to an NT domain (controlled by a samba/ldap  
-server). You give the domain administrator's login and password in the 
-appropriate ws settings, then the ws contacts the samba server, which checks 
-the credentials and use them as unix user to run the smbldap-tools (if I 
-remember). Giving 512 as a RID to a LDAP entry marks it as a domain admin   
-for Samba (thus Windows). Using nss_ldap, you also have an account with
-gid 512.
+Say you want to add a Windows to an NT domain (controlled by a Samba/LDAP
+server). You give the domain administrator's login and password in the
+appropriate Windows settings, then the Windows contacts the Samba server,
+which checks the credentials and use them as unix user to run the smbldap-tools
+(if I remember). Giving 512 as a RID to a LDAP entry marks it as a domain
+admin for Samba (thus Windows). Using nss_ldap, you also have an account
+with GID 512.
 
 
 Known BUGS and WORKAROUND used
 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 
-The 2.2.2 has at least a bug : rid/primaryGroupID are read as hex in LDAP,
-but written as decimal. Fixed in CVS by reading as decimal. By default
-smbldap-useradd.pl writes decimal to LDAP. Use -x to support the odd
-behaviour.
-
-The samba-2.2.4-ldapbindnotuid0.patch is not a perfect solution however
-as the check is there because Samba store admin credentials to establish the 
-LDAP connection. The uid == 0 check was to ensure that a normal user could 
-not get write access to the LDAP backend. A more logical situation should be 
-done for 2.2.5 by checking if the user is a member of the domain admin group 
-(reported to Jerremy and Gerald 2002-05-28).
+Not known.
 
-# - The End
diff -Nru smbldap-tools-0.9.5/INSTALL smbldap-tools-0.9.7/INSTALL
--- smbldap-tools-0.9.5/INSTALL	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/INSTALL	2011-09-02 08:15:15.000000000 +0200
@@ -1,133 +1,54 @@
-# $Id: $
-# $Source: $
-#
-## How To Install SMBLDAP-TOOLS
-
-INSTALLATION on CentOS4:
--=-=-=-=-=-=-=-=-=-=-=-=
-. yum install perl-Digest-SHA1 perl-LDAP perl-IO-Socket-SSL
-. add Dag Wieers repository
-  cat > /etc/yum.repos.d/DAG.repo << EOF
-[dag]
-name=DAG Repository
-baseurl = http://apt.sw.be/redhat/el\$releasever/en/\$basearch/dag
-gpgkey=http://dag.wieers.com/packages/RPM-GPG-KEY.dag.txt
-gpgcheck=1
-enabled=0
-EOF
-. yum --enablerepo=dag install perl-Crypt-SmbHash perl-Unicode-MapUTF8
-
-INSTALLATION from the tar.gz archive
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-. Copy all those scripts in /usr/local/sbin/
-. Modify smbldap.conf and smbldap_bind.conf to match your configuration, and copy
-  them in /etc/smbldap-tools/
-. set proper permissions on those files:
-  $ chmod 644 /etc/smbldap-tools/smbldap.conf
-  $ chmod 600 /etc/smbldap-tools/smbldap_bind.conf
-. update the 2 first declaration of /usr/local/sbin/smbldap_tools.pm to define the
-  PATH to the configuration file, for example
-  > my $smbldap_conf="/etc/smbldap-tools/smbldap.conf";
-  > my $smbldap_bind_conf="/etc/smbldap-tools/smbldap_bind.conf";
-. if upgrading, add these lines in smbldap.conf configuration file:
-  > # Allows not tu use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)
-  > # but prefer Crypt:: libraries
-  > with_slappasswd="0"
-  > slappasswd="/usr/sbin/slappasswd"
-  If 'with_slappasswd' is set to 0, password will be hashed with appropriate perl module
-  (to not use anymore external programm)
-. initialize the ldap directory
-  $ smbldap-populate
-. If not already done : "smbpasswd -w secret" to set up
-  the ldap admin password in secrets.tdb
-
-INSTALLATION from RedHat RPM:
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-. install the package
-  $ rpm -Uvh smbldap-tools-0.8.6-1.noarch.rpm
-. Modify /etc/opt/IDEALX/smbldap-tools/smbldap.conf and /etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf
-  to match you configuration.
-. initialize the ldap directory
-  $ smbldap-populate
-. If not already done : "smbpasswd -w secret" to set up
-  the ldap admin password in secrets.tdb
+How To Install SMBLDAP-TOOLS
+======================================================================
 
+Requirements
+======================================================================
 
+For build and installation:
+  * Perl 5.x
+  * make
+
+For runtime:
+  * Perl 5.8.1 or later
+  * Perl Net::LDAP module
+  * Perl Crypt::SmbHash module
+
+Basic install procedure
+======================================================================
+
+  $ ./configure
+  ...
+  $ make
+  ...
+  # su -
+  Password: xxxxxxxx
+  # make install
+  ...
+
+Basic configuration procedure
+======================================================================
+
+  * Edit smbldap.conf and smbldap_bind.conf file in
+    /usr/local/etc/smbldap-tools directory (by default) to match
+    your environment.
+
+  * Initialize the LDAP DIT
+
+    # smbldap-populate
+
+Upgrade to new release from previous release
+======================================================================
+
+Upgrade from release 0.9.6
+----------------------------------------------------------------------
+
+smbldap-tools 0.9.7 now support sambaNextRid attribute and its value
+in sambaDomain object for new RID allocation instead of obsolete RID
+algorithm by default. (It is for compatibility with Samba 3.0.23c and later.)
+
+If you are upgrading from smbldap-tools 0.9.6 (or older) and/or you
+want to use legacy RID algorithm for new RID allocation, you must
+add "sambaAlgorithmicRidBase: 1000" to your sambaDomain object.
+You can do that by running `./smbldap-upgrade-0.9.6.cmd` in your
+smbldap-tools source tree.
 
-
-
-UPGRADE TO RELEASE 0.8.8 :
--=-=-=-=-=-=-=-=-=-=-=-=-=
-you need to add the new parameter userHomeDirectoryMode in smbldap.conf. For example :
-=> # Default mode used for user homeDirectory
-=> userHomeDirectoryMode="700"
-
-UPGRADE TO RELEASE 0.8.7 :
--=-=-=-=-=-=-=-=-=-=-=-=-=
-. configuration files are now stored in /etc/opt/IDEALX/smbldap-tools/
-. Next uidNumber and gidNumber available are _not_ stored anymore in cn=NextFreeUnixId
-  by default, but you can still continue to use your entry.
-  They are now store in the sambaDomain entry.
-. If your sambaDomain entry already exist, you can securely execute the smbldap-populate script to
-  update it and add the uidNumber and gidNumber attribut.
-  
-
-UPGRADE TO RELEASE 0.8.5 :
--=-=-=-=-=-=-=-=-=-=-=-=-=
-. Change the variable name userHomePrefix to userHome in /etc/smbldap-tools/smbldap.conf
-. Next uidNumber and gidNumber available are now stored in cn=NextFreeUnixId
-  When upgrading, you need to create this object manually. You can use for example
-  an add.ldif life containing the following lines:
-  > dn: cn=NextFreeUnixId,dc=idealx,dc=org
-  > objectClass: inetOrgPerson
-  > objectClass: sambaUnixIdPool
-  > uidNumber: 1000
-  > gidNumber: 1000
-  > cn: NextFreeUnixId
-  > sn: NextFreeUnixId
-  and then add the object with the ldapadd utility:
-  $ ldapadd -x -D "cn=Manager,dc=idealx,dc=org" -w secret -f add.ldif
-  note: . $firstuidNumber and $firstgidNumber are the first uidNumber and gidNumber
-          available (previously called UID_START and GID_START in the configuration file)
-        . here, 1000 is the first available value for uidNumber and gidNumber (of course, if
-          this value is already used by a user or a group, the first available after 1000 will
-          be used).
-. Next, you have to update the configuration file to defined the object where are sotred
-  the next uidNumber and gidNumber available. In our example, you have to add a new entry in
-  /etc/smbldap-tools/smbldap.conf containing :
-  > # Where to store next uidNumber and gidNumber available
-  > sambaUnixIdPooldn="cn=NextFreeUnixId,${suffix}"
-. Update, if necessary, the configuration file that defined users, groups and computers dn.
-  Those parameters must not be relative to the suffix parameter. A typical configuration look
-  like this :
-  > usersdn="ou=Users,${suffix}"
-  > computersdn="ou=Computers,${suffix}"
-  > groupsdn="ou=Groups,${suffix}"
-. the "Domain Computers" gidNumber should be set to 515 (see wellknown rid). Check if
-  you need to update the smbldap-tools configuration file /etc/smbldap-tools/smbldap.conf :
-  > defaultComputerGid="515"
-. the new version adds mail-forwarding and mail-alias capabilities to
-  the user's ldap-records. Those new attributes may be used for mail
-  delievry by MTAs like sendmail or postfix. Two new options "-M" and "-T"
-  allow specifying mail-aliases and mail-forward addresses in
-  smbldap-useradd and smbldap-usermod. If those options are used, the
-  objectclass "inetLocalMailRecipient" is used.
-  This objectclass is part of the misc.schema schema given with the OpenLDAP package
-  You then have to update the configuration file to set the domain name to append to mail.
-  For example, you can add a new entry in /etc/smbldap-tools/smbldap.conf containing :
-  > # Domain appended to the users "mail"-attribute
-  > # when smbldap-useradd -M is used
-  > mailDomain="idealx.com"
-
-UPGRADE TO RELEASE 0.8.4 :
--=-=-=-=-=-=-=-=-=-=-=-=-=
-. configuration is now set in two different files:
-  - /etc/smbldap-tools/smbldap.conf for global parameters
-  - /etc/smbldap-tools/smbldap_bind.conf for connection parameters
-. scripts does not have any more the .pl extension. The call of the
-  scripts in the smb.conf file must then be updated.
-
-
-
-
-# - The End
diff -Nru smbldap-tools-0.9.5/Makefile smbldap-tools-0.9.7/Makefile
--- smbldap-tools-0.9.5/Makefile	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/Makefile	2011-09-06 13:10:40.000000000 +0200
@@ -1,133 +1 @@
-PACKAGE=smbldap-tools
-VERSION=0.9.5
-RELEASE=1
-DESTARCH=smbldap-tools-$(VERSION)
-#RELEASE=$(shell date +%s)
-
-# where to build the rpm
-TOPDIR=/home/$(USER)/redhat
-GPG_PATH=/home/$(USER)/.gnupg
-#BUILD_CMD=rpmbuild -ba
-BUILD_CMD=rpmbuild -ba --sign
-
-prefix=/usr
-sbindir=$(prefix)/sbin
-sysconfdir=/etc/
-make=/usr/bin/make
-install=/usr/bin/install
-rm=/bin/rm
-sed=/bin/sed
-
-prep:
-	$(sed) -e 's|@SBINDIR@|$(sbindir)|g' smb.conf.in > smb.conf
-
-all:	prep distclean rpm
-
-install:
-	@mkdir -p $(sbindir)
-	@mkdir -p $(sysconfdir)/smbldap-tools/
-	$(install) -m0755 smbldap-* smbldap_tools.pm $(sbindir)
-	$(install) -m0644 smbldap.conf $(sysconfdir)/smbldap-tools/
-	$(install) -m0600 smbldap_bind.conf $(sysconfdir)/smbldap-tools/
-
-clean:
-	$(rm) -f *~
-
-distclean:
-	$(rm) -f *~
-
-dist: .diststamp
-	@if [ -d $(DESTARCH) ];then echo "About to remove ./$(DESTARCH)/ in 5 seconds ..."; sleep 5; fi
-	@rm -rf ./$(DESTARCH)/
-	@mkdir -p $(DESTARCH)/doc
-	@cp smbldap-tools.spec $(DESTARCH)
-	@perl -i -pe's@^\%define version(.*)@\%define version $(VERSION)@' $(DESTARCH)/smbldap-tools.spec
-	@perl -i -pe's@^\%define release(.*)@\%define release $(RELEASE)@' $(DESTARCH)/smbldap-tools.spec
-	@cp Makefile $(DESTARCH)
-	@cp CONTRIBUTORS $(DESTARCH)
-	@cp COPYING $(DESTARCH)
-	@cp ChangeLog $(DESTARCH)
-	@cp FILES $(DESTARCH)
-	@cp INSTALL $(DESTARCH)
-	@cp README $(DESTARCH)
-	@cp TODO $(DESTARCH)
-	@cp INFRA $(DESTARCH)
-	@cp smbldap-populate $(DESTARCH)
-	@cp smbldap-groupadd $(DESTARCH)
-	@cp smbldap-groupshow $(DESTARCH)
-	@cp smbldap-groupmod $(DESTARCH)
-	@cp smbldap-groupdel $(DESTARCH)
-	@cp smbldap-useradd $(DESTARCH)
-	@cp smbldap-usershow $(DESTARCH)
-	@cp smbldap-usermod $(DESTARCH)
-	@cp smbldap-userinfo $(DESTARCH)
-	@cp smbldap-userlist $(DESTARCH)
-	@cp smbldap-userdel $(DESTARCH)
-	@cp smbldap-passwd $(DESTARCH)
-	@cp smbldap_bind.conf $(DESTARCH)
-	@cp smbldap_tools.pm $(DESTARCH)
-	@cp smbldap.conf $(DESTARCH)
-	@cp configure.pl $(DESTARCH)
-	@cp -r migration_scripts $(DESTARCH)/doc/
-	@cp doc/smbldap-tools/*.pdf doc/smbldap-tools/*.html $(DESTARCH)/doc/
-	@cp slapd.conf $(DESTARCH)/doc/
-	@cp smb.conf $(DESTARCH)/doc/
-	@rm -rf $(DESTARCH)/doc/{html,migration_scripts}/.svn
-	@echo "Creating tarball $(DESTARCH).tgz ...";
-	@tar czf $(DESTARCH).tgz $(DESTARCH)
-	@rm -r $(DESTARCH)
-	@touch .diststamp
-
-build_dir:
-	@echo '%_topdir $(TOPDIR)' > $(HOME)/.rpmmacros
-	@echo '%_signature gpg' >> $(HOME)/.rpmmacros
-	@echo '%_gpg_name Jerome Tournier <jtournier@gmail.com>' >> $(HOME)/.rpmmacros
-	@echo '%_gpg_path $(GPG_PATH)' >> $(HOME)/.rpmmacros
-	@mkdir -p $(TOPDIR)/BUILD
-	@mkdir -p $(TOPDIR)/RPMS/i386
-	@mkdir -p $(TOPDIR)/SOURCES
-	@mkdir -p $(TOPDIR)/SPECS
-	@mkdir -p $(TOPDIR)/SRPMS
-
-rpm: dist build_dir
-	@cp -f $(DESTARCH).tgz $(TOPDIR)/SOURCES/
-	@cp -f smbldap-tools.spec $(TOPDIR)/SPECS/
-	@perl -i -pe's@^\%define version(.*)@\%define version $(VERSION)@' $(TOPDIR)/SPECS/smbldap-tools.spec
-	@perl -i -pe's@^\%define release(.*)@\%define release $(RELEASE)@' $(TOPDIR)/SPECS/smbldap-tools.spec
-	@perl -i -pe's@^Source0(.*)@Source0: smbldap-tools-$(VERSION).tgz@' $(TOPDIR)/SPECS/smbldap-tools.spec
-	@cd $(TOPDIR)/SPECS/ && $(BUILD_CMD) smbldap-tools.spec
-	@echo "Signing packages smbldap-tools-$(VERSION)-$(RELEASE).noarch.rpm"
-	@cd $(TOPDIR)/RPMS/noarch &&  gpg --detach smbldap-tools-$(VERSION)-$(RELEASE).noarch.rpm
-	@echo "Signing packages smbldap-tools-$(VERSION)-$(RELEASE).src.rpm"
-	@cd $(TOPDIR)/SRPMS/ && gpg --detach smbldap-tools-$(VERSION)-$(RELEASE).src.rpm
-	@echo "Signing packages smbldap-tools-$(VERSION).tgz"
-	@cd $(TOPDIR)/SOURCES/ && gpg --detach smbldap-tools-$(VERSION).tgz
-	@echo "Arch: $(DESTARCH).tgz"
-
-
-home_devel: rpm
-	@mkdir -p iallanis/{docs/{smbldap-tools,samba-ldap-howto},old,development_release}
-	@cp -f iallanis/development_release/ChangeLog "/tmp/ChangeLog-homedevel-`date`"
-	@cp -f ChangeLog iallanis/development_release/
-	@cp $(TOPDIR)/SOURCES/smbldap-tools-$(VERSION){.tgz,.tgz.sig} iallanis/development_release/
-	@cp $(TOPDIR)/RPMS/noarch/smbldap-tools-$(VERSION)-$(RELEASE).noarch{.rpm,.rpm.sig} iallanis/development_release/
-	@cp $(TOPDIR)/SRPMS/smbldap-tools-$(VERSION)-$(RELEASE).src{.rpm,.rpm.sig} iallanis/development_release/
-	@rsync -avz --delete --delete-excluded --exclude .svn -e "ssh -p 443" iallanis/ 192.168.10.1:/home/www/html/smbldap-tools
-
-home: rpm
-	@cp -f iallanis/ChangeLog "/tmp/ChangeLog-home-`date`"
-	@cp -f ChangeLog iallanis/
-	@cp doc/smbldap-tools/smbldap-tools.html iallanis/docs/smbldap-tools/index.html
-	@cp doc/samba-ldap-howto/smbldap-howto.html iallanis/docs/samba-ldap-howto/index.html
-	@cp $(TOPDIR)/SOURCES/smbldap-tools-$(VERSION){.tgz,.tgz.sig} iallanis/
-	@cp $(TOPDIR)/RPMS/noarch/smbldap-tools-$(VERSION)-$(RELEASE).noarch{.rpm,.rpm.sig} iallanis/
-	@cp $(TOPDIR)/SRPMS/smbldap-tools-$(VERSION)-$(RELEASE).src{.rpm,.rpm.sig} iallanis/
-	rsync -avz --delete --delete-excluded --exclude .svn -e "ssh -p 443" iallanis/ 192.168.10.1:/home/www/html/smbldap-tools
-
-gna:
-	@cp -f ChangeLog GNA/packages/
-	@cp $(TOPDIR)/SOURCES/smbldap-tools-$(VERSION){.tgz,.tgz.sig} GNA/packages/
-	@cp $(TOPDIR)/RPMS/noarch/smbldap-tools-$(VERSION)-$(RELEASE).noarch{.rpm,.rpm.sig} GNA/packages/
-	@cp $(TOPDIR)/SRPMS/smbldap-tools-$(VERSION)-$(RELEASE).src{.rpm,.rpm.sig} GNA/packages/
-	rsync -avz -e ssh --delete --delete-excluded --exclude .svn GNA/ download.gna.org:/upload/smbldap-tools/
-
+include ./build/Makefile.maintainer
diff -Nru smbldap-tools-0.9.5/Makefile.in smbldap-tools-0.9.7/Makefile.in
--- smbldap-tools-0.9.5/Makefile.in	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/Makefile.in	2011-09-02 11:03:47.000000000 +0200
@@ -0,0 +1,130 @@
+# $Id$
+
+SOURCE_DIR=		.
+SOURCE_BUILD=		$(SOURCE_DIR)/build
+
+## ======================================================================
+
+RELEASE=		1
+DESTARCH=		smbldap-tools-$(PACKAGE_VERSION)
+
+# where to build the rpm
+TOPDIR=			$$HOME/redhat
+GPG_PATH=		$$HOME/.gnupg
+#RPMBUILD_CMD=		rpmbuild -ba
+RPMBUILD_CMD=		rpmbuild -ba --sign
+
+BUILD_TARGETS= \
+	$(BUILD_PERL_MOD_TARGETS) \
+	$(BUILD_PERL_CMD_TARGETS) \
+	$(BUILD_PERL_MAN_TARGETS) \
+	smbldap-config.cmd \
+	smbldap-upgrade-0.9.6.cmd \
+	doc/smb.conf.example \
+	doc/smb.smbldap.conf.example \
+	#
+
+INSTALL_DIR=		$(PERL_LIBDIR)
+INSTALL_FILES=		$(BUILD_PERL_MOD_TARGETS)
+INSTALL_CMD_DIR=	$(sbindir)
+INSTALL_CMDS=		$(BUILD_PERL_CMD_TARGETS)
+
+PERL_MOD_SOURCES=	smbldap_tools.pl
+
+PERL_CMD_SOURCES= \
+	smbldap-groupadd.pl \
+	smbldap-groupdel.pl \
+	smbldap-grouplist.pl \
+	smbldap-groupmod.pl \
+	smbldap-groupshow.pl \
+	smbldap-passwd.pl \
+	smbldap-populate.pl \
+	smbldap-useradd.pl \
+	smbldap-userdel.pl \
+	smbldap-userinfo.pl \
+	smbldap-userlist.pl \
+	smbldap-usermod.pl \
+	smbldap-usershow.pl
+
+PERL_MAN_SECTION=	8
+
+BUILD_PERL_MOD_TARGETS= $(PERL_MOD_SOURCES:.pl=.pm)
+BUILD_PERL_CMD_TARGETS= $(PERL_CMD_SOURCES:.pl=.cmd)
+BUILD_PERL_MAN_TARGETS= $(BUILD_PERL_CMD_TARGETS:.cmd=.$(PERL_MAN_SECTION))
+
+## ======================================================================
+
+include $(SOURCE_BUILD)/Makefile.common
+include $(SOURCE_BUILD)/Makefile.top
+
+## ======================================================================
+
+.SUFFIXES: .cmd .$(PERL_MAN_SECTION)
+
+.cmd.$(PERL_MAN_SECTION):
+	@echo "Building $@ from $< ..."
+	@$(POD2MAN_CMD) --section=$(PERL_MAN_SECTION) $< >$@.tmp
+	@mv $@.tmp $@
+
+## ======================================================================
+
+build::
+
+install:: install-files install-cmds
+
+## ======================================================================
+
+
+build_dir:
+	@echo '%_topdir $(TOPDIR)' > $(HOME)/.rpmmacros
+	@echo '%_signature gpg' >> $(HOME)/.rpmmacros
+	@echo '%_gpg_name Jerome Tournier <jtournier@gmail.com>' >> $(HOME)/.rpmmacros
+	@echo '%_gpg_path $(GPG_PATH)' >> $(HOME)/.rpmmacros
+	@mkdir -p $(TOPDIR)/BUILD
+	@mkdir -p $(TOPDIR)/RPMS/i386
+	@mkdir -p $(TOPDIR)/SOURCES
+	@mkdir -p $(TOPDIR)/SPECS
+	@mkdir -p $(TOPDIR)/SRPMS
+
+rpm: dist build_dir
+	@cp -f $(DESTARCH).tgz $(TOPDIR)/SOURCES/
+	@cp -f smbldap-tools.spec $(TOPDIR)/SPECS/
+	@perl -i -pe's@^\%define version(.*)@\%define version $(VERSION)@' $(TOPDIR)/SPECS/smbldap-tools.spec
+	@perl -i -pe's@^\%define release(.*)@\%define release $(RELEASE)@' $(TOPDIR)/SPECS/smbldap-tools.spec
+	@perl -i -pe's@^Source0(.*)@Source0: smbldap-tools-$(VERSION).tgz@' $(TOPDIR)/SPECS/smbldap-tools.spec
+	@cd $(TOPDIR)/SPECS/ && $(RPMBUILD_CMD) smbldap-tools.spec
+	@echo "Signing packages smbldap-tools-$(VERSION)-$(RELEASE).noarch.rpm"
+	@cd $(TOPDIR)/RPMS/noarch &&  gpg --detach smbldap-tools-$(VERSION)-$(RELEASE).noarch.rpm
+	@echo "Signing packages smbldap-tools-$(VERSION)-$(RELEASE).src.rpm"
+	@cd $(TOPDIR)/SRPMS/ && gpg --detach smbldap-tools-$(VERSION)-$(RELEASE).src.rpm
+	@echo "Signing packages smbldap-tools-$(VERSION).tgz"
+	@cd $(TOPDIR)/SOURCES/ && gpg --detach smbldap-tools-$(VERSION).tgz
+	@echo "Arch: $(DESTARCH).tgz"
+
+
+home_devel: rpm
+	@mkdir -p iallanis/{docs/{smbldap-tools,samba-ldap-howto},old,development_release}
+	@cp -f iallanis/development_release/ChangeLog "/tmp/ChangeLog-homedevel-`date`"
+	@cp -f ChangeLog iallanis/development_release/
+	@cp $(TOPDIR)/SOURCES/smbldap-tools-$(VERSION){.tgz,.tgz.sig} iallanis/development_release/
+	@cp $(TOPDIR)/RPMS/noarch/smbldap-tools-$(VERSION)-$(RELEASE).noarch{.rpm,.rpm.sig} iallanis/development_release/
+	@cp $(TOPDIR)/SRPMS/smbldap-tools-$(VERSION)-$(RELEASE).src{.rpm,.rpm.sig} iallanis/development_release/
+	@rsync -avz --delete --delete-excluded --exclude .svn -e "ssh -p 443" iallanis/ 192.168.10.1:/home/www/html/smbldap-tools
+
+home: rpm
+	@cp -f iallanis/ChangeLog "/tmp/ChangeLog-home-`date`"
+	@cp -f ChangeLog iallanis/
+	@cp doc/smbldap-tools/smbldap-tools.html iallanis/docs/smbldap-tools/index.html
+	@cp doc/samba-ldap-howto/smbldap-howto.html iallanis/docs/samba-ldap-howto/index.html
+	@cp $(TOPDIR)/SOURCES/smbldap-tools-$(VERSION){.tgz,.tgz.sig} iallanis/
+	@cp $(TOPDIR)/RPMS/noarch/smbldap-tools-$(VERSION)-$(RELEASE).noarch{.rpm,.rpm.sig} iallanis/
+	@cp $(TOPDIR)/SRPMS/smbldap-tools-$(VERSION)-$(RELEASE).src{.rpm,.rpm.sig} iallanis/
+	rsync -avz --delete --delete-excluded --exclude .svn -e "ssh -p 443" iallanis/ 192.168.10.1:/home/www/html/smbldap-tools
+
+gna:
+	@cp -f ChangeLog GNA/packages/
+	@cp $(TOPDIR)/SOURCES/smbldap-tools-$(VERSION){.tgz,.tgz.sig} GNA/packages/
+	@cp $(TOPDIR)/RPMS/noarch/smbldap-tools-$(VERSION)-$(RELEASE).noarch{.rpm,.rpm.sig} GNA/packages/
+	@cp $(TOPDIR)/SRPMS/smbldap-tools-$(VERSION)-$(RELEASE).src{.rpm,.rpm.sig} GNA/packages/
+	rsync -avz -e ssh --delete --delete-excluded --exclude .svn GNA/ download.gna.org:/upload/smbldap-tools/
+
diff -Nru smbldap-tools-0.9.5/README smbldap-tools-0.9.7/README
--- smbldap-tools-0.9.5/README	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/README	2011-09-01 11:21:07.000000000 +0200
@@ -1,34 +1,28 @@
-# $Id: $
-# $Source: $
-#
+# $Id$
 
 Latest version may be found at https://gna.org/projects/smbldap-tools/
 
 Bug Report:
-. Ubuntu: https://bugs.launchpad.net/ubuntu/+source/smbldap-tools/
-. Debian:
-    bug => http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=smbldap-tools
-    overview => http://packages.qa.debian.org/s/smbldap-tools.html
-. Samba: https://bugzilla.samba.org/
-. http://sourceforge.net/projects/smbldap-tools/
+  * Upstream: https://gna.org/bugs/?group=smbldap-tools
+  * Ubuntu:   https://bugs.launchpad.net/ubuntu/+source/smbldap-tools/
+  * Debian:   http://bugs.debian.org/cgi-bin/pkgreport.cgi?src=smbldap-tools
 
 Userful documentations:
-http://www.islandlinux.org/HOWTO/openldap_samba.html (see bug in nss_ldap)
+  http://www.islandlinux.org/HOWTO/openldap_samba.html (see bug in nss_ldap)
 
 
 What those tools are for?
 =-=-=-=-=-=-=-=-=-=-=-=-=
 
-A collection of scripts, «over» user{add,del,mod} and group{add,del,mod}
+A collection of scripts, «over» user{add,del,mod} and group{add,del,mod}
 system tools to manipulate users and groups stored in LDAP directory,
-for DEN system like SAMBA-LDAP and pam/nss_ldap systems.
+for DEN system like Samba-LDAP and pam/nss_ldap systems.
 
 Additionnaly, some scripts are designed to ease your migration from
 a Windows NT 4.0 PDC Server to a Samba-LDAP PDC Server (Killer?;-):
-smbldap-populate, smbldap-migrate-groups, smbldap-migrate-accounts.
+smbldap-populate and doc/migration_scripts/smbldap-migrate.
 
-They are currently used with Samba 2.2.4, therefore you may (will) have
-to make some fixes for Samba TNG and Samba 3.0. Hint: contribs welcome :)
+They are currently used with Samba 3.2 and later.
 
 In the future, some other function may come (like backup and restore,
 Novell migration tools, samba system activity report, dealing with
@@ -37,63 +31,33 @@
 
 What do SMBLDAP-TOOLS provide?
 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+
 Those tools provide the following functions :
- . populate LDAP database with a basic LDIF
- . add a user or group
- . delete a user or group
- . modify all users or groups data (all attributes types stored in
-   posixAccount and sambaAccount object class)
+  * Populate LDAP database with a basic LDIF
+  * Add a user or group
+  * Delete a user or group
+  * Modify all users or groups data (all attributes types stored in
+    posixAccount, posixGroup and sambaSamAccount object class)
 Taking care of :
- . staying compatible with all standard system tools options
-   (user/group{add,del,mod})
- . be extensible for future developments
-   (manipulation of shadow account options, for example)
- . error management, in the way system tools do
+  * Staying compatible with all standard system tools options
+    (user/group{add,del,mod})
+  * Be extensible for future developments
+    (manipulation of shadow account options, for example)
+  * Error management, in the way system tools do
 Constraints :
- . usage of PERL (portability)
- . all options must be placed in an external configuration file
- . english localization
-
-The current release uses the "mkntpwd" program, in mkntpwd.tar.gz
-in the current directory. It comes from
-http://www.demog.berkeley.edu/~aperrin/tips/src/mkntpwd.tar.gz
-It allows to not use smbpasswd (if $with_smbpasswd == 0 in smbldap_conf.pm)
+  * Usage of Perl (portability)
+  * All options must be placed in an external configuration file
+  * English localization
+
 
 What do SMBLDAP-TOOLS deliver?
 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+
 Contents :
- . scripts (see FILES)
- . user documentation in pod format, included in the sources
-   (or just use the -? option)
+  * Scripts (see FILES)
+  * User documentation in pod format, included in the sources
+    (or just use the -? option)
 
 These tools aim at delivering the same functionality as the corresponding
-system tools. However they may not be all implemented yet.
-Current limitations :
- . no shadow support
- . cannot change uid with usermod
- . no UTF-8 support (thus ASCII-7 only)
-
-
-How to generate documentation?
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-Just issue the following command:
- perldoc name_of_script.pl (ex: perldoc smbldap-useradd.pl)
-
-Where can I find the latest release of those scripts?
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-
-Just fire any web browser to http://samba.IDEALX.org/
-and/or contact samba@IDEALX.org
-
-Additionnaly, you will find an useful Webmin module
-at http://webmin.IDEALX.org/ if interested in a graphical 
-user interface to manager user and groups accounts via Webmin
-for your Samba+LDAP PDC.
-
-Let us know if these tools helped you, or if we should enhance
-them with some functions you want them to support.
-
-Sincerly,
-	LEM
+system tools
 
-# - The End
diff -Nru smbldap-tools-0.9.5/smbldap_bind.conf smbldap-tools-0.9.7/smbldap_bind.conf
--- smbldap-tools-0.9.5/smbldap_bind.conf	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/smbldap_bind.conf	2011-07-12 15:29:04.000000000 +0200
@@ -1,3 +1,5 @@
+# $Id$
+#
 ############################
 # Credential Configuration #
 ############################
@@ -5,7 +7,7 @@
 # master ldap for writing access and a slave ldap server for reading access
 # By default, we will use the same DN (so it will work for standard Samba
 # release)
-slaveDN="cn=Manager,dc=iallanis,dc=info"
+slaveDN="cn=Manager,dc=example,dc=com"
 slavePw="secret"
-masterDN="cn=Manager,dc=iallanis,dc=info"
+masterDN="cn=Manager,dc=example,dc=com"
 masterPw="secret"
diff -Nru smbldap-tools-0.9.5/smbldap.conf smbldap-tools-0.9.7/smbldap.conf
--- smbldap-tools-0.9.5/smbldap.conf	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/smbldap.conf	2011-07-12 15:29:04.000000000 +0200
@@ -1,5 +1,4 @@
-# $Source: $
-# $Id: smbldap.conf,v 1.18 2005/05/27 14:28:47 jtournier Exp $
+# $Id$
 #
 # smbldap-tools.conf : Q & D configuration file for smbldap-tools
 
@@ -58,7 +57,7 @@
 # Slave LDAP server
 # Ex: slaveLDAP=127.0.0.1
 # If not defined, parameter is set to "127.0.0.1"
-slaveLDAP="ldap.iallanis.info"
+slaveLDAP="ldap.example.com"
 
 # Slave LDAP port
 # If not defined, parameter is set to "389"
@@ -67,7 +66,7 @@
 # Master LDAP server: needed for write operations
 # Ex: masterLDAP=127.0.0.1
 # If not defined, parameter is set to "127.0.0.1"
-masterLDAP="ldap.iallanis.info"
+masterLDAP="ldap.example.com"
 
 # Master LDAP port
 # If not defined, parameter is set to "389"
@@ -96,15 +95,15 @@
 
 # certificate to use to connect to the ldap server
 # see "man Net::LDAP" in start_tls section for more details
-clientcert="/etc/smbldap-tools/smbldap-tools.iallanis.info.pem"
+clientcert="/etc/smbldap-tools/smbldap-tools.example.com.pem"
 
 # key certificate to use to connect to the ldap server
 # see "man Net::LDAP" in start_tls section for more details
-clientkey="/etc/smbldap-tools/smbldap-tools.iallanis.info.key"
+clientkey="/etc/smbldap-tools/smbldap-tools.example.com.key"
 
 # LDAP Suffix
 # Ex: suffix=dc=IDEALX,dc=ORG
-suffix="dc=iallanis,dc=info"
+suffix="dc=example,dc=com"
 
 # Where are stored Users
 # Ex: usersdn="ou=Users,dc=IDEALX,dc=ORG"
@@ -135,13 +134,14 @@
 # Default scope Used
 scope="sub"
 
-# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
-hash_encrypt="SSHA"
+# Unix password hash scheme (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
+# If set to "exop", use LDAPv3 Password Modify (RFC 3062) extended operation.
+password_hash="SSHA"
 
-# if hash_encrypt is set to CRYPT, you may set a salt format.
+# if password_hash is set to CRYPT, you may set a salt format.
 # default is "%s", but many systems will generate MD5 hashed
 # passwords if you use "$1$%.8s". This parameter is optional!
-crypt_salt_format="%s"
+password_crypt_salt_format="%s"
 
 ##############################################################################
 # 
@@ -173,6 +173,9 @@
 # Skel dir
 skeletonDir="/etc/skel"
 
+# Treat shadowAccount object or not
+shadowAccount="1"
+
 # Default password validation time (time in days) Comment the next line if
 # you don't want password to be enable for defaultMaxPasswordAge days (be
 # careful to the sambaPwdMustChange attribute's value)
@@ -210,7 +213,7 @@
 # Domain appended to the users "mail"-attribute
 # when smbldap-useradd -M is used
 # Ex: mailDomain="idealx.com"
-mailDomain="iallanis.info"
+mailDomain="example.com"
 
 ##############################################################################
 #
@@ -218,12 +221,12 @@
 #
 ##############################################################################
 
-# Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but
+# Allows not to use smbpasswd (if with_smbpasswd="0" in smbldap.conf) but
 # prefer Crypt::SmbHash library
 with_smbpasswd="0"
 smbpasswd="/usr/bin/smbpasswd"
 
-# Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm)
+# Allows not to use slappasswd (if with_slappasswd="0" in smbldap.conf)
 # but prefer Crypt:: libraries
 with_slappasswd="0"
 slappasswd="/usr/sbin/slappasswd"
diff -Nru smbldap-tools-0.9.5/smbldap-config.pl smbldap-tools-0.9.7/smbldap-config.pl
--- smbldap-tools-0.9.5/smbldap-config.pl	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/smbldap-config.pl	2011-09-02 09:26:34.000000000 +0200
@@ -0,0 +1,559 @@
+#!@PERL_CMD@
+
+# $Id$
+
+# This script can help you setting up the smbldap_conf.pl file. It will set all
+# the default values that are defined in the smb.conf configuration file. You 
+# should then start with this configuration file. You will also need the SID
+# for your samba domain: set up the domain controller before using this script.
+
+#  This code was developed by IDEALX (http://IDEALX.org/) and
+#  contributors (their names can be found in the CONTRIBUTORS file).
+#
+#                 Copyright (C) 2002 IDEALX
+#
+#  This program is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU General Public License
+#  as published by the Free Software Foundation; either version 2
+#  of the License, or (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+#  USA.
+
+use strict;
+use warnings;
+use File::Basename;
+
+# we need to be root to configure the scripts
+if ($< != 0) {
+  die "Only root can configure the smbldap-tools scripts\n";
+}
+
+print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+       smbldap-tools script configuration
+       -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
+Before starting, check
+ . if your samba controller is up and running.
+ . if the domain SID is defined (you can get it with the 'net getlocalsid')
+
+ . you can leave the configuration using the Ctrl-c key combination
+ . empty value can be set with the \".\" character\n";
+print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n";
+
+# we first check if Samba is up and running
+my $test_smb=`pidof smbd`;
+chomp($test_smb);
+die "\nSamba needs to be started first !\n" if ($test_smb eq "" || not defined $test_smb);
+
+print "Looking for configuration files...\n\n";
+my $smb_conf="@SAMBA_SMB_CONF@";
+print "Samba Configuration File Path [$smb_conf] > ";
+chomp(my $config_smb=<STDIN>);
+if ($config_smb ne "") {
+  $smb_conf=$config_smb;
+}
+
+my $conf_dir = "@sysconfdir@";
+
+print "\nThe default directory in which the smbldap configuration files are stored is shown.\n";
+print "If you need to change this, enter the full directory path, then press enter to continue.\n";
+print "Smbldap-tools Configuration Directory Path [$conf_dir] > ";
+my $conf_dir_tmp;
+chomp($conf_dir_tmp=<STDIN>);
+if ($conf_dir_tmp ne "") {
+  $conf_dir=$conf_dir_tmp;
+}
+
+$conf_dir=~s/\/*$//;
+if (! -d $conf_dir) {
+	mkdir "$conf_dir";
+}
+
+my $smbldap_conf="$conf_dir"."/smbldap.conf";
+my $smbldap_bind_conf="$conf_dir"."/smbldap_bind.conf";
+
+
+
+# Let's read the smb.conf configuration file
+my %config;
+open (CONFIGFILE, "$smb_conf") || die "Unable to open $smb_conf for reading !\n";
+
+while (<CONFIGFILE>) {
+
+  chomp($_);
+
+  ## eat leading whitespace
+  $_=~s/^\s*//;
+
+  ## eat trailing whitespace
+  $_=~s/\s*$//;
+
+
+  ## throw away comments
+  next if (($_=~/^#/) || ($_=~/^;/));
+
+  ## check for a param = value
+  if ($_=~/=/) {
+    #my ($param, $value) = split (/=/, $_);
+    my ($param, $value) = ($_=~/([^=]*)=(.*)/i);
+    $param=~s/./\l$&/g;
+    $param=~s/\s+//g;
+    $value=~s/^\s+//;
+
+    $value=~s/"//g;
+
+    $config{$param} = $value;
+    #print "param=$param\tvalue=$value\n";
+
+    next;
+  }
+}
+close (CONFIGFILE);
+
+print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
+print "Let's start configuring the smbldap-tools scripts ...\n\n";
+
+# This function need 4 parameters:
+# . the description of the parameter
+# . name of the key it is related to in the %config hash (key similar as the name parameter in
+#   smb.conf). You can get all the available keys using this:
+#   foreach my $tmp (keys %config) {
+#	print "key=$tmp\t value=$config{$tmp}\n";
+#   }
+# . if no value is found in smb.conf for the keys, this value is proposed
+# . the 'insist' variable: if set to 1, then the script will always call for a value
+#   for the parameter. In other words, there's no default value, and it can't be set
+#   to an empty string.
+
+sub read_entry
+  {
+    my $description=shift;
+    my $value=shift;
+    my $example_value=shift;
+    my $insist=shift;
+    my $value_tmp;
+    chomp($value);
+    $insist=0 if (! defined $insist);
+    if (defined $config{$value} and $config{$value} ne "") {
+      print "$description [$config{$value}] > ";
+      $value_tmp=$config{$value};
+    } else {
+      print "$description [$example_value] > ";
+      $value_tmp="$example_value";
+    }
+    chomp(my $get=<STDIN>);
+    if ($get eq "") {
+      $value=$value_tmp;
+    } elsif ($get eq ".") {
+      $value="";
+    } else {
+      $value=$get;
+    }
+    if ($insist == 1 and "$value" eq "") {
+      while ($insist == 1) {
+	print "  Warning: You really need to set this parameter...\n";
+	$description=~s/. /  /;
+	if (defined $config{$value}) {
+	  print "$description [$config{$value}] > ";
+	  $value_tmp=$config{$value};
+	} else {
+	  print "$description [$value] > ";
+	  $value_tmp="$value";
+	}
+	chomp(my $get=<STDIN>);
+	if ($get eq "") {
+	  $value=$value_tmp;
+	} elsif ($get eq ".") {
+	  $value="";
+	} else {
+	  $value=$get;
+	  $insist=0;
+	}
+      }
+    }
+    return $value;
+  }
+
+print ". workgroup name: name of the domain Samba acts as a PDC for\n";
+my $workgroup=read_entry("  workgroup name","workgroup","",0);
+
+print ". netbios name: netbios name of the samba controller\n";
+my $netbios_name=read_entry("  netbios name","netbiosname","",0);
+
+print ". logon drive: local path to which the home directory will be connected (for NT Workstations). Ex: 'H:'\n";
+my $logondrive=read_entry("  logon drive","logondrive","",0);
+
+print ". logon home: home directory location (for Win95/98 or NT Workstation).\n  (use %U as username) Ex:'\\\\$netbios_name\\%U'\n";
+my $logonhome=read_entry("  logon home (press the \".\" character if you don't want homeDirectory)","logonhome","\\\\$netbios_name\\%U",0);
+#$logonhome=~s/\\/\\\\/g;
+
+print ". logon path: directory where roaming profiles are stored. Ex:'\\\\$netbios_name\\profiles\\\%U'\n";
+my $logonpath=read_entry("  logon path (press the \".\" character if you don't want roaming profiles)","logonpath","\\\\$netbios_name\\profiles\\\%U",0);
+#$logonpath=~s/\\/\\\\/g;
+
+my $userHome=read_entry(". home directory prefix (use %U as username)","","/home/\%U",0);
+
+my $userHomeDirectoryMode=read_entry(". default users' homeDirectory mode","","700",0);
+
+my $userScript=read_entry(". default user netlogon script (use %U as username)","logonscript","",0);
+
+my $defaultMaxPasswordAge=read_entry("  default password validation time (time in days)","","45",0);
+
+#############################
+# ldap directory parameters #
+#############################
+my $ldap_suffix=read_entry(". ldap suffix","ldapsuffix","",0);
+my $ldap_group_suffix=read_entry(". ldap group suffix","ldapgroupsuffix","",0);
+$ldap_group_suffix=~s/ou=//;
+my $ldap_user_suffix=read_entry(". ldap user suffix","ldapusersuffix","",0);
+$ldap_user_suffix=~s/ou=//;
+my $ldap_machine_suffix=read_entry(". ldap machine suffix","ldapmachinesuffix","",0);
+$ldap_machine_suffix=~s/ou=//;
+my $ldap_idmap_suffix=read_entry(". Idmap suffix","ldapidmapsuffix","ou=Idmap",0);
+print ". sambaUnixIdPooldn: object where you want to store the next uidNumber\n";
+print "  and gidNumber available for new users and groups\n";
+my $sambaUnixIdPooldn=read_entry("  sambaUnixIdPooldn object (relative to \${suffix})","","sambaDomainName=$workgroup",0);
+
+# parameters for the master ldap server
+my ($trash1,$server);
+if (defined $config{passdbbackend}) {
+  ($trash1,$server)=($config{passdbbackend}=~m/(.*)ldap:\/\/(.*)/);
+}
+$server="127.0.0.1" unless defined($server);
+$server=~s/\///;
+my $ldapmasterserver;
+print ". ldap master server: IP address or DNS name of the master (writable) ldap server\n";
+$ldapmasterserver=read_entry("  ldap master server","",$server,0);
+my $ldapmasterport;
+if (defined $config{ldapport}) {
+  $ldapmasterport=read_entry(". ldap master port","ldapport","",0);
+} else {
+  $ldapmasterport=read_entry(". ldap master port","","389",0);
+}
+my $ldap_master_admin_dn=read_entry(". ldap master bind dn","ldapadmindn","",0);
+system "stty -echo";
+my $ldap_master_bind_password=read_entry(". ldap master bind password","","",1);
+print "\n";
+system "stty echo";
+
+# parameters for the slave ldap server
+print ". ldap slave server: IP address or DNS name of the slave ldap server: can also be the master one\n";
+my $ldap_slave_server=read_entry("  ldap slave server","","$server",0);
+my $ldap_slave_port;
+if (defined $config{ldapport}) {
+  $ldap_slave_port=read_entry(". ldap slave port","ldapport","",0);
+} else {
+  $ldap_slave_port=read_entry(". ldap slave port","","389",0);
+}
+my $ldap_slave_admin_dn=read_entry(". ldap slave bind dn","ldapadmindn","",0);
+system "stty -echo";
+my $ldap_slave_bind_password=read_entry(". ldap slave bind password","","",1);
+print "\n";
+system "stty echo";
+my $ldaptls=read_entry(". ldap tls support (1/0)","","0",0);
+my ($cert_verify,$cert_cafile,$cert_clientcert,$cert_clientkey)=("","","","");
+if ($ldaptls == 1) {
+  $cert_verify=read_entry(". How to verify the server's certificate (none, optional or require)","","require",0);
+  $cert_cafile=read_entry(". CA certificate file","","$conf_dir/ca.pem",0);
+  $cert_clientcert=read_entry(". certificate to use to connect to the ldap server","","$conf_dir/smbldap-tools.pem",0);
+  $cert_clientkey=read_entry(". key certificate to use to connect to the ldap server","","$conf_dir/smbldap-tools.key",0);
+}
+
+# let's test if any sid is available
+# Here is the strategy: If smb.conf has 'domain master = No'
+#  this means we are a BDC and we must obtain the SID from the PDC
+#  using the command 'net rpc getsid -S PDC -Uroot%password' BEFORE
+#  executing this script - that then guarantees the correct SID is available.
+my $sid_tmp=`net getlocalsid \$netbios_name 2>/dev/null | cut -f2 -d: | sed "s/ //g"`;
+chomp $sid_tmp;
+print ". SID for domain $config{workgroup}: SID of the domain (can be obtained with 'net getlocalsid $netbios_name')\n";
+my $sid=read_entry("  SID for domain $config{workgroup}","","$sid_tmp",0);
+
+print ". unix password encryption: encryption used for unix passwords\n";
+my $cryp_algo=read_entry("  unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA)","","SSHA",0);
+my $crypt_salt_format="";
+if ( $cryp_algo eq "CRYPT" ) {
+  print ". crypt salt format: If hash_encrypt is set to CRYPT, you may set \n";
+  print "  a salt format. The default is \"\%s\", but many systems will generate\n";
+  print "  MD5 hashed passwords if you use \"\$1\$\%\.8s\"\n";
+  $crypt_salt_format=read_entry("  crypt salt format","","\%s",0);
+}
+
+my $default_user_gidnumber=read_entry(". default user gidNumber","","513",0);
+
+my $default_computer_gidnumber=read_entry(". default computer gidNumber","","515",0);
+
+my $userLoginShell=read_entry(". default login shell","","/bin/bash",0);
+
+my $skeletonDir=read_entry(". default skeleton directory","","/etc/skel",0);
+
+my $mailDomain=read_entry(". default domain name to append to mail address", "","",0);
+
+print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n";
+my $template_smbldap="
+# smbldap-tools.conf : Q & D configuration file for smbldap-tools
+
+#  This code was developed by IDEALX (http://IDEALX.org/) and
+#  contributors (their names can be found in the CONTRIBUTORS file).
+#
+#                 Copyright (C) 2001-2002 IDEALX
+#
+#  This program is free software; you can redistribute it and/or
+#  modify it under the terms of the GNU General Public License
+#  as published by the Free Software Foundation; either version 2
+#  of the License, or (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program; if not, write to the Free Software
+#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
+#  USA.
+
+#  Purpose :
+#       . be the configuration file for all smbldap-tools scripts
+
+##############################################################################
+#
+# General Configuration
+#
+##############################################################################
+
+# Put your own SID. To obtain this number do: \"net getlocalsid\".
+# If not defined, parameter is taking from \"net getlocalsid\" return
+SID=\"$sid\"
+
+# Domain name the Samba server is in charged.
+# If not defined, parameter is taking from smb.conf configuration file
+# Ex: sambaDomain=\"IDEALX-NT\"
+sambaDomain=\"$workgroup\"
+
+##############################################################################
+#
+# LDAP Configuration
+#
+##############################################################################
+
+# Notes: to use to dual ldap servers backend for Samba, you must patch
+# Samba with the dual-head patch from IDEALX. If not using this patch
+# just use the same server for slaveLDAP and masterLDAP.
+# Those two servers declarations can also be used when you have 
+# . one master LDAP server where all writing operations must be done
+# . one slave LDAP server where all reading operations must be done
+#   (typically a replication directory)
+
+# Slave LDAP server
+# Ex: slaveLDAP=127.0.0.1
+# If not defined, parameter is set to \"127.0.0.1\"
+slaveLDAP=\"$ldap_slave_server\"
+
+# Slave LDAP port
+# If not defined, parameter is set to \"389\"
+slavePort=\"$ldap_slave_port\"
+
+# Master LDAP server: needed for write operations
+# Ex: masterLDAP=127.0.0.1
+# If not defined, parameter is set to \"127.0.0.1\"
+masterLDAP=\"$ldapmasterserver\"
+
+# Master LDAP port
+# If not defined, parameter is set to \"389\"
+masterPort=\"$ldapmasterport\"
+
+# Use TLS for LDAP
+# If set to 1, this option will use start_tls for connection
+# (you should also used the port 389)
+# If not defined, parameter is set to \"1\"
+ldapTLS=\"$ldaptls\"
+
+# How to verify the server's certificate (none, optional or require)
+# see \"man Net::LDAP\" in start_tls section for more details
+verify=\"$cert_verify\"
+
+# CA certificate
+# see \"man Net::LDAP\" in start_tls section for more details
+cafile=\"$cert_cafile\"
+
+# certificate to use to connect to the ldap server
+# see \"man Net::LDAP\" in start_tls section for more details
+clientcert=\"$cert_clientcert\"
+
+# key certificate to use to connect to the ldap server
+# see \"man Net::LDAP\" in start_tls section for more details
+clientkey=\"$cert_clientkey\"
+
+# LDAP Suffix
+# Ex: suffix=dc=IDEALX,dc=ORG
+suffix=\"$ldap_suffix\"
+
+# Where are stored Users
+# Ex: usersdn=\"ou=Users,dc=IDEALX,dc=ORG\"
+# Warning: if 'suffix' is not set here, you must set the full dn for usersdn
+usersdn=\"ou=$ldap_user_suffix,\${suffix}\"
+
+# Where are stored Computers
+# Ex: computersdn=\"ou=Computers,dc=IDEALX,dc=ORG\"
+# Warning: if 'suffix' is not set here, you must set the full dn for computersdn
+computersdn=\"ou=$ldap_machine_suffix,\${suffix}\"
+
+# Where are stored Groups
+# Ex: groupsdn=\"ou=Groups,dc=IDEALX,dc=ORG\"
+# Warning: if 'suffix' is not set here, you must set the full dn for groupsdn
+groupsdn=\"ou=$ldap_group_suffix,\${suffix}\"
+
+# Where are stored Idmap entries (used if samba is a domain member server)
+# Ex: groupsdn=\"ou=Idmap,dc=IDEALX,dc=ORG\"
+# Warning: if 'suffix' is not set here, you must set the full dn for idmapdn
+idmapdn=\"$ldap_idmap_suffix,\${suffix}\"
+
+# Where to store next uidNumber and gidNumber available for new users and groups
+# If not defined, entries are stored in sambaDomainName object.
+# Ex: sambaUnixIdPooldn=\"sambaDomainName=\${sambaDomain},\${suffix}\"
+# Ex: sambaUnixIdPooldn=\"cn=NextFreeUnixId,\${suffix}\"
+sambaUnixIdPooldn=\"$sambaUnixIdPooldn,\${suffix}\"
+
+# Default scope Used
+scope=\"sub\"
+
+# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT)
+hash_encrypt=\"$cryp_algo\"
+
+# if hash_encrypt is set to CRYPT, you may set a salt format.
+# default is \"\%s\", but many systems will generate MD5 hashed
+# passwords if you use \"\$1\$\%\.8s\". This parameter is optional!
+crypt_salt_format=\"$crypt_salt_format\"
+
+##############################################################################
+# 
+# Unix Accounts Configuration
+# 
+##############################################################################
+
+# Login defs
+# Default Login Shell
+# Ex: userLoginShell=\"/bin/bash\"
+userLoginShell=\"$userLoginShell\"
+
+# Home directory
+# Ex: userHome=\"/home/\%U\"
+userHome=\"$userHome\"
+
+# Default mode used for user homeDirectory
+userHomeDirectoryMode=\"$userHomeDirectoryMode\"
+
+# Gecos
+userGecos=\"System User\"
+
+# Default User (POSIX and Samba) GID
+defaultUserGid=\"$default_user_gidnumber\"
+
+# Default Computer (Samba) GID
+defaultComputerGid=\"$default_computer_gidnumber\"
+
+# Skel dir
+skeletonDir=\"$skeletonDir\"
+
+# Default password validation time (time in days) Comment the next line if
+# you don't want password to be enable for defaultMaxPasswordAge days (be
+# careful to the sambaPwdMustChange attribute's value)
+defaultMaxPasswordAge=\"$defaultMaxPasswordAge\"
+
+##############################################################################
+#
+# SAMBA Configuration
+#
+##############################################################################
+
+# The UNC path to home drives location (\%U username substitution)
+# Just set it to a null string if you want to use the smb.conf 'logon home'
+# directive and/or disable roaming profiles
+# Ex: userSmbHome=\"\\\\PDC-SMB3\\%U\"
+userSmbHome=\"$logonhome\"
+
+# The UNC path to profiles locations (\%U username substitution)
+# Just set it to a null string if you want to use the smb.conf 'logon path'
+# directive and/or disable roaming profiles
+# Ex: userProfile=\"\\\\PDC-SMB3\\profiles\\\%U\"
+userProfile=\"$logonpath\"
+
+# The default Home Drive Letter mapping
+# (will be automatically mapped at logon time if home directory exist)
+# Ex: userHomeDrive=\"H:\"
+userHomeDrive=\"$logondrive\"
+
+# The default user netlogon script name (\%U username substitution)
+# if not used, will be automatically username.cmd
+# make sure script file is edited under dos
+# Ex: userScript=\"startup.cmd\" # make sure script file is edited under dos
+userScript=\"$userScript\"
+
+# Domain appended to the users \"mail\"-attribute
+# when smbldap-useradd -M is used
+# Ex: mailDomain=\"idealx.com\"
+mailDomain=\"$mailDomain\"
+
+##############################################################################
+#
+# SMBLDAP-TOOLS Configuration (default are ok for a RedHat)
+#
+##############################################################################
+
+# Allows not to use smbpasswd (if with_smbpasswd=\"0\" in smbldap.conf) but
+# prefer Crypt::SmbHash library
+with_smbpasswd=\"0\"
+smbpasswd=\"/usr/bin/smbpasswd\"
+
+# Allows not to use slappasswd (if with_slappasswd=\"0\" in smbldap.conf)
+# but prefer Crypt:: libraries
+with_slappasswd=\"0\"
+slappasswd=\"/usr/sbin/slappasswd\"
+
+# comment out the following line to get rid of the default banner
+# no_banner=\"1\"
+";
+
+my $template_smbldap_bind="
+############################
+# Credential Configuration #
+############################
+# Note: you can specify two different configurations if you use a
+# master ldap for writing access and a slave ldap server for reading access
+# By default, we will use the same DN (so it will work for standard Samba
+# release)
+slaveDN=\"$ldap_master_admin_dn\"
+slavePw=\"$ldap_master_bind_password\"
+masterDN=\"$ldap_slave_admin_dn\"
+masterPw=\"$ldap_slave_bind_password\"
+";
+
+print "backup old configuration files:\n";
+print "  $smbldap_conf->$smbldap_conf.old\n";
+print "  $smbldap_bind_conf->$smbldap_bind_conf.old\n";
+rename "$smbldap_conf","$smbldap_conf.old";
+rename "$smbldap_bind_conf","$smbldap_bind_conf.old";
+
+print "writing new configuration file:\n";
+open (SMBLDAP,'>',"$smbldap_conf") || die "Unable to open $smbldap_conf for writing !\n";
+print SMBLDAP "$template_smbldap";
+close(SMBLDAP);
+print "  $smbldap_conf done.\n";
+my $mode=0644;
+chmod $mode,"$smbldap_conf","$smbldap_conf.old";
+
+open (SMBLDAP_BIND,'>',"$smbldap_bind_conf") || die "Unable to open $smbldap_bind_conf for writing !\n";
+print SMBLDAP_BIND "$template_smbldap_bind";
+close(SMBLDAP_BIND);
+print "  $smbldap_bind_conf done.\n";
+$mode=0600;
+chmod $mode,"$smbldap_bind_conf","$smbldap_bind_conf.old";
+
diff -Nru smbldap-tools-0.9.5/smbldap-groupadd smbldap-tools-0.9.7/smbldap-groupadd
--- smbldap-tools-0.9.5/smbldap-groupadd	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/smbldap-groupadd	1970-01-01 01:00:00.000000000 +0100
@@ -1,216 +0,0 @@
-#!/usr/bin/perl -w
-
-#  This code was developped by Jerome Tournier (jtournier@gmail.com) and
-#  contributors (their names can be found in the CONTRIBUTORS file).
-
-#  This was first contributed by IDEALX (http://www.opentrust.com/)
-
-#  This program is free software; you can redistribute it and/or
-#  modify it under the terms of the GNU General Public License
-#  as published by the Free Software Foundation; either version 2
-#  of the License, or (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-#  USA.
-
-# Purpose of smbldap-groupadd : group (posix) add
-
-
-use strict;
-use FindBin;
-use FindBin qw($RealBin);
-use lib "$RealBin/";
-use smbldap_tools;
-use Getopt::Std;
-my %Options;
-
-my $ok = getopts('abg:or:s:t:p?', \%Options);
-if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) ) {
-    print_banner;
-    print "Usage: $0 [-agorst?] groupname\n";
-    print "  -a   add automatic group mapping entry\n";
-    print "  -b   create a AIX group\n";
-    print "  -g   gid\n";
-    print "  -o   gid is not unique\n";
-    print "  -r   group-rid\n";
-    print "  -s   group-sid\n";
-    print "  -t   group-type\n";
-    print "  -p   print the gidNumber to stdout\n";
-    print "  -?   show this help message\n";
-    exit (1);
-}
-
-my $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";
-
-if ($nscd_status == 0) {
-    system "/etc/init.d/nscd stop > /dev/null 2>&1";
-}
-
-
-my $_groupName = $ARGV[0];
-
-my $ldap_master=connect_ldap_master();
-
-if (defined(get_group_dn($_groupName))) {
-    warn "$0: group $_groupName exists\n";
-    exit (6);
-}
-
-my $_groupGidNumber = $Options{'g'};
-if (! defined ($_groupGidNumber = group_add($_groupName, $_groupGidNumber, $Options{'o'}))) {
-    warn "$0: error adding group $_groupName\n";
-    exit (6);
-}
-
-my $group_sid;
-my $tmp;
-if ($tmp= $Options{'s'}) {
-    if ($tmp =~ /^S-(?:\d+-)+\d+$/) {
-	$group_sid = $tmp;
-    } else {
-	warn "$0: illegal group-rid $tmp\n";
-	exit(7);
-    }
-} elsif ($Options{'r'} || $Options{'a'}) {
-    my $group_rid;
-    if ($tmp= $Options{'r'}) {
-	if ($tmp =~ /^\d+$/) {
-	    $group_rid = $tmp;
-	} else {
-	    warn "$0: illegal group-rid $tmp\n";
-	    exit(7);
-	}
-    } else {
-	# algorithmic mapping
-	$group_rid = 2*$_groupGidNumber+1001;
-    }
-    $group_sid = $config{SID}.'-'.$group_rid;
-}
-
-if ($Options{'r'} || $Options{'a'} || $Options{'s'}) {
-    # let's test if this SID already exist
-    my $test_exist_sid=does_sid_exist($group_sid,$config{groupsdn});
-    if ($test_exist_sid->count == 1) {
-	warn "Group SID already owned by\n";
-	# there should not exist more than one entry, but ...
-	foreach my $entry ($test_exist_sid->all_entries) {
-	    my $dn= $entry->dn;
-	    chomp($dn);
-	    warn "$dn\n";
-	}
-	exit(7);
-    }
-}
-
-if ($group_sid) {
-    my $group_type;
-    my $tmp;
-    if ($tmp= $Options{'t'}) {
-	unless (defined($group_type = &group_type_by_name($tmp))) {
-	    warn "$0: unknown group type $tmp\n";
-	    exit(8);
-	}
-    } else {
-	$group_type = group_type_by_name('domain');
-    }
-    my $modify = $ldap_master->modify ( "cn=$_groupName,$config{groupsdn}",
-					add => {
-					    'objectClass' => 'sambaGroupMapping',
-					    'sambaSID' => $group_sid,
-					    'sambaGroupType' => $group_type,
-					    'displayName' => "$_groupName"
-					    }
-					);
-    $modify->code && warn "failed to delete entry: ", $modify->error ;
-}
-
-if ($Options{'b'}) {
-    my $modify = $ldap_master->modify ( "cn=$_groupName,$config{groupsdn}",
-					add => {
-					    'objectClass' => 'AIXAuxGroup',
-					    'AIXGroupAdminList' => 'root',
-					    'isAdministrator' => 'false'
-					    }
-					);
-    $modify->code && warn "failed to delete entry: ", $modify->error ;
-}
-
-# take down session
-$ldap_master->unbind;
-
-if ($nscd_status == 0) {
-    system "/etc/init.d/nscd start > /dev/null 2>&1";
-}
-
-if ($Options{'p'}) {
-    print STDOUT "$_groupGidNumber";
-}
-exit(0);
-
-########################################
-
-=head1 NAME
-
-smbldap-groupadd - Create a new group
-
-=head1 SYNOPSIS
-
-smbldap-groupadd [-g gid ] [-a] [-o] [-r rid] [-s sid] [-t group type] [-p] group
-
-=head1 DESCRIPTION
-
-The smbldap-groupadd command creates a new group account using the values specified on the command line and the default values from the configuration file.
-The new group will be entered into the system files as needed.
-Available options are :
-
--g gid
-   The numerical value of the group's ID. This value must be
-   unique, unless the -o option is used. The value must be non-
-   negative. The default is to use the smallest ID value greater
-   than 1000 and greater than every other group.
-
--a
-   add an automatic Security ID for the group (SID).
-   The rid of the group is calculated from the gidNumber of the
-   group as rid=2*gidNumber+1001. Thus the resulted SID of the
-   group is $SID-$rid where $SID and $rid are the domain SID and
-   the group rid
-
--b
-   the group is also a AIX group
-
--o
-   gid is not unique
-
--p
-   print the gidNumber to stdout
-
--s sid
-   set the group SID.
-   The SID must be unique and defined with the domain Security ID
-   ($SID) like sid=$SID-rid where rid is the group rid.
-
--r rid
-   set the group rid.
-   The SID is then calculated as sid=$SID-rid where $SID is the
-   domain Security ID.
-
--t group type
-   set the NT Group type for the new group. Available values are
-   2 (domain group), 4 (local group) and 5 (builtin group).
-   The default group type is 2.
-
-=head1 SEE ALSO
-
-groupadd(1)
-
-=cut
-
-#'
diff -Nru smbldap-tools-0.9.5/smbldap-groupadd.pl smbldap-tools-0.9.7/smbldap-groupadd.pl
--- smbldap-tools-0.9.5/smbldap-groupadd.pl	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/smbldap-groupadd.pl	2011-07-12 15:29:04.000000000 +0200
@@ -0,0 +1,196 @@
+#!@PERL_CMD@
+
+# $Id$
+
+#  This code was developped by Jerome Tournier (jtournier@gmail.com) and
+#  contributors (their names can be found in the CONTRIBUTORS file).
+
+#  This was first contributed by IDEALX (http://www.opentrust.com/)
+
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Purpose of smbldap-groupadd : group (posix) add
+
+
+use strict;
+use warnings;
+use smbldap_tools;
+use Getopt::Std;
+my %Options;
+
+my $ok = getopts('abg:opr:s:t:?', \%Options);
+if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) ) {
+    print_banner;
+    print "Usage: $0 [-abgoprst?] groupname\n";
+    print "  -a   add automatic group mapping entry\n";
+    print "  -b   create a AIX group\n";
+    print "  -g   gid\n";
+    print "  -o   gid is not unique\n";
+    print "  -p   print the gidNumber to stdout\n";
+    print "  -r   group-rid\n";
+    print "  -s   group-sid\n";
+    print "  -t   group-type\n";
+    print "  -?   show this help message\n";
+    exit (1);
+}
+
+my $_groupName = $ARGV[0];
+
+nsc_invalidate("group");
+
+my $ldap_master=connect_ldap_master();
+
+if (defined(get_group_dn($_groupName))) {
+    warn "$0: group $_groupName exists\n";
+    exit (6);
+}
+
+my $_groupGidNumber = $Options{'g'};
+if (! defined ($_groupGidNumber = group_add($_groupName, $_groupGidNumber, $Options{'o'}))) {
+    warn "$0: error adding group $_groupName\n";
+    exit (6);
+}
+
+my $group_sid;
+my $tmp;
+if ($tmp= $Options{'s'}) {
+    if ($tmp =~ /^S-(?:\d+-)+\d+$/) {
+	$group_sid = $tmp;
+    } else {
+	warn "$0: illegal group-rid $tmp\n";
+	exit(7);
+    }
+} elsif ($Options{'r'} || $Options{'a'}) {
+    my $group_rid;
+    if ($tmp= $Options{'r'}) {
+	if ($tmp =~ /^\d+$/) {
+	    $group_rid = $tmp;
+	} else {
+	    warn "$0: illegal group-rid $tmp\n";
+	    exit(7);
+	}
+    } else {
+	# algorithmic mapping
+	$group_rid = group_next_rid($_groupGidNumber);
+    }
+    $group_sid = $config{SID}.'-'.$group_rid;
+}
+
+if ($Options{'r'} || $Options{'a'} || $Options{'s'}) {
+    # let's test if this SID already exist
+    if (my $account = account_by_sid($group_sid)) {
+	warn "SID already owned by " . $account->dn. "\n";
+	exit(7);
+    }
+}
+
+if ($group_sid) {
+    my $group_type;
+    my $tmp;
+    if ($tmp= $Options{'t'}) {
+	unless (defined($group_type = &group_type_by_name($tmp))) {
+	    warn "$0: unknown group type $tmp\n";
+	    exit(8);
+	}
+    } else {
+	$group_type = group_type_by_name('domain');
+    }
+    my $modify = $ldap_master->modify ( "cn=$_groupName,$config{groupsdn}",
+					add => {
+					    'objectClass' => 'sambaGroupMapping',
+					    'sambaSID' => $group_sid,
+					    'sambaGroupType' => $group_type,
+					    'displayName' => "$_groupName"
+					    }
+					);
+    $modify->code && warn "failed to delete entry: ", $modify->error ;
+}
+
+if ($Options{'b'}) {
+    my $modify = $ldap_master->modify ( "cn=$_groupName,$config{groupsdn}",
+					add => {
+					    'objectClass' => 'AIXAuxGroup',
+					    'AIXGroupAdminList' => 'root',
+					    'isAdministrator' => 'false'
+					    }
+					);
+    $modify->code && warn "failed to delete entry: ", $modify->error ;
+}
+
+# take down session
+$ldap_master->unbind;
+
+nsc_invalidate("group");
+
+if ($Options{'p'}) {
+    print STDOUT "$_groupGidNumber";
+}
+exit(0);
+
+########################################
+
+=head1 NAME
+
+smbldap-groupadd - Create a new group
+
+=head1 SYNOPSIS
+
+smbldap-groupadd [-g gid ] [-a] [-o] [-r rid] [-s sid] [-t group type] [-p] group
+
+=head1 DESCRIPTION
+
+The smbldap-groupadd command creates a new group account using the values specified on the command line and the default values from the configuration file.
+The new group will be entered into the system files as needed.
+Available options are :
+
+-g gid
+   The numerical value of the group's ID. This value must be
+   unique, unless the -o option is used. The value must be non-
+   negative. The default is to use the smallest ID value greater
+   than 1000 and greater than every other group.
+
+-a
+   add an automatic Security ID for the group (SID).
+
+-b
+   the group is also a AIX group
+
+-o
+   gid is not unique
+
+-p
+   print the gidNumber to stdout
+
+-s sid
+   set the group SID.
+   The SID must be unique and defined with the domain Security ID
+   ($SID) like sid=$SID-rid where rid is the group rid.
+
+-r rid
+   set the group rid.
+   The SID is then calculated as sid=$SID-rid where $SID is the
+   domain Security ID.
+
+-t group type
+   set the NT Group type for the new group. Available values are
+   2 (domain group), 4 (local group) and 5 (builtin group).
+   The default group type is 2.
+
+=head1 SEE ALSO
+
+groupadd(1)
+
+=cut
+
+#'
diff -Nru smbldap-tools-0.9.5/smbldap-groupdel smbldap-tools-0.9.7/smbldap-groupdel
--- smbldap-tools-0.9.5/smbldap-groupdel	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/smbldap-groupdel	1970-01-01 01:00:00.000000000 +0100
@@ -1,97 +0,0 @@
-#!/usr/bin/perl -w
-
-#  This code was developped by Jerome Tournier (jtournier@gmail.com) and
-#  contributors (their names can be found in the CONTRIBUTORS file).
-
-#  This was first contributed by IDEALX (http://www.opentrust.com/)
-
-#  This program is free software; you can redistribute it and/or
-#  modify it under the terms of the GNU General Public License
-#  as published by the Free Software Foundation; either version 2
-#  of the License, or (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-#  USA.
-
-# Purpose of smbldap-groupdel : group (posix) deletion
-
-use strict;
-use FindBin;
-use FindBin qw($RealBin);
-use lib "$RealBin/";
-use smbldap_tools;
-
-#####################
-use Getopt::Std;
-my %Options;
-
-my $ok = getopts('?', \%Options);
-if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) ) {
-    print_banner;
-    print "Usage: $0 groupname\n";
-    print "  -?	show this help message\n";
-    exit (1);
-}
-
-my $_groupName = $ARGV[0];
-
-my $ldap_master=connect_ldap_master();
-
-my $dn_line;
-if (!defined($dn_line = get_group_dn($_groupName))) {
-    print "$0: group $_groupName doesn't exist\n";
-    exit (6);
-}
-
-my $dn = get_dn_from_line($dn_line);
-
-group_del($dn);
-
-my $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";
-
-if ($nscd_status == 0) {
-    system "/etc/init.d/nscd restart > /dev/null 2>&1";
-}
-
-#if (defined($dn_line = get_group_dn($_groupName))) {
-#    print "$0: failed to delete group\n";
-#    exit (7);
-#}
-
-# take down session
-$ldap_master->unbind;
-
-
-exit (0);
-
-############################################################
-
-=head1 NAME
-
-smbldap-groupdel - Delete a group
-
-=head1 SYNOPSIS
-
-smbldap-groupdel group
-
-=head1 DESCRIPTION
-
-The smbldap-groupdel command modifies the system account files, deleting all entries that refer to a group. The named group must exist.
-
-You must manually check all filesystems to insure that no files remain
-with the named group as the file group ID.
-
-=head1 SEE ALSO
-
-groupdel(1)
-
-=cut
-
-#'
diff -Nru smbldap-tools-0.9.5/smbldap-groupdel.pl smbldap-tools-0.9.7/smbldap-groupdel.pl
--- smbldap-tools-0.9.5/smbldap-groupdel.pl	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/smbldap-groupdel.pl	2011-07-12 15:29:04.000000000 +0200
@@ -0,0 +1,91 @@
+#!@PERL_CMD@
+
+# $Id$
+
+#  This code was developped by Jerome Tournier (jtournier@gmail.com) and
+#  contributors (their names can be found in the CONTRIBUTORS file).
+
+#  This was first contributed by IDEALX (http://www.opentrust.com/)
+
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Purpose of smbldap-groupdel : group (posix) deletion
+
+use strict;
+use warnings;
+use smbldap_tools;
+
+#####################
+use Getopt::Std;
+my %Options;
+
+my $ok = getopts('?', \%Options);
+if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) ) {
+    print_banner;
+    print "Usage: $0 groupname\n";
+    print "  -?	show this help message\n";
+    exit (1);
+}
+
+my $_groupName = $ARGV[0];
+
+my $ldap_master=connect_ldap_master();
+
+my $dn_line;
+if (!defined($dn_line = get_group_dn($_groupName))) {
+    print "$0: group $_groupName doesn't exist\n";
+    exit (6);
+}
+
+my $dn = get_dn_from_line($dn_line);
+
+group_del($dn);
+
+nsc_invalidate("group");
+
+#if (defined($dn_line = get_group_dn($_groupName))) {
+#    print "$0: failed to delete group\n";
+#    exit (7);
+#}
+
+# take down session
+$ldap_master->unbind;
+
+
+exit (0);
+
+############################################################
+
+=head1 NAME
+
+smbldap-groupdel - Delete a group
+
+=head1 SYNOPSIS
+
+smbldap-groupdel group
+
+=head1 DESCRIPTION
+
+The smbldap-groupdel command modifies the system account files, deleting all entries that refer to a group. The named group must exist.
+
+You must manually check all filesystems to insure that no files remain
+with the named group as the file group ID.
+
+=head1 SEE ALSO
+
+groupdel(1)
+
+=cut
+
+#'
diff -Nru smbldap-tools-0.9.5/smbldap-grouplist.pl smbldap-tools-0.9.7/smbldap-grouplist.pl
--- smbldap-tools-0.9.5/smbldap-grouplist.pl	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/smbldap-grouplist.pl	2011-07-12 15:29:04.000000000 +0200
@@ -0,0 +1,194 @@
+#!@PERL_CMD@
+
+# $Id$
+
+#  This code was developped by Jerome Tournier (jtournier@gmail.com) and
+#  contributors (their names can be found in the CONTRIBUTORS file).
+
+#  This was first created by Martin Matuska <mm@FreeBSD.org>
+
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Purpose of smbldap-grouplist : list groups
+
+use strict;
+use warnings;
+use Getopt::Std;
+use smbldap_tools;
+
+# function declaration
+sub exist_in_tab;
+
+my %Options;
+
+my $ok = getopts('dtS?', \%Options);
+if ( (!$ok) || ($Options{'?'}) || $Options{'h'} ) {
+    print "Usage: $0 [dtS?] [user template]\n\n";
+    print "-d     Show displayName\n";
+    print "-t     Show samba group type\n";
+    print "-S     Show samba SID\n";
+    print "-?     show the help message\n";
+    exit (1);
+}
+
+my $binduser;
+my $pass;
+
+if (!defined($binduser)) {
+    $binduser = getpwuid($<);
+}
+
+my $search;
+if ( $ARGV[0] ) {
+    if ( $< != 0 ) {
+        die "Only root can show group inormation\n";
+    } else {
+        $search=$ARGV[0];
+    }
+} elsif ( $< != 0 ) {
+    $search=$binduser;
+}
+
+
+my ($dn,$ldap_master);
+# First, connecting to the directory
+if ($< != 0) {
+    # non-root user
+    if (!defined($pass)) {
+	$pass = password_read("UNIX password: ");
+
+# JTO: search real basedn: may be different in case ou=bla1,ou=bla2 !
+# JTO: faire afficher egalement lock, expire et lastChange
+$config{masterDN}="uid=$binduser,$config{usersdn}";
+$config{masterPw}="$pass";
+$ldap_master=connect_ldap_master();
+$dn=$config{masterDN};
+if (!is_user_valid($binduser, $dn, $pass)) {
+    print "Authentication failure\n";
+    exit (10);
+}
+}
+} else {
+    # root user
+    $ldap_master=connect_ldap_master();
+# test existence of user in LDAP
+my $dn_line;
+}
+
+sub print_group {
+    my ($entry, %Options) = @_;
+    printf "%4s ", $entry->get_value('gidNumber') ;
+    printf "|%-20s ", $entry->get_value('cn');
+    if ($Options{'d'})
+    {
+	if (defined $entry->get_value('displayName'))
+	{
+	    printf "|%-20s", $entry->get_value('displayName');
+	} else {
+	    print "|-";
+	}
+    }
+    if ($Options{'t'})
+    {
+	my $group_name;
+	if (defined($entry->get_value('sambaGroupType')) && \
+	    defined($group_name = &group_name_by_type($entry->get_value('sambaGroupType'))))
+	{
+	    printf "|%-14s", $group_name;
+	} else {
+	    print "|-";
+	}
+    }
+    if ($Options{'S'})
+    {
+	if (defined $entry->get_value('sambaSID'))
+	{
+	    printf "|%-47s", $entry->get_value('sambaSID');
+	} else {
+	    print "|-";
+	}
+    }
+    print "|\n";
+}
+
+my $attrs="['gid','cn'";
+my $banner="gid  |cn                   ";
+if ($Options{'d'})
+{
+    $banner .=  "|displayName         ";
+    $attrs  .=  ",'displayName'";
+}
+if ($Options{'t'})
+{
+    $banner .=  "|sambaGroupType";
+    $attrs  .=  ",'sambaGroupType'";
+}
+if ($Options{'S'})
+{
+    $banner .=  "|sambaSID                                       ";
+    $attrs  .=  ",'sambaSID'";
+}
+$attrs.="]";
+$banner.="|";
+print "$banner\n\n";
+my $filter;
+$filter = "(&(objectclass=posixGroup)";
+my $base = $config{groupsdn};
+
+if ($search) {
+    $filter.="(displayName=$search)";
+}
+
+$filter.=")";
+
+my  $mesg = $ldap_master->search ( base   => $base,
+                                   scope => $config{scope},
+                                   filter => $filter,
+				   attrs => "$attrs"
+				   );
+$mesg->code && warn $mesg->error;
+
+foreach my $entry ($mesg->all_entries) {
+    print_group($entry,%Options);
+}
+########################################
+
+=head1 NAME
+
+smbldap-grouplist list groups
+
+=head1 SYNOPSIS
+
+smbldap-grouplist [-S] [group template]
+
+
+=head1 DESCRIPTION
+
+-d     Show displayName
+
+-S     Show samba SID entry
+
+-?     show the help message
+
+=head1 EXAMPLE
+
+smbldap-grouplist -dS
+
+smbldap-grouplist "*ourn*"
+
+=cut
+
+#'
+
+# The End
diff -Nru smbldap-tools-0.9.5/smbldap-groupmod smbldap-tools-0.9.7/smbldap-groupmod
--- smbldap-tools-0.9.5/smbldap-groupmod	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/smbldap-groupmod	1970-01-01 01:00:00.000000000 +0100
@@ -1,293 +0,0 @@
-#!/usr/bin/perl -w
-
-#  This code was developped by Jerome Tournier (jtournier@gmail.com) and
-#  contributors (their names can be found in the CONTRIBUTORS file).
-
-#  This was first contributed by IDEALX (http://www.opentrust.com/)
-
-#  This program is free software; you can redistribute it and/or
-#  modify it under the terms of the GNU General Public License
-#  as published by the Free Software Foundation; either version 2
-#  of the License, or (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-#  USA.
-
-# Purpose of smbldap-groupmod : group (posix) modification
-
-
-use strict;
-use FindBin;
-use FindBin qw($RealBin);
-use lib "$RealBin/";
-use smbldap_tools;
-
-#####################
-
-use Getopt::Std;
-my %Options;
-
-my $ok = getopts('ag:n:m:or:s:t:x:?', \%Options);
-if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) ) {
-    print_banner;
-    print "Usage: $0 [-a] [-g gid [-o]] [-n name] [-m members(,)] [-x members (,)] [-r rid] [-s sid] [-t type] groupname\n";
-    print "  -a   add automatic group mapping entry\n";
-    print "  -g   new gid\n";
-    print "  -o   gid is not unique\n";
-    print "  -n   new group name\n";
-    print "  -m   add members (comma delimited)\n";
-    print "  -r   group-rid\n";
-    print "  -s   group-sid\n";
-    print "  -t   group-type\n"; 
-    print "  -x   delete members (comma delimted)\n";
-    print "  -?   show this help message\n";
-    exit (1);
-}
-
-my $groupName = $ARGV[0];
-my $group_entry;
-
-my $ldap_master=connect_ldap_master();
-
-if (! ($group_entry = read_group_entry($groupName))) {
-    print "$0: group $groupName doesn't exist\n";
-    exit (6);
-}
-
-my $newname = $Options{'n'};
-
-my $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";
-
-if ($nscd_status == 0) {
-    system "/etc/init.d/nscd restart > /dev/null 2>&1";
-}
-
-my $gid=$group_entry->get_value('gidNumber');
-
-unless (defined ($gid)) {
-    print "$0: group $groupName not found!\n";
-    exit(6);
-}
-
-my $tmp;
-if (defined($tmp = $Options{'g'}) and $tmp =~ /\d+/) {
-    if (!defined($Options{'o'})) {
-	if (defined(getgrgid($tmp))) {
-	    print "$0: gid $tmp exists\n";
-	    exit (6);
-	}
-    }
-    if (!($gid == $tmp)) {
-	my $modify = $ldap_master->modify ( "cn=$groupName,$config{groupsdn}",
-					    changes => [
-							replace => [gidNumber => $tmp]
-							]
-					    );
-	$modify->code && die "failed to modify entry: ", $modify->error ;
-    }
-}
-
-if (defined($newname)) {
-    my $modify = $ldap_master->moddn (
-				      "cn=$groupName,$config{groupsdn}",
-				      newrdn => "cn=$newname",
-				      deleteoldrdn => "1",
-				      newsuperior => "$config{groupsdn}"
-				      );
-    $modify->code && die "failed to modify entry: ", $modify->error ;
-    # take down session
-}
-
-# Add members
-if (defined($Options{'m'})) {
-    my $members = $Options{'m'};
-    my @members = split( /,/, $members );
-    my $member;
-    foreach $member ( @members ) {
-	my $group_entry=read_group_entry($groupName);
-	$config{groupsdn}=$group_entry->dn;
-	if (is_unix_user($member) || is_nonldap_unix_user($member)) {
-	    if (is_group_member($config{groupsdn},$member)) {
-		print "User $member already in the group\n";
-	    } else {
-		print "adding user $member to group $groupName\n";
-		my $modify = $ldap_master->modify ($config{groupsdn},
-						   changes => [
-							       add => [memberUid => $member]
-							       ]
-						   );
-		$modify->code && warn "failed to add entry: ", $modify->error ;
-	    }
-	} else {
-	    print "User $member does not exist: create it first !\n";
-	}
-    }
-}
-
-# Delete members
-if (defined($Options{'x'})) {
-    my $members = $Options{'x'};
-    my @members = split( /,/, $members );
-    my $member;
-    foreach $member ( @members ) {
-	my $user_entry=read_user_entry($member);
-	my $group_entry=read_group_entry($groupName);
-	$config{groupsdn}=$group_entry->dn;
-	if (is_group_member("$config{groupsdn}",$member)) {
-	    my $delete=1;
-	    if (defined $group_entry->get_value('sambaSID')) {
-		if ($group_entry->get_value('sambaSID') eq $user_entry->get_value('sambaPrimaryGroupSID')) {
-		    $delete=0;
-		    print "Cannot delete user ($member) from his primary group ($groupName)\n";
-		}
-	    }
-	    if ($delete eq 1) {
-		print "deleting user $member from group $groupName\n";
-		my $modify = $ldap_master->modify ($config{groupsdn},
-						   changes => [
-							       delete => [memberUid => $member]
-							       ]
-						   );
-		$modify->code && warn "failed to delete entry: ", $modify->error ;
-	    }
-	} else {
-	    print "User $member is not in the group $groupName!\n";
-	}
-    }
-}
-
-my $group_sid;
-if ($tmp= $Options{'s'}) {
-    if ($tmp =~ /^S-(?:\d+-)+\d+$/) {
-	$group_sid = $tmp;
-    } else {
-	print "$0: illegal group-rid $tmp\n";
-	exit(7);
-    }
-} elsif ($Options{'r'} || $Options{'a'}) {
-    my $group_rid;
-    if ($tmp= $Options{'r'}) {
-	if ($tmp =~ /^\d+$/) {
-	    $group_rid = $tmp;
-	} else {
-	    print "$0: illegal group-rid $tmp\n";
-	    exit(7);
-	}
-    } else {
-	# algorithmic mapping
-	$group_rid = 2*$gid+1001;
-    }
-    $group_sid = $config{SID}.'-'.$group_rid;
-}
-
-if ($group_sid) {
-    my @adds;
-    my @mods;
-    push(@mods, 'sambaSID' => $group_sid);
-
-    if ($tmp= $Options{'t'}) {
-	my $group_type;
-	if (defined($group_type = &group_type_by_name($tmp))) {
-	    push(@mods, 'sambaGroupType' => $group_type);
-	} else {
-	    print "$0: unknown group type $tmp\n";
-	    exit(8);
-	}
-    } else {
-	if (! defined($group_entry->get_value('sambaGroupType'))) {
-	    push(@mods, 'sambaGroupType' => group_type_by_name('domain'));
-	}
-    }
-
-    my @oc = $group_entry->get_value('objectClass');
-    unless (grep($_ =~ /^sambaGroupMapping$/i, @oc)) {
-	push (@adds, 'objectClass' => 'sambaGroupMapping');
-    }
-
-    my $modify = $ldap_master->modify ( "cn=$groupName,$config{groupsdn}",
-					changes => [
-						    'add' => [ @adds ],
-						    'replace' => [ @mods ]
-						    ]
-					);
-    $modify->code && warn "failed to delete entry: ", $modify->error ;
-}
-
-$nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";
-
-if ($nscd_status == 0) {
-    system "/etc/init.d/nscd restart > /dev/null 2>&1";
-}
-
-# take down session
-$ldap_master->unbind;
-
-exit (0);
-
-############################################################
-
-=head1 NAME
-
-smbldap-groupmod - Modify a group
-
-=head1 SYNOPSIS
-
-smbldap-groupmod [-g gid [-o]] [-a] [-r rid] [-s sid] [-t group type] [-n group_name ] [-m members(,)] [-x members (,)] group
-
-=head1 DESCRIPTION
-
-The smbldap-groupmod command modifies the system account files to reflect the changes that are specified on the command line. The options which apply to the smbldap-groupmod command are
-
--g gid The numerical value of the group's ID. This value must be unique, unless the -o option is used. The value must be non negative. Any files which the old group ID is the file roup ID must have the file group ID changed manually.
-
--n group_name
-   The name of the group will be changed from group to group_name.
-
--m members
-   The members to be added to the group in comma-delimeted form.
-
--x members
-   The members to be removed from the group in comma-delimted form.
-
--a
-   add an automatic Security ID for the group (SID). The rid of the group is calculated from the gidNumber of the group as rid=2*gidNumber+1001. Thus the resulted SID of the group is $SID-$rid where $SID and $rid are the domain SID and the group rid
-
--s sid
-   set the group SID.
-   The SID must be unique and defined with the domain Security ID ($SID) like sid=$SID-rid where rid is the group rid.
-
--r rid
-   set the group rid.
-   The SID is then calculated as sid=$SID-rid where $SID is the domain Security ID.
-
--t group type
-   set the NT Group type for the new group. Available values are 2 (domain group), 4 (local group) and 5 (builtin group). The default group type is 2.
-
-=head1 EXAMPLES
-
-smbldap-groupmod -g 253 development
-This will change the GID of the 'development' group to '253'.
-
-smbldap-groupmod -n Idiots Managers
-This will change the name of the 'Managers' group to 'Idiots'.
-
-smbldap-groupmod -m "jdoe,jsmith" "Domain Admins"
-This will add 'jdoe' and 'jsmith' to the 'Domain Admins' group.
-
-smbldap-groupmod -x "jdoe,jsmith" "Domain Admins"
-This will remove 'jdoe' and 'jsmith' from the 'Domain Admins' group.
-
-=head1 SEE ALSO
-
-groupmod(1)
-
-=cut
-
-#'
diff -Nru smbldap-tools-0.9.5/smbldap-groupmod.pl smbldap-tools-0.9.7/smbldap-groupmod.pl
--- smbldap-tools-0.9.5/smbldap-groupmod.pl	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/smbldap-groupmod.pl	2011-07-12 15:29:04.000000000 +0200
@@ -0,0 +1,290 @@
+#!@PERL_CMD@
+
+# $Id$
+
+#  This code was developped by Jerome Tournier (jtournier@gmail.com) and
+#  contributors (their names can be found in the CONTRIBUTORS file).
+
+#  This was first contributed by IDEALX (http://www.opentrust.com/)
+
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Purpose of smbldap-groupmod : group (posix) modification
+
+
+use strict;
+use warnings;
+use smbldap_tools;
+
+#####################
+
+use Getopt::Std;
+my %Options;
+
+my $ok = getopts('ag:n:m:or:s:t:x:?', \%Options);
+if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) ) {
+    print_banner;
+    print "Usage: $0 [-a] [-g gid] [-n name] [-m members(,)] [-o] [-r rid] [-s sid] [-t type] [-x members (,)] groupname\n";
+    print "  -a   add automatic group mapping entry\n";
+    print "  -g   new gid\n";
+    print "  -n   new group name\n";
+    print "  -m   add members (comma delimited)\n";
+    print "  -o   gid is not unique\n";
+    print "  -r   group-rid\n";
+    print "  -s   group-sid\n";
+    print "  -t   group-type\n"; 
+    print "  -x   delete members (comma delimted)\n";
+    print "  -?   show this help message\n";
+    exit (1);
+}
+
+my $groupName = $ARGV[0];
+my $group_entry;
+
+my $ldap_master=connect_ldap_master();
+
+if (! ($group_entry = read_group_entry($groupName))) {
+    print "$0: group $groupName doesn't exist\n";
+    exit (6);
+}
+
+nsc_invalidate("group");
+
+my $gid=$group_entry->get_value('gidNumber');
+
+unless (defined ($gid)) {
+    print "$0: group $groupName not found!\n";
+    exit(6);
+}
+
+my $tmp;
+if (defined($tmp = $Options{'g'}) and $tmp =~ /\d+/) {
+    if (!defined($Options{'o'})) {
+	if (defined(getgrgid($tmp))) {
+	    print "$0: gid $tmp exists\n";
+	    exit (6);
+	}
+    }
+    if (!($gid == $tmp)) {
+	my $modify = $ldap_master->modify ( "cn=$groupName,$config{groupsdn}",
+					    changes => [
+							replace => [gidNumber => $tmp]
+							]
+					    );
+	$modify->code && die "failed to modify entry: ", $modify->error ;
+    }
+}
+
+if (defined(my $newname = $Options{'n'})) {
+    my $modify = $ldap_master->moddn (
+				      "cn=$groupName,$config{groupsdn}",
+				      newrdn => "cn=$newname",
+				      deleteoldrdn => "1",
+				      newsuperior => "$config{groupsdn}"
+				      );
+    $modify->code && die "failed to modify entry: ", $modify->error ;
+    $groupName = $newname;
+    $group_entry = read_group_entry($groupName)
+}
+
+# Add members
+if (defined($Options{'m'})) {
+    my @members = ();
+    foreach my $member (split(/,/, $Options{'m'})) {
+	if (my $user_entry = read_user_entry($member)) {
+	    # Canonize user name
+	    $member = $user_entry->get_value('uid');
+	} elsif (my @user_entry = getpwnam($member)) {
+	    # Canonize user name
+	    $member = $user_entry[0];
+	} else {
+	    warn "User does not exist: $member\n";
+	    next;
+	}
+
+	if (is_group_member($group_entry->dn, $member)) {
+	    warn "User already in the group: $member\n";
+	    next;
+	}
+
+	push(@members, $member);
+    }
+
+    if (@members) {
+	my $modify = $ldap_master->modify($group_entry->dn,
+	    add => {memberUid => \@members},
+	);
+	$modify->code && warn "Failed to add memberUid: ", $modify->error;
+    }
+}
+
+# Delete members
+if (defined($Options{'x'})) {
+    my @members = ();
+    foreach my $member (split(/,/, $Options{'x'})) {
+	if (my $user_entry = read_user_entry($member)) {
+	    # Canonize user name
+	    $member = $user_entry->get_value('uid');
+
+	    my $user_pgroup_sid = $group_entry->get_value('sambaPrimaryGroupSID');
+	    my $group_sid = $group_entry->get_value('sambaSID');
+	    if (defined($user_pgroup_sid) && defined($group_sid) &&
+		$user_pgroup_sid eq $group_sid) {
+		warn "Cannot delete user from its primary group: $member\n";
+		next;
+	    }
+	} elsif (my @user_entry = getpwnam($member)) {
+	    # Canonize user name
+	    $member = $user_entry[0];
+	}
+
+	if (!is_group_member($group_entry->dn, $member)) {
+	    warn "User is not in the group: $member\n";
+	    next;
+	}
+
+	push(@members, $member);
+    }
+
+    if (@members) {
+	my $modify = $ldap_master->modify($group_entry->dn,
+	    delete => {memberUid => \@members},
+	);
+	$modify->code && warn "Failed to delete memberUid: ", $modify->error;
+    };
+}
+
+my $group_sid;
+if ($tmp= $Options{'s'}) {
+    if ($tmp =~ /^S-(?:\d+-)+\d+$/) {
+	$group_sid = $tmp;
+    } else {
+	print "$0: illegal group-rid $tmp\n";
+	exit(7);
+    }
+} elsif ($Options{'r'} || $Options{'a'}) {
+    my $group_rid;
+    if ($tmp= $Options{'r'}) {
+	if ($tmp =~ /^\d+$/) {
+	    $group_rid = $tmp;
+	} else {
+	    print "$0: illegal group-rid $tmp\n";
+	    exit(7);
+	}
+    } else {
+	$group_rid = group_next_rid($gid);
+    }
+    $group_sid = $config{SID}.'-'.$group_rid;
+}
+
+if ($group_sid) {
+    my @adds;
+    my @mods;
+    push(@mods, 'sambaSID' => $group_sid);
+
+    if ($tmp= $Options{'t'}) {
+	my $group_type;
+	if (defined($group_type = &group_type_by_name($tmp))) {
+	    push(@mods, 'sambaGroupType' => $group_type);
+	} else {
+	    print "$0: unknown group type $tmp\n";
+	    exit(8);
+	}
+    } else {
+	if (! defined($group_entry->get_value('sambaGroupType'))) {
+	    push(@mods, 'sambaGroupType' => group_type_by_name('domain'));
+	}
+    }
+
+    my @oc = $group_entry->get_value('objectClass');
+    unless (grep($_ =~ /^sambaGroupMapping$/i, @oc)) {
+	push (@adds, 'objectClass' => 'sambaGroupMapping');
+    }
+
+    my $modify = $ldap_master->modify ( "cn=$groupName,$config{groupsdn}",
+					changes => [
+						    'add' => [ @adds ],
+						    'replace' => [ @mods ]
+						    ]
+					);
+    $modify->code && warn "failed to delete entry: ", $modify->error ;
+}
+
+nsc_invalidate("group");
+
+# take down session
+$ldap_master->unbind;
+
+exit (0);
+
+############################################################
+
+=head1 NAME
+
+smbldap-groupmod - Modify a group
+
+=head1 SYNOPSIS
+
+smbldap-groupmod [-g gid [-o]] [-a] [-r rid] [-s sid] [-t group type] [-n group_name ] [-m members(,)] [-x members (,)] group
+
+=head1 DESCRIPTION
+
+The smbldap-groupmod command modifies the system account files to reflect the changes that are specified on the command line. The options which apply to the smbldap-groupmod command are
+
+-g gid The numerical value of the group's ID. This value must be unique, unless the -o option is used. The value must be non negative. Any files which the old group ID is the file roup ID must have the file group ID changed manually.
+
+-n group_name
+   The name of the group will be changed from group to group_name.
+
+-m members
+   The members to be added to the group in comma-delimeted form.
+
+-x members
+   The members to be removed from the group in comma-delimted form.
+
+-a
+   add an automatic Security ID for the group (SID).
+
+-s sid
+   set the group SID.
+   The SID must be unique and defined with the domain Security ID ($SID) like sid=$SID-rid where rid is the group rid.
+
+-r rid
+   set the group rid.
+   The SID is then calculated as sid=$SID-rid where $SID is the domain Security ID.
+
+-t group type
+   set the NT Group type for the new group. Available values are 2 (domain group), 4 (local group) and 5 (builtin group). The default group type is 2.
+
+=head1 EXAMPLES
+
+smbldap-groupmod -g 253 development
+This will change the GID of the 'development' group to '253'.
+
+smbldap-groupmod -n Idiots Managers
+This will change the name of the 'Managers' group to 'Idiots'.
+
+smbldap-groupmod -m "jdoe,jsmith" "Domain Admins"
+This will add 'jdoe' and 'jsmith' to the 'Domain Admins' group.
+
+smbldap-groupmod -x "jdoe,jsmith" "Domain Admins"
+This will remove 'jdoe' and 'jsmith' from the 'Domain Admins' group.
+
+=head1 SEE ALSO
+
+groupmod(1)
+
+=cut
+
+#'
diff -Nru smbldap-tools-0.9.5/smbldap-groupshow smbldap-tools-0.9.7/smbldap-groupshow
--- smbldap-tools-0.9.5/smbldap-groupshow	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/smbldap-groupshow	1970-01-01 01:00:00.000000000 +0100
@@ -1,77 +0,0 @@
-#!/usr/bin/perl -w
-
-#  This code was developped by Jerome Tournier (jtournier@gmail.com) and
-#  contributors (their names can be found in the CONTRIBUTORS file).
-
-#  This was first contributed by IDEALX (http://www.opentrust.com/)
-
-#  This program is free software; you can redistribute it and/or
-#  modify it under the terms of the GNU General Public License
-#  as published by the Free Software Foundation; either version 2
-#  of the License, or (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-#  USA.
-
-# Purpose of smbldap-groupshow : user (posix,shadow,samba) display
-#
-
-use strict;
-use FindBin;
-use FindBin qw($RealBin);
-use lib "$RealBin/";
-use smbldap_tools;
-use Getopt::Std;
-my %Options;
-
-my $ok = getopts('?', \%Options);
-
-if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) ) {
-    print_banner;
-    print "Usage: $0 [-?] group\n";
-    print "  -?	show this help message\n";
-    exit (1);
-}
-
-# Read only first @ARGV
-my $group = $ARGV[0];
-
-my $ldap_slave=connect_ldap_slave();
-
-my $lines = read_group($group);
-if (!defined($lines)) {
-    print "group $group doesn't exist\n";
-    exit (1);
-}
-
-print "$lines\n";
-
-# take down session
-$ldap_slave->unbind;
-
-exit(0);
-
-############################################################
-
-=head1 NAME
-
-smbldap-groupshow - Display group informations
-
-=head1 SYNOPSIS
-
-smbldap-groupshow groupname
-
-=head1 DESCRIPTION
-
-The smbldap-groupshow command displays informations associated with the given group.
-
-=cut
-
-#'
diff -Nru smbldap-tools-0.9.5/smbldap-groupshow.pl smbldap-tools-0.9.7/smbldap-groupshow.pl
--- smbldap-tools-0.9.5/smbldap-groupshow.pl	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/smbldap-groupshow.pl	2011-07-12 15:29:04.000000000 +0200
@@ -0,0 +1,75 @@
+#!@PERL_CMD@
+
+# $Id$
+
+#  This code was developped by Jerome Tournier (jtournier@gmail.com) and
+#  contributors (their names can be found in the CONTRIBUTORS file).
+
+#  This was first contributed by IDEALX (http://www.opentrust.com/)
+
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Purpose of smbldap-groupshow : user (posix,shadow,samba) display
+#
+
+use strict;
+use warnings;
+use smbldap_tools;
+use Getopt::Std;
+my %Options;
+
+my $ok = getopts('?', \%Options);
+
+if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) ) {
+    print_banner;
+    print "Usage: $0 [-?] group\n";
+    print "  -?	show this help message\n";
+    exit (1);
+}
+
+# Read only first @ARGV
+my $group = $ARGV[0];
+
+my $ldap_slave=connect_ldap_slave();
+
+my $lines = read_group($group);
+if (!defined($lines)) {
+    print "group $group doesn't exist\n";
+    exit (1);
+}
+
+print "$lines\n";
+
+# take down session
+$ldap_slave->unbind;
+
+exit(0);
+
+############################################################
+
+=head1 NAME
+
+smbldap-groupshow - Display group informations
+
+=head1 SYNOPSIS
+
+smbldap-groupshow groupname
+
+=head1 DESCRIPTION
+
+The smbldap-groupshow command displays informations associated with the given group.
+
+=cut
+
+#'
diff -Nru smbldap-tools-0.9.5/smbldap-passwd smbldap-tools-0.9.7/smbldap-passwd
--- smbldap-tools-0.9.5/smbldap-passwd	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/smbldap-passwd	1970-01-01 01:00:00.000000000 +0100
@@ -1,390 +0,0 @@
-#!/usr/bin/perl -w
-
-#  This code was developped by Jerome Tournier (jtournier@gmail.com) and
-#  contributors (their names can be found in the CONTRIBUTORS file).
-
-#  This was first contributed by IDEALX (http://www.opentrust.com/)
-
-#  This program is free software; you can redistribute it and/or
-#  modify it under the terms of the GNU General Public License
-#  as published by the Free Software Foundation; either version 2
-#  of the License, or (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-#  USA.
-
-#  Purpose :
-#       . ldap-unix passwd sync for SAMBA>2.2.2 + LDAP
-#       . may also replace /bin/passwd
-
-# untaint environment
-$ENV{'PATH'}= '/bin:/usr/bin';
-$ENV{'SHELL'}= '/bin/sh';
-delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
-
-use strict;
-use FindBin;
-use FindBin qw($RealBin);
-use lib "$RealBin/";
-use smbldap_tools;
-
-use Crypt::SmbHash;
-use Digest::MD5 qw(md5);
-use Digest::SHA1 qw(sha1);
-use MIME::Base64 qw(encode_base64);
-
-# function declaration
-sub make_hash;
-sub make_salt;
-
-my $user= undef;
-my $oldpass= undef;
-
-my $arg;
-my $update_samba_passwd= 1;
-my $update_unix_passwd= 1;
-my $force_update_samba_passwd=0;
-
-foreach $arg (@ARGV) {
-    if ( substr( $arg, 0, 1 ) eq '-' ) {
-	if ( $arg eq '-h' || $arg eq '-?' || $arg eq '--help' ) {
-	    print_banner;
-	    print "Usage: $0 [options] [username]\n";
-	    print "  -h, -?, --help show this help message\n";
-	    print "  -s             update only samba password\n";
-	    print "  -u             update only UNIX password\n";
-	    print "  -B             must change Samba password at logon\n";
-	    exit (6);
-	} elsif ($arg eq '-s') {
-	    $update_samba_passwd= 1; $update_unix_passwd= 0;
-	} elsif ($arg eq '-u') {
-	    $update_samba_passwd= 0; $update_unix_passwd= 1;
-	} elsif ($arg eq '-B') {
-            $force_update_samba_passwd= 1;
-        }
-    } else {
-	if ( $< != 0 ) {
-	    die "Only root can specify username\n";
-	}
-	$user= $arg; last;
-    }
-}
-
-if (!defined($user)) {
-    $user = getpwuid($<);		# $user=$ENV{"USER"};
-}
-
-# check if $user variable is not tainted
-# [TODO] create proper user mask
-$user =~ /^([-\@\ \w.]+\$?)$/ and $user = $1 or
-    die "$0: username '$user' is tainted\n";
-
-
-my ($dn,$ldap_master);
-# First, connecting to the directory
-if ($< != 0) {
-    # non-root user
-    if (!defined($oldpass)) {
-	# prompt for password
-	print "Identity validation...\nenter your UNIX password: ";
-	system "/bin/stty -echo" if (-t STDIN);
-	chomp($oldpass=<STDIN>); 
-	system "/bin/stty echo" if (-t STDIN);
-	print "\n";
-
-	$config{masterDN}="uid=$user,$config{usersdn}";
-	$config{masterPw}="$oldpass";
-	$ldap_master=connect_ldap_master();
-	$dn=$config{masterDN};
-	if (!is_user_valid($user, $dn, $oldpass)) {
-	    print "Authentication failure\n";
-	    exit (10);
-	}
-    }
-} else {
-    # root user
-    $ldap_master=connect_ldap_master();
-    # test existence of user in LDAP
-    my $dn_line;
-    if (!defined($dn_line = get_user_dn($user))) {
-	print "$0: user $user doesn't exist\n";
-	exit (10);
-    }
-    $dn = get_dn_from_line($dn_line);
-}
-
-my $samba = is_samba_user($user);
-
-# Printing verbose message
-if ( $samba and $update_samba_passwd ) {
-    if ( $update_unix_passwd ) {
-	print "Changing UNIX and samba passwords for $user\n";
-    } else {
-	print "Changing samba password for $user\n";
-    }
-} else {
-    if ( $update_unix_passwd ) {
-	print "Changing UNIX password for $user\n";
-    } else {
-	die "Internal error";
-    }
-}
-
-# prompt for new password
-
-my $pass;
-my $pass2;
-
-print "New password: ";
-system "/bin/stty -echo" if (-t STDIN);
-chomp($pass=<STDIN>);
-system "/bin/stty echo" if (-t STDIN);
-print "\n";
-
-print "Retype new password: ";
-system "/bin/stty -echo" if (-t STDIN);
-chomp($pass2=<STDIN>);
-system "/bin/stty echo" if (-t STDIN);
-print "\n";
-
-if ($pass ne $pass2) {
-    print "New passwords don't match!\n";
-    exit (10);
-}
-
-# Prepare '$hash_password' for 'userPassword'
-my $hash_password;
-# Generate password hash
-if ($config{with_slappasswd}) {
-    # checking if password is tainted: nothing is changed!!!!
-    # essential for perl 5.8
-    ($pass =~ /^(.*)$/ and $pass=$1) or
-	die "$0: user password is tainted\n";
-
-    # use slappasswd to generate hash
-    if ( $config{hash_encrypt} eq "CRYPT" && defined($config{crypt_salt_format}) ) {
-	open BUF, "-|" or
-	    exec "$config{slappasswd}",
-	    "-h","{$config{hash_encrypt}}",
-	    "-c","$config{crypt_salt_format}",
-	    "-s","$pass";
-	$hash_password = <BUF>;
-	close BUF;
-    } else {
-	open(BUF, "-|") or
-	    exec "$config{slappasswd}",
-	    "-h","{$config{hash_encrypt}}",
-	    "-s","$pass";
-	$hash_password = <BUF>;
-	close BUF;
-    }
-} else {
-    # use perl libraries to generate hash
-    $hash_password = make_hash($pass,$config{hash_encrypt},$config{crypt_salt_format});
-}
-# check if a hash was generated, otherwise die
-defined($hash_password) or
-    die "I cannot generate the proper hash!\n";
-chomp($hash_password);
-
-# First, connecting to the directory
-if ($< != 0) {
-    # if we are not root, we close the connection to re-open it as a normal user
-    $ldap_master->unbind;
-    $config{masterDN}="uid=$user,$config{usersdn}";
-    $config{masterPw}="$oldpass";
-    $ldap_master=connect_ldap_master();
-}
-
-# only modify smb passwords if smb user
-if ( $samba and $update_samba_passwd ) {
-    if (!$config{with_smbpasswd}) {
-	# generate LanManager and NT clear text passwords
-	my ($sambaLMPassword,$sambaNTPassword) = ntlmgen $pass;
-	# the sambaPwdLastSet must be updating
-	my $date=time;
-	my @mods;
-	push(@mods, 'sambaLMPassword' => $sambaLMPassword);
-	push(@mods, 'sambaNTPassword' => $sambaNTPassword);
-	push(@mods, 'sambaPwdLastSet' => $date);
-	if (defined $config{defaultMaxPasswordAge}) {
-	    my $new_sambaPwdMustChange=$date+$config{defaultMaxPasswordAge}*24*60*60;
-	    push(@mods, 'sambaPwdMustChange' => $new_sambaPwdMustChange);
-	    if ($< ==0) {
-		push(@mods, 'sambaAcctFlags' => '[U]');
-	    }
-	}
-	if ($force_update_samba_passwd == 1) {
-		    # To force a user to change his password:
-		    # . the attribut sambaPwdLastSet must be != 0
-		    # . the attribut sambaAcctFlags must not match the 'X' flag
-		    my $winmagic = 2147483647;
-		    my $valacctflags = "[U]";
-		    push(@mods, 'sambaPwdMustChange' => 0);
-		    push(@mods, 'sambaPwdLastSet' => 0);
-		    push(@mods, 'sambaAcctFlags' => $valacctflags);
-		}
-	# Let's change nt/lm passwords
-	my $modify = $ldap_master->modify ( "$dn",
-					    'replace' => { @mods }
-					    );
-	$modify->code && warn "Failed to modify SMB password: ", $modify->error ;
-
-    } else {
-	if ($< != 0) {
-	    my $FILE="|$config{smbpasswd} -s >/dev/null";
-	    open (FILE, $FILE) || die "$!\n";
-	    print FILE <<EOF;
-$oldpass
-$pass
-$pass
-EOF
-		;
-	    close FILE;
-	} else {
-	    open FILE,"|-" or
-		exec "$config{smbpasswd}","$user","-s";
-	    local $SIG{PIPE} = sub {die "buffer pipe terminated" };
-	    print FILE <<EOF;
-$pass
-$pass
-EOF
-		;
-	    close FILE;
-	}
-    }
-}
-
-# Update 'userPassword' field
-if ( $update_unix_passwd ) {
-    my $shadowLastChange=int(time()/86400);
-    my $modify;
-    if (($< != 0) || (!defined $config{defaultMaxPasswordAge})) {
-	$modify = $ldap_master->modify ( "$dn",
-					    changes => [
-							replace => [userPassword => "$hash_password"],
-							replace => [shadowLastChange => "$shadowLastChange"]
-							]
-					    );
-    } else {
-	$modify = $ldap_master->modify ( "$dn",
-					    changes => [
-							replace => [userPassword => "$hash_password"],
-							replace => [shadowLastChange => "$shadowLastChange"],
-							replace => [shadowMax => "$config{defaultMaxPasswordAge}"]
-							]
-					    );
-    }
-    $modify->code && warn "Failed to modify UNIX password: ", $modify->error ;
-}
-
-# take down session
-$ldap_master->unbind;
-
-exit 0;
-
-# Generates hash to be one of the following RFC 2307 schemes:
-# CRYPT,  MD5,  SMD5,  SHA, SSHA,  and  CLEARTEXT
-# SSHA is default
-# '%s' is a default crypt_salt_format
-# A substitute for slappasswd tool
-sub make_hash
-{
-    my $hash_encrypt;
-    my $crypt_salt_format;
-
-    my $clear_pass=$_[0] or return undef;
-    $hash_encrypt='{' . $_[1] . '}' or $hash_encrypt = "{SSHA}";
-    $crypt_salt_format=$_[2] or $crypt_salt_format = '%s';
-
-    my $hash_pass;
-    if ($hash_encrypt eq "{CRYPT}" && defined($crypt_salt_format)) {
-	# Generate CRYPT hash
-	# for unix md5crypt $crypt_salt_format = '$1$%.8s'
-	my $salt = sprintf($crypt_salt_format,make_salt());
-	$hash_pass = "{CRYPT}" . crypt($clear_pass,$salt);
-
-    } elsif ($hash_encrypt eq "{MD5}") {
-	# Generate MD5 hash
-	$hash_pass = "{MD5}" . encode_base64( md5($clear_pass),'' );
-
-    } elsif ($hash_encrypt eq "{SMD5}") {
-	# Generate SMD5 hash (MD5 with salt)
-	my $salt = make_salt(4);
-	$hash_pass = "{SMD5}" . encode_base64( md5($clear_pass . $salt) . $salt,'');
-
-    } elsif ($hash_encrypt eq "{SHA}") {
-	# Generate SHA1 hash
-	$hash_pass = "{SHA}" . encode_base64( sha1($clear_pass),'' );
-
-    } elsif ($hash_encrypt eq "{SSHA}") {
-	# Generate SSHA hash (SHA1 with salt)
-	my $salt = make_salt(4);
-	$hash_pass = "{SSHA}" . encode_base64( sha1($clear_pass . $salt) . $salt,'' );
-
-    } elsif ($hash_encrypt eq "{CLEARTEXT}") {
-	$hash_pass=$clear_pass;
-
-    } else {
-	$hash_pass=undef;
-    }
-    return $hash_pass;
-}
-
-# Generates salt
-# Similar to Crypt::Salt module from CPAN
-sub make_salt
-{
-    my $length=32;
-    $length = $_[0] if exists($_[0]);
-    
-    my @tab = ('.', '/', 0..9, 'A'..'Z', 'a'..'z');
-    return join "",@tab[map {rand 64} (1..$length)];
-}
-
-# - The End
-
-=head1 NAME
-
-smbldap-passwd - change user password
-
-=head1 SYNOPSIS
-
-smbldap-passwd [-?|--help|-s|-u] [name]
-
-=head1 DESCRIPTION
-
-smbldap-passwd changes passwords for user accounts. A normal user may only change the password for their own account, the super user may change the password for any account.
-
-If option -s specified then changed only samba password.
-If options -u specified then changed only UNIX password.
-With no options then changed both - UNIX and samba passwords.
-
-Password Changes
-The user is first prompted for their old password, if one is present. This password is then tested against the stored password by binding to the server. The user has only one chance to enter the correct passwword. The super user is permitted to bypass this step so that forgotten passwords may be changed.
-The user is then prompted for a replacement password. As a general guideline, passwords should consist of 6 to 8 characters including one or more from each of following sets:
-
-Lower case alphabetics
-
-Upper case alphabetics
-
-Digits 0 thru 9
-
-Punctuation marks
-
-Password will prompt again and compare the second entry against the first. Both entries are require to match in order for the password to be changed.
-
-=head1 SEE ALSO
-
-passwd(1)
-
-=cut
-
-#'
diff -Nru smbldap-tools-0.9.5/smbldap-passwd.pl smbldap-tools-0.9.7/smbldap-passwd.pl
--- smbldap-tools-0.9.5/smbldap-passwd.pl	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/smbldap-passwd.pl	2011-07-12 17:23:14.000000000 +0200
@@ -0,0 +1,246 @@
+#!@PERL_CMD@
+
+# $Id$
+
+#  This code was developped by Jerome Tournier (jtournier@gmail.com) and
+#  contributors (their names can be found in the CONTRIBUTORS file).
+
+#  This was first contributed by IDEALX (http://www.opentrust.com/)
+
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+#  Purpose :
+#       . ldap-unix passwd sync for SAMBA>2.2.2 + LDAP
+#       . may also replace /bin/passwd
+
+use strict;
+use warnings;
+use smbldap_tools;
+
+use Crypt::SmbHash;
+
+my $user= undef;
+my $pass_old = undef;
+
+my $arg;
+my $update_samba_passwd= 1;
+my $update_unix_passwd= 1;
+my $force_update_samba_passwd=0;
+my $use_dialog=1;
+
+foreach $arg (@ARGV) {
+    if ( substr( $arg, 0, 1 ) eq '-' ) {
+	if ( $arg eq '-h' || $arg eq '-?' || $arg eq '--help' ) {
+	    print_banner;
+	    print "Usage: $0 [hpsuB?] [username]\n";
+	    print "  -h, -?, --help show this help message\n";
+	    print "  -p             read password from STDIN without verification (root only)\n";
+	    print "  -s             update only samba password\n";
+	    print "  -u             update only UNIX password\n";
+	    print "  -B             must change Samba password at logon\n";
+	    exit (6);
+	} elsif ($arg eq '-s') {
+	    $update_samba_passwd= 1; $update_unix_passwd= 0;
+	} elsif ($arg eq '-u') {
+	    $update_samba_passwd= 0; $update_unix_passwd= 1;
+	} elsif ($arg eq '-B') {
+            $force_update_samba_passwd= 1;
+	} elsif ($arg eq '-p') {
+            $use_dialog= 0;
+        }
+    } else {
+	if ( $< != 0 ) {
+	    die "Only root can specify username\n";
+	}
+	$user= $arg; last;
+    }
+}
+
+if (!defined($user)) {
+    $user = getpwuid($<);		# $user=$ENV{"USER"};
+}
+
+# check if $user variable is not tainted
+# [TODO] create proper user mask
+$user =~ /^([-\@\ \w.]+\$?)$/ and $user = $1 or
+    die "$0: username '$user' is tainted\n";
+
+
+my ($dn,$ldap_master);
+# First, connecting to the directory
+if ($< != 0) {
+    # non-root user
+    if (!defined($pass_old)) {
+	# prompt for password
+	print "Identity validation...\n";
+	$pass_old = password_read("Enter your UNIX password: ");
+
+	$config{masterDN}="uid=$user,$config{usersdn}";
+	$config{masterPw} = $pass_old;
+	$ldap_master=connect_ldap_master();
+	$dn=$config{masterDN};
+	if (!is_user_valid($user, $dn, $pass_old)) {
+	    print "Authentication failure\n";
+	    exit (10);
+	}
+    }
+} else {
+    # root user
+    $ldap_master=connect_ldap_master();
+    # test existence of user in LDAP
+    my $dn_line;
+    if (!defined($dn_line = get_user_dn($user))) {
+	print "$0: user $user doesn't exist\n";
+	exit (10);
+    }
+    $dn = get_dn_from_line($dn_line);
+}
+
+my $samba = is_samba_user($user);
+
+# Printing verbose message
+if ( $samba and $update_samba_passwd ) {
+    if ( $update_unix_passwd ) {
+	print "Changing UNIX and samba passwords for $user\n";
+    } else {
+	print "Changing samba password for $user\n";
+    }
+} else {
+    if ( $update_unix_passwd ) {
+	print "Changing UNIX password for $user\n";
+    } else {
+	die "Internal error";
+    }
+}
+
+# prompt for new password
+
+my $pass;
+
+if (($< != 0) || $use_dialog) {
+	$pass = password_read("New password: ");
+	my $pass2 = password_read("Retype new password: ");
+
+	if ($pass ne $pass2) {
+	    print "New passwords don't match!\n";
+	    exit (10);
+	}
+} else {
+	$pass = password_read();
+}
+
+# First, connecting to the directory
+if ($< != 0) {
+    # if we are not root, we close the connection to re-open it as a normal user
+    $ldap_master->unbind;
+    $config{masterDN}="uid=$user,$config{usersdn}";
+    $config{masterPw} = $pass_old;
+    $ldap_master=connect_ldap_master();
+}
+
+# only modify smb passwords if smb user
+if ( $samba and $update_samba_passwd ) {
+    if (!$config{with_smbpasswd}) {
+	# generate LanManager and NT clear text passwords
+	my ($sambaLMPassword,$sambaNTPassword) = ntlmgen $pass;
+	# the sambaPwdLastSet must be updating
+	my $date=time;
+	my @mods;
+	push(@mods, 'sambaLMPassword' => $sambaLMPassword);
+	push(@mods, 'sambaNTPassword' => $sambaNTPassword);
+	push(@mods, 'sambaPwdLastSet' => $date);
+	if (defined $config{defaultMaxPasswordAge}) {
+	    my $new_sambaPwdMustChange=$date+$config{defaultMaxPasswordAge}*24*60*60;
+	    push(@mods, 'sambaPwdMustChange' => $new_sambaPwdMustChange);
+	    if ($< ==0) {
+		push(@mods, 'sambaAcctFlags' => '[U]');
+	    }
+	}
+	if ($force_update_samba_passwd == 1) {
+		    # To force a user to change his password:
+		    # . the attribut sambaPwdLastSet must be != 0
+		    # . the attribut sambaAcctFlags must not match the 'X' flag
+		    my $winmagic = 2147483647;
+		    my $valacctflags = "[U]";
+		    push(@mods, 'sambaPwdMustChange' => 0);
+		    push(@mods, 'sambaPwdLastSet' => 0);
+		    push(@mods, 'sambaAcctFlags' => $valacctflags);
+		}
+	# Let's change nt/lm passwords
+	my $modify = $ldap_master->modify ( "$dn",
+					    'replace' => { @mods }
+					    );
+	$modify->code && warn "Failed to modify SMB password: ", $modify->error ;
+
+    } else {
+	if ($< != 0) {
+	    open my $fh, "|-" or exec($config{smbpasswd}, "-s") || exit(1);
+	    print $fh "$pass_old\n$pass\n$pass\n";
+	    close($fh);
+	} else {
+	    open my $fh, "|-" or exec($config{smbpasswd}, "-s", $user) || exit(1);
+	    print $fh "$pass\n$pass\n";
+	    close($fh);
+	}
+    }
+}
+
+if ( $update_unix_passwd ) {
+    password_set($dn, $pass, $pass_old);
+}
+
+# take down session
+$ldap_master->unbind;
+
+exit 0;
+
+# - The End
+
+=head1 NAME
+
+smbldap-passwd - change user password
+
+=head1 SYNOPSIS
+
+smbldap-passwd [-?|--help|-s|-u] [name]
+
+=head1 DESCRIPTION
+
+smbldap-passwd changes passwords for user accounts. A normal user may only change the password for their own account, the super user may change the password for any account.
+
+If option -s specified then changed only samba password.
+If options -u specified then changed only UNIX password.
+With no options then changed both - UNIX and samba passwords.
+
+Password Changes
+The user is first prompted for their old password, if one is present. This password is then tested against the stored password by binding to the server. The user has only one chance to enter the correct passwword. The super user is permitted to bypass this step so that forgotten passwords may be changed.
+The user is then prompted for a replacement password. As a general guideline, passwords should consist of 6 to 8 characters including one or more from each of following sets:
+
+Lower case alphabetics
+
+Upper case alphabetics
+
+Digits 0 thru 9
+
+Punctuation marks
+
+Password will prompt again and compare the second entry against the first. Both entries are require to match in order for the password to be changed.
+
+=head1 SEE ALSO
+
+passwd(1)
+
+=cut
+
+#'
diff -Nru smbldap-tools-0.9.5/smbldap-populate smbldap-tools-0.9.7/smbldap-populate
--- smbldap-tools-0.9.5/smbldap-populate	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/smbldap-populate	1970-01-01 01:00:00.000000000 +0100
@@ -1,560 +0,0 @@
-#!/usr/bin/perl -w
-
-#  This code was developped by Jerome Tournier (jtournier@gmail.com) and
-#  contributors (their names can be found in the CONTRIBUTORS file).
-
-#  This was first contributed by IDEALX (http://www.opentrust.com/)
-
-#  This program is free software; you can redistribute it and/or
-#  modify it under the terms of the GNU General Public License
-#  as published by the Free Software Foundation; either version 2
-#  of the License, or (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-#  USA.
-
-#  Purpose :
-#       . Create an initial LDAP database suitable for Samba 2.2
-#       . For lazy people, replace ldapadd (with only an ldif parameter)
-
-use strict;
-use FindBin;
-use FindBin qw($RealBin);
-use lib "$RealBin/";
-use smbldap_tools;
-use Getopt::Std;
-use Net::LDAP::LDIF;
-
-use vars qw(%oc);
-
-# objectclass of the suffix
-%oc = (
-       "ou" => "organizationalUnit",
-       "o" => "organization",
-       "dc" => "dcObject",
-       );
-
-
-my %Options;
-
-my $ok = getopts('a:b:e:i:k:l:m:u:g:r:?', \%Options);
-if ( (!$ok) || ($Options{'?'}) ) {
-    print_banner;
-    print "Usage: $0 [-abeiklug?] [ldif]\n";
-    print "  -u uidNumber	first uidNumber to allocate (default: 1000)\n";
-    print "  -g gidNumber	first uidNumber to allocate (default: 1000)\n";
-    print "  -r ridNumber	first sambaNextRid to allocate (default: 1000)\n";
-    print "  -a user	administrator login name (default: root)\n";
-    print "  -b user	guest login name (default: nobody)\n";
-    print "  -k uidNumber	administrator's uidNumber (default: 0)\n";
-    print "  -l uidNumber	guest's uidNumber (default: 999)\n";
-    print "  -m gidNumber	administrator's gidNumber (default: 0)\n";
-    print "  -e file	export ldif file\n";
-    print "  -i file	import ldif file\n";
-    print "  -?		show this help message\n";
-
-    exit (1);
-}
-
-# sanity checks
-my $domain = $config{sambaDomain};
-if (! defined $domain) {
-    print STDERR "error: domain name not found !\n";
-    print STDERR "possible reasons are:\n";
-    print STDERR ". incorrect 'sambaDomain' parameter in smbldap.conf\n";
-    print STDERR ". incorrect 'samba_conf' definition in smbldap_tools.pm\n";
-    die;
-}
-
-#$config{sambaUnixIdPooldn}="sambaDomainName=$domain,$config{suffix}";
-
-my $firstuidNumber=$Options{'u'};
-if (!defined($firstuidNumber)) {
-    $firstuidNumber=1000;
-}
-
-my $firstgidNumber=$Options{'g'};
-if (!defined($firstgidNumber)) {
-    $firstgidNumber=1000;
-}
-
-my $firstridNumber=$Options{'r'};
-if (!defined($firstridNumber)) {
-    $firstridNumber=1000;
-}
-
-my $tmp_ldif_file=$Options{'e'};
-if (!defined($tmp_ldif_file)) {
-    $tmp_ldif_file="/tmp/$$.ldif";
-}
-
-my $adminName = $Options{'a'};
-if (!defined($adminName)) {
-    $adminName = "root";
-}
-
-my $guestName = $Options{'b'};
-if (!defined($guestName)) {
-    $guestName = "nobody";
-}
-
-my $adminUidNumber=$Options{'k'};
-my $adminrid;
-if (!defined($adminUidNumber)) {
-    $adminUidNumber = "0";
-    $adminrid= "500";
-} else {
-    $adminrid=(2*$adminUidNumber+ 1000)
-    }
-
-my $guestUidNumber=$Options{'l'};
-if (!defined($guestUidNumber)) {
-    $guestUidNumber = "999";
-}
-
-my $adminGidNumber=$Options{'m'};
-if (!defined($adminGidNumber)) {
-    $adminGidNumber = "0";
-}
-
-my $_ldifName = $Options{'i'};
-
-my $exportFile = $Options{'e'};
-if (!defined($exportFile)) {
-    $exportFile = "base.ldif";
-}
-
-print "Populating LDAP directory for domain $domain ($config{SID})\n";
-if (!defined($_ldifName)) {
-    my $attr;
-    my $val;
-    my $objcl;
-
-    print "(using builtin directory structure)\n\n";
-    if ($config{suffix} =~ m/([^=]+)=([^,]+)/) {
-	$attr = $1;
-	$val = $2;
-	$objcl = $oc{$attr} if (exists $oc{$attr});
-	if (!defined($objcl)) {
-	    $objcl = "myhardcodedobjectclass";
-	}
-    } else {
-	die "can't extract first attr and value from suffix $config{suffix}";
-    }
-    #print "$attr=$val\n";
-    my ($type,$ou_users,$ou_groups,$ou_computers,$ou_idmap,$cnsambaUnixIdPool);
-    ($type,$ou_users)=($config{usersdn}=~/(.*)=(.*),$config{suffix}/);
-    ($type,$ou_groups)=($config{groupsdn}=~/(.*)=(.*),$config{suffix}/);
-    ($type,$ou_computers)=($config{computersdn}=~/(.*)=(.*),$config{suffix}/);
-    if (defined $config{idmapdn}) {
-	($type,$ou_idmap)=($config{idmapdn}=~/(.*)=(.*),$config{suffix}/);
-    }
-    ($type,$cnsambaUnixIdPool)=($config{sambaUnixIdPooldn}=~/(.*)=(.*),$config{suffix}/);
-    my $org;
-    my ($organisation,$ext);
-    if ($config{suffix} =~ m/dc=([^=]+),dc=(.*)$/) {
-	($organisation,$ext) = ($config{suffix} =~ m/dc=([^=]+),dc=(.*)$/);
-    } elsif ($config{suffix} =~ m/dc=(.*)$/) {
-	$organisation=$1;
-    }
-
-    if ($organisation ne '') {
-	$org = "\nobjectclass: organization\no: $organisation";
-    }
-    #my $FILE="|cat";
-
-    my $entries="dn: $config{suffix}
-objectClass: $objcl$org
-$attr: $val
-
-dn: $config{usersdn}
-objectClass: top
-objectClass: organizationalUnit
-ou: $ou_users
-
-dn: $config{groupsdn}
-objectClass: top
-objectClass: organizationalUnit
-ou: $ou_groups
-
-dn: $config{computersdn}
-objectClass: top
-objectClass: organizationalUnit
-ou: $ou_computers\n";
-
-    if (defined $config{idmapdn}) {
-	$entries.="\ndn: $config{idmapdn}
-objectClass: top
-objectClass: organizationalUnit
-ou: $ou_idmap\n";
-    }
-
-    $entries.="\ndn: uid=$adminName,$config{usersdn}
-cn: $adminName
-sn: $adminName
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: inetOrgPerson
-objectClass: sambaSAMAccount
-objectClass: posixAccount
-objectClass: shadowAccount
-gidNumber: $adminGidNumber
-uid: $adminName
-uidNumber: $adminUidNumber\n";
-    if (defined $config{userHome} and $config{userHome} ne "") {
-	my $userHome=$config{userHome};
-	$userHome=~s/\%U/$adminName/;
-	$entries.="homeDirectory: $userHome\n";
-    } else {
-	$entries.="homeDirectory: /dev/null\n";
-    }
-    $entries.="sambaPwdLastSet: 0
-sambaLogonTime: 0
-sambaLogoffTime: 2147483647
-sambaKickoffTime: 2147483647
-sambaPwdCanChange: 0
-sambaPwdMustChange: 2147483647\n";
-    if (defined $config{userSmbHome} and $config{userSmbHome} ne "") {
-	my $userSmbHome=$config{userSmbHome};
-	$userSmbHome=~s/\%U/$adminName/;
-	$entries.="sambaHomePath: $userSmbHome\n";
-    }
-    if (defined $config{userHomeDrive} and $config{userHomeDrive} ne "") {
-	$entries.="sambaHomeDrive: $config{userHomeDrive}\n";
-    }
-    if (defined $config{userProfile} and $config{userProfile} ne "") {
-	my $userProfile=$config{userProfile};
-	$userProfile=~s/\%U/$adminName/;
-	$entries.="sambaProfilePath: $userProfile\n";
-    }
-    $entries.="sambaPrimaryGroupSID: $config{SID}-512
-sambaLMPassword: XXX
-sambaNTPassword: XXX
-sambaAcctFlags: [U          ]
-sambaSID: $config{SID}-$adminrid
-loginShell: /bin/false
-gecos: Netbios Domain Administrator
-
-dn: uid=$guestName,$config{usersdn}
-cn: $guestName
-sn: $guestName
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: inetOrgPerson
-objectClass: sambaSAMAccount
-objectClass: posixAccount
-objectClass: shadowAccount
-gidNumber: 514
-uid: $guestName
-uidNumber: $guestUidNumber
-homeDirectory: /dev/null
-sambaPwdLastSet: 0
-sambaLogonTime: 0
-sambaLogoffTime: 2147483647
-sambaKickoffTime: 2147483647
-sambaPwdCanChange: 0
-sambaPwdMustChange: 2147483647\n";
-    if (defined $config{userSmbHome} and $config{userSmbHome} ne "") {
-	my $userSmbHome=$config{userSmbHome};
-	$userSmbHome=~s/\%U/$guestName/;
-	$entries.="sambaHomePath: $userSmbHome\n";
-    }
-    if (defined $config{userHomeDrive} and $config{userHomeDrive} ne "") {
-	$entries.="sambaHomeDrive: $config{userHomeDrive}\n";
-    }
-    if (defined $config{userProfile} and $config{userProfile} ne "") {
-	my $userProfile=$config{userProfile};
-	$userProfile=~s/\%U/$guestName/;
-	$entries.="sambaProfilePath: $userProfile\n";
-    }
-    $entries.="sambaPrimaryGroupSID: $config{SID}-514
-sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
-sambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
-# account disabled by default
-sambaAcctFlags: [NUD        ]
-sambaSID: $config{SID}-2998
-loginShell: /bin/false
-
-dn: cn=Domain Admins,$config{groupsdn}
-objectClass: top
-objectClass: posixGroup
-objectClass: sambaGroupMapping
-gidNumber: 512
-cn: Domain Admins
-memberUid: $adminName
-description: Netbios Domain Administrators
-sambaSID: $config{SID}-512
-sambaGroupType: 2
-displayName: Domain Admins
-
-dn: cn=Domain Users,$config{groupsdn}
-objectClass: top
-objectClass: posixGroup
-objectClass: sambaGroupMapping
-gidNumber: 513
-cn: Domain Users
-description: Netbios Domain Users
-sambaSID: $config{SID}-513
-sambaGroupType: 2
-displayName: Domain Users
-
-dn: cn=Domain Guests,$config{groupsdn}
-objectClass: top
-objectClass: posixGroup
-objectClass: sambaGroupMapping
-gidNumber: 514
-cn: Domain Guests
-description: Netbios Domain Guests Users
-sambaSID: $config{SID}-514
-sambaGroupType: 2
-displayName: Domain Guests
-
-dn: cn=Domain Computers,$config{groupsdn}
-objectClass: top
-objectClass: posixGroup
-objectClass: sambaGroupMapping
-gidNumber: 515
-cn: Domain Computers
-description: Netbios Domain Computers accounts
-sambaSID: $config{SID}-515
-sambaGroupType: 2
-displayName: Domain Computers
-
-dn: cn=Administrators,$config{groupsdn}
-objectClass: top
-objectClass: posixGroup
-objectClass: sambaGroupMapping
-gidNumber: 544
-cn: Administrators
-description: Netbios Domain Members can fully administer the computer/sambaDomainName
-sambaSID: S-1-5-32-544
-sambaGroupType: 5
-displayName: Administrators
-
-#dn: cn=Users,$config{groupsdn}
-#objectClass: top
-#objectClass: posixGroup
-#objectClass: sambaGroupMapping
-#gidNumber: 545
-#cn: Users
-#description: Netbios Domain Ordinary users
-#sambaSID: S-1-5-32-545
-#sambaGroupType: 5
-#displayName: users
-
-#dn: cn=Guests,$config{groupsdn}
-#objectClass: top
-#objectClass: posixGroup
-#objectClass: sambaGroupMapping
-#gidNumber: 546
-#cn: Guests
-#memberUid: $guestName
-#description: Netbios Domain Users granted guest access to the computer/sambaDomainName
-#sambaSID: S-1-5-32-546
-#sambaGroupType: 5
-#displayName: Guests
-
-#dn: cn=Power Users,$config{groupsdn}
-#objectClass: top
-#objectClass: posixGroup
-#objectClass: sambaGroupMapping
-#gidNumber: 547
-#cn: Power Users
-#description: Netbios Domain Members can share directories and printers
-#sambaSID: S-1-5-32-547
-#sambaGroupType: 5
-#displayName: Power Users
-
-dn: cn=Account Operators,$config{groupsdn}
-objectClass: top
-objectClass: posixGroup
-objectClass: sambaGroupMapping
-gidNumber: 548
-cn: Account Operators
-description: Netbios Domain Users to manipulate users accounts
-sambaSID: S-1-5-32-548
-sambaGroupType: 5
-displayName: Account Operators
-
-#dn: cn=System Operators,$config{groupsdn}
-#objectClass: top
-#objectClass: posixGroup
-#objectClass: sambaGroupMapping
-#gidNumber: 549
-#cn: System Operators
-#description: Netbios Domain System Operators
-#sambaSID: S-1-5-32-549
-#sambaGroupType: 5
-#displayName: System Operators
-
-dn: cn=Print Operators,$config{groupsdn}
-objectClass: top
-objectClass: posixGroup
-objectClass: sambaGroupMapping
-gidNumber: 550
-cn: Print Operators
-description: Netbios Domain Print Operators
-sambaSID: S-1-5-32-550
-sambaGroupType: 5
-displayName: Print Operators
-
-dn: cn=Backup Operators,$config{groupsdn}
-objectClass: top
-objectClass: posixGroup
-objectClass: sambaGroupMapping
-gidNumber: 551
-cn: Backup Operators
-description: Netbios Domain Members can bypass file security to back up files
-sambaSID: S-1-5-32-551
-sambaGroupType: 5
-displayName: Backup Operators
-
-dn: cn=Replicators,$config{groupsdn}
-objectClass: top
-objectClass: posixGroup
-objectClass: sambaGroupMapping
-gidNumber: 552
-cn: Replicators
-description: Netbios Domain Supports file replication in a sambaDomainName
-sambaSID: S-1-5-32-552
-sambaGroupType: 5
-displayName: Replicators
-
-";
-    if ("sambaDomainName=$domain,$config{suffix}" eq $config{sambaUnixIdPooldn}) {
-	$entries.="dn: sambaDomainName=$domain,$config{suffix}
-objectClass: top
-objectClass: sambaDomain
-objectClass: sambaUnixIdPool
-sambaDomainName: $domain
-sambaSID: $config{SID}
-uidNumber: $firstuidNumber
-gidNumber: $firstgidNumber
-sambaNextRid: $firstridNumber";
-    } else {
-	$entries.="dn: $config{sambaUnixIdPooldn}
-objectClass: inetOrgPerson
-objectClass: sambaUnixIdPool
-uidNumber: $firstuidNumber
-gidNumber: $firstgidNumber
-cn: $cnsambaUnixIdPool
-sn: $cnsambaUnixIdPool";
-    }
-    open (FILE, ">$tmp_ldif_file") || die "Can't open file $tmp_ldif_file: $!\n";
-
-    print FILE <<EOF;
-$entries
-EOF
-	close FILE;
-} else {
-    $tmp_ldif_file=$_ldifName;
-}
-
-if (!defined $Options{'e'}) {
-    my $ldap_master=connect_ldap_master();
-    my $ldif = Net::LDAP::LDIF->new($tmp_ldif_file, "r", onerror => 'undef' );
-    while ( not $ldif->eof() ) {
-	my $entry = $ldif->read_entry();
-	if ( $ldif->error() ) {
-	    print "Error msg: ",$ldif->error(),"\n";
-	    print "Error lines:\n",$ldif->error_lines(),"\n";
-	} else {
-	    my $dn = $entry->dn;
-	    # we first check if the entry exist
-	    my $mesg = $ldap_master->search (
-					     base => "$dn",
-					     scope => "base",
-					     filter => "objectclass=*"
-					     );
-	    $mesg->code;
-	    my $nb=$mesg->count;
-	    if ($nb == 1 ) {
-		print "entry $dn already exist. ";
-		if ($dn eq $config{sambaUnixIdPooldn}) {
-		    print "Updating it...\n";
-		    my @mods;
-		    foreach my $attr_tmp ($entry->attributes) {
-			push(@mods,$attr_tmp=>[$entry->get_value("$attr_tmp")]);
-		    }
-		    my $modify = $ldap_master->modify ( "$dn",
-							'replace' => { @mods },
-							);
-		    $modify->code && warn "failed to modify entry: ", $modify->error ;
-		} else {
-		    print "\n";
-		}
-	    } else {
-		print "adding new entry: $dn\n";
-		my $result=$ldap_master->add($entry);
-		$result->code && warn "failed to add entry: ", $result->error ;
-	    }
-	}
-    }
-    $ldap_master->unbind;
-    if (!defined $Options{'i'}) {
-	system "rm -f $tmp_ldif_file";
-    }
-
-    # secure the admin account
-    print "\nPlease provide a password for the domain $adminName: \n";
-    system("$RealBin/smbldap-passwd $adminName");
-
-
-
-} else {
-    print "exported ldif file: $tmp_ldif_file\n";
-}
-exit(0);
-
-
-########################################
-
-=head1 NAME
-
-smbldap-populate - Populate your LDAP database
-
-=head1 SYNOPSIS
-
-smbldap-populate [ldif-file]
-
-=head1 DESCRIPTION
-
-The smbldap-populate command helps to populate an LDAP server by adding the necessary entries : base suffix (doesn't abort if already there), organizational units for users, groups and computers, builtin users : Administrator and guest, builtin groups (though posixAccount only, no SambaTNG support).
-
--a name
-Your local administrator login name (default: Administrator)
-
--b name
-Your local guest login name (default: nobody)
-
--e file
-export an ldif file
-
--i file
-import an ldif file (Options -a and -b will be ignored)
-
-=head1 FILES
-
-/etc/smbldap-tools/smbldap.conf : main configuration
-/etc/smbldap-tools/smbldap_bind.conf : credentials for binding to the directory
-
-=head1 SEE ALSO
-
-smb.conf(5)
-
-=cut
-
-#'
-
-
-
-# - The End
diff -Nru smbldap-tools-0.9.5/smbldap-populate.pl smbldap-tools-0.9.7/smbldap-populate.pl
--- smbldap-tools-0.9.5/smbldap-populate.pl	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/smbldap-populate.pl	2011-09-06 12:06:13.000000000 +0200
@@ -0,0 +1,553 @@
+#!@PERL_CMD@
+
+# $Id$
+
+#  This code was developped by Jerome Tournier (jtournier@gmail.com) and
+#  contributors (their names can be found in the CONTRIBUTORS file).
+
+#  This was first contributed by IDEALX (http://www.opentrust.com/)
+
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+#  Purpose :
+#       . Create an initial LDAP database suitable for Samba 3
+#       . For lazy people, replace ldapadd (with only an ldif parameter)
+
+use strict;
+use warnings;
+use FindBin qw($RealBin);
+use smbldap_tools;
+use Getopt::Std;
+use Net::LDAP qw(LDAP_NO_SUCH_OBJECT);
+use Net::LDAP::LDIF;
+use Net::LDAP::Entry;
+
+my %oc_by_attr = (
+      "dc" =>			"dcObject",
+      "o" =>			"organization",
+      "ou" =>			"organizationalUnit",
+      "cn" =>			"organizationalRole",
+      "sambaDomainName" =>	"sambaDomain",
+);
+
+my %Options;
+
+my $ok = getopts('a:b:e:g:i:k:l:m:r:R:u:?', \%Options);
+if ( (!$ok) || ($Options{'?'}) ) {
+    print_banner;
+    print "Usage: $0 [-abegiklmru?] [ldif]\n";
+    print "  -a user	administrator login name (default: root)\n";
+    print "  -b user	guest login name (default: nobody)\n";
+    print "  -e file	export ldif file\n";
+    print "  -g gidNumber	first uidNumber to allocate (default: 1000)\n";
+    print "  -i file	import ldif file\n";
+    print "  -k uidNumber	administrator's uidNumber (default: 0)\n";
+    print "  -l uidNumber	guest's uidNumber (default: 999)\n";
+    print "  -m gidNumber	administrator's gidNumber (default: 0)\n";
+    print "  -r ridNumber	first sambaNextRid to allocate (default: 1000)\n";
+    print "  -R ridBase		sambaAlgorithmicRidBase (none)\n";
+    print "  -u uidNumber	first uidNumber to allocate (default: 1000)\n";
+    print "  -?		show this help message\n";
+
+    exit (1);
+}
+
+# sanity checks
+my $domain = $config{sambaDomain};
+if (! defined $domain) {
+    print STDERR "error: domain name not found !\n";
+    print STDERR "possible reasons are:\n";
+    print STDERR ". incorrect 'sambaDomain' parameter in smbldap.conf\n";
+    print STDERR ". incorrect 'samba_conf' definition in smbldap_tools.pm\n";
+    die;
+}
+
+my $firstuidNumber=$Options{'u'};
+if (!defined($firstuidNumber)) {
+    $firstuidNumber=1000;
+}
+
+my $firstgidNumber=$Options{'g'};
+if (!defined($firstgidNumber)) {
+    $firstgidNumber=1000;
+}
+
+my $firstridNumber=$Options{'r'};
+if (!defined($firstridNumber)) {
+    $firstridNumber=1000;
+}
+
+my $algorithmicRidBase = $Options{'R'};
+
+my $adminName = $Options{'a'};
+if (!defined($adminName)) {
+    $adminName = "root";
+}
+
+my $guestName = $Options{'b'};
+if (!defined($guestName)) {
+    $guestName = "nobody";
+}
+
+my $adminUidNumber=$Options{'k'};
+my $adminRid = 500;
+if (!defined($adminUidNumber)) {
+    $adminUidNumber = 0;
+} else {
+    if (defined($algorithmicRidBase)) {
+	## For backward compatibility with smbldap-tools 0.9.6 and older
+	$adminRid = 2 * $adminUidNumber + $algorithmicRidBase;
+    }
+}
+
+my $guestUidNumber=$Options{'l'};
+my $guestRid = 501;
+if (!defined($guestUidNumber)) {
+    $guestUidNumber = "999";
+} else {
+    if (defined($algorithmicRidBase)) {
+	## For backward compatibility with smbldap-tools 0.9.6 and older
+	$guestRid = 2 * $guestUidNumber + $algorithmicRidBase;
+    }
+}
+
+my $adminGidNumber=$Options{'m'};
+if (!defined($adminGidNumber)) {
+    $adminGidNumber = "0";
+}
+
+print "Populating LDAP directory for domain $domain ($config{SID})\n";
+
+my $entries_iter;
+
+if (my $file = $Options{'i'}) {
+    my $ldif = Net::LDAP::LDIF->new($file, "r", onerror => 'undef') or
+	die "Cannot open file: $file: $!";
+    $entries_iter = sub {
+	return $ldif->read_entry;
+    };
+} else {
+    my @entries;
+    my $entry;
+
+    print "(using builtin directory structure)\n\n";
+
+    unless ($config{suffix} =~ /^([^=]+)=([^,]+)/) {
+	die "Cannot extract first attr and value from suffix: $config{suffix}";
+    }
+    my $suffix_attr = $1;
+    my $suffix_val = $2;
+    my $suffix_oc = $oc_by_attr{$suffix_attr};
+    if (!defined($suffix_oc)) {
+	die "Cannot determine object class for suffix entry: $config{suffix}";
+    }
+
+    $entry = Net::LDAP::Entry->new($config{suffix},
+	objectClass => $suffix_oc,
+	$suffix_attr => $suffix_val,
+    );
+    if ($config{suffix} =~ m/(?:^|,)dc=([^,]+)/) {
+	$entry->add(
+	    objectClass => "organization",
+	    o => $1,
+	);
+    }
+    push(@entries, $entry);
+
+    my @config_dn = @config{
+	qw(usersdn groupsdn computersdn idmapdn sambaDomaindn sambaUnixIdPooldn)
+    };
+    my %entry_by_dn = ();
+
+    for my $config_dn (@config_dn) {
+	my $prefix = $config_dn;
+	$prefix =~ s/,\Q$config{suffix}\E$//i;
+
+	my $dn = $config{suffix};
+	for my $node (reverse(split(/,/, $prefix))) {
+	    $dn = "$node,$dn";
+	    next if ($entry_by_dn{$dn});
+
+	    unless ($node =~ /^([^=]+)=([^,]*)$/) {
+		die "Cannot extract first attr and value for entry: $dn";
+	    }
+	    my $attr = $1;
+	    my $val = $2;
+	    my $oc = $oc_by_attr{$attr};
+	    if (!defined($oc)) {
+		die "Cannot determine object class for entry: $dn";
+	    }
+
+	    $entry = Net::LDAP::Entry->new($dn,
+		objectClass => $oc,
+		$attr => $val,
+	    );
+
+	    ## Add attribute required by object class
+	    $entry->add(sambaSID => $config{SID}) if ($oc eq 'sambaDomain');
+	    $entry->add(sn => $val) if ($oc eq 'inetOrgPerson');
+
+	    push(@entries, $entry);
+	    $entry_by_dn{$dn} = $entry;
+	}
+    }
+
+    $entry = $entry_by_dn{$config{sambaDomaindn}};
+    if (defined($algorithmicRidBase)) {
+	$entry->add(sambaAlgorithmicRidBase => $algorithmicRidBase);
+    } else {
+	$entry->add(sambaNextRid => $firstridNumber);
+    }
+
+    $entry_by_dn{$config{sambaUnixIdPooldn}}->add(
+	objectClass =>	"sambaUnixIdPool",
+	uidNumber =>	$firstuidNumber,
+	gidNumber =>	$firstgidNumber,
+    );
+
+    $entry = Net::LDAP::Entry->new("uid=$adminName,$config{usersdn}",
+	objectClass =>	[qw(top person organizationalPerson inetOrgPerson sambaSAMAccount posixAccount)],
+	uid =>		$adminName,
+	cn =>		$adminName,
+	sn =>		$adminName,
+	gidNumber =>	$adminGidNumber,
+	uidNumber =>	$adminUidNumber,
+    );
+    if ($config{shadowAccount}) {
+	$entry->add(objectClass => "shadowAccount");
+    }
+    if (defined $config{userHome} and $config{userHome} ne "") {
+	my $userHome=$config{userHome};
+	$userHome=~s/\%U/$adminName/;
+	$entry->add(homeDirectory => $userHome);
+    } else {
+	$entry->add(homeDirectory => "/nonexistent");
+    }
+    $entry->add(
+	sambaPwdLastSet =>	0,
+	sambaLogonTime =>	0,
+	sambaLogoffTime =>	2147483647,
+	sambaKickoffTime =>	2147483647,
+	sambaPwdCanChange =>	0,
+	sambaPwdMustChange =>	2147483647,
+    );
+    if (defined $config{userSmbHome} and $config{userSmbHome} ne "") {
+	my $userSmbHome = $config{userSmbHome};
+	$userSmbHome =~ s/\%U/$adminName/;
+	$entry->add(sambaHomePath => $userSmbHome);
+    }
+    if (defined $config{userHomeDrive} and $config{userHomeDrive} ne "") {
+	$entry->add(sambaHomeDrive => $config{userHomeDrive});
+    }
+    if (defined $config{userProfile} and $config{userProfile} ne "") {
+	my $userProfile = $config{userProfile};
+	$userProfile =~ s/\%U/$adminName/;
+	$entry->add(sambaProfilePath => $userProfile);
+    }
+    $entry->add(
+	sambaPrimaryGroupSID =>	"$config{SID}-512",
+	sambaLMPassword =>	"XXX",
+	sambaNTPassword =>	"XXX",
+	sambaAcctFlags =>	"[U          ]",
+	sambaSID =>		"$config{SID}-$adminRid",
+	loginShell =>		"/bin/false",
+	gecos =>		"Netbios Domain Administrator",
+    );
+    push(@entries, $entry);
+
+    $entry = Net::LDAP::Entry->new("uid=$guestName,$config{usersdn}",
+	objectClass => [qw(top person organizationalPerson inetOrgPerson sambaSAMAccount posixAccount)],
+	cn =>			$guestName,
+	sn =>			$guestName,
+	gidNumber =>		514,
+	uid =>			$guestName,
+	uidNumber =>		$guestUidNumber,
+	homeDirectory =>	"/nonexistent",
+	sambaPwdLastSet =>	0,
+	sambaLogonTime =>	0,
+	sambaLogoffTime =>	2147483647,
+	sambaKickoffTime =>	2147483647,
+	sambaPwdCanChange =>	0,
+	sambaPwdMustChange =>	2147483647,
+    );
+    if ($config{shadowAccount}) {
+	$entry->add(objectClass => "shadowAccount");
+    }
+    if (defined $config{userSmbHome} and $config{userSmbHome} ne "") {
+	my $userSmbHome = $config{userSmbHome};
+	$userSmbHome =~ s/\%U/$guestName/;
+	$entry->add(sambaHomePath => $userSmbHome);
+    }
+    if (defined $config{userHomeDrive} and $config{userHomeDrive} ne "") {
+	$entry->add(sambaHomeDrive => $config{userHomeDrive});
+    }
+    if (defined $config{userProfile} and $config{userProfile} ne "") {
+	my $userProfile=$config{userProfile};
+	$userProfile=~s/\%U/$guestName/;
+	$entry->add(sambaProfilePath => $userProfile);
+    }
+    $entry->add(
+	sambaPrimaryGroupSID => "$config{SID}-514",
+	sambaLMPassword =>	"NO PASSWORDXXXXXXXXXXXXXXXXXXXXX",
+	sambaNTPassword =>	"NO PASSWORDXXXXXXXXXXXXXXXXXXXXX",
+	# account disabled by default
+	sambaAcctFlags =>	"[NUD        ]",
+	sambaSID =>		"$config{SID}-$guestRid",
+	loginShell =>		"/bin/false",
+    );
+    push(@entries, $entry);
+
+    $entry = Net::LDAP::Entry->new("cn=Domain Admins,$config{groupsdn}",
+	objectClass => [qw(top posixGroup sambaGroupMapping)],
+	cn =>		"Domain Admins",
+	gidNumber =>	512,
+	memberUid =>	$adminName,
+	description =>	"Netbios Domain Administrators",
+	sambaSID =>	"$config{SID}-512",
+	sambaGroupType =>2,
+	displayName =>	"Domain Admins",
+    );
+    push(@entries, $entry);
+
+    $entry = Net::LDAP::Entry->new("cn=Domain Users,$config{groupsdn}",
+	objectClass => [qw(top posixGroup sambaGroupMapping)],
+	cn =>		"Domain Users",
+	gidNumber =>	513,
+	description =>	"Netbios Domain Users",
+	sambaSID =>	"$config{SID}-513",
+	sambaGroupType =>2,
+	displayName =>	"Domain Users",
+    );
+    push(@entries, $entry);
+
+    $entry = Net::LDAP::Entry->new("cn=Domain Guests,$config{groupsdn}",
+	objectClass => [qw(top posixGroup sambaGroupMapping)],
+	cn =>		"Domain Guests",
+	gidNumber =>	514,
+	description =>	"Netbios Domain Guests Users",
+	sambaSID =>	"$config{SID}-514",
+	sambaGroupType =>2,
+	displayName =>	"Domain Guests",
+    );
+    push(@entries, $entry);
+
+    $entry = Net::LDAP::Entry->new("cn=Domain Computers,$config{groupsdn}",
+	objectClass => [qw(top posixGroup sambaGroupMapping)],
+	cn =>		"Domain Computers",
+	gidNumber =>	515,
+	description =>	"Netbios Domain Computers accounts",
+	sambaSID =>	"$config{SID}-515",
+	sambaGroupType =>2,
+	displayName =>	"Domain Computers",
+    );
+    push(@entries, $entry);
+
+    $entry = Net::LDAP::Entry->new("cn=Administrators,$config{groupsdn}",
+	objectClass => [qw(top posixGroup sambaGroupMapping)],
+	cn =>		"Administrators",
+	gidNumber =>	544,
+	description =>	"Netbios Domain Members can fully administer the computer/sambaDomainName",
+	sambaSID =>	"S-1-5-32-544",
+	sambaGroupType => 4,
+	displayName =>	"Administrators",
+    );
+    push(@entries, $entry);
+
+#    $entry = Net::LDAP::Entry->new("cn=Users,$config{groupsdn}",
+#	objectClass => [qw(top posixGroup sambaGroupMapping)],
+#	gidNumber =>	545,
+#	cn =>		"Users",
+#	description =>	"Netbios Domain Ordinary users",
+#	sambaSID =>	"S-1-5-32-545",
+#	sambaGroupType =>	4,
+#	displayName =>	"users",
+#    );
+#    push(@entries, $entry);
+
+#    $entry = Net::LDAP::Entry->new("cn=Guests,$config{groupsdn}",
+#	objectClass => [qw(top posixGroup sambaGroupMapping)],
+#	gidNumber =>	546,
+#	cn =>		"Guests",
+#	memberUid =>	$guestName,
+#	description =>	"Netbios Domain Users granted guest access to the computer/sambaDomainName",
+#	sambaSID =>	"S-1-5-32-546",
+#	sambaGroupType =>	4,
+#	displayName =>	"Guests",
+#    );
+#    push(@entries, $entry);
+
+#    $entry = Net::LDAP::Entry->new("cn=Power Users,$config{groupsdn}",
+#	objectClass => [qw(top posixGroup sambaGroupMapping)],
+#	gidNumber =>	547,
+#	cn =>		"Power Users",
+#	description =>	"Netbios Domain Members can share directories and printers",
+#	sambaSID =>	"S-1-5-32-547",
+#	sambaGroupType =>	4,
+#	displayName =>	"Power Users",
+#    );
+#    push(@entries, $entry);
+
+    $entry = Net::LDAP::Entry->new("cn=Account Operators,$config{groupsdn}",
+	objectClass => [qw(top posixGroup sambaGroupMapping)],
+	cn =>		"Account Operators",
+	gidNumber =>	548,
+	description =>	"Netbios Domain Users to manipulate users accounts",
+	sambaSID =>	"S-1-5-32-548",
+	sambaGroupType =>	4,
+	displayName =>	"Account Operators",
+    );
+    push(@entries, $entry);
+
+#    $entry = Net::LDAP::Entry->new("cn=System Operators,$config{groupsdn}",
+#	objectClass => [qw(top posixGroup sambaGroupMapping)],
+#	gidNumber =>	549,
+#	cn =>		"System Operators",
+#	description =>	"Netbios Domain System Operators",
+#	sambaSID =>	"S-1-5-32-549",
+#	sambaGroupType =>	4,
+#	displayName =>	"System Operators",
+#    );
+#    push(@entries, $entry);
+
+    $entry = Net::LDAP::Entry->new("cn=Print Operators,$config{groupsdn}",
+	objectClass =>	[qw(top posixGroup sambaGroupMapping)],
+	cn =>		"Print Operators",
+	gidNumber =>	550,
+	description =>	"Netbios Domain Print Operators",
+	sambaSID =>	"S-1-5-32-550",
+	sambaGroupType =>	4,
+	displayName =>	"Print Operators",
+    );
+    push(@entries, $entry);
+
+    $entry = Net::LDAP::Entry->new("cn=Backup Operators,$config{groupsdn}",
+	objectClass =>	[qw(top posixGroup sambaGroupMapping)],
+	cn =>		"Backup Operators",
+	gidNumber =>	551,
+	description =>	"Netbios Domain Members can bypass file security to back up files",
+	sambaSID =>	"S-1-5-32-551",
+	sambaGroupType =>	4,
+	displayName =>	"Backup Operators",
+    );
+    push(@entries, $entry);
+
+    $entry = Net::LDAP::Entry->new("cn=Replicators,$config{groupsdn}",
+	objectClass => [qw(top posixGroup sambaGroupMapping)],
+	cn =>		"Replicators",
+	gidNumber =>	552,
+	description =>	"Netbios Domain Supports file replication in a sambaDomainName",
+	sambaSID =>	"S-1-5-32-552",
+	sambaGroupType =>	4,
+	displayName =>	"Replicators",
+    );
+    push(@entries, $entry);
+
+    $entries_iter = sub {
+	return shift(@entries);
+    };
+}
+
+if (my $file = $Options{'e'}) {
+    open my $file_fh, ">$file" or die "Cannot open file: $file: $!";
+    while (my $entry = $entries_iter->()) {
+	$file_fh->print($entry->ldif);
+    }
+    print "exported ldif file: $file\n";
+    exit(0);
+}
+
+my $ldap_master=connect_ldap_master();
+while (my $entry = $entries_iter->()) {
+    my $dn = $entry->dn;
+    # we first check if the entry exist
+    my $mesg = $ldap_master->search(
+	base => $dn,
+	scope => "base",
+	filter => "objectclass=*"
+    );
+    if ($mesg->code && $mesg->code != LDAP_NO_SUCH_OBJECT) {
+	die "failed to search entry: ", $mesg->error;
+    }
+    if ($mesg->count == 1) {
+	print "entry $dn already exist. ";
+	if ($dn eq $config{sambaUnixIdPooldn}) {
+	    print "Updating it...\n";
+	    my @mods;
+	    foreach my $attr_tmp ($entry->attributes) {
+		push(@mods,$attr_tmp=>[$entry->get_value("$attr_tmp")]);
+	    }
+	    my $modify = $ldap_master->modify($dn,
+		'replace' => { @mods },
+	    );
+	    $modify->code && warn "failed to modify entry: ", $modify->error ;
+	} else {
+	    print "\n";
+	}
+    } else {
+	print "adding new entry: $dn\n";
+	my $result=$ldap_master->add($entry);
+	$result->code && warn "failed to add entry: ", $result->error ;
+    }
+}
+$ldap_master->unbind;
+
+# secure the admin account
+print "\nPlease provide a password for the domain $adminName: \n";
+system("$RealBin/smbldap-passwd", $adminName);
+
+exit(0);
+
+
+########################################
+
+=head1 NAME
+
+smbldap-populate - Populate your LDAP database
+
+=head1 SYNOPSIS
+
+smbldap-populate [ldif-file]
+
+=head1 DESCRIPTION
+
+The smbldap-populate command helps to populate an LDAP server by adding the necessary entries : base suffix (doesn't abort if already there), organizational units for users, groups and computers, builtin users : Administrator and guest, builtin groups (though posixAccount only, no SambaTNG support).
+
+-a name
+Your local administrator login name (default: root)
+
+-b name
+Your local guest login name (default: nobody)
+
+-e file
+export an ldif file
+
+-i file
+import an ldif file (Options -a and -b will be ignored)
+
+=head1 FILES
+
+@SYSCONFDIR@/smbldap.conf : main configuration
+@SYSCONFDIR@/smbldap_bind.conf : credentials for binding to the directory
+
+=head1 SEE ALSO
+
+smb.conf(5)
+
+=cut
+
+#'
+
+
+
+# - The End
diff -Nru smbldap-tools-0.9.5/smbldap_tools.pl smbldap-tools-0.9.7/smbldap_tools.pl
--- smbldap-tools-0.9.5/smbldap_tools.pl	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/smbldap_tools.pl	2011-09-06 11:24:37.000000000 +0200
@@ -0,0 +1,1639 @@
+#!@PERL_CMD@
+
+# $Id$
+
+#  This code was developped by Jerome Tournier (jtournier@gmail.com) and
+#  contributors (their names can be found in the CONTRIBUTORS file).
+
+#  This was first contributed by IDEALX (http://www.opentrust.com/)
+#
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+use strict;
+use warnings;
+
+package smbldap_tools;
+use Encode;
+use POSIX qw(:termios_h);
+use IO::File;
+use Net::LDAP;
+use Net::LDAP::Extension::SetPassword;
+use Crypt::SmbHash;
+use Digest::MD5 qw(md5);
+use Digest::SHA1 qw(sha1);
+use MIME::Base64 qw(encode_base64);
+
+use constant true => 1;
+use constant false => 0;
+
+my %conf_renamed_by = (
+    password_hash =>			'hash_encrypt',
+    password_crypt_salt_format =>	'crypt_salt_format',
+);
+
+my $smbldap_conf =
+    $ENV{'SMBLDAP_CONF'} ||
+    '@sysconfdir@/smbldap.conf';
+my $smbldap_bind_conf =
+    $ENV{'SMBLDAP_BIND_CONF'} ||
+    '@sysconfdir@/smbldap_bind.conf';
+my $samba_conf =
+    $ENV{'SMBLDAP_SMB_CONF'} ||
+    $ENV{'SMB_CONF_PATH'} ||
+    '@SAMBA_SYSCONFDIR@/smb.conf';
+my $samba_bindir =
+    $ENV{'SMBLDAP_SAMBA_BINDIR'} ||
+    '@SAMBA_BINDIR@';
+
+use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
+use Exporter;
+$VERSION = 1.00;
+
+@ISA = qw(Exporter);
+use vars qw(%config $ldap);
+
+@EXPORT = qw(
+  get_user_dn
+  get_group_dn
+  is_group_member
+  is_samba_user
+  is_unix_user
+  is_nonldap_unix_user
+  is_user_valid
+  does_sid_exist
+  get_dn_from_line
+  add_posix_machine
+  add_samba_machine
+  add_samba_machine_smbpasswd
+  group_add_user
+  add_grouplist_user
+  disable_user
+  delete_user
+  group_add
+  group_del
+  get_homedir
+  read_user
+  read_user_human_readable
+  read_user_entry
+  read_group
+  read_group_entry
+  read_group_entry_gid
+  find_groups_of
+  parse_group
+  group_remove_member
+  group_get_members
+  get_user_dn2
+  connect_ldap_master
+  connect_ldap_slave
+  group_name_by_type
+  group_type_by_name
+  subst_configvar
+  read_conf
+  read_parameter
+  subst_user
+  split_arg_comma
+  list_union
+  list_minus
+  account_by_sid
+  user_next_uid
+  user_next_rid
+  group_next_uid
+  group_next_rid
+  print_banner
+  getDomainName
+  getLocalSID
+  utf8Encode
+  utf8Decode
+  password_read
+  password_set
+  shadow_update
+  nsc_invalidate
+  %config
+);
+
+sub print_banner {
+    print STDERR
+      "(c) Jerome Tournier - (jtournier\@gmail.com)- Licensed under the GPL\n"
+      unless $config{no_banner};
+}
+
+sub read_parameter {
+    my $line = shift;
+    ## check for a param = value
+    if ( $line =~ /=/ ) {
+        my ( $param, $val );
+        if ( $line =~ /\s*(.*?)\s*=\s*"(.*)"/ ) {
+            ( $param, $val ) = ($1, $2);
+        }
+        elsif ( $line =~ /\s*(.*?)\s*=\s*'(.*)'/ ) {
+            ( $param, $val ) = ($1, $2);
+        }
+        else {
+            ( $param, $val ) = $line =~ /\s*(.*?)\s*=\s*(.*)/;
+        }
+        return ( $param, $val );
+    }
+}
+
+sub subst_configvar {
+    my $value = shift;
+    my $vars  = shift;
+
+    $value =~ s/\$\{([^}]+)\}/$vars->{$1} ? $vars->{$1} : $1/eg;
+    return $value;
+}
+
+sub read_conf {
+    my %conf;
+    open( CONFIGFILE, "$smbldap_conf" )
+      || die "Unable to open $smbldap_conf for reading !\n";
+    while (<CONFIGFILE>) {
+        chomp($_);
+        ## throw away comments
+        next if ( /^\s*#/ || /^\s*$/ || /^\s*\;/ );
+        ## check for a param = value
+        my ( $parameter, $value ) = read_parameter($_);
+        $value = &subst_configvar( $value, \%conf );
+        $conf{$parameter} = $value;
+    }
+    close(CONFIGFILE);
+
+    if ( $< == 0 ) {
+        open( CONFIGFILE, "$smbldap_bind_conf" )
+          || die "Unable to open $smbldap_bind_conf for reading !\n";
+        while (<CONFIGFILE>) {
+            chomp($_);
+            ## throw away comments
+            next if ( /^\s*#/ || /^\s*$/ || /^\s*\;/ );
+            ## check for a param = value
+            my ( $parameter, $value ) = read_parameter($_);
+            $value = &subst_configvar( $value, \%conf );
+            $conf{$parameter} = $value;
+        }
+        close(CONFIGFILE);
+    }
+    else {
+        $conf{slaveDN} = $conf{slavePw} = $conf{masterDN} = $conf{masterPw} =
+          "";
+    }
+
+    while (my ($new, $old) = each(%conf_renamed_by)) {
+	if (exists($conf{$old})) {
+	    $conf{$new} = delete($conf{$old});
+	}
+    }
+
+    # automatically find SID
+    if ( not $conf{SID} ) {
+        $conf{SID} = getLocalSID()
+          || die
+"Unable to determine domain SID: please edit your smbldap.conf, or start your samba server for a few minutes to allow for SID generation to proceed\n";
+    }
+    return (%conf);
+}
+
+sub read_smbconf {
+    my %conf;
+    my $smbconf = "$samba_conf";
+    open( CONFIGFILE, "$smbconf" )
+      || die "Unable to open $smbconf for reading !\n";
+    my $global   = 0;
+    my $prevline = "";
+    while (<CONFIGFILE>) {
+        chomp;
+        if (/^(.*)\\$/) {
+            $prevline .= $1;
+            next;
+        }
+        $_        = $prevline . $_;
+        $prevline = "";
+        if (/^\[global\]/) {
+            $global = 1;
+        }
+        if ( $global == 1 ) {
+            if ( /^\[/ and !/\[global\]/ ) {
+                $global = 0;
+            }
+            else {
+                ## throw away comments
+                #next if ( ! /workgroup/i );
+                next if ( /^\s*#/ || /^\s*$/ || /^\s*\;/ || /\[/ );
+                ## check for a param = value
+                my ( $parameter, $value ) = read_parameter($_);
+                $value = &subst_configvar( $value, \%conf );
+                $conf{$parameter} = $value;
+            }
+        }
+    }
+    close(CONFIGFILE);
+    return (%conf);
+}
+my %smbconf = read_smbconf();
+
+sub getLocalSID {
+    open my $fh, "-|" or exec("$samba_bindir/netx", "getlocalsid") || exit(1);
+
+    my $line = <$fh>;
+    if (!defined($line)) {
+	die "Failed to get SID from Samba net command";
+    }
+
+    my ($sid) = ($line =~ m/^SID for domain \S+ is: (\S+)$/);
+    if (!defined($sid)) {
+	die "Samba net command returns invalid output: $line";
+    }
+
+    return $sid;
+}
+
+# let's read the configurations file...
+%config = (
+    masterLDAP =>		'127.0.0.1',
+    masterPort =>		389,
+    slaveLDAP =>		'127.0.0.1',
+    slavePort =>		389,
+    ldapTLS =>			false,
+    ldapSSL =>			false,
+    password_hash =>		'SSHA',
+    password_crypt_salt_format=>'%s',
+    shadowAccount =>		true,
+    nscd =>			"/usr/sbin/nscd",
+    userHomeDirectoryMode =>	"0700",
+    read_conf(),
+);
+
+## Backward compatibility with 0.8.4 and older
+if (!exists($config{userHome}) && exists($config{userHomePrefix})) {
+    $config{userHome} = "$config{userHomePrefix}/%U";
+}
+
+sub get_parameter {
+
+# this function return the value for a parameter. The name of the parameter can be either this
+# defined in smb.conf or smbldap.conf
+    my $parameter_smb     = shift;
+    my $parameter_smbldap = shift;
+    if ( defined $config{$parameter_smbldap}
+        and $config{$parameter_smbldap} ne "" )
+    {
+        return $config{$parameter_smbldap};
+    }
+    elsif ( defined $smbconf{$parameter_smb}
+        and $smbconf{$parameter_smb} ne "" )
+    {
+        return $smbconf{$parameter_smb};
+    }
+    else {
+
+#print "could not find parameter's value (parameter given: $parameter_smbldap or $parameter_smb) !!\n";
+        undef $smbconf{$parameter_smb};
+    }
+
+}
+
+$config{sambaDomain} = get_parameter( "workgroup",        "sambaDomain" );
+$config{suffix}      = get_parameter( "ldap suffix",      "suffix" );
+$config{usersdn}     = get_parameter( "ldap user suffix", "usersdn" );
+if ( $config{usersdn} !~ m/,/ ) {
+    $config{usersdn} = $config{usersdn} . "," . $config{suffix};
+}
+$config{groupsdn} = get_parameter( "ldap group suffix", "groupsdn" );
+if ( $config{groupsdn} !~ m/,/ ) {
+    $config{groupsdn} = $config{groupsdn} . "," . $config{suffix};
+}
+$config{computersdn} = get_parameter( "ldap machine suffix", "computersdn" );
+if ( $config{computersdn} !~ m/,/ ) {
+    $config{computersdn} = $config{computersdn} . "," . $config{suffix};
+}
+$config{idmapdn} = get_parameter( "ldap idmap suffix", "idmapdn" );
+if ( defined $config{idmapdn} ) {
+    if ( $config{idmapdn} !~ m/,/ ) {
+        $config{idmapdn} = $config{idmapdn} . "," . $config{suffix};
+    }
+}
+
+$config{sambaDomaindn} = "sambaDomainName=$config{sambaDomain},$config{suffix}";
+$config{sambaUnixIdPooldn} ||= $config{sambaDomaindn};
+
+if ( $config{ldapSSL} == 1 and $config{ldapTLS} == 1 ) {
+    die "Both options ldapSSL and ldapTLS could not be activated\n";
+}
+
+sub connect_ldap_master {
+    my $mesg;
+
+    # bind to a directory with dn and password
+    my $ldap_master;
+    if ( $config{ldapSSL} ) {
+        $ldap_master = Net::LDAP->new(
+            "ldaps://$config{masterLDAP}:$config{masterPort}",
+            verify => "$config{verify}",
+            cafile => "$config{cafile}"
+        ) or die "LDAP error: Can't contact master ldap server with SSL ($@)";
+    }
+    else {
+        $ldap_master = Net::LDAP->new(
+            "$config{masterLDAP}",
+            port    => "$config{masterPort}",
+            version => 3,
+            timeout => 60,
+
+            # debug => 0xffff,
+          )
+          or die
+          "erreur LDAP: Can't contact master ldap server for writing ($@)";
+    }
+    if ( $config{ldapTLS} == 1 ) {
+        $mesg = $ldap_master->start_tls(
+            verify     => "$config{verify}",
+            clientcert => "$config{clientcert}",
+            clientkey  => "$config{clientkey}",
+            cafile     => "$config{cafile}"
+        );
+        if ( $mesg->code ) {
+            die( "Could not start_tls: " . $mesg->error );
+        }
+    }
+    $mesg = $ldap_master->bind( "$config{masterDN}",
+        password => "$config{masterPw}" );
+    $ldap = $ldap_master;
+    return ($ldap_master);
+}
+
+sub connect_ldap_slave {
+    my $mesg;
+    my $conf_cert;
+    my $ldap_slave;
+    if ( $config{ldapSSL} == 1 ) {
+        $ldap_slave = Net::LDAP->new(
+            "ldaps://$config{slaveLDAP}:$config{slavePort}",
+            verify => "$config{verify}",
+            cafile => "$config{cafile}"
+          )
+          or warn
+"LDAP error: Can't contact slave ldap server with SSL ($@)\n=>trying to contact the master server\n";
+    }
+    else {
+        $ldap_slave = Net::LDAP->new(
+            "$config{slaveLDAP}",
+            port    => "$config{slavePort}",
+            version => 3,
+            timeout => 60,
+
+            # debug => 0xffff,
+          )
+          or warn
+"erreur LDAP: Can't contact slave ldap server ($@)\n=>trying to contact the master server\n";
+    }
+    if ( !$ldap_slave ) {
+
+        # connection to the slave failed: trying to contact the master ...
+        $ldap_slave      = connect_ldap_master();
+        $config{slaveDN} = $config{masterDN};
+        $config{slavePw} = $config{masterPw};
+    }
+    elsif ( $config{ldapTLS} == 1 ) {
+        $mesg = $ldap_slave->start_tls(
+            verify     => "$config{verify}",
+            clientcert => "$config{clientcert}",
+            clientkey  => "$config{clientkey}",
+            cafile     => "$config{cafile}"
+        );
+        if ( $mesg->code ) {
+            die( "Could not start_tls: " . $mesg->error );
+        }
+    }
+    $ldap_slave->bind( "$config{slaveDN}", password => "$config{slavePw}" );
+    $ldap = $ldap_slave;
+    return ($ldap_slave);
+}
+
+sub get_user_dn {
+    my $user = shift;
+    my $dn   = '';
+    my $mesg = $ldap->search(
+        base   => $config{suffix},
+        scope  => $config{scope},
+        filter => "(&(objectclass=posixAccount)(uid=$user))"
+    );
+    $mesg->code && die $mesg->error;
+    foreach my $entry ( $mesg->all_entries ) {
+        $dn = $entry->dn;
+    }
+    chomp($dn);
+    if ( $dn eq '' ) {
+        return undef;
+    }
+    $dn = "dn: " . $dn;
+    return $dn;
+}
+
+sub get_user_dn2 {
+    my $user = shift;
+    my $dn   = '';
+    my $mesg = $ldap->search(
+        base   => $config{suffix},
+        scope  => $config{scope},
+        filter => "(&(objectclass=posixAccount)(uid=$user))"
+    );
+    $mesg->code && warn "failed to perform search; ", $mesg->error;
+
+    foreach my $entry ( $mesg->all_entries ) {
+        $dn = $entry->dn;
+    }
+    chomp($dn);
+    if ( $dn eq '' ) {
+        return ( 1, undef );
+    }
+    $dn = "dn: " . $dn;
+    return ( 1, $dn );
+}
+
+sub get_group_dn {
+    my $group = shift;
+    my $dn    = '';
+    my $filter;
+    if ( $group =~ /^\d+$/ ) {
+        $filter = "(&(objectclass=posixGroup)(|(cn=$group)(gidNumber=$group)))";
+    }
+    else {
+        $filter = "(&(objectclass=posixGroup)(cn=$group))";
+    }
+    my $mesg = $ldap->search(
+        base   => $config{groupsdn},
+        scope  => $config{scope},
+        filter => $filter
+    );
+    $mesg->code && die $mesg->error;
+    foreach my $entry ( $mesg->all_entries ) {
+        $dn = $entry->dn;
+    }
+    chomp($dn);
+    if ( $dn eq '' ) {
+        return undef;
+    }
+    $dn = "dn: " . $dn;
+    return $dn;
+}
+
+# return (success, dn)
+# bool = is_samba_user($username)
+sub is_samba_user {
+    my $user = shift;
+    my $mesg = $ldap->search(
+        base   => $config{suffix},
+        scope  => $config{scope},
+        filter => "(&(objectClass=sambaSamAccount)(uid=$user))"
+    );
+    $mesg->code && die $mesg->error;
+    return ( $mesg->count ne 0 );
+}
+
+sub is_unix_user {
+    my $user = shift;
+    my $mesg = $ldap->search(
+        base   => $config{suffix},
+        scope  => $config{scope},
+        filter => "(&(objectClass=posixAccount)(uid=$user))"
+    );
+    $mesg->code && die $mesg->error;
+    return ( $mesg->count ne 0 );
+}
+
+sub is_nonldap_unix_user {
+    my $user = shift;
+    my $uid  = getpwnam($user);
+
+    if ($uid) {
+        return 1;
+    }
+    else {
+        return 0;
+    }
+}
+
+sub is_group_member {
+    my $dn_group = shift;
+    my $user     = shift;
+    my $mesg     = $ldap->search(
+        base   => $dn_group,
+        scope  => 'base',
+        filter => "(&(memberUid=$user))"
+    );
+    $mesg->code && die $mesg->error;
+    return ( $mesg->count ne 0 );
+}
+
+# all entries = does_sid_exist($sid,$config{scope})
+sub does_sid_exist {
+    my $sid      = shift;
+    my $dn_group = shift;
+    my $mesg     = $ldap->search(
+        base   => $dn_group,
+        scope  => $config{scope},
+        filter => "(sambaSID=$sid)"
+    );
+    $mesg->code && die $mesg->error;
+    return ($mesg);
+}
+
+# try to bind with user dn and password to validate current password
+sub is_user_valid {
+    my ( $user, $dn, $pass ) = @_;
+    my $userLdap = Net::LDAP->new(
+        "$config{slaveLDAP}",
+        port    => "$config{slavePort}",
+        version => 3,
+        timeout => 60
+      )
+      or warn
+"erreur LDAP: Can't contact slave ldap server ($@)\n=>trying to contact the master server\n";
+    if ( !$userLdap ) {
+
+        # connection to the slave failed: trying to contact the master ...
+        $userLdap = Net::LDAP->new(
+            "$config{masterLDAP}",
+            port    => "$config{masterPort}",
+            version => 3,
+            timeout => 60
+        ) or die "erreur LDAP: Can't contact master ldap server ($@)\n";
+    }
+    if ($userLdap) {
+        if ( $config{ldapTLS} == 1 ) {
+            $userLdap->start_tls(
+                verify     => "$config{verify}",
+                clientcert => "$config{clientcert}",
+                clientkey  => "$config{clientkey}",
+                cafile     => "$config{cafile}"
+            );
+        }
+        my $mesg = $userLdap->bind( dn => $dn, password => $pass );
+        if ( $mesg->code eq 0 ) {
+            $userLdap->unbind;
+            return 1;
+        }
+        else {
+            if ( $userLdap->bind() ) {
+                $userLdap->unbind;
+                return 0;
+            }
+            else {
+                print(
+"The LDAP directory is not available.\n Check the server, cables ..."
+                );
+                $userLdap->unbind;
+                return 0;
+            }
+            die "Problem : contact your administrator";
+        }
+    }
+}
+
+# dn = get_dn_from_line ($dn_line)
+# helper to get "a=b,c=d" from "dn: a=b,c=d"
+sub get_dn_from_line {
+    my $dn = shift;
+    $dn =~ s/^dn: //;
+    return $dn;
+}
+
+# success = add_posix_machine($user, $uid, $gid)
+sub add_posix_machine {
+    my ( $user, $uid, $gid, $wait ) = @_;
+    if ( !defined $wait ) {
+        $wait = 0;
+    }
+
+    # bind to a directory with dn and password
+    my $add = $ldap->add(
+        "uid=$user,$config{computersdn}",
+        attr => [
+
+#'objectclass' => ['top', 'person', 'organizationalPerson', 'inetOrgPerson', 'posixAccount'],
+            'objectclass' => [ 'top', 'account', 'posixAccount' ],
+            'cn'          => "$user",
+
+            #'sn'   => "$user",
+            'uid'           => "$user",
+            'uidNumber'     => "$uid",
+            'gidNumber'     => "$gid",
+            'homeDirectory' => '/nonexistent',
+            'loginShell'    => '/bin/false',
+            'description'   => 'Computer',
+            'gecos'         => 'Computer',
+        ]
+    );
+
+    $add->code && warn "failed to add entry: ", $add->error;
+    sleep($wait);
+    return 1;
+}
+
+# success = add_samba_machine_smbpasswd($computername)
+sub add_samba_machine_smbpasswd {
+    my $user = shift;
+    system($config{smbpasswd}, "-a", "-m", $user);
+    return 1;
+}
+
+sub add_samba_machine {
+    my ( $user, $uid ) = @_;
+    my $sambaSID = 2 * $uid + 1000;
+    my $name     = $user;
+    $name =~ s/.$//s;
+
+    my ( $lmpassword, $ntpassword ) = ntlmgen $name;
+    my $modify = $ldap->modify(
+        "uid=$user,$config{computersdn}",
+        changes => [
+
+#replace => [objectClass => ['inetOrgPerson', 'posixAccount', 'sambaSAMAccount']],
+            replace => [ objectClass => [ 'posixAccount', 'sambaSAMAccount' ] ],
+            add => [ sambaPwdLastSet      => '0' ],
+            add => [ sambaLogonTime       => '0' ],
+            add => [ sambaLogoffTime      => '2147483647' ],
+            add => [ sambaKickoffTime     => '2147483647' ],
+            add => [ sambaPwdCanChange    => '0' ],
+            add => [ sambaPwdMustChange   => '0' ],
+            add => [ sambaAcctFlags       => '[W          ]' ],
+            add => [ sambaLMPassword      => "$lmpassword" ],
+            add => [ sambaNTPassword      => "$ntpassword" ],
+            add => [ sambaSID             => "$config{SID}-$sambaSID" ],
+            add => [ sambaPrimaryGroupSID => "$config{SID}-0" ]
+        ]
+    );
+
+    $modify->code && die "failed to add entry: ", $modify->error;
+
+    return 1;
+}
+
+sub group_add_user {
+    my ( $group, $userid ) = @_;
+    my $members = '';
+    my $dn_line = get_group_dn($group);
+    if ( !defined( get_group_dn($group) ) ) {
+        print "$0: group \"$group\" doesn't exist\n";
+        exit(6);
+    }
+    if ( !defined($dn_line) ) {
+        return 1;
+    }
+    my $dn = get_dn_from_line("$dn_line");
+
+    # on look if the user is already present in the group
+    my $is_member = is_group_member( $dn, $userid );
+    if ( $is_member == 1 ) {
+        print "User \"$userid\" already member of the group \"$group\".\n";
+    }
+    else {
+
+     # bind to a directory with dn and password
+     # It does not matter if the user already exist, Net::LDAP will add the user
+     # if he does not exist, and ignore him if his already in the directory.
+        my $modify =
+          $ldap->modify( "$dn",
+            changes => [ add => [ memberUid => $userid ] ] );
+        $modify->code && die "failed to modify entry: ", $modify->error;
+    }
+}
+
+sub group_del {
+    my $group_dn = shift;
+
+    # bind to a directory with dn and password
+    my $modify = $ldap->delete($group_dn);
+    $modify->code && die "failed to delete group : ", $modify->error;
+}
+
+sub add_grouplist_user {
+    my ( $grouplist, $user ) = @_;
+    my @array = split( /,/, $grouplist );
+    foreach my $group (@array) {
+        group_add_user( $group, $user );
+    }
+}
+
+sub disable_user {
+    my $user = shift;
+    my $dn_line;
+    my $dn = get_dn_from_line($dn_line);
+
+    if ( !defined( $dn_line = get_user_dn($user) ) ) {
+        print "$0: user $user doesn't exist\n";
+        exit(10);
+    }
+    my $modify =
+      $ldap->modify( "$dn",
+        changes => [ replace => [ userPassword => '{crypt}!x' ] ] );
+    $modify->code && die "failed to modify entry: ", $modify->error;
+
+    if ( is_samba_user($user) ) {
+        my $modify =
+          $ldap->modify( "$dn",
+            changes => [ replace => [ sambaAcctFlags => '[D       ]' ] ] );
+        $modify->code && die "failed to modify entry: ", $modify->error;
+    }
+}
+
+# delete_user($user)
+sub delete_user {
+    my $user = shift;
+    my $dn_line;
+
+    if ( !defined( $dn_line = get_user_dn($user) ) ) {
+        print "$0: user $user doesn't exist\n";
+        exit(10);
+    }
+    my $dn     = get_dn_from_line($dn_line);
+    my $modify = $ldap->delete($dn);
+    $modify->code && die "failed to delete entry: ", $modify->error;
+}
+
+# $gid = group_add($groupname, $group_gid, $force_using_existing_gid)
+sub group_add {
+    my ( $gname, $gid, $force ) = @_;
+
+    nsc_invalidate("group");
+
+    if ( !defined($gid) ) {
+        $gid = group_next_gid();
+    }
+    else {
+        if ( !defined($force) ) {
+            if ( defined( getgrgid($gid) ) ) {
+                return undef;
+            }
+        }
+    }
+    my $modify = $ldap->add(
+        "cn=$gname,$config{groupsdn}",
+        attrs => [
+            objectClass => [ 'top', 'posixGroup' ],
+            cn          => "$gname",
+            gidNumber   => "$gid"
+        ]
+    );
+
+    $modify->code && die "failed to add entry: ", $modify->error;
+    return $gid;
+}
+
+# $homedir = get_homedir ($user)
+sub get_homedir {
+    my $user    = shift;
+    my $homeDir = '';
+    my $entry;
+    my $mesg = $ldap->search(
+        base   => $config{usersdn},
+        scope  => $config{scope},
+        filter => "(&(objectclass=posixAccount)(uid=$user))"
+    );
+    $mesg->code && die $mesg->error;
+
+    my $nb = $mesg->count;
+    if ( $nb > 1 ) {
+        print "Aborting: there are $nb existing user named $user\n";
+        foreach $entry ( $mesg->all_entries ) {
+            my $dn = $entry->dn;
+            print "  $dn\n";
+        }
+        exit(4);
+    }
+    else {
+        $entry   = $mesg->shift_entry();
+        $homeDir = $entry->get_value("homeDirectory");
+    }
+
+    chomp $homeDir;
+    if ( $homeDir eq '' ) {
+        return undef;
+    }
+    return $homeDir;
+}
+
+# search for an user
+sub read_user {
+    my $user  = shift;
+    my $lines = '';
+    my $mesg  = $ldap->search(    # perform a search
+        base   => $config{suffix},
+        scope  => $config{scope},
+        filter => "(&(objectclass=posixAccount)(uid=$user))"
+    );
+
+    $mesg->code && die $mesg->error;
+    foreach my $entry ( $mesg->all_entries ) {
+        $lines .= "dn: " . $entry->dn . "\n";
+        foreach my $attr ( $entry->attributes ) {
+            my @vals = $entry->get_value($attr);
+#	    my $val_utf8 = eval {
+#		Encode::decode_utf8($val, Encode::FB_CROAK);
+#	    };
+#	    $val = "**UNPRINTABLE**" if ($@ || $val_utf8 =~ /\P{IsPrint}/);
+            $lines .= $attr . ": " . join( ',', @vals ) . "\n";
+        }
+    }
+    chomp $lines;
+    if ( $lines eq '' ) {
+        return undef;
+    }
+    return $lines;
+}
+
+# search for an user and print in a human readable format
+sub read_user_human_readable {
+    my $user  = shift;
+    my $lines = '';
+    my $mesg  = $ldap->search(    # perform a search
+        base   => $config{suffix},
+        scope  => $config{scope},
+        filter => "(&(objectclass=posixAccount)(uid=$user))"
+    );
+
+    $mesg->code && die $mesg->error;
+    foreach my $entry ( $mesg->all_entries ) {
+        $lines .= "dn: " . $entry->dn . "\n";
+        foreach my $attr ( $entry->attributes ) {
+            my @vals = $entry->get_value($attr);
+            foreach my $val (@vals) {
+		my $val_utf8 = eval {
+		    Encode::decode_utf8($val, Encode::FB_CROAK);
+		};
+		$val = "**UNPRINTABLE**" if ($@ || $val_utf8 =~ /\P{IsPrint}/);
+            }
+            if (   $attr eq "sambaPwdLastSet"
+                or $attr eq "sambaPwdCanChange"
+                or $attr eq "sambaPwdMustChange"
+                or $attr eq "sambaLogoffTime"
+                or $attr eq "sambaKickoffTime" )
+            {
+                my ( $sec, $min, $hour, $mday, $mon, $year, $wday, $yday ) =
+                  gmtime( $entry->get_value($attr) );
+                $year += 1900;
+                $mon  += 1;
+                $lines .= $attr . ": $year/$mon/$mday\n";
+            }
+            elsif ( $attr eq "shadowLastChange" or $attr eq "shadowExpire" ) {
+                my ( $sec, $min, $hour, $mday, $mon, $year, $wday, $yday ) =
+                  gmtime( $entry->get_value($attr) * 24 * 60 * 60 );
+                $year += 1900;
+                $mon  += 1;
+                $lines .= $attr . ": $year/$mon/$mday\n";
+            }
+            else {
+                $lines .= $attr . ": " . join( ',', @vals ) . "\n";
+            }
+        }
+    }
+    chomp $lines;
+    if ( $lines eq '' ) {
+        return undef;
+    }
+    return $lines;
+}
+
+# search for a user
+# return the attributes in an array
+sub read_user_entry {
+    my $user = shift;
+    my $mesg = $ldap->search(    # perform a search
+        base   => $config{suffix},
+        scope  => $config{scope},
+        filter => "(&(objectclass=posixAccount)(uid=$user))"
+    );
+
+    $mesg->code && die $mesg->error;
+    my $entry = $mesg->entry();
+    return $entry;
+}
+
+# search for a group
+sub read_group {
+    my $user  = shift;
+    my $lines = '';
+    my $mesg  = $ldap->search(    # perform a search
+        base   => $config{groupsdn},
+        scope  => $config{scope},
+        filter => "(&(objectclass=posixGroup)(cn=$user))"
+    );
+
+    $mesg->code && die $mesg->error;
+    foreach my $entry ( $mesg->all_entries ) {
+        $lines .= "dn: " . $entry->dn . "\n";
+        foreach my $attr ( $entry->attributes ) {
+            {
+                $lines .=
+                  $attr . ": " . join( ',', $entry->get_value($attr) ) . "\n";
+            }
+        }
+    }
+    chomp $lines;
+    if ( $lines eq '' ) {
+        return undef;
+    }
+    return $lines;
+}
+
+# find groups of a given user
+##### MODIFIE ########
+sub find_groups_of {
+    my $user   = shift;
+    my @groups = ();
+    my $mesg   = $ldap->search(    # perform a search
+        base   => $config{groupsdn},
+        scope  => $config{scope},
+        filter => "(&(objectclass=posixGroup)(memberuid=$user))"
+    );
+    $mesg->code && die $mesg->error;
+
+    my $entry;
+    while ( $entry = $mesg->shift_entry() ) {
+        push( @groups, scalar( $entry->get_value('cn') ) );
+    }
+    return (@groups);
+}
+
+sub read_group_entry {
+    my $group = shift;
+    my $entry;
+    my %res;
+    my $mesg = $ldap->search(    # perform a search
+        base   => $config{groupsdn},
+        scope  => $config{scope},
+        filter => "(&(objectclass=posixGroup)(cn=$group))"
+    );
+
+    $mesg->code && die $mesg->error;
+    my $nb = $mesg->count;
+    if ( $nb > 1 ) {
+        print "Error: $nb groups exist \"cn=$group\"\n";
+        foreach $entry ( $mesg->all_entries ) {
+            my $dn = $entry->dn;
+            print "  $dn\n";
+        }
+        exit 11;
+    }
+    else {
+        $entry = $mesg->shift_entry();
+    }
+    return $entry;
+}
+
+sub read_group_entry_gid {
+    my $group = shift;
+    my %res;
+    my $mesg = $ldap->search(    # perform a search
+        base   => $config{groupsdn},
+        scope  => $config{scope},
+        filter => "(&(objectclass=posixGroup)(gidNumber=$group))"
+    );
+
+    $mesg->code && die $mesg->error;
+    my $entry = $mesg->shift_entry();
+    return $entry;
+}
+
+# return the gidnumber for a group given as name or gid
+# -1 : bad group name
+# -2 : bad gidnumber
+sub parse_group {
+    my $userGidNumber = shift;
+    if ( $userGidNumber =~ /[^\d]/ ) {
+
+        # make a search based on the group name
+        my $gname = $userGidNumber;
+        my $mesg  = $ldap->search(    # perform a search
+            base   => $config{groupsdn},
+            scope  => $config{scope},
+            filter => "(&(objectclass=posixGroup)(cn=$gname))"
+        );
+        $mesg->code && die $mesg->error;
+        my $entry = $mesg->shift_entry();
+        my $gidnum;
+        if ($entry) {
+            $gidnum = $entry->get_value('gidNumber');
+
+            #my $gidnum = getgrnam($gname);
+        }
+        else {
+            $gidnum = "";
+        }
+        if ( $gidnum !~ /\d+/ ) {
+            return -1;
+        }
+        else {
+            $userGidNumber = $gidnum;
+        }
+    }
+    else {
+
+        # make a search based on the group gidNumber
+        # we check that the gidNumber is attributed to a real group
+        my $mesg = $ldap->search(    # perform a search
+            base   => $config{groupsdn},
+            scope  => $config{scope},
+            filter => "(&(objectclass=posixGroup)(gidNumber=$userGidNumber))"
+        );
+        $mesg->code && die $mesg->error;
+        my $entry = $mesg->shift_entry();
+        if ( !$entry ) {
+            return -2;
+        }
+    }
+    return $userGidNumber;
+}
+
+# remove $user from $group
+sub group_remove_member {
+    my ( $group, $user ) = @_;
+    my $members  = '';
+    my $grp_line = get_group_dn($group);
+    if ( !defined($grp_line) ) {
+        return 0;
+    }
+    my $dn = get_dn_from_line($grp_line);
+
+    # we test if the user exist in the group
+    my $is_member = is_group_member( $dn, $user );
+    if ( $is_member == 1 ) {
+
+        # delete only the user from the group
+        my $modify =
+          $ldap->modify( "$dn",
+            changes => [ delete => [ memberUid => ["$user"] ] ] );
+        $modify->code && die "failed to delete entry: ", $modify->error;
+    }
+    return 1;
+}
+
+sub group_get_members {
+    my ($group) = @_;
+    my $members;
+    my @resultat;
+    my $grp_line = get_group_dn($group);
+    if ( !defined($grp_line) ) {
+        return 0;
+    }
+    my $mesg = $ldap->search(
+        base   => $config{groupsdn},
+        scope  => $config{scope},
+        filter => "(&(objectclass=posixgroup)(cn=$group))"
+    );
+    $mesg->code && die $mesg->error;
+    foreach my $entry ( $mesg->all_entries ) {
+        foreach my $attr ( $entry->attributes ) {
+            if ( $attr =~ /\bmemberUid\b/ ) {
+                foreach my $ent ( $entry->get_value($attr) ) {
+                    push( @resultat, $ent );
+                }
+            }
+        }
+    }
+    return @resultat;
+}
+
+sub group_name_by_type {
+    my $groupmap = shift;
+    my %type_name  = (
+	2 => 'domain',
+	4 => 'local',
+	5 => 'builtin'
+    );
+    return $type_name{$groupmap};
+}
+
+sub group_type_by_name {
+    my $type_name = shift;
+    my %groupmap  = (
+        'domain'  => 2,
+        'local'   => 4,
+        'builtin' => 5
+    );
+    return $groupmap{$type_name};
+}
+
+sub subst_user {
+    my ( $str, $username ) = @_;
+    $str =~ s/%U/$username/ if ($str);
+    return ($str);
+}
+
+# all given mails are stored in a table (remove the comma separated)
+sub split_arg_comma {
+    my $arg = shift;
+    my @args;
+    if ( defined($arg) ) {
+        if ( $arg eq '-' ) {
+            @args = ();
+        }
+        else {
+            @args = split( /\s*,\s*/, $arg );
+        }
+    }
+    return (@args);
+}
+
+sub list_union {
+    my ( $list1, $list2 ) = @_;
+    my @res = @$list1;
+    foreach my $e (@$list2) {
+        if ( !grep( $_ eq $e, @$list1 ) ) {
+            push( @res, $e );
+        }
+    }
+    return @res;
+}
+
+sub list_minus {
+    my ( $list1, $list2 ) = @_;
+    my @res = ();
+    foreach my $e (@$list1) {
+        if ( !grep( $_ eq $e, @$list2 ) ) {
+            push( @res, $e );
+        }
+    }
+    return @res;
+}
+
+sub account_next_id
+{
+    my $attr = shift;
+    my $domain = shift || $config{sambaDomain};
+    my $checker = shift;
+
+    my $base =  $config{sambaUnixIdPooldn};
+    my $oc = "sambaUnixIdPool";
+    my $filter = "(objectClass=sambaUnixIdPool)";
+    my $scope = "base";
+    my $id_bias = 0;
+    if ($attr =~ /rid$/i) {
+	$base = $config{suffix};
+	$oc = "sambaDomain";
+	$filter = "(&(objectClass=sambaDomain)(sambaDomainName=$domain))",
+	$scope = "sub";
+	## NOTE: sambaNextRid has "latest RID", not "next RID"!
+	$id_bias = 1;
+    }
+
+    for (;;) {
+	my $search = $ldap->search(
+	    base   => $base,
+	    filter => $filter,
+	    scope  => $scope,
+	    attrs => [$attr],
+	);
+	if ($search->code) {
+	    die "Failed to search $oc to get next $attr: " .
+		$search->error;
+	}
+	if ($search->count != 1) {
+	    die "Failed to find $oc to get next $attr";
+	}
+
+	my $entry = $search->entry(0);
+	my $id = $entry->get_value($attr);
+
+	my $modify = $ldap->modify($entry->dn,
+	    changes => [ replace => [ $attr=> $id + 1 ] ]
+	);
+	if ($modify->code) {
+	    die "Failed to update $attr in $oc: " .
+		$modify->error;
+	}
+
+	$id += $id_bias;
+	unless ($checker && !$checker->($id)) {
+	    return $id;
+	}
+    }
+}
+
+sub account_next_rid
+{
+    my $domain = shift || $config{sambaDomain};
+    my $checker = shift || \&rid_is_free;
+
+    return account_next_id("sambaNextRid", $domain, $checker);
+}
+
+sub account_base_rid
+{
+    my $domain = shift || $config{sambaDomain};
+
+    my $search = $ldap->search(
+	base   => $config{suffix},
+	filter => "(&(objectClass=sambaDomain)(sambaDomainName=$domain))",
+	scope  => "sub",
+	attrs => ["sambaAlgorithmicRidBase", "sambaNextRid"],
+    );
+    if ($search->code) {
+	die "Failed to search sambaDomain object to get sambaAlgorithmicRidBase: " .
+	    $search->error;
+    }
+    if ($search->count != 1) {
+	die "Failed to find sambaDomain object to get sambaAlgorithmicRidBase";
+    }
+
+    my $entry = $search->entry(0);
+    my $rid_base = $entry->get_value("sambaAlgorithmicRidBase");
+    if (!defined($rid_base) && !defined($entry->get_value("sambaNextRid"))) {
+	return 1000;
+    }
+
+    return $rid_base;
+}
+
+sub account_by_sid
+{
+    my $sid = shift;
+
+    my $search = $ldap->search(
+	base => $config{suffix},
+	filter => "(sambaSID=$sid)",
+	scope => "sub",
+    );
+    if ($search->code) {
+	die "Failed to search entries by SID: $sid: " .
+	    $search->error;
+    }
+
+    return ($search->entries)[0];
+}
+
+sub account_by_rid
+{
+    my $rid = shift;
+    my $domain_sid = shift || $config{SID};
+
+    return account_by_sid("$domain_sid-$rid");
+}
+
+sub rid_is_free
+{
+    my $rid = shift;
+    my $domain_sid = shift || $config{SID};
+
+    return !defined(account_by_rid($rid, $domain_sid));
+}
+
+sub user_by_uid
+{
+    my $uid = shift;
+
+    my $search = $ldap->search(
+	base => $config{suffix},
+	filter => "(&(objectClass=posixAccount)(uidNumber=$uid))",
+	scope => "sub",
+    );
+    if ($search->code) {
+	die "Failed to search entries by UID: $uid: " .
+	    $search->error;
+    }
+
+    return ($search->entries)[0];
+}
+
+sub uid_is_free
+{
+    my ($uid) = @_;
+
+    return !defined(user_by_uid($uid));
+}
+
+sub user_next_uid
+{
+    my $domain = shift || $config{sambaDomain};
+    my $checker = shift || \&uid_is_free;
+
+    return account_next_id("uidNumber", $domain, $checker);
+}
+
+sub user_next_rid
+{
+    my $uid = shift;
+    my $domain = shift || $config{sambaDomain};
+    my $checker = shift || \&rid_is_free;
+
+    if (defined(my $rid_base = account_base_rid($domain))) {
+	## Use legacy algorithmic RID generator
+	return $uid * 2 + $rid_base;
+    }
+
+    return account_next_rid($domain, $checker);
+}
+
+sub group_by_gid
+{
+    my $gid = shift;
+
+    my $search = $ldap->search(
+	base => $config{suffix},
+	filter => "(&(objectClass=posixGroup)(gidNumber=$gid))",
+	scope => "sub",
+    );
+    if ($search->code) {
+	die "Failed to search entries by GID: $gid: " .
+	    $search->error;
+    }
+
+    return ($search->entries)[0];
+}
+
+sub gid_is_free
+{
+    my ($gid) = @_;
+
+    return !defined(group_by_gid($gid));
+}
+
+sub group_next_gid
+{
+    my $domain = shift || $config{sambaDomain};
+    my $checker = shift || \&gid_is_free;
+
+    return account_next_id("gidNumber", $domain, $checker);
+}
+
+sub group_next_rid
+{
+    my $gid = shift;
+    my $domain = shift || $config{sambaDomain};
+    my $checker = shift || \&rid_is_free;
+
+    if (defined(my $rid_base = account_base_rid($domain))) {
+	## Use legacy algorithmic RID generator
+	return $gid * 2 + $rid_base + 1;
+    }
+
+    return account_next_rid($domain, $checker);
+}
+
+sub utf8Encode {
+    my $encoding = shift;
+    my $string = shift;
+
+    if ($encoding eq "UTF-8") {
+	return $string;
+    }
+
+    Encode::from_to($string, $encoding, "UTF-8");
+
+    return $string;
+}
+
+sub utf8Decode {
+    my $encoding = shift;
+    my $string = shift;
+
+    if ($encoding eq "UTF-8") {
+	return $string;
+    }
+
+    Encode::from_to($string, "UTF-8", $encoding);
+
+    return $string;
+}
+
+sub password_read
+{
+    my ($prompt, $timeout) = @_;
+
+    my $termios = POSIX::Termios->new;
+    my $term_flag = defined($termios->getattr(STDIN->fileno)) ?
+	$termios->getlflag : undef;
+
+    my $pass;
+    for (;;) {
+	my $sig_handlers_orig = {};
+	my $sig_sent = {};
+	my $sig_hander = sub { $sig_sent->{shift(@_)} = 1; die; };
+
+	for my $sig_name qw(ALRM INT HUP QUIT TERM TSTP TTIN TTOU) {
+	    $sig_handlers_orig->{$sig_name} = $SIG{$sig_name};
+	    $SIG{$sig_name} = $sig_hander;
+	}
+	$sig_handlers_orig->{'PIPE'} = $SIG{'PIPE'};
+	$SIG{'PIPE'} = 'IGNORE';
+
+	print $prompt if (defined($prompt));
+	$pass = eval {
+	    if ($term_flag && $term_flag & ECHO) {
+		$termios->setlflag($term_flag & ~ECHO);
+		$termios->setattr(STDIN->fileno, TCSANOW);
+	    }
+	    alarm($timeout) if ($timeout);
+	    STDIN->getline;
+	};
+	alarm(0) if ($timeout);
+
+	if ($term_flag && $term_flag & ECHO) {
+	    print "\n";
+	    $termios->setlflag($term_flag);
+	    $termios->setattr(STDIN->fileno, TCSANOW);
+	}
+
+	while (my ($sig_name, $sig_handler_orig) = each(%$sig_handlers_orig)) {
+	    $SIG{$sig_name} = $sig_handler_orig || 'DEFAULT';
+	}
+
+	my $restart = false;
+	for my $sig_name (keys %$sig_sent) {
+	    kill($sig_name, $$) unless ($sig_name eq 'ALRM' && $timeout);
+	    $restart = true if ($sig_name =~ /^T(STP|TIN|TOU)$/);
+	}
+	last unless ($restart);
+    }
+
+    chomp($pass) if (defined($pass));
+
+    return $pass;
+}
+
+sub password_set
+{
+    my ($dn, $pass, $pass_old, $hash, $salt_format) = @_;
+    $hash ||= $config{password_hash};
+
+    if ($hash eq "exop") {
+	password_exop($dn, $pass, $pass_old);
+    } else {
+	password_modify($dn, $pass, $pass_old, $hash, $salt_format);
+    }
+
+    shadow_update($dn);
+}
+
+sub password_exop
+{
+    my ($dn, $pass, $pass_old) = @_;
+
+    my %values = (
+      user =>		$dn,
+      newpasswd =>	$pass,
+    );
+    $values{oldpasswd} = $pass_old if (defined($pass_old));
+
+    my $set = $ldap->set_password(%values);
+
+    $set->code && die "Failed to modify UNIX password: ", $set->error;
+}
+
+sub password_modify
+{
+    my ($dn, $pass, $pass_old, $hash, $salt_format) = @_;
+
+    my $pass_hashed = password_hash($pass, $hash, $salt_format);
+
+    my $modify = $ldap->modify ($dn,
+	changes => [
+	    replace => [userPassword => $pass_hashed],
+	]
+    );
+
+    $modify->code && die "Failed to modify UNIX password: ", $modify->error;
+}
+
+sub password_hash
+{
+    my ($pass, $hash, $salt_format) = @_;
+
+    return ($config{with_slappasswd}) ?
+	password_hash_by_slappasswd($pass, $hash, $salt_format) :
+	password_hash_internal($pass, $hash, $salt_format);
+}
+
+# Generates hash to be one of the following RFC 2307 schemes:
+# CRYPT, MD5, SMD5, SHA, SSHA and CLEARTEXT
+sub password_hash_internal
+{
+    my $pass = shift;
+    my $hash = shift || $config{password_hash};
+    my $crypt_salt_format = shift || $config{password_crypt_salt_format};
+
+    my $pass_hashed;
+    if ($hash eq "CLEARTEXT") {
+	return $pass;
+    } elsif ($hash eq "CRYPT") {
+	my $salt = sprintf($crypt_salt_format, password_salt());
+	$pass_hashed = crypt($pass, $salt);
+    } elsif ($hash eq "MD5") {
+	$pass_hashed = encode_base64( md5($pass),'' );
+    } elsif ($hash eq "SMD5") {
+	my $salt = password_salt(4);
+	$pass_hashed = encode_base64(md5($pass . $salt) . $salt, '');
+    } elsif ($hash eq "SHA") {
+	$pass_hashed = encode_base64(sha1($pass), '');
+    } elsif ($hash eq "SSHA") {
+	my $salt = password_salt(4);
+	$pass_hashed = encode_base64(sha1($pass . $salt) . $salt, '');
+    } else {
+	die "Unknown password hash scheme: $hash\n";
+    }
+
+    return "{$hash}$pass_hashed";
+}
+
+sub password_hash_by_slappasswd
+{
+    my $pass = shift;
+    my $hash = shift || $config{password_hash};
+    my $crypt_salt_format = shift || $config{password_crypt_salt_format};
+
+    # checking if password is tainted: nothing is changed!!!!
+    # essential for perl 5.8
+    ($pass =~ /^(.*)$/ and $pass=$1) or
+	die "$0: user password is tainted\n";
+
+    my $pass_hashed;
+
+    if ($hash eq "CLEARTEXT") {
+	return $pass;
+    } elsif ($hash eq "CRYPT") {
+	open BUF, "-|" or
+	    exec "$config{slappasswd}",
+	    "-h","{$hash}",
+	    "-c",$crypt_salt_format,
+	    "-s","$pass";
+	$pass_hashed = <BUF>;
+	close BUF;
+    } else {
+	open(BUF, "-|") or
+	    exec "$config{slappasswd}",
+	    "-h","{$hash}",
+	    "-s","$pass";
+	$pass_hashed = <BUF>;
+	close BUF;
+    }
+
+    defined($pass_hashed) or die "Failed to generate password hash!\n";
+    chomp($pass_hashed);
+    length($pass_hashed) or die "Failed to generate password hash!";
+
+    return $pass_hashed;
+}
+
+# Generates salt
+# Similar to Crypt::Salt module from CPAN
+sub password_salt
+{
+    my $length= shift || 32;
+
+    my @seeds = ('.', '/', 0..9, 'A'..'Z', 'a'..'z');
+    return join "", @seeds[map {rand scalar(@seeds)} (1..$length)];
+}
+
+sub shadow_update
+{
+    if (!$config{shadowAccount}) {
+	return;
+    }
+
+    shadow_update_internal(@_);
+}
+
+sub shadow_update_internal
+{
+    my $dn = shift;
+    my $time = shift || time;
+    my $pass_maxage = shift || $config{defaultMaxPasswordAge};
+
+    my $shadowLastChange = int($time / 86400);
+    my $modify = $ldap->modify ($dn,
+	changes => [
+	    replace => [shadowLastChange => $shadowLastChange],
+	]
+    );
+    $modify->code && die "Failed to modify shadowLastChange: ", $modify->error;
+
+    if (($< == 0) && ($pass_maxage)) {
+	my $modify = $ldap->modify ($dn,
+	    changes => [
+		replace => [shadowMax => $pass_maxage]
+	    ]
+	);
+	$modify->code && die "Failed to modify shadowMax: ", $modify->error;
+    }
+}
+
+sub nsc_invalidate
+{
+    my ($dbname) = @_;
+
+    return unless (defined($config{nscd}) && length($config{nscd}));
+
+    system("\Q$config{nscd}\E -i \Q$dbname\E 2>/dev/null");
+}
+
+1;
diff -Nru smbldap-tools-0.9.5/smbldap_tools.pm smbldap-tools-0.9.7/smbldap_tools.pm
--- smbldap-tools-0.9.5/smbldap_tools.pm	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/smbldap_tools.pm	1970-01-01 01:00:00.000000000 +0100
@@ -1,1230 +0,0 @@
-#!/usr/bin/perl -w
-
-#  This code was developped by Jerome Tournier (jtournier@gmail.com) and
-#  contributors (their names can be found in the CONTRIBUTORS file).
-
-#  This was first contributed by IDEALX (http://www.opentrust.com/)
-#
-#  This program is free software; you can redistribute it and/or
-#  modify it under the terms of the GNU General Public License
-#  as published by the Free Software Foundation; either version 2
-#  of the License, or (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-#  USA.
-
-use strict;
-
-package smbldap_tools;
-use Net::LDAP;
-use Crypt::SmbHash;
-use Unicode::MapUTF8 qw(to_utf8 from_utf8);
-
-my $smbldap_conf;
-if ( -e "/etc/smbldap-tools/smbldap.conf" ) {
-    $smbldap_conf = "/etc/smbldap-tools/smbldap.conf";
-}
-else {
-    $smbldap_conf = "/etc/opt/IDEALX/smbldap-tools/smbldap.conf";
-}
-
-my $smbldap_bind_conf;
-if ( -e "/etc/smbldap-tools/smbldap_bind.conf" ) {
-    $smbldap_bind_conf = "/etc/smbldap-tools/smbldap_bind.conf";
-}
-else {
-    $smbldap_bind_conf = "/etc/opt/IDEALX/smbldap-tools/smbldap_bind.conf";
-}
-my $samba_conf;
-if ( -e "/etc/samba/smb.conf" ) {
-    $samba_conf = "/etc/samba/smb.conf";
-}
-else {
-    $samba_conf = "/usr/local/samba/lib/smb.conf";
-}
-
-use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
-use Exporter;
-$VERSION = 1.00;
-
-@ISA = qw(Exporter);
-use vars qw(%config $ldap);
-
-@EXPORT = qw(
-  get_user_dn
-  get_group_dn
-  is_group_member
-  is_samba_user
-  is_unix_user
-  is_nonldap_unix_user
-  is_user_valid
-  does_sid_exist
-  get_dn_from_line
-  add_posix_machine
-  add_samba_machine
-  add_samba_machine_smbpasswd
-  group_add_user
-  add_grouplist_user
-  disable_user
-  delete_user
-  group_add
-  group_del
-  get_homedir
-  read_user
-  read_user_human_readable
-  read_user_entry
-  read_group
-  read_group_entry
-  read_group_entry_gid
-  find_groups_of
-  parse_group
-  group_remove_member
-  group_get_members
-  do_ldapadd
-  do_ldapmodify
-  get_user_dn2
-  connect_ldap_master
-  connect_ldap_slave
-  group_type_by_name
-  subst_configvar
-  read_config
-  read_parameter
-  subst_user
-  split_arg_comma
-  list_union
-  list_minus
-  get_next_id
-  print_banner
-  getDomainName
-  getLocalSID
-  utf8Encode
-  utf8Decode
-  %config
-);
-
-sub print_banner {
-    print STDERR
-      "(c) Jerome Tournier - (jtournier\@gmail.com)- Licensed under the GPL\n"
-      unless $config{no_banner};
-}
-
-sub read_parameter {
-    my $line = shift;
-    ## check for a param = value
-    if ( $_ =~ /=/ ) {
-        my ( $param, $val );
-        if ( $_ =~ /\s*.*?\s*=\s*".*"/ ) {
-            ( $param, $val ) = /\s*(.*?)\s*=\s*"(.*)"/;
-        }
-        elsif ( $_ =~ /\s*.*?\s*=\s*'.*'/ ) {
-            ( $param, $val ) = /\s*(.*?)\s*=\s*'(.*)'/;
-        }
-        else {
-            ( $param, $val ) = /\s*(.*?)\s*=\s*(.*)/;
-        }
-        return ( $param, $val );
-    }
-}
-
-sub subst_configvar {
-    my $value = shift;
-    my $vars  = shift;
-
-    $value =~ s/\$\{([^}]+)\}/$vars->{$1} ? $vars->{$1} : $1/eg;
-    return $value;
-}
-
-sub read_conf {
-    my %conf;
-    open( CONFIGFILE, "$smbldap_conf" )
-      || die "Unable to open $smbldap_conf for reading !\n";
-    while (<CONFIGFILE>) {
-        chomp($_);
-        ## throw away comments
-        next if ( /^\s*#/ || /^\s*$/ || /^\s*\;/ );
-        ## check for a param = value
-        my ( $parameter, $value ) = read_parameter($_);
-        $value = &subst_configvar( $value, \%conf );
-        $conf{$parameter} = $value;
-    }
-    close(CONFIGFILE);
-
-    if ( $< == 0 ) {
-        open( CONFIGFILE, "$smbldap_bind_conf" )
-          || die "Unable to open $smbldap_bind_conf for reading !\n";
-        while (<CONFIGFILE>) {
-            chomp($_);
-            ## throw away comments
-            next if ( /^\s*#/ || /^\s*$/ || /^\s*\;/ );
-            ## check for a param = value
-            my ( $parameter, $value ) = read_parameter($_);
-            $value = &subst_configvar( $value, \%conf );
-            $conf{$parameter} = $value;
-        }
-        close(CONFIGFILE);
-    }
-    else {
-        $conf{slaveDN} = $conf{slavePw} = $conf{masterDN} = $conf{masterPw} =
-          "";
-    }
-
-    # automatically find SID
-    if ( not $conf{SID} ) {
-        $conf{SID} = getLocalSID()
-          || die
-"Unable to determine domain SID: please edit your smbldap.conf, or start your samba server for a few minutes to allow for SID generation to proceed\n";
-    }
-    return (%conf);
-}
-
-sub read_smbconf {
-    my %conf;
-    my $smbconf = "$samba_conf";
-    open( CONFIGFILE, "$smbconf" )
-      || die "Unable to open $smbconf for reading !\n";
-    my $global   = 0;
-    my $prevline = "";
-    while (<CONFIGFILE>) {
-        chomp;
-        if (/^(.*)\\$/) {
-            $prevline .= $1;
-            next;
-        }
-        $_        = $prevline . $_;
-        $prevline = "";
-        if (/^\[global\]/) {
-            $global = 1;
-        }
-        if ( $global == 1 ) {
-            if ( /^\[/ and !/\[global\]/ ) {
-                $global = 0;
-            }
-            else {
-                ## throw away comments
-                #next if ( ! /workgroup/i );
-                next if ( /^\s*#/ || /^\s*$/ || /^\s*\;/ || /\[/ );
-                ## check for a param = value
-                my ( $parameter, $value ) = read_parameter($_);
-                $value = &subst_configvar( $value, \%conf );
-                $conf{$parameter} = $value;
-            }
-        }
-    }
-    close(CONFIGFILE);
-    return (%conf);
-}
-my %smbconf = read_smbconf();
-
-sub getLocalSID {
-    my $string =
-`LANG= PATH=/opt/IDEALX/bin:/usr/local/bin:/usr/bin:/bin net getlocalsid 2>/dev/null`;
-    my ( $domain, $sid ) = ( $string =~ m/^SID for domain (\S+) is: (\S+)$/ );
-
-    return $sid;
-}
-
-# let's read the configurations file...
-%config = read_conf();
-
-sub get_parameter {
-
-# this function return the value for a parameter. The name of the parameter can be either this
-# defined in smb.conf or smbldap.conf
-    my $parameter_smb     = shift;
-    my $parameter_smbldap = shift;
-    if ( defined $config{$parameter_smbldap}
-        and $config{$parameter_smbldap} ne "" )
-    {
-        return $config{$parameter_smbldap};
-    }
-    elsif ( defined $smbconf{$parameter_smb}
-        and $smbconf{$parameter_smb} ne "" )
-    {
-        return $smbconf{$parameter_smb};
-    }
-    else {
-
-#print "could not find parameter's value (parameter given: $parameter_smbldap or $parameter_smb) !!\n";
-        undef $smbconf{$parameter_smb};
-    }
-
-}
-
-$config{sambaDomain} = get_parameter( "workgroup",        "sambaDomain" );
-$config{suffix}      = get_parameter( "ldap suffix",      "suffix" );
-$config{usersdn}     = get_parameter( "ldap user suffix", "usersdn" );
-if ( $config{usersdn} !~ m/,/ ) {
-    $config{usersdn} = $config{usersdn} . "," . $config{suffix};
-}
-$config{groupsdn} = get_parameter( "ldap group suffix", "groupsdn" );
-if ( $config{groupsdn} !~ m/,/ ) {
-    $config{groupsdn} = $config{groupsdn} . "," . $config{suffix};
-}
-$config{computersdn} = get_parameter( "ldap machine suffix", "computersdn" );
-if ( $config{computersdn} !~ m/,/ ) {
-    $config{computersdn} = $config{computersdn} . "," . $config{suffix};
-}
-$config{idmapdn} = get_parameter( "ldap idmap suffix", "idmapdn" );
-if ( defined $config{idmapdn} ) {
-    if ( $config{idmapdn} !~ m/,/ ) {
-        $config{idmapdn} = $config{idmapdn} . "," . $config{suffix};
-    }
-}
-
-# next uidNumber and gidNumber available are stored in sambaDomainName object
-if ( !defined $config{sambaUnixIdPooldn} ) {
-    $config{sambaUnixIdPooldn} =
-      "sambaDomainName=$config{sambaDomain},$config{suffix}";
-}
-if ( !defined $config{masterLDAP} ) {
-    $config{masterLDAP} = "127.0.0.1";
-}
-if ( !defined $config{masterPort} ) {
-    $config{masterPort} = "389";
-}
-if ( !defined $config{slaveLDAP} ) {
-    $config{slaveLDAP} = "127.0.0.1";
-}
-if ( !defined $config{slavePort} ) {
-    $config{slavePort} = "389";
-}
-if ( !defined $config{ldapTLS} ) {
-    $config{ldapTLS} = "0";
-}
-if ( !defined $config{ldapSSL} ) {
-    $config{ldapSSL} = "0";
-}
-if ( $config{ldapSSL} == 1 and $config{ldapTLS} == 1 ) {
-    print "Both options ldapSSL and ldapTLS could not be activated\n";
-    exit;
-}
-
-sub connect_ldap_master {
-    my $mesg;
-
-    # bind to a directory with dn and password
-    my $ldap_master;
-    if ( $config{ldapSSL} ) {
-        $ldap_master = Net::LDAP->new(
-            "ldaps://$config{masterLDAP}:$config{masterPort}",
-            verify => "$config{verify}",
-            cafile => "$config{cafile}"
-        ) or die "LDAP error: Can't contact master ldap server with SSL ($@)";
-    }
-    else {
-        $ldap_master = Net::LDAP->new(
-            "$config{masterLDAP}",
-            port    => "$config{masterPort}",
-            version => 3,
-            timeout => 60,
-
-            # debug => 0xffff,
-          )
-          or die
-          "erreur LDAP: Can't contact master ldap server for writing ($@)";
-    }
-    if ( $config{ldapTLS} == 1 ) {
-        $mesg = $ldap_master->start_tls(
-            verify     => "$config{verify}",
-            clientcert => "$config{clientcert}",
-            clientkey  => "$config{clientkey}",
-            cafile     => "$config{cafile}"
-        );
-        if ( $mesg->code ) {
-            die( "Could not start_tls: " . $mesg->error );
-        }
-    }
-    $mesg = $ldap_master->bind( "$config{masterDN}",
-        password => "$config{masterPw}" );
-    $ldap = $ldap_master;
-    return ($ldap_master);
-}
-
-sub connect_ldap_slave {
-    my $mesg;
-    my $conf_cert;
-    my $ldap_slave;
-    if ( $config{ldapSSL} == 1 ) {
-        $ldap_slave = Net::LDAP->new(
-            "ldaps://$config{slaveLDAP}:$config{slavePort}",
-            verify => "$config{verify}",
-            cafile => "$config{cafile}"
-          )
-          or warn
-"LDAP error: Can't contact slave ldap server with SSL ($@)\n=>trying to contact the master server\n";
-    }
-    else {
-        $ldap_slave = Net::LDAP->new(
-            "$config{slaveLDAP}",
-            port    => "$config{slavePort}",
-            version => 3,
-            timeout => 60,
-
-            # debug => 0xffff,
-          )
-          or warn
-"erreur LDAP: Can't contact slave ldap server ($@)\n=>trying to contact the master server\n";
-    }
-    if ( !$ldap_slave ) {
-
-        # connection to the slave failed: trying to contact the master ...
-        $ldap_slave      = connect_ldap_master();
-        $config{slaveDN} = $config{masterDN};
-        $config{slavePw} = $config{masterPw};
-    }
-    elsif ( $config{ldapTLS} == 1 ) {
-        $mesg = $ldap_slave->start_tls(
-            verify     => "$config{verify}",
-            clientcert => "$config{clientcert}",
-            clientkey  => "$config{clientkey}",
-            cafile     => "$config{cafile}"
-        );
-        if ( $mesg->code ) {
-            die( "Could not start_tls: " . $mesg->error );
-        }
-    }
-    $ldap_slave->bind( "$config{slaveDN}", password => "$config{slavePw}" );
-    $ldap = $ldap_slave;
-    return ($ldap_slave);
-}
-
-sub get_user_dn {
-    my $user = shift;
-    my $dn   = '';
-    my $mesg = $ldap->search(
-        base   => $config{suffix},
-        scope  => $config{scope},
-        filter => "(&(objectclass=posixAccount)(uid=$user))"
-    );
-    $mesg->code && die $mesg->error;
-    foreach my $entry ( $mesg->all_entries ) {
-        $dn = $entry->dn;
-    }
-    chomp($dn);
-    if ( $dn eq '' ) {
-        return undef;
-    }
-    $dn = "dn: " . $dn;
-    return $dn;
-}
-
-sub get_user_dn2 {
-    my $user = shift;
-    my $dn   = '';
-    my $mesg = $ldap->search(
-        base   => $config{suffix},
-        scope  => $config{scope},
-        filter => "(&(objectclass=posixAccount)(uid=$user))"
-    );
-    $mesg->code && warn "failed to perform search; ", $mesg->error;
-
-    foreach my $entry ( $mesg->all_entries ) {
-        $dn = $entry->dn;
-    }
-    chomp($dn);
-    if ( $dn eq '' ) {
-        return ( 1, undef );
-    }
-    $dn = "dn: " . $dn;
-    return ( 1, $dn );
-}
-
-sub get_group_dn {
-    my $group = shift;
-    my $dn    = '';
-    my $filter;
-    if ( $group =~ /^\d+$/ ) {
-        $filter = "(&(objectclass=posixGroup)(|(cn=$group)(gidNumber=$group)))";
-    }
-    else {
-        $filter = "(&(objectclass=posixGroup)(cn=$group))";
-    }
-    my $mesg = $ldap->search(
-        base   => $config{groupsdn},
-        scope  => $config{scope},
-        filter => $filter
-    );
-    $mesg->code && die $mesg->error;
-    foreach my $entry ( $mesg->all_entries ) {
-        $dn = $entry->dn;
-    }
-    chomp($dn);
-    if ( $dn eq '' ) {
-        return undef;
-    }
-    $dn = "dn: " . $dn;
-    return $dn;
-}
-
-# return (success, dn)
-# bool = is_samba_user($username)
-sub is_samba_user {
-    my $user = shift;
-    my $mesg = $ldap->search(
-        base   => $config{suffix},
-        scope  => $config{scope},
-        filter => "(&(objectClass=sambaSamAccount)(uid=$user))"
-    );
-    $mesg->code && die $mesg->error;
-    return ( $mesg->count ne 0 );
-}
-
-sub is_unix_user {
-    my $user = shift;
-    my $mesg = $ldap->search(
-        base   => $config{suffix},
-        scope  => $config{scope},
-        filter => "(&(objectClass=posixAccount)(uid=$user))"
-    );
-    $mesg->code && die $mesg->error;
-    return ( $mesg->count ne 0 );
-}
-
-sub is_nonldap_unix_user {
-    my $user = shift;
-    my $uid  = getpwnam($user);
-
-    if ($uid) {
-        return 1;
-    }
-    else {
-        return 0;
-    }
-}
-
-sub is_group_member {
-    my $dn_group = shift;
-    my $user     = shift;
-    my $mesg     = $ldap->search(
-        base   => $dn_group,
-        scope  => 'base',
-        filter => "(&(memberUid=$user))"
-    );
-    $mesg->code && die $mesg->error;
-    return ( $mesg->count ne 0 );
-}
-
-# all entries = does_sid_exist($sid,$config{scope})
-sub does_sid_exist {
-    my $sid      = shift;
-    my $dn_group = shift;
-    my $mesg     = $ldap->search(
-        base   => $dn_group,
-        scope  => $config{scope},
-        filter => "(sambaSID=$sid)"
-
-#filter => "(&(objectClass=sambaSAMAccount|objectClass=sambaGroupMapping)(sambaSID=$sid))"
-    );
-    $mesg->code && die $mesg->error;
-    return ($mesg);
-}
-
-# try to bind with user dn and password to validate current password
-sub is_user_valid {
-    my ( $user, $dn, $pass ) = @_;
-    my $userLdap = Net::LDAP->new(
-        "$config{slaveLDAP}",
-        port    => "$config{slavePort}",
-        version => 3,
-        timeout => 60
-      )
-      or warn
-"erreur LDAP: Can't contact slave ldap server ($@)\n=>trying to contact the master server\n";
-    if ( !$userLdap ) {
-
-        # connection to the slave failed: trying to contact the master ...
-        $userLdap = Net::LDAP->new(
-            "$config{masterLDAP}",
-            port    => "$config{masterPort}",
-            version => 3,
-            timeout => 60
-        ) or die "erreur LDAP: Can't contact master ldap server ($@)\n";
-    }
-    if ($userLdap) {
-        if ( $config{ldapTLS} == 1 ) {
-            $userLdap->start_tls(
-                verify     => "$config{verify}",
-                clientcert => "$config{clientcert}",
-                clientkey  => "$config{clientkey}",
-                cafile     => "$config{cafile}"
-            );
-        }
-        my $mesg = $userLdap->bind( dn => $dn, password => $pass );
-        if ( $mesg->code eq 0 ) {
-            $userLdap->unbind;
-            return 1;
-        }
-        else {
-            if ( $userLdap->bind() ) {
-                $userLdap->unbind;
-                return 0;
-            }
-            else {
-                print(
-"The LDAP directory is not available.\n Check the server, cables ..."
-                );
-                $userLdap->unbind;
-                return 0;
-            }
-            die "Problem : contact your administrator";
-        }
-    }
-}
-
-# dn = get_dn_from_line ($dn_line)
-# helper to get "a=b,c=d" from "dn: a=b,c=d"
-sub get_dn_from_line {
-    my $dn = shift;
-    $dn =~ s/^dn: //;
-    return $dn;
-}
-
-# success = add_posix_machine($user, $uid, $gid)
-sub add_posix_machine {
-    my ( $user, $uid, $gid, $wait ) = @_;
-    if ( !defined $wait ) {
-        $wait = 0;
-    }
-
-    # bind to a directory with dn and password
-    my $add = $ldap->add(
-        "uid=$user,$config{computersdn}",
-        attr => [
-
-#'objectclass' => ['top', 'person', 'organizationalPerson', 'inetOrgPerson', 'posixAccount'],
-            'objectclass' => [ 'top', 'account', 'posixAccount' ],
-            'cn'          => "$user",
-
-            #'sn'   => "$user",
-            'uid'           => "$user",
-            'uidNumber'     => "$uid",
-            'gidNumber'     => "$gid",
-            'homeDirectory' => '/dev/null',
-            'loginShell'    => '/bin/false',
-            'description'   => 'Computer',
-            'gecos'         => 'Computer',
-        ]
-    );
-
-    $add->code && warn "failed to add entry: ", $add->error;
-    sleep($wait);
-    return 1;
-}
-
-# success = add_samba_machine_smbpasswd($computername)
-sub add_samba_machine_smbpasswd {
-    my $user = shift;
-    system "smbpasswd -a -m $user";
-    return 1;
-}
-
-sub add_samba_machine {
-    my ( $user, $uid ) = @_;
-    my $sambaSID = 2 * $uid + 1000;
-    my $name     = $user;
-    $name =~ s/.$//s;
-
-    my ( $lmpassword, $ntpassword ) = ntlmgen $name;
-    my $modify = $ldap->modify(
-        "uid=$user,$config{computersdn}",
-        changes => [
-
-#replace => [objectClass => ['inetOrgPerson', 'posixAccount', 'sambaSAMAccount']],
-            replace => [ objectClass => [ 'posixAccount', 'sambaSAMAccount' ] ],
-            add => [ sambaPwdLastSet      => '0' ],
-            add => [ sambaLogonTime       => '0' ],
-            add => [ sambaLogoffTime      => '2147483647' ],
-            add => [ sambaKickoffTime     => '2147483647' ],
-            add => [ sambaPwdCanChange    => '0' ],
-            add => [ sambaPwdMustChange   => '0' ],
-            add => [ sambaAcctFlags       => '[W          ]' ],
-            add => [ sambaLMPassword      => "$lmpassword" ],
-            add => [ sambaNTPassword      => "$ntpassword" ],
-            add => [ sambaSID             => "$config{SID}-$sambaSID" ],
-            add => [ sambaPrimaryGroupSID => "$config{SID}-0" ]
-        ]
-    );
-
-    $modify->code && die "failed to add entry: ", $modify->error;
-
-    return 1;
-}
-
-sub group_add_user {
-    my ( $group, $userid ) = @_;
-    my $members = '';
-    my $dn_line = get_group_dn($group);
-    if ( !defined( get_group_dn($group) ) ) {
-        print "$0: group \"$group\" doesn't exist\n";
-        exit(6);
-    }
-    if ( !defined($dn_line) ) {
-        return 1;
-    }
-    my $dn = get_dn_from_line("$dn_line");
-
-    # on look if the user is already present in the group
-    my $is_member = is_group_member( $dn, $userid );
-    if ( $is_member == 1 ) {
-        print "User \"$userid\" already member of the group \"$group\".\n";
-    }
-    else {
-
-     # bind to a directory with dn and password
-     # It does not matter if the user already exist, Net::LDAP will add the user
-     # if he does not exist, and ignore him if his already in the directory.
-        my $modify =
-          $ldap->modify( "$dn",
-            changes => [ add => [ memberUid => $userid ] ] );
-        $modify->code && die "failed to modify entry: ", $modify->error;
-    }
-}
-
-sub group_del {
-    my $group_dn = shift;
-
-    # bind to a directory with dn and password
-    my $modify = $ldap->delete($group_dn);
-    $modify->code && die "failed to delete group : ", $modify->error;
-}
-
-sub add_grouplist_user {
-    my ( $grouplist, $user ) = @_;
-    my @array = split( /,/, $grouplist );
-    foreach my $group (@array) {
-        group_add_user( $group, $user );
-    }
-}
-
-sub disable_user {
-    my $user = shift;
-    my $dn_line;
-    my $dn = get_dn_from_line($dn_line);
-
-    if ( !defined( $dn_line = get_user_dn($user) ) ) {
-        print "$0: user $user doesn't exist\n";
-        exit(10);
-    }
-    my $modify =
-      $ldap->modify( "$dn",
-        changes => [ replace => [ userPassword => '{crypt}!x' ] ] );
-    $modify->code && die "failed to modify entry: ", $modify->error;
-
-    if ( is_samba_user($user) ) {
-        my $modify =
-          $ldap->modify( "$dn",
-            changes => [ replace => [ sambaAcctFlags => '[D       ]' ] ] );
-        $modify->code && die "failed to modify entry: ", $modify->error;
-    }
-}
-
-# delete_user($user)
-sub delete_user {
-    my $user = shift;
-    my $dn_line;
-
-    if ( !defined( $dn_line = get_user_dn($user) ) ) {
-        print "$0: user $user doesn't exist\n";
-        exit(10);
-    }
-    my $dn     = get_dn_from_line($dn_line);
-    my $modify = $ldap->delete($dn);
-    $modify->code && die "failed to delete entry: ", $modify->error;
-}
-
-# $gid = group_add($groupname, $group_gid, $force_using_existing_gid)
-sub group_add {
-    my ( $gname, $gid, $force ) = @_;
-    my $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";
-    if ( $nscd_status == 0 ) {
-        system "/etc/init.d/nscd stop > /dev/null 2>&1";
-    }
-    if ( !defined($gid) ) {
-
-        #while (defined(getgrgid($config{GID_START}))) {
-        #	$config{GID_START}++;
-        #}
-        #$gid = $config{GID_START};
-        $gid = get_next_id( $config{groupsdn}, "gidNumber" );
-    }
-    else {
-        if ( !defined($force) ) {
-            if ( defined( getgrgid($gid) ) ) {
-                return undef;
-            }
-        }
-    }
-    if ( $nscd_status == 0 ) {
-        system "/etc/init.d/nscd start > /dev/null 2>&1";
-    }
-    my $modify = $ldap->add(
-        "cn=$gname,$config{groupsdn}",
-        attrs => [
-            objectClass => [ 'top', 'posixGroup' ],
-            cn          => "$gname",
-            gidNumber   => "$gid"
-        ]
-    );
-
-    $modify->code && die "failed to add entry: ", $modify->error;
-    return $gid;
-}
-
-# $homedir = get_homedir ($user)
-sub get_homedir {
-    my $user    = shift;
-    my $homeDir = '';
-    my $entry;
-    my $mesg = $ldap->search(
-        base   => $config{usersdn},
-        scope  => $config{scope},
-        filter => "(&(objectclass=posixAccount)(uid=$user))"
-    );
-    $mesg->code && die $mesg->error;
-
-    my $nb = $mesg->count;
-    if ( $nb > 1 ) {
-        print "Aborting: there are $nb existing user named $user\n";
-        foreach $entry ( $mesg->all_entries ) {
-            my $dn = $entry->dn;
-            print "  $dn\n";
-        }
-        exit(4);
-    }
-    else {
-        $entry   = $mesg->shift_entry();
-        $homeDir = $entry->get_value("homeDirectory");
-    }
-
-    chomp $homeDir;
-    if ( $homeDir eq '' ) {
-        return undef;
-    }
-    return $homeDir;
-}
-
-# search for an user
-sub read_user {
-    my $user  = shift;
-    my $lines = '';
-    my $mesg  = $ldap->search(    # perform a search
-        base   => $config{suffix},
-        scope  => $config{scope},
-        filter => "(&(objectclass=posixAccount)(uid=$user))"
-    );
-
-    $mesg->code && die $mesg->error;
-    foreach my $entry ( $mesg->all_entries ) {
-        $lines .= "dn: " . $entry->dn . "\n";
-        foreach my $attr ( $entry->attributes ) {
-            my @vals = $entry->get_value($attr);
-            foreach my $val (@vals) {
-                $val = "**UNPRINTABLE**" if ( $val =~ /[^[:print:]]/ );
-            }
-            $lines .= $attr . ": " . join( ',', @vals ) . "\n";
-        }
-    }
-    chomp $lines;
-    if ( $lines eq '' ) {
-        return undef;
-    }
-    return $lines;
-}
-
-# search for an user and print in a human readable format
-sub read_user_human_readable {
-    my $user  = shift;
-    my $lines = '';
-    my $mesg  = $ldap->search(    # perform a search
-        base   => $config{suffix},
-        scope  => $config{scope},
-        filter => "(&(objectclass=posixAccount)(uid=$user))"
-    );
-
-    $mesg->code && die $mesg->error;
-    foreach my $entry ( $mesg->all_entries ) {
-        $lines .= "dn: " . $entry->dn . "\n";
-        foreach my $attr ( $entry->attributes ) {
-            my @vals = $entry->get_value($attr);
-            foreach my $val (@vals) {
-                $val = "**UNPRINTABLE**" if ( $val =~ /[^[:print:]]/ );
-            }
-            if (   $attr eq "sambaPwdLastSet"
-                or $attr eq "sambaPwdCanChange"
-                or $attr eq "sambaPwdMustChange"
-                or $attr eq "sambaLogoffTime"
-                or $attr eq "sambaKickoffTime" )
-            {
-                my ( $sec, $min, $hour, $mday, $mon, $year, $wday, $yday ) =
-                  gmtime( $entry->get_value($attr) );
-                $year += 1900;
-                $mon  += 1;
-                $lines .= $attr . ": $year/$mon/$mday\n";
-            }
-            elsif ( $attr eq "shadowLastChange" or $attr eq "shadowExpire" ) {
-                my ( $sec, $min, $hour, $mday, $mon, $year, $wday, $yday ) =
-                  gmtime( $entry->get_value($attr) * 24 * 60 * 60 );
-                $year += 1900;
-                $mon  += 1;
-                $lines .= $attr . ": $year/$mon/$mday\n";
-            }
-            else {
-                $lines .= $attr . ": " . join( ',', @vals ) . "\n";
-            }
-        }
-    }
-    chomp $lines;
-    if ( $lines eq '' ) {
-        return undef;
-    }
-    return $lines;
-}
-
-# search for a user
-# return the attributes in an array
-sub read_user_entry {
-    my $user = shift;
-    my $mesg = $ldap->search(    # perform a search
-        base   => $config{suffix},
-        scope  => $config{scope},
-        filter => "(&(objectclass=posixAccount)(uid=$user))"
-    );
-
-    $mesg->code && die $mesg->error;
-    my $entry = $mesg->entry();
-    return $entry;
-}
-
-# search for a group
-sub read_group {
-    my $user  = shift;
-    my $lines = '';
-    my $mesg  = $ldap->search(    # perform a search
-        base   => $config{groupsdn},
-        scope  => $config{scope},
-        filter => "(&(objectclass=posixGroup)(cn=$user))"
-    );
-
-    $mesg->code && die $mesg->error;
-    foreach my $entry ( $mesg->all_entries ) {
-        $lines .= "dn: " . $entry->dn . "\n";
-        foreach my $attr ( $entry->attributes ) {
-            {
-                $lines .=
-                  $attr . ": " . join( ',', $entry->get_value($attr) ) . "\n";
-            }
-        }
-    }
-    chomp $lines;
-    if ( $lines eq '' ) {
-        return undef;
-    }
-    return $lines;
-}
-
-# find groups of a given user
-##### MODIFIE ########
-sub find_groups_of {
-    my $user   = shift;
-    my @groups = ();
-    my $mesg   = $ldap->search(    # perform a search
-        base   => $config{groupsdn},
-        scope  => $config{scope},
-        filter => "(&(objectclass=posixGroup)(memberuid=$user))"
-    );
-    $mesg->code && die $mesg->error;
-
-    my $entry;
-    while ( $entry = $mesg->shift_entry() ) {
-        push( @groups, scalar( $entry->get_value('cn') ) );
-    }
-    return (@groups);
-}
-
-sub read_group_entry {
-    my $group = shift;
-    my $entry;
-    my %res;
-    my $mesg = $ldap->search(    # perform a search
-        base   => $config{groupsdn},
-        scope  => $config{scope},
-        filter => "(&(objectclass=posixGroup)(cn=$group))"
-    );
-
-    $mesg->code && die $mesg->error;
-    my $nb = $mesg->count;
-    if ( $nb > 1 ) {
-        print "Error: $nb groups exist \"cn=$group\"\n";
-        foreach $entry ( $mesg->all_entries ) {
-            my $dn = $entry->dn;
-            print "  $dn\n";
-        }
-        exit 11;
-    }
-    else {
-        $entry = $mesg->shift_entry();
-    }
-    return $entry;
-}
-
-sub read_group_entry_gid {
-    my $group = shift;
-    my %res;
-    my $mesg = $ldap->search(    # perform a search
-        base   => $config{groupsdn},
-        scope  => $config{scope},
-        filter => "(&(objectclass=posixGroup)(gidNumber=$group))"
-    );
-
-    $mesg->code && die $mesg->error;
-    my $entry = $mesg->shift_entry();
-    return $entry;
-}
-
-# return the gidnumber for a group given as name or gid
-# -1 : bad group name
-# -2 : bad gidnumber
-sub parse_group {
-    my $userGidNumber = shift;
-    if ( $userGidNumber =~ /[^\d]/ ) {
-
-        # make a search based on the group name
-        my $gname = $userGidNumber;
-        my $mesg  = $ldap->search(    # perform a search
-            base   => $config{groupsdn},
-            scope  => $config{scope},
-            filter => "(&(objectclass=posixGroup)(cn=$gname))"
-        );
-        $mesg->code && die $mesg->error;
-        my $entry = $mesg->shift_entry();
-        my $gidnum;
-        if ($entry) {
-            $gidnum = $entry->get_value('gidNumber');
-
-            #my $gidnum = getgrnam($gname);
-        }
-        else {
-            $gidnum = "";
-        }
-        if ( $gidnum !~ /\d+/ ) {
-            return -1;
-        }
-        else {
-            $userGidNumber = $gidnum;
-        }
-    }
-    else {
-
-        # make a search based on the group gidNumber
-        # we check that the gidNumber is attributed to a real group
-        my $mesg = $ldap->search(    # perform a search
-            base   => $config{groupsdn},
-            scope  => $config{scope},
-            filter => "(&(objectclass=posixGroup)(gidNumber=$userGidNumber))"
-        );
-        $mesg->code && die $mesg->error;
-        my $entry = $mesg->shift_entry();
-        if ( !$entry ) {
-            return -2;
-        }
-    }
-    return $userGidNumber;
-}
-
-# remove $user from $group
-sub group_remove_member {
-    my ( $group, $user ) = @_;
-    my $members  = '';
-    my $grp_line = get_group_dn($group);
-    if ( !defined($grp_line) ) {
-        return 0;
-    }
-    my $dn = get_dn_from_line($grp_line);
-
-    # we test if the user exist in the group
-    my $is_member = is_group_member( $dn, $user );
-    if ( $is_member == 1 ) {
-
-        # delete only the user from the group
-        my $modify =
-          $ldap->modify( "$dn",
-            changes => [ delete => [ memberUid => ["$user"] ] ] );
-        $modify->code && die "failed to delete entry: ", $modify->error;
-    }
-    return 1;
-}
-
-sub group_get_members {
-    my ($group) = @_;
-    my $members;
-    my @resultat;
-    my $grp_line = get_group_dn($group);
-    if ( !defined($grp_line) ) {
-        return 0;
-    }
-    my $mesg = $ldap->search(
-        base   => $config{groupsdn},
-        scope  => $config{scope},
-        filter => "(&(objectclass=posixgroup)(cn=$group))"
-    );
-    $mesg->code && die $mesg->error;
-    foreach my $entry ( $mesg->all_entries ) {
-        foreach my $attr ( $entry->attributes ) {
-            if ( $attr =~ /\bmemberUid\b/ ) {
-                foreach my $ent ( $entry->get_value($attr) ) {
-                    push( @resultat, $ent );
-                }
-            }
-        }
-    }
-    return @resultat;
-}
-
-sub do_ldapmodify {
-    my $ldif = shift;
-    my $FILE = "|$config{ldapmodify} -r >/dev/null";
-    open( FILE, $FILE ) || die "$!\n";
-    print FILE <<EOF;
-$ldif
-EOF
-    close FILE;
-    my $rc = $?;
-    return $rc;
-}
-
-sub group_type_by_name {
-    my $type_name = shift;
-    my %groupmap  = (
-        'domain'  => 2,
-        'local'   => 4,
-        'builtin' => 5
-    );
-    return $groupmap{$type_name};
-}
-
-sub subst_user {
-    my ( $str, $username ) = @_;
-    $str =~ s/%U/$username/ if ($str);
-    return ($str);
-}
-
-# all given mails are stored in a table (remove the comma separated)
-sub split_arg_comma {
-    my $arg = shift;
-    my @args;
-    if ( defined($arg) ) {
-        if ( $arg eq '-' ) {
-            @args = ();
-        }
-        else {
-            @args = split( /\s*,\s*/, $arg );
-        }
-    }
-    return (@args);
-}
-
-sub list_union {
-    my ( $list1, $list2 ) = @_;
-    my @res = @$list1;
-    foreach my $e (@$list2) {
-        if ( !grep( $_ eq $e, @$list1 ) ) {
-            push( @res, $e );
-        }
-    }
-    return @res;
-}
-
-sub list_minus {
-    my ( $list1, $list2 ) = @_;
-    my @res = ();
-    foreach my $e (@$list1) {
-        if ( !grep( $_ eq $e, @$list2 ) ) {
-            push( @res, $e );
-        }
-    }
-    return @res;
-}
-
-sub get_next_id($$) {
-    my $ldap_base_dn = shift;
-    my $attribute    = shift;
-    my $tries        = 0;
-    my $found        = 0;
-    my $next_uid_mesg;
-    my $nextuid;
-    if ( $ldap_base_dn =~ m/$config{usersdn}/i ) {
-
-        # when adding a new user, we'll check if the uidNumber available is not
-        # already used for a computer's account
-        $ldap_base_dn = $config{suffix};
-    }
-    do {
-        $next_uid_mesg = $ldap->search(
-            base   => $config{sambaUnixIdPooldn},
-            filter => "(objectClass=sambaUnixIdPool)",
-            scope  => "base"
-        );
-        $next_uid_mesg->code
-          && die "Error looking for next uid in "
-          . $config{sambaUnixIdPooldn} . ":"
-          . $next_uid_mesg->error;
-        if ( $next_uid_mesg->count != 1 ) {
-            die "Could not find base dn, to get next $attribute";
-        }
-        my $entry = $next_uid_mesg->entry(0);
-
-        $nextuid = $entry->get_value($attribute);
-        my $modify =
-          $ldap->modify( "$config{sambaUnixIdPooldn}",
-            changes => [ replace => [ $attribute => $nextuid + 1 ] ] );
-        $modify->code && die "Error: ", $modify->error;
-
-      # let's check if the id found is really free (in ou=Groups or ou=Users)...
-        my $check_uid_mesg = $ldap->search(
-            base   => $ldap_base_dn,
-            filter => "($attribute=$nextuid)",
-        );
-        $check_uid_mesg->code
-          && die "Cannot confirm $attribute $nextuid is free";
-        if ( $check_uid_mesg->count == 0 ) {
-
-   # now, look if the id or gid is not already used in /etc/passwd or /etc/group
-            if ( !getpwuid($nextuid) ) {
-                $found = 1;
-                return $nextuid;
-            }
-        }
-        $tries++;
-        print
-"Cannot confirm $attribute $nextuid is free: checking for the next one\n";
-    } while ( $found != 1 );
-    die "Could not allocate $attribute!";
-}
-
-sub utf8Encode {
-    my $arg = shift;
-
-    return to_utf8(
-        -string  => $arg,
-        -charset => 'ISO-8859-1',
-    );
-}
-
-sub utf8Decode {
-    my $arg = shift;
-
-    return from_utf8(
-        -string  => $arg,
-        -charset => 'ISO-8859-1',
-    );
-}
-
-1;
-
diff -Nru smbldap-tools-0.9.5/smbldap-tools.spec smbldap-tools-0.9.7/smbldap-tools.spec
--- smbldap-tools-0.9.5/smbldap-tools.spec	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/smbldap-tools.spec	2011-09-26 09:59:30.000000000 +0200
@@ -1,121 +1,113 @@
-# $Source: $
-%define version 0.9.5
-%define release 1
-%define name	smbldap-tools
-%define _prefix	/usr
+%define name		smbldap-tools
+%define version		0.9.7
+%if 0
+%define pre_version	rc3
+%endif
+%define release		1
 
-Summary:	User & Group administration tools for Samba/LDAP
+Summary:	User and Group administration tools for Samba/LDAP
 Name: 		%{name}
 version: 	%{version}
-Release: 	%{release}
+Release: 	%{?pre_version:0.%{pre_version}.}%{release}
 Group: 		System Environment/Base
-License: 	GPL
+License: 	GPLv2+
 URL:		https://gna.org/projects/smbldap-tools/
-Packager:	Jerome Tournier <jtournier@gmail.com>
-Source0: 	smbldap-tools-%{version}.tgz
-BuildRoot: 	/%{_tmppath}/%{name}
-BuildRequires:	perl >= 5.6
-Requires:	perl >= 5.6
-Prefix:		%{_prefix}
+Packager:	SATOH Fumiyasu
+Source0: 	http://download.gna.org/smbldap-tools/sources/%{version}%{?pre_version}/smbldap-tools-%{version}%{?pre_version}.tar.gz
+BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+BuildRequires:	perl
 BuildArch:	noarch
+Requires:	perl >= 5.8.1
 
 %description
-Smbldap-tools is a set of perl scripts designed to manage user and group 
-accounts stored in an LDAP directory. They can be used both by users and 
-administrators of Linux systems: 
-* administrators can perform users and groups management operations, in a 
-  way similar to the standard useradd or groupmod commands
-* users can change their LDAP password from the command line and get/change
-  personnal informations
+smbldap-tools is a set of perl scripts designed to manage user and group
+accounts stored in an LDAP directory. They can be used both by users and
+administrators of Linux systems:
+
+  * administrators can perform users and groups management operations,
+    in a way similar to the standard useradd or groupmod commands
+  * users can change their LDAP password from the command line and
+    get/change personnal informations
 
 This was first contributed by IDEALX (http://www.opentrust.com/)
 
 %prep
-%setup -q
+%setup -q -n %{name}-%{version}%{?pre_version}
 
 %build
-sed -i "s,/etc/opt/IDEALX/smbldap-tools/,%{_sysconfdir}/smbldap-tools/,g" smbldap_tools.pm
-sed -i "s,/etc/opt/IDEALX/smbldap-tools/,%{_sysconfdir}/smbldap-tools/,g" configure.pl
-sed -i "s,/etc/opt/IDEALX/,%{_sysconfdir}/,g" smbldap.conf
+%configure
 
+make
+
+for f in smbldap-config smbldap-upgrade-0.9.6; do
+    cp -p $f.cmd doc/$f.pl
+    chmod -x doc/$f.pl
+done
 
 %install
 %{__rm} -rf %{buildroot}
-mkdir -p $RPM_BUILD_ROOT/%_sysconfdir/smbldap-tools
-mkdir -p $RPM_BUILD_ROOT/%_prefix/{bin,sbin}
-mkdir -p $RPM_BUILD_ROOT/usr/share/man/man8/
-
-for i in smbldap-[pgut]*
-do
-	install $i $RPM_BUILD_ROOT/%prefix/sbin/$i
-done
-cp -a smbldap.conf smbldap_bind.conf $RPM_BUILD_ROOT/%{_sysconfdir}/smbldap-tools/
-cp -a smbldap_tools.pm $RPM_BUILD_ROOT/%{prefix}/sbin/
-for i in smbldap-[gpu]*;
-do
-	pod2man --section=8 $i > $RPM_BUILD_ROOT/usr/share/man/man8/$i.8
-done
 
-%clean
-if [ -n "$RPM_BUILD_ROOT" ] ; then
-   [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
-fi
+make install DESTDIR=%{buildroot}
 
-%pre
-files=`ls %{_prefix}/sbin/smbldap*.pl 2>/dev/null`
-if [ "$files" != "" ];
-then
-	echo "WARNING: new scripts do not have any .pl extension"
-	echo "         You need to update the smb.conf file"
-fi
+mkdir -p -m 0755 %{buildroot}%{_sysconfdir}/smbldap-tools
+cp -a smbldap.conf smbldap_bind.conf %{buildroot}%{_sysconfdir}/smbldap-tools/
 
-%post
-# from smbldap-tools-0.8-2, libraries are loaded with the FindBin perl package
-if [ -f /usr/lib/perl5/site_perl/smbldap_tools.pm ];
-then
-	rm -f /usr/lib/perl5/site_perl/smbldap_tools.pm
-fi
-if [ -f /usr/lib/perl5/site_perl/smbldap_conf.pm ];
-then
-	rm -f /usr/lib/perl5/site_perl/smbldap_conf.pm
-fi
+mkdir -p -m 0755 %{buildroot}%{_mandir}/man8/
+cp -p *.8 %{buildroot}%{_mandir}/man8/
+
+%clean
+%{__rm} -rf %{buildroot}
 
-if [ ! -n `grep with_slappasswd %{_sysconfdir}/smbldap-tools/smbldap.conf | grep -v "^#"` ];
-then
-        echo "Check if you have the with_slappasswd parameter defined"
-	echo "in smbldap.conf file (see the INSTALL file)"
+%triggerpostun -- %{name} < 0.9.7
+if [ "$1" -eq "2" ]; then ## Upgrade
+    %{__perl} %{_docdir}/%{name}-%{version}/smbldap-upgrade-0.9.6.pl
 fi
 
 %files
-%defattr(-,root,root)
-%{prefix}/sbin/smbldap-groupadd
-%{prefix}/sbin/smbldap-groupdel
-%{prefix}/sbin/smbldap-groupmod
-%{prefix}/sbin/smbldap-groupshow
-%{prefix}/sbin/smbldap-populate
-%{prefix}/sbin/smbldap-passwd
-%{prefix}/sbin/smbldap-useradd
-%{prefix}/sbin/smbldap-userdel
-%{prefix}/sbin/smbldap-usermod
-%{prefix}/sbin/smbldap-userinfo
-%{prefix}/sbin/smbldap-userlist
-%{prefix}/sbin/smbldap-usershow
-%{prefix}/sbin/smbldap_tools.pm
-%doc CONTRIBUTORS COPYING ChangeLog FILES INFRA README INSTALL TODO
-%doc doc/smb.conf doc/slapd.conf smbldap.conf smbldap_bind.conf
-%doc doc/smbldap-*
-%doc doc/*.html
-%doc doc/*.pdf
-%doc doc/migration_scripts
-%doc /usr/share/man/man8/*
-%doc configure.pl
-%defattr(644,root,root)
+%defattr(-,root,root,-)
+%doc ChangeLog CONTRIBUTORS COPYING FILES INFRA INSTALL README TODO
+%doc doc/*.conf.example doc/migration_scripts/ doc/*.pdf doc/*.pl
+%dir %{_sysconfdir}/smbldap-tools/
 %config(noreplace) %{_sysconfdir}/smbldap-tools/smbldap.conf
-%defattr(600,root,root)
-%config(noreplace) %{_sysconfdir}/smbldap-tools/smbldap_bind.conf
-%exclude %{prefix}/sbin/smbldap-tools.spec
+%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/smbldap-tools/smbldap_bind.conf
+%{_sbindir}/smbldap-groupadd
+%{_sbindir}/smbldap-groupdel
+%{_sbindir}/smbldap-grouplist
+%{_sbindir}/smbldap-groupmod
+%{_sbindir}/smbldap-groupshow
+%{_sbindir}/smbldap-passwd
+%{_sbindir}/smbldap-populate
+%{_sbindir}/smbldap-useradd
+%{_sbindir}/smbldap-userdel
+%{_sbindir}/smbldap-userlist
+%{_sbindir}/smbldap-usermod
+%{_sbindir}/smbldap-userinfo
+%{_sbindir}/smbldap-usershow
+%{perl_vendorlib}/smbldap_tools.pm
+%{_mandir}/man8/smbldap-groupadd.8*
+%{_mandir}/man8/smbldap-groupdel.8*
+%{_mandir}/man8/smbldap-grouplist.8*
+%{_mandir}/man8/smbldap-groupmod.8*
+%{_mandir}/man8/smbldap-groupshow.8*
+%{_mandir}/man8/smbldap-passwd.8*
+%{_mandir}/man8/smbldap-populate.8*
+%{_mandir}/man8/smbldap-useradd.8*
+%{_mandir}/man8/smbldap-userdel.8*
+%{_mandir}/man8/smbldap-userinfo.8*
+%{_mandir}/man8/smbldap-userlist.8*
+%{_mandir}/man8/smbldap-usermod.8*
+%{_mandir}/man8/smbldap-usershow.8*
 
 %changelog
+* Mon Sep 26 2011 SATOH Fumiyasu <fumiyas at OSS Technology, Inc.> - 0.9.7-1
+- New upstream version
+
+* Thu Jul  7 2011 SATOH Fumiyasu <fumiyas at OSS Technology, Inc.> - 0.9.6.svn-3
+- Run smbldap-upgrade-0.9.6.pl in %%triggerun %%{name} < 0.9.6.svn
+
+* Wed Jun 22 2011 SATOH Fumiyasu <fumiyas at OSS Technology, Inc.> - 0.9.6.svn-2
+- New upstream version
+
 * Fri Aug 10 2007 Jerome Tournier <jtournier@gmail.com> 0.9.4-1
 - see Changelog file for updates in scripts
 
diff -Nru smbldap-tools-0.9.5/smbldap-upgrade-0.9.6.pl smbldap-tools-0.9.7/smbldap-upgrade-0.9.6.pl
--- smbldap-tools-0.9.5/smbldap-upgrade-0.9.6.pl	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/smbldap-upgrade-0.9.6.pl	2011-09-02 07:16:39.000000000 +0200
@@ -0,0 +1,50 @@
+#!@PERL_CMD@
+#
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+use strict;
+use warnings;
+use smbldap_tools;
+
+my $base_attr = "sambaAlgorithmicRidBase";
+my $base_value = 1000;
+
+my $ldap = eval { connect_ldap_master(); };
+if ($@) {
+    ## Not configured?
+    die "$0: ERROR: Connecting to LDAP master failed: $@\n";
+}
+
+my $search = $ldap->search(
+    base => $config{suffix},
+    filter => "(objectClass=sambaDomain)",
+    scope => "sub",
+    attrs => [$base_attr],
+);
+if ($search->code) {
+    ## Not configured?
+    die "$0: ERROR: Searching for sambaDomain object failed: " . $search->error . "\n";
+}
+
+for my $entry ($search->entries) {
+    next if (defined($entry->get_value($base_attr)));
+    print "$0: Adding $base_attr to " . $entry->dn . " ...\n";
+    my $modify = $ldap->modify($entry->dn, add => [$base_attr => $base_value]);
+    if ($modify->code) {
+	die "$0: ERROR: Cannot add $base_attr to " . $entry->dn . ": " . $modify->error . "\n";
+    }
+}
+
+exit(0);
+
diff -Nru smbldap-tools-0.9.5/smbldap-useradd smbldap-tools-0.9.7/smbldap-useradd
--- smbldap-tools-0.9.5/smbldap-useradd	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/smbldap-useradd	1970-01-01 01:00:00.000000000 +0100
@@ -1,765 +0,0 @@
-#!/usr/bin/perl -w
-
-#  This code was developped by Jerome Tournier (jtournier@gmail.com) and
-#  contributors (their names can be found in the CONTRIBUTORS file).
-
-#  This was first contributed by IDEALX (http://www.opentrust.com/)
-
-#  This program is free software; you can redistribute it and/or
-#  modify it under the terms of the GNU General Public License
-#  as published by the Free Software Foundation; either version 2
-#  of the License, or (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-#  USA.
-
-# Purpose of smbldap-useradd : user (posix,shadow,samba) add
-
-use strict;
-
-use FindBin;
-use FindBin qw($RealBin);
-use lib "$RealBin/";
-use smbldap_tools;
-use Crypt::SmbHash;
-#####################
-
-use Getopt::Std;
-my %Options;
-
-my $ok =
-  getopts( 'o:abnmwWiPG:u:g:d:s:c:k:t:A:B:C:D:E:F:H:L:M:N:S:T:?', \%Options );
-
-if ( ( !$ok ) || ( @ARGV < 1 ) || ( $Options{'?'} ) ) {
-    print_banner;
-    print "Usage: $0 [-awmugdsckABCDEFGHMNPST?] username\n";
-    print "  -a	is a Windows User (otherwise, Posix stuff only)\n";
-    print "  -b	is a AIX User\n";
-    print "  -c	gecos\n";
-    print "  -d	home\n";
-    print "  -g	gid\n";
-    print "  -i	is a trust account (Windows Workstation)\n";
-    print "  -k	skeleton dir (with -m)\n";
-    print "  -m	creates home directory and copies /etc/skel\n";
-    print "  -n	do not create a group\n";
-    print
-"  -o	add the user in the organizational unit (relative to the user suffix. Ex: 'ou=admin,ou=all')\n";
-    print "  -u	uid\n";
-    print "  -s	shell\n";
-    print
-"  -t	time. Wait 'time' seconds before exiting (when adding Windows Workstation)\n";
-    print "  -w	is a Windows Workstation (otherwise, Posix stuff only)\n";
-    print
-"  -W	is a Windows Workstation, with Samba atributes (otherwise, Posix stuff only)\n";
-    print "  -A	can change password ? 0 if no, 1 if yes\n";
-    print "  -B	must change password ? 0 if no, 1 if yes\n";
-    print "  -C	sambaHomePath (SMB home share, like '\\\\PDC-SRV\\homes')\n";
-    print
-      "  -D	sambaHomeDrive (letter associated with home share, like 'H:')\n";
-    print "  -E	sambaLogonScript (DOS script to execute on login)\n";
-    print
-"  -F	sambaProfilePath (profile directory, like '\\\\PDC-SRV\\profiles\\foo')\n";
-    print "  -G	supplementary comma-separated groups\n";
-    print
-      "  -H	sambaAcctFlags (samba account control bits like '[NDHTUMWSLKI]')\n";
-    print "  -M	local mailAddress (comma seperated)\n";
-    print "  -N	given name \n";
-    print "  -P	ends by invoking smbldap-passwd\n";
-    print "  -S	surname (Family name)\n";
-    print "  -T	mailToAddress (forward address) (comma seperated)\n";
-    print "  -Z	set custom LDAP attributes, name=value pairs comma separated\n";
-    print "  -?	show this help message\n";
-    exit(1);
-}
-
-my $ldap_master = connect_ldap_master();
-
-# cause problems when dealing with getpwuid because of the
-# negative ttl and ldap modification
-my $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";
-
-if ( $nscd_status == 0 ) {
-    system "/etc/init.d/nscd stop > /dev/null 2>&1";
-}
-
-# Read only first @ARGV
-my $userName = $ARGV[0];
-
-# For computers account, add a trailing dollar if missing
-if ( defined( $Options{'w'} ) or defined( $Options{'W'} ) ) {
-    if ( $userName =~ /[^\$]$/s ) {
-        $userName .= "\$";
-    }
-}
-
-# untaint $userName (can finish with one or two $)
-if ( $userName =~ /^([\w -.]+\$?)$/ ) {
-    $userName = $1;
-}
-else {
-    print "$0: illegal username\n";
-    exit(1);
-}
-
-# user must not exist in LDAP (should it be nss-wide ?)
-my ( $rc, $dn ) = get_user_dn2($userName);
-if ( $rc and defined($dn) ) {
-    print "$0: user $userName exists\n";
-    exit(9);
-}
-elsif ( !$rc ) {
-    print "$0: error in get_user_dn2\n";
-    exit(10);
-}
-
-# Read options
-# we create the user in the specified ou (relative to the users suffix)
-my $user_ou = $Options{'o'};
-my $node;
-if ( defined $user_ou ) {
-
-# admin can specify a organizational unit like '-o ou=admin,ou=all'. We need to check that
-# each ou exist
-    my @path;
-    while ( $user_ou =~ m/(ou=)?([^,]+),?/g ) {
-        push( @path, $2 );
-    }
-    foreach $node ( reverse @path ) {
-
-        # if the ou does not exist, we create it
-        my $mesg = $ldap_master->search(
-            base   => "$config{usersdn}",
-            scope  => "one",
-            filter => "(&(objectClass=organizationalUnit)(ou=$node))"
-        );
-        $mesg->code && die $mesg->error;
-        if ( $mesg->count eq 0 ) {
-            print
-"ou=$node,$config{usersdn} does not exist. Creating it (Y/[N]) ? ";
-            chomp( my $answ = <STDIN> );
-            if ( $answ eq "y" || $answ eq "Y" ) {
-
-                # add organizational unit
-                my $add = $ldap_master->add(
-                    "ou=$node,$config{usersdn}",
-                    attr => [
-                        'objectclass' => [ 'top', 'organizationalUnit' ],
-                        'ou'          => "$node"
-                    ]
-                );
-                $add->code && die "failed to add entry: ", $add->error;
-                print "$user_ou,$config{usersdn} created \n";
-
-            }
-            else {
-                print "exiting.\n";
-                exit;
-            }
-        }
-        $config{usersdn} = "ou=$node,$config{usersdn}";
-    }
-}
-
-my $userUidNumber = $Options{'u'};
-if ( !defined($userUidNumber) ) {
-    $userUidNumber = get_next_id( $config{usersdn}, "uidNumber" );
-}
-elsif ( getpwuid($userUidNumber) ) {
-    die "Uid already exists.\n";
-}
-
-if ( $nscd_status == 0 ) {
-    system "/etc/init.d/nscd start > /dev/null 2>&1";
-}
-
-my $createGroup   = 0;
-my $userGidNumber = $Options{'g'};
-
-# gid not specified ?
-if ( !defined($userGidNumber) ) {
-
-    # windows machine => $config{defaultComputerGid}
-    if ( defined( $Options{'w'} ) or defined( $Options{'W'} ) ) {
-        $userGidNumber = $config{defaultComputerGid};
-
-        #    } elsif (!defined($Options{'n'})) {
-        # create new group (redhat style)
-        # find first unused gid starting from $config{GID_START}
-        #	while (defined(getgrgid($config{GID_START}))) {
-        #		$config{GID_START}++;
-        #	}
-        #	$userGidNumber = $config{GID_START};
-
-        #	$createGroup = 1;
-
-    }
-    else {
-
-        # user will have gid = $config{defaultUserGid}
-        $userGidNumber = $config{defaultUserGid};
-    }
-}
-else {
-    my $gid;
-    if ( ( $gid = parse_group($userGidNumber) ) < 0 ) {
-        print "$0: unknown group $userGidNumber\n";
-        exit(6);
-    }
-    $userGidNumber = $gid;
-}
-
-my $group_entry;
-my $userGroupSID;
-my $userRid;
-my $user_sid;
-if (   defined $Options{'a'}
-    or defined $Options{'i'}
-    or defined $Options{'w'}
-    or defined( $Options{'W'} ) )
-{
-
-    # as grouprid we use the value of the sambaSID attribute for
-    # group of gidNumber=$userGidNumber
-    $group_entry  = read_group_entry_gid($userGidNumber);
-    $userGroupSID = $group_entry->get_value('sambaSID');
-    unless ($userGroupSID) {
-        print "Error: SID not set for unix group $userGidNumber\n";
-        print "check if your unix group is mapped to an NT group\n";
-        exit(7);
-    }
-
-    # as rid we use 2 * uid + 1000
-    $userRid = 2 * $userUidNumber + 1000;
-
-    # let's test if this SID already exist
-    $user_sid = "$config{SID}-$userRid";
-    my $test_exist_sid = does_sid_exist( $user_sid, $config{usersdn} );
-    if ( $test_exist_sid->count == 1 ) {
-        print "User SID already owned by\n";
-
-        # there should not exist more than one entry, but ...
-        foreach my $entry ( $test_exist_sid->all_entries ) {
-            my $dn = $entry->dn;
-            chomp($dn);
-            print "$dn\n";
-        }
-        exit(7);
-    }
-}
-
-my $userHomeDirectory;
-my ( $givenName, $userCN, $userSN, $displayName );
-my @userMailLocal;
-my @userMailTo;
-my $tmp;
-if ( !defined( $userHomeDirectory = $Options{'d'} ) ) {
-    $userHomeDirectory = &subst_user( $config{userHome}, $userName );
-}
-
-# RFC 2256 & RFC 2798
-# sn: family name (option S)             # RFC 2256: family name of a person.
-# givenName: prenom (option N)           # RFC 2256: part of a person's name which is not their surname nor middle name.
-# cn: person's full name                 # RFC 2256: person's full name.
-# displayName: perferably displayed name # RFC 2798: preferred name of a person to be used when displaying entries.
-
-#givenname is the forename of a person (not famiy name) => http://en.wikipedia.org/wiki/Given_name
-#surname (or sn) is the familiy name => http://en.wikipedia.org/wiki/Surname
-# my surname (or sn): Tournier
-# my givenname: Jerome
-
-$userHomeDirectory =~ s/\/\//\//;
-$config{userLoginShell} = $tmp if ( defined( $tmp = $Options{'s'} ) );
-$config{userGecos}      = $tmp if ( defined( $tmp = $Options{'c'} ) );
-$config{skeletonDir}    = $tmp if ( defined( $tmp = $Options{'k'} ) );
-$givenName = ( utf8Encode( $Options{'N'} ) || $userName );
-$userSN    = ( utf8Encode( $Options{'S'} ) || $userName );
-if ( $Options{'N'} and $Options{'S'} ) {
-    $displayName = $userCN = "$givenName" . " $userSN";
-}
-else {
-    $displayName = $userCN = $userName;
-}
-
-@userMailLocal = &split_arg_comma( $Options{'M'} );
-@userMailTo    = &split_arg_comma( $Options{'T'} );
-
-########################
-
-# MACHINE ACCOUNT
-if (   defined( $Options{'w'} )
-    or defined( $Options{'i'} )
-    or defined( $Options{'W'} ) )
-{
-
-    # if Options{'i'} and username does not end with $ caracter => we add it
-    if ( $Options{'i'} and !( $userName =~ m/\$$/ ) ) {
-        $userName .= "\$";
-    }
-
-    if (
-        !add_posix_machine(
-            $userName, $userUidNumber, $userGidNumber, $Options{'t'}
-        )
-      )
-    {
-        die "$0: error while adding posix account\n";
-    }
-
-    if ( defined( $Options{'i'} ) ) {
-
-        # For machine trust account
-        # Objectclass sambaSAMAccount must be added now !
-        my $pass;
-        my $pass2;
-
-        system "stty -echo";
-        print "New password : ";
-        chomp( $pass = <STDIN> );
-        print "\n";
-        system "stty echo";
-
-        system "stty -echo";
-        print "Retype new password : ";
-        chomp( $pass2 = <STDIN> );
-        print "\n";
-        system "stty echo";
-
-        if ( $pass ne $pass2 ) {
-            print "New passwords don't match!\n";
-            exit(10);
-        }
-        my ( $lmpassword, $ntpassword ) = ntlmgen $pass;
-        my $date   = time;
-        my $modify = $ldap_master->modify(
-            "uid=$userName,$config{computersdn}",
-            changes => [
-                replace => [
-                    objectClass =>
-                      [ 'posixAccount', 'account', 'sambaSAMAccount' ]
-                ],
-                add => [ sambaLogonTime       => '0' ],
-                add => [ sambaLogoffTime      => '2147483647' ],
-                add => [ sambaKickoffTime     => '2147483647' ],
-                add => [ sambaPwdCanChange    => '0' ],
-                add => [ sambaPwdMustChange   => '2147483647' ],
-                add => [ sambaPwdLastSet      => "$date" ],
-                add => [ sambaAcctFlags       => '[I          ]' ],
-                add => [ sambaLMPassword      => "$lmpassword" ],
-                add => [ sambaNTPassword      => "$ntpassword" ],
-                add => [ sambaSID             => "$user_sid" ],
-                add => [ sambaPrimaryGroupSID => "$config{SID}-515" ]
-            ]
-        );
-
-        $modify->code && die "failed to add entry: ", $modify->error;
-    }
-    elsif ( defined( $Options{'W'} ) ) {
-        my $date   = time;
-        my $modify = $ldap_master->modify(
-            "uid=$userName,$config{computersdn}",
-            changes => [
-                replace => [
-                    objectClass =>
-                      [ 'posixAccount', 'account', 'sambaSAMAccount' ]
-                ],
-                add => [ sambaLogonTime       => '0' ],
-                add => [ sambaLogoffTime      => '2147483647' ],
-                add => [ sambaKickoffTime     => '2147483647' ],
-                add => [ sambaPwdCanChange    => '0' ],
-                add => [ sambaPwdMustChange   => '2147483647' ],
-                add => [ sambaPwdLastSet      => "$date" ],
-                add => [ sambaAcctFlags       => '[W          ]' ],
-                add => [ sambaSID             => "$user_sid" ],
-                add => [ sambaPrimaryGroupSID => "$config{SID}-515" ],
-                add => [ displayName          => "$userName" ],
-                add => [ sambaDomainName      => "$config{sambaDomain}" ]
-            ]
-        );
-
-        $modify->code && die "failed to add entry: ", $modify->error;
-    }
-
-    $ldap_master->unbind;
-    exit 0;
-}
-
-# USER ACCOUNT
-# add posix account first
-my $add;
-
-# if AIX account, inetOrgPerson obectclass can't be used
-if ( defined( $Options{'b'} ) ) {
-    $add = $ldap_master->add(
-        "uid=$userName,$config{usersdn}",
-        attr => [
-            'objectclass' => [
-                'top',                  'person',
-                'organizationalPerson', 'posixAccount',
-                'shadowAccount'
-            ],
-            'cn'            => "$userCN",
-            'sn'            => "$userSN",
-            'uid'           => "$userName",
-            'uidNumber'     => "$userUidNumber",
-            'gidNumber'     => "$userGidNumber",
-            'homeDirectory' => "$userHomeDirectory",
-            'loginShell'    => "$config{userLoginShell}",
-            'gecos'         => "$config{userGecos}",
-            'userPassword'  => "{crypt}x"
-        ]
-    );
-}
-else {
-    $add = $ldap_master->add(
-        "uid=$userName,$config{usersdn}",
-        attr => [
-            'objectclass' => [
-                'top',                  'person',
-                'organizationalPerson', 'inetOrgPerson',
-                'posixAccount',         'shadowAccount'
-            ],
-            'cn'            => "$userCN",
-            'sn'            => "$userSN",
-            'givenName'     => "$givenName",
-            'uid'           => "$userName",
-            'uidNumber'     => "$userUidNumber",
-            'gidNumber'     => "$userGidNumber",
-            'homeDirectory' => "$userHomeDirectory",
-            'loginShell'    => "$config{userLoginShell}",
-            'gecos'         => "$config{userGecos}",
-            'userPassword'  => "{crypt}x"
-        ]
-    );
-}
-$add->code && warn "failed to add entry: ", $add->error;
-
-#if ($createGroup) {
-#    group_add($userName, $userGidNumber);
-#}
-
-if ( $userGidNumber != $config{defaultUserGid} ) {
-    group_add_user( $userGidNumber, $userName );
-}
-
-my $grouplist;
-
-# adds to supplementary groups
-if ( defined( $grouplist = $Options{'G'} ) ) {
-    add_grouplist_user( $grouplist, $userName );
-}
-
-# If user was created successfully then we should create his/her home dir
-if ( defined( $tmp = $Options{'m'} ) ) {
-    unless ( $userName =~ /\$$/ ) {
-        if ( !( -d $userHomeDirectory ) ) {
-            if ( $config{skeletonDir} ne "" ) {
-                system
-                  "cp -r $config{skeletonDir} $userHomeDirectory 2>/dev/null";
-            }
-            else {
-                system "mkdir $userHomeDirectory 2>/dev/null";
-            }
-            system
-"chown -R $userName:$userGidNumber $userHomeDirectory 2>/dev/null";
-            if ( defined $config{userHomeDirectoryMode} ) {
-                system
-"chmod $config{userHomeDirectoryMode} $userHomeDirectory 2>/dev/null";
-            }
-            else {
-                system "chmod 700 $userHomeDirectory 2>/dev/null";
-            }
-        }
-        else {
-            print
-"Warning: homedirectory $userHomeDirectory already exist. Check manually\n";
-        }
-    }
-}
-
-# we start to defined mail adresses if option M or T is given in option
-my @adds;
-if (@userMailLocal) {
-    my @mail;
-    foreach my $m (@userMailLocal) {
-        my $domain = $config{mailDomain};
-        if ( $m =~ /^(.+)@/ ) {
-            push( @mail, $m );
-
-            # mailLocalAddress contains only the first part
-            $m = $1;
-        }
-        else {
-            push( @mail, $m . ( $domain ? '@' . $domain : '' ) );
-        }
-    }
-    push( @adds, 'mailLocalAddress' => [@userMailLocal] );
-    push( @adds, 'mail'             => [@mail] );
-}
-if (@userMailTo) {
-    push( @adds, 'mailRoutingAddress' => [@userMailTo] );
-}
-if ( @userMailLocal || @userMailTo ) {
-    push( @adds, 'objectClass' => 'inetLocalMailRecipient' );
-}
-
-# Custom modification - MPK
-if ( $Options{'Z'} ) {
-    my @namval = split /,/, $Options{'Z'};
-    if (@namval) {
-        foreach my $pair (@namval) {
-            my ( $name, $value ) = split /=/, $pair;
-            next if ( !$name or !$value );
-            push( @adds, $name => $value );
-        }
-    }
-}
-
-# Add Samba user infos
-if ( defined( $Options{'a'} ) ) {
-    if ( !$config{with_smbpasswd} ) {
-
-        my $winmagic         = 2147483647;
-        my $valpwdcanchange  = 0;
-        my $valpwdmustchange = $winmagic;
-        my $valpwdlastset    = 0;
-        my $valacctflags     = "[UX]";
-
-        if ( defined( $tmp = $Options{'A'} ) ) {
-            if ( $tmp != 0 ) {
-                $valpwdcanchange = "0";
-            }
-            else {
-                $valpwdcanchange = "$winmagic";
-            }
-        }
-
-        if ( defined( $tmp = $Options{'B'} ) ) {
-            if ( $tmp != 0 ) {
-                $valpwdmustchange = "0";
-
-                # To force a user to change his password:
-                # . the attribut sambaAcctFlags must not match the 'X' flag
-                $valacctflags = "[U]";
-            }
-            else {
-                $valpwdmustchange = "$winmagic";
-            }
-        }
-
-        if ( defined( $tmp = $Options{'H'} ) ) {
-            $valacctflags = "$tmp";
-        }
-
-        my $modify = $ldap_master->modify(
-            "uid=$userName,$config{usersdn}",
-            changes => [
-                add => [ objectClass        => 'sambaSAMAccount' ],
-                add => [ sambaPwdLastSet    => "$valpwdlastset" ],
-                add => [ sambaLogonTime     => '0' ],
-                add => [ sambaLogoffTime    => '2147483647' ],
-                add => [ sambaKickoffTime   => '2147483647' ],
-                add => [ sambaPwdCanChange  => "$valpwdcanchange" ],
-                add => [ sambaPwdMustChange => "$valpwdmustchange" ],
-                add => [ displayName        => "$displayName" ],
-                add => [ sambaAcctFlags     => "$valacctflags" ],
-                add => [ sambaSID           => "$config{SID}-$userRid" ]
-            ]
-        );
-
-        $modify->code && die "failed to add entry: ", $modify->error;
-
-    }
-    else {
-        my $FILE = "|smbpasswd -s -a $userName >/dev/null";
-        open( FILE, $FILE ) || die "$!\n";
-        print FILE <<EOF;
-x
-x
-EOF
-        close FILE;
-        if ($?) {
-            print "$0: error adding samba account\n";
-            exit(10);
-        }
-    }    # with_smbpasswd
-
-    $tmp = defined( $Options{'E'} ) ? $Options{'E'} : $config{userScript};
-    my $valscriptpath = &subst_user( $tmp, $userName );
-
-    $tmp = defined( $Options{'C'} ) ? $Options{'C'} : $config{userSmbHome};
-    my $valsmbhome = &subst_user( $tmp, $userName );
-
-    my $valhomedrive =
-      defined( $Options{'D'} ) ? $Options{'D'} : $config{userHomeDrive};
-
-    # if the letter is given without the ":" symbol, we add it
-    $valhomedrive .= ':' if ( $valhomedrive && $valhomedrive !~ /:$/ );
-
-    $tmp = defined( $Options{'F'} ) ? $Options{'F'} : $config{userProfile};
-    my $valprofilepath = &subst_user( $tmp, $userName );
-
-    if ($valhomedrive) {
-        push( @adds, 'sambaHomeDrive' => $valhomedrive );
-    }
-    if ($valsmbhome) {
-        push( @adds, 'sambaHomePath' => $valsmbhome );
-    }
-
-    if ($valprofilepath) {
-        push( @adds, 'sambaProfilePath' => $valprofilepath );
-    }
-    if ($valscriptpath) {
-        push( @adds, 'sambaLogonScript' => $valscriptpath );
-    }
-    if ( !$config{with_smbpasswd} ) {
-        push( @adds, 'sambaPrimaryGroupSID' => $userGroupSID );
-        push( @adds, 'sambaLMPassword'      => "XXX" );
-        push( @adds, 'sambaNTPassword'      => "XXX" );
-    }
-    my $modify =
-      $ldap_master->modify( "uid=$userName,$config{usersdn}", add => {@adds} );
-
-    $modify->code && die "failed to add entry: ", $modify->error;
-}
-
-# add AIX user
-if ( defined( $Options{'b'} ) ) {
-    my $modify = $ldap_master->modify(
-        "uid=$userName,$config{usersdn}",
-        changes => [
-            add => [ objectClass     => 'aixAuxAccount' ],
-            add => [ passwordChar    => "!" ],
-            add => [ isAdministrator => "false" ]
-        ]
-    );
-
-    $modify->code && die "failed to add entry: ", $modify->error;
-}
-
-$ldap_master->unbind;    # take down session
-
-if ( defined( $Options{'P'} ) ) {
-    if ( defined( $tmp = $Options{'B'} ) and $tmp != 0 ) {
-        exec "$RealBin/smbldap-passwd -B  \"$userName\"";
-    }
-    else {
-        exec "$RealBin/smbldap-passwd \"$userName\"";
-    }
-}
-
-exit 0;
-
-########################################
-
-=head1 NAME
-
-smbldap-useradd - Create a new user
-
-=head1 SYNOPSIS
-
-smbldap-useradd [-o user_ou] [-c comment] [-d home_dir] [-g initial_group] [-G group[,...]] [-m [-k skeleton_dir]] [-s shell] [-u uid [ -o]] [-P] [-A canchange] [-B mustchange] [-C smbhome] [-D homedrive] [-E scriptpath] [-F profilepath] [-H acctflags] login
-
-=head1 DESCRIPTION
-
-Creating New Users
-The smbldap-useradd command creates a new user account using  the values specified on the  command  line  and  the default  values from the system and from the configuration files (in  /etc/smbldap-tools directory).
-
-For Samba users, rid is '2*uidNumber+1000', and sambaPrimaryGroupSID  is '$SID-2*gidNumber+1001', where $SID is the domain SID.  Thus you may want to use :
-$ smbldap-useradd -a -g "Domain Admins" -u 500 Administrator
-to create an domain administrator account (admin rid is 0x1F4 = 500 and grouprid is 0x200 = 512).
-
-Without any option, the account created will be an Unix (Posix)  account. The following options may be used to add information:
-
--o node
-   The user's account will be created in the specified organazional unit. It is relative to the user suffix dn ($usersdn) defined in the configuration file.
-Ex: 'ou=admin,ou=all'
-
--a
-   The user will have a Samba account (and Unix).
-
--b
-   The usrer is an AIX acount
-
--w
-   Creates an account for a Samba machine (Workstation), so that it can join a sambaDomainName.
-
--i
-   Creates an interdomain trust account (machine Workstation). A password will be asked for the trust account.
-
--c "comment"
-   The new user's comment field (gecos). This option is for gecos only! To set as user's full name use the -N and -S options.
-
--d home_dir
-   The new user will be created using home_dir as the value for the user's login directory.  The default is to append the login name      to userHomePrefix (defined in the configuration file) and use that      as the login directory name.
-
--g initial_group
-   The group name or number of the user's initial login group. The  group  name must exist.  A group number must refer to an already  existing group.  The default group number is defined in the  configuration file (defaultUserGid="513").
-
--G group,[...]
-   A list of supplementary groups which the user is also  a  member of. Each  group is separated to the next by a comma, with no intervening whitespace.  The groups  are  subject  to  the  same restrictions as the group given with the -g option.  The default is for the user to belong only to the initial group.
-
--m
-   The user's home directory will be created if it does not  exist. The  files  contained in skeletonDir will be copied to the home directory if the -k option is used,  otherwise  the  files  contained  in /etc/skel will be used instead.  Any directories contained in skeletonDir or  /etc/skel  will  be  created  in  the user's  home  directory as well.  The -k option is only valid in conjunction with the -m option.  The default is  to  not  create the directory and to not copy any files.
-
--s shell
-   The name of the user's login shell.  The  default  is  to  leave this  field blank, which causes the system to select the default login shell.
-
--t time
-   Wait <time> seconds before exiting script when adding computer's account. This is useful when Master/PDC and Slaves/BDCs are connected through the internet (replication is not real time)
-
--u uid
-   The numerical value of  the  user's  ID.   This  value  must  be unique,  unless  the  -o option is used.  The value must be nonnegative.  The default is to use the smallest ID  value  greater than 1000 and greater than every other user.
-
--P
-   ends by invoking smbldap-passwd
-
--A
-   can change password ? 0 if no, 1 if yes
-
--B
-   must change password ? 0 if no, 1 if yes
-
--C sambaHomePath
-   SMB home share, like '\\\\PDC-SRV\\homes'
-
--D sambaHomeDrive
-   letter associated with home share, like 'H:'
-
--E sambaLogonScript
-   relative to the [netlogon] share (DOS script to execute on login, like 'foo.bat'
-
--F sambaProfilePath
-   profile directory, like '\\\\PDC-SRV\\profiles\\foo'
-
--H sambaAcctFlags
-   spaces and trailing bracket are ignored (samba account control bits like '[NDHTUMWSLKI]'
-
--M mail
-   local mail aliases (multiple addresses are seperated by spaces)
-
--N givenname
-   family name. Defaults to username
-
--S surname
-   defaults to username
-
--T mailToAddress
-   Forward address (multiple addresses are seperated by spaces)
-
--n
-   do not print banner message
-
-=head1 SEE ALSO
-
-useradd(1)
-
-=cut
-
-#'
diff -Nru smbldap-tools-0.9.5/smbldap-useradd.pl smbldap-tools-0.9.7/smbldap-useradd.pl
--- smbldap-tools-0.9.5/smbldap-useradd.pl	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/smbldap-useradd.pl	2011-09-05 17:53:02.000000000 +0200
@@ -0,0 +1,792 @@
+#!@PERL_CMD@
+
+# $Id$
+
+#  This code was developed by Jerome Tournier (jtournier@gmail.com) and
+#  contributors (their names can be found in the CONTRIBUTORS file).
+
+#  This was first contributed by IDEALX (http://www.opentrust.com/)
+
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Purpose of smbldap-useradd : user (posix,shadow,samba) add
+
+use strict;
+use warnings;
+
+use FindBin qw($RealBin);
+use smbldap_tools;
+use Crypt::SmbHash;
+#####################
+
+use Getopt::Long;
+my %Options;
+
+Getopt::Long::Configure('bundling');
+my $ok = GetOptions(
+    "A|sambaPwdCanChange=s"  => \$Options{A},
+    "B|sambaPwdMustChange=s" => \$Options{B},
+    "C|sambaHomePath=s"      => \$Options{C},
+    "D|sambaHomeDrive=s"     => \$Options{D},
+    "E|sambaLogonScript=s"   => \$Options{E},
+    "F|sambaProfilePath=s"   => \$Options{F},
+    "G|group=s"              => \$Options{G},
+    "H|sambaAcctFlags=s"     => \$Options{H},
+    "M|mailAddresses=s"      => \$Options{M},
+    "N|givenName=s"          => \$Options{N},
+    "O|mailLocalAddress=s"   => \$Options{O},
+    "P"                      => \$Options{P},
+    "S|surname=s"            => \$Options{S},
+    "T|mailToAddress=s"      => \$Options{T},
+    "W"                      => \$Options{W},
+    "X|inputEncoding=s"      => \$Options{X},
+    "Z|attr=s@"              => \$Options{Z},
+    "a|addsambaSAMAccount"   => \$Options{a},
+    "b|aix"                  => \$Options{b},
+    "c|gecos=s"              => \$Options{c},
+    "d|homedir=s"            => \$Options{d},
+    "g|gid=s"                => \$Options{g},
+    "h|?|help"               => \$Options{h},
+    "i"                      => \$Options{i},
+    "k=s"                    => \$Options{k},
+    "m"                      => \$Options{m},
+    "n"                      => \$Options{n},
+    "non-unique"             => \$Options{non_unique},
+    "o|ou=s"                 => \$Options{ou},
+    "p"                      => \$Options{p},
+    "s|shell=s"              => \$Options{s},
+    "t=s"                    => \$Options{t},
+    "u|uid=s"                => \$Options{u},
+    "w"                      => \$Options{w},
+);
+
+if ( ( !$ok ) || ( @ARGV < 1 ) || ( $Options{'h'} ) ) {
+    print_banner;
+    print "Usage: $0 [OPTIONS] USERNAME\n";
+    print "\n";
+    print "Options:\n";
+    print "  -a	is a Windows User (otherwise, Posix stuff only)\n";
+    print "  -b	is a AIX User\n";
+    print "  -c	gecos\n";
+    print "  -d	home\n";
+    print "  -g	gid\n";
+    print "  -i	is a trust account (Windows Workstation)\n";
+    print "  -k	skeleton dir (with -m)\n";
+    print "  -m	creates home directory and copies /etc/skel\n";
+    print "  --non-unique\n";
+    print "	Allow the creation of a user account with a duplicate (non-unique) UID.\n";
+    print "  -n	do not create a group\n";
+    print
+"  -o	add the user in the organizational unit (relative to the user suffix. Ex: 'ou=admin,ou=all')\n";
+    print "  -s	shell\n";
+    print
+"  -t	time. Wait 'time' seconds before exiting (when adding Windows Workstation)\n";
+    print "  -u	uid\n";
+    print "  -w	is a Windows Workstation (otherwise, Posix stuff only)\n";
+    print
+"  -W	is a Windows Workstation, with Samba atributes (otherwise, Posix stuff only)\n";
+    print "  -A	can change password ? 0 if no, 1 if yes\n";
+    print "  -B	must change password ? 0 if no, 1 if yes\n";
+    print "  -C	sambaHomePath (SMB home share, like '\\\\PDC-SRV\\homes')\n";
+    print
+      "  -D	sambaHomeDrive (letter associated with home share, like 'H:')\n";
+    print "  -E	sambaLogonScript (DOS script to execute on login)\n";
+    print
+"  -F	sambaProfilePath (profile directory, like '\\\\PDC-SRV\\profiles\\foo')\n";
+    print "  -G	supplementary comma-separated groups\n";
+    print
+      "  -H	sambaAcctFlags (samba account control bits like '[NDHTUMWSLKI]')\n";
+    print "  -M	e-mail address (comma separated)\n";
+    print "  -N	given name \n";
+    print "  -O	localMailAddress (comma separated)\n";
+    print "  -P	ends by invoking smbldap-passwd\n";
+    print "  -S	surname (Family name)\n";
+    print "  -T	mailToAddress (forward address) (comma separated)\n";
+    print "  -X	input encoding for givenname and surname (default UTF-8)\n";
+    print "  -Z	set custom LDAP attributes, name=value pairs comma separated\n";
+    print "  -h	show this help message\n";
+    exit(1);
+}
+
+my $ldap_master = connect_ldap_master();
+
+# cause problems when dealing with getpwuid because of the
+# negative ttl and ldap modification
+nsc_invalidate("passwd");
+
+# Read only first @ARGV
+my $userName = $ARGV[0];
+
+# Get the input encoding
+my $characterSet;
+if ( defined( $Options{'X'} ) ) {
+	$characterSet = $Options{'X'};
+} else {
+	$characterSet = "UTF-8";
+}
+
+# For computers account, add a trailing dollar if missing
+if ( defined( $Options{'w'} ) or defined( $Options{'W'} ) ) {
+    if ( $userName =~ /[^\$]$/s ) {
+        $userName .= "\$";
+    }
+}
+
+# untaint $userName (can finish with one or two $)
+if ( $userName =~ /^([\w -.]+\$?)$/ ) {
+    $userName = $1;
+}
+else {
+    print "$0: illegal username\n";
+    exit(1);
+}
+
+# user must not exist in LDAP (should it be nss-wide ?)
+my ( $rc, $dn ) = get_user_dn2($userName);
+if ( $rc and defined($dn) ) {
+    print "$0: user $userName exists\n";
+    exit(9);
+}
+elsif ( !$rc ) {
+    print "$0: error in get_user_dn2\n";
+    exit(10);
+}
+
+# Read options
+# we create the user in the specified ou (relative to the users suffix)
+my $user_ou = $Options{'ou'};
+my $node;
+if ( defined $user_ou ) {
+
+# admin can specify a organizational unit like '-o ou=admin,ou=all'. We need to check that
+# each ou exist
+    my @path;
+    while ( $user_ou =~ m/(ou=)?([^,]+),?/g ) {
+        push( @path, $2 );
+    }
+    foreach $node ( reverse @path ) {
+
+        # if the ou does not exist, we create it
+        my $mesg = $ldap_master->search(
+            base   => "$config{usersdn}",
+            scope  => "one",
+            filter => "(&(objectClass=organizationalUnit)(ou=$node))"
+        );
+        $mesg->code && die $mesg->error;
+        if ( $mesg->count eq 0 ) {
+            print
+"ou=$node,$config{usersdn} does not exist. Creating it (Y/[N]) ? ";
+            chomp( my $answ = <STDIN> );
+            if ( $answ eq "y" || $answ eq "Y" ) {
+
+                # add organizational unit
+                my $add = $ldap_master->add(
+                    "ou=$node,$config{usersdn}",
+                    attr => [
+                        'objectclass' => [ 'top', 'organizationalUnit' ],
+                        'ou'          => "$node"
+                    ]
+                );
+                $add->code && die "failed to add entry: ", $add->error;
+                print "$user_ou,$config{usersdn} created \n";
+
+            }
+            else {
+                print "exiting.\n";
+                exit;
+            }
+        }
+        $config{usersdn} = "ou=$node,$config{usersdn}";
+    }
+}
+
+my $userUidNumber = $Options{'u'};
+if ( !defined($userUidNumber) ) {
+    $userUidNumber = user_next_uid();
+}
+elsif (!$Options{non_unique} and my $user = user_by_uid($userUidNumber)) {
+    die "UID already owned by " . $user->dn . "\n";
+}
+
+my $createGroup   = 0;
+my $userGidNumber = $Options{'g'};
+
+# gid not specified ?
+if ( !defined($userGidNumber) ) {
+
+    # windows machine => $config{defaultComputerGid}
+    if ( defined( $Options{'w'} ) or defined( $Options{'W'} ) ) {
+        $userGidNumber = $config{defaultComputerGid};
+
+        #    } elsif (!defined($Options{'n'})) {
+        # create new group (redhat style)
+        # find first unused gid starting from $config{GID_START}
+        #	while (defined(getgrgid($config{GID_START}))) {
+        #		$config{GID_START}++;
+        #	}
+        #	$userGidNumber = $config{GID_START};
+
+        #	$createGroup = 1;
+
+    }
+    else {
+
+        # user will have gid = $config{defaultUserGid}
+        $userGidNumber = $config{defaultUserGid};
+    }
+}
+else {
+    my $gid;
+    if ( ( $gid = parse_group($userGidNumber) ) < 0 ) {
+        print "$0: unknown group $userGidNumber\n";
+        exit(6);
+    }
+    $userGidNumber = $gid;
+}
+
+my $group_entry;
+my $userGroupSID;
+my $userRid;
+my $user_sid;
+if (   defined $Options{'a'}
+    or defined $Options{'i'}
+    or defined $Options{'w'}
+    or defined( $Options{'W'} ) )
+{
+
+    # as grouprid we use the value of the sambaSID attribute for
+    # group of gidNumber=$userGidNumber
+    $group_entry  = read_group_entry_gid($userGidNumber);
+    $userGroupSID = $group_entry->get_value('sambaSID');
+    unless ($userGroupSID) {
+        print "Error: SID not set for unix group $userGidNumber\n";
+        print "check if your unix group is mapped to an NT group\n";
+        exit(7);
+    }
+
+    $userRid = user_next_rid($userUidNumber);
+    $user_sid = "$config{SID}-$userRid";
+}
+
+my $userHomeDirectory;
+my ( $givenName, $userCN, $userSN, $displayName );
+my @mail;
+my @userMailLocal;
+my @userMailTo;
+my $tmp;
+if ( !defined( $userHomeDirectory = $Options{'d'} ) ) {
+    $userHomeDirectory = &subst_user( $config{userHome}, $userName );
+}
+
+# RFC 2256 & RFC 2798
+# sn: family name (option S)             # RFC 2256: family name of a person.
+# givenName: prenom (option N)           # RFC 2256: part of a person's name which is not their surname nor middle name.
+# cn: person's full name                 # RFC 2256: person's full name.
+# displayName: preferably displayed name # RFC 2798: preferred name of a person to be used when displaying entries.
+
+#givenname is the forename of a person (not family name) => http://en.wikipedia.org/wiki/Given_name
+#surname (or sn) is the family name => http://en.wikipedia.org/wiki/Surname
+# my surname (or sn): Tournier
+# my givenname: Jerome
+
+$userHomeDirectory =~ s/\/\//\//;
+$config{userLoginShell} = $tmp if ( defined( $tmp = $Options{'s'} ) );
+$config{userGecos}      = $tmp if ( defined( $tmp = $Options{'c'} ) );
+$config{skeletonDir}    = $tmp if ( defined( $tmp = $Options{'k'} ) );
+$givenName = ( utf8Encode( $characterSet, $Options{'N'} ) || $userName );
+$userSN    = ( utf8Encode( $characterSet, $Options{'S'} ) || $userName );
+if ( $Options{'N'} and $Options{'S'} ) {
+    $displayName = $userCN = "$givenName" . " $userSN";
+} elsif ( $Options{'c'} ) {
+    $displayName = $userCN = $config{userGecos};
+} else {
+    $displayName = $userCN = $userName;
+}
+
+@mail = &split_arg_comma( $Options{'M'} );
+@userMailLocal = &split_arg_comma( $Options{'O'} );
+@userMailTo    = &split_arg_comma( $Options{'T'} );
+
+########################
+
+# MACHINE ACCOUNT
+if (   defined( $Options{'w'} )
+    or defined( $Options{'i'} )
+    or defined( $Options{'W'} ) )
+{
+
+    # if Options{'i'} and username does not end with $ character => we add it
+    if ( $Options{'i'} and !( $userName =~ m/\$$/ ) ) {
+        $userName .= "\$";
+    }
+
+    if (
+        !add_posix_machine(
+            $userName, $userUidNumber, $userGidNumber, $Options{'t'}
+        )
+      )
+    {
+        die "$0: error while adding posix account\n";
+    }
+
+    if ( defined( $Options{'i'} ) ) {
+
+        # For machine trust account
+        # Objectclass sambaSAMAccount must be added now !
+        my $pass = password_read("New password: ");
+        my $pass2 = password_read("Retype new password: ");
+        if ( $pass ne $pass2 ) {
+            print "New passwords don't match!\n";
+            exit(10);
+        }
+        my ( $lmpassword, $ntpassword ) = ntlmgen $pass;
+        my $date   = time;
+        my $modify = $ldap_master->modify(
+            "uid=$userName,$config{computersdn}",
+            changes => [
+                replace => [
+                    objectClass =>
+                      [ 'posixAccount', 'account', 'sambaSAMAccount' ]
+                ],
+                add => [ sambaLogonTime       => '0' ],
+                add => [ sambaLogoffTime      => '2147483647' ],
+                add => [ sambaKickoffTime     => '2147483647' ],
+                add => [ sambaPwdCanChange    => '0' ],
+                add => [ sambaPwdMustChange   => '2147483647' ],
+                add => [ sambaPwdLastSet      => "$date" ],
+                add => [ sambaAcctFlags       => '[I          ]' ],
+                add => [ sambaLMPassword      => "$lmpassword" ],
+                add => [ sambaNTPassword      => "$ntpassword" ],
+                add => [ sambaSID             => "$user_sid" ],
+                add => [ sambaPrimaryGroupSID => "$config{SID}-515" ]
+            ]
+        );
+
+        $modify->code && die "failed to add entry: ", $modify->error;
+    }
+    elsif ( defined( $Options{'W'} ) ) {
+        my $date   = time;
+        my $modify = $ldap_master->modify(
+            "uid=$userName,$config{computersdn}",
+            changes => [
+                replace => [
+                    objectClass =>
+                      [ 'posixAccount', 'account', 'sambaSAMAccount' ]
+                ],
+                add => [ sambaLogonTime       => '0' ],
+                add => [ sambaLogoffTime      => '2147483647' ],
+                add => [ sambaKickoffTime     => '2147483647' ],
+                add => [ sambaPwdCanChange    => '0' ],
+                add => [ sambaPwdMustChange   => '2147483647' ],
+                add => [ sambaPwdLastSet      => "$date" ],
+                add => [ sambaAcctFlags       => '[W          ]' ],
+                add => [ sambaSID             => "$user_sid" ],
+                add => [ sambaPrimaryGroupSID => "$config{SID}-515" ],
+                add => [ displayName          => "$userName" ],
+                add => [ sambaDomainName      => "$config{sambaDomain}" ]
+            ]
+        );
+
+        $modify->code && die "failed to add entry: ", $modify->error;
+    }
+
+    $ldap_master->unbind;
+    exit 0;
+}
+
+# USER ACCOUNT
+# add posix account first
+my @objectclass = qw(top person organizationalPerson posixAccount);
+my @attr = (
+    'objectclass' => \@objectclass,
+    'cn'            => $userCN,
+    'sn'            => $userSN,
+    'uid'           => $userName,
+    'uidNumber'     => $userUidNumber,
+    'gidNumber'     => $userGidNumber,
+    'homeDirectory' => $userHomeDirectory,
+    'loginShell'    => $config{userLoginShell},
+    'gecos'         => $config{userGecos},
+    'userPassword'  => "{crypt}x"
+);
+
+push(@objectclass, 'shadowAccount') if ($config{shadowAccount});
+
+# if AIX account, inetOrgPerson objectclass can't be used
+unless ($Options{'b'}) {
+    push(@objectclass, 'inetOrgPerson');
+    push(@attr, givenName => $givenName);
+}
+
+my $add = $ldap_master->add("uid=$userName,$config{usersdn}", attr => \@attr);
+$add->code && warn "failed to add entry: ", $add->error;
+
+#if ($createGroup) {
+#    group_add($userName, $userGidNumber);
+#}
+
+if ( $userGidNumber != $config{defaultUserGid} ) {
+    group_add_user( $userGidNumber, $userName );
+}
+
+my $grouplist;
+
+# adds to supplementary groups
+if ( defined( $grouplist = $Options{'G'} ) ) {
+    add_grouplist_user( $grouplist, $userName );
+}
+
+# If user was created successfully then we should create his/her home dir
+if ( defined( $tmp = $Options{'m'} ) ) {
+    unless ( $userName =~ /\$$/ ) {
+        if ( !( -d $userHomeDirectory ) ) {
+            if ( $config{skeletonDir} ne "" ) {
+		system("cp", "-pRP", $config{skeletonDir}, $userHomeDirectory);
+		system("chown", "-hR", "$userUidNumber:$userGidNumber", $userHomeDirectory);
+            }
+            else {
+                mkdir($userHomeDirectory)
+		  || warn "Failed to create home directory: $userHomeDirectory: $!";
+            }
+
+	    my $mode = defined($config{userHomeDirectoryMode})
+	      ? oct($config{userHomeDirectoryMode}) : 0700;
+	    chmod($mode, $userHomeDirectory)
+	      || warn "Failed to change mode of home directory: $userHomeDirectory: $!";
+        }
+        else {
+            warn "Warning: homedirectory $userHomeDirectory already exist. Check manually\n";
+        }
+    }
+}
+
+# we start to define mail addresses if option M, O or T are given
+my @adds;
+if ( @userMailLocal || @userMailTo ) {
+    push( @adds, 'objectClass' => 'inetLocalMailRecipient' );
+}
+if (@mail) {
+    foreach my $m (@mail) {
+        my $domain = $config{mailDomain};
+        if ( $m !~ /^(.+)@/ ) {
+            $m = $m . ( $domain ? '@' . $domain : '' );
+        }
+    }
+    push( @adds, 'mail'             => [@mail] );
+}
+
+if (@userMailLocal) {
+    push( @adds, 'mailLocalAddress' => [@userMailLocal] );
+}
+if (@userMailTo) {
+    push( @adds, 'mailRoutingAddress' => [@userMailTo] );
+}
+
+# Custom modification - MPK
+if ( defined( $tmp = $Options{'Z'} ) ) {
+    my %adds;
+    for my $pair ( map { split /,/ } @{$Options{'Z'}} ) {
+	my ( $name, $value ) = split( /[=:]/, $pair, 2 );
+	$name = lc( $name );
+	push( @{$adds{$name}}, $value );
+    }
+
+    while ( my ($name, $value) = each( %adds ) ) {
+	push( @adds, $name => $value );
+    }
+}
+
+if (@adds) {
+    my $modify =
+      $ldap_master->modify( "uid=$userName,$config{usersdn}", add => {@adds} );
+
+    $modify->code && die "failed to add entry: ", $modify->error;
+}
+
+# Add Samba user infos
+if ( defined( $Options{'a'} ) ) {
+    if ( !$config{with_smbpasswd} ) {
+
+        my $winmagic         = 2147483647;
+        my $valpwdcanchange  = 0;
+        my $valpwdmustchange = $winmagic;
+        my $valpwdlastset    = 0;
+        my $valacctflags     = "[UX]";
+
+        if ( defined( $tmp = $Options{'A'} ) ) {
+            if ( $tmp != 0 ) {
+                $valpwdcanchange = "0";
+            }
+            else {
+                $valpwdcanchange = "$winmagic";
+            }
+        }
+
+        if ( defined( $tmp = $Options{'B'} ) ) {
+            if ( $tmp != 0 ) {
+                $valpwdmustchange = "0";
+
+                # To force a user to change his password:
+                # . the attribute sambaAcctFlags must not match the 'X' flag
+                $valacctflags = "[U]";
+            }
+            else {
+                $valpwdmustchange = "$winmagic";
+            }
+        }
+
+        if ( defined( $tmp = $Options{'H'} ) ) {
+            $valacctflags = "$tmp";
+        }
+
+        my $modify = $ldap_master->modify(
+            "uid=$userName,$config{usersdn}",
+            changes => [
+                add => [ objectClass        => 'sambaSAMAccount' ],
+                add => [ sambaPwdLastSet    => "$valpwdlastset" ],
+                add => [ sambaLogonTime     => '0' ],
+                add => [ sambaLogoffTime    => '2147483647' ],
+                add => [ sambaKickoffTime   => '2147483647' ],
+                add => [ sambaPwdCanChange  => "$valpwdcanchange" ],
+                add => [ sambaPwdMustChange => "$valpwdmustchange" ],
+                add => [ displayName        => "$displayName" ],
+                add => [ sambaAcctFlags     => "$valacctflags" ],
+                add => [ sambaSID           => "$config{SID}-$userRid" ]
+            ]
+        );
+
+        $modify->code && die "failed to add entry: ", $modify->error;
+
+    }
+    else {
+        my $FILE = "|$config{smbpasswd} -s -a $userName >/dev/null";
+        open( FILE, $FILE ) || die "$!\n";
+        print FILE <<EOF;
+x
+x
+EOF
+        close FILE;
+        if ($?) {
+            print "$0: error adding samba account\n";
+            exit(10);
+        }
+    }    # with_smbpasswd
+
+    $tmp = defined( $Options{'E'} ) ? $Options{'E'} : $config{userScript};
+    my $valscriptpath = &subst_user( $tmp, $userName );
+
+    $tmp = defined( $Options{'C'} ) ? $Options{'C'} : $config{userSmbHome};
+    my $valsmbhome = &subst_user( $tmp, $userName );
+
+    my $valhomedrive =
+      defined( $Options{'D'} ) ? $Options{'D'} : $config{userHomeDrive};
+
+    # if the letter is given without the ":" symbol, we add it
+    $valhomedrive .= ':' if ( $valhomedrive && $valhomedrive !~ /:$/ );
+
+    $tmp = defined( $Options{'F'} ) ? $Options{'F'} : $config{userProfile};
+    my $valprofilepath = &subst_user( $tmp, $userName );
+
+    my @adds = ();
+
+    if ($valhomedrive) {
+        push( @adds, 'sambaHomeDrive' => $valhomedrive );
+    }
+    if ($valsmbhome) {
+        push( @adds, 'sambaHomePath' => $valsmbhome );
+    }
+
+    if ($valprofilepath) {
+        push( @adds, 'sambaProfilePath' => $valprofilepath );
+    }
+    if ($valscriptpath) {
+        push( @adds, 'sambaLogonScript' => $valscriptpath );
+    }
+    if ( !$config{with_smbpasswd} ) {
+        push( @adds, 'sambaPrimaryGroupSID' => $userGroupSID );
+        push( @adds, 'sambaLMPassword'      => "XXX" );
+        push( @adds, 'sambaNTPassword'      => "XXX" );
+    }
+}
+
+if (@adds) {
+    my $modify =
+      $ldap_master->modify( "uid=$userName,$config{usersdn}", add => {@adds} );
+
+    $modify->code && die "failed to add entry: ", $modify->error;
+}
+
+# add AIX user
+if ( defined( $Options{'b'} ) ) {
+    my $modify = $ldap_master->modify(
+        "uid=$userName,$config{usersdn}",
+        changes => [
+            add => [ objectClass     => 'aixAuxAccount' ],
+            add => [ passwordChar    => "!" ],
+            add => [ isAdministrator => "false" ]
+        ]
+    );
+
+    $modify->code && die "failed to add entry: ", $modify->error;
+}
+
+$ldap_master->unbind;    # take down session
+
+nsc_invalidate("passwd");
+nsc_invalidate("group");
+
+if ($Options{'P'}) {
+    my @passwd_cmd = ("$RealBin/smbldap-passwd.cmd");
+
+    if ($Options{'B'}) {
+	## Must change Samba password at logon
+	push(@passwd_cmd, '-B');
+    }
+    if ($Options{'p'}) {
+	## Read password from STDIN
+	push(@passwd_cmd, '-p');
+    }
+
+    ## Suppress Perl warning on exec() failed
+    local $SIG{__WARN__} = sub {};
+
+    exec {$passwd_cmd[0]} @passwd_cmd, $userName;
+    die "Failed to execute: $passwd_cmd[0]: $!";
+}
+
+exit 0;
+
+########################################
+
+=head1 NAME
+
+smbldap-useradd - Create a new user
+
+=head1 SYNOPSIS
+
+smbldap-useradd [-abinwPW] [-c comment] [-d home_dir] [-g initial_group] [-m [-k skeleton_dir]] [-o user_ou] [-s shell] [-t time] [-u uid] [-A canchange] [-B mustchange] [-C smbhome] [-D homedrive] [-E scriptpath] [-F profilepath] [-G group[,...]] [-H acctflags] [-M mailaddr[,...]] [-N givenname] [-O mailaddr[,...]] [-S surname] [-T mailaddr[,...]] [-X encoding] [-Z name=value[,...]] login
+
+=head1 DESCRIPTION
+
+Creating New Users
+The smbldap-useradd command creates a new user account using the values
+specified on the command line and the default values from the system and from
+the configuration files (in the @SYSCONFDIR@ directory).
+
+Without any option, the account created will be a Unix (Posix) account. The following options may be used to add information:
+
+-a
+   The user will have a Samba account (and Unix).
+
+-A
+   Can change password? 0 if no, 1 if yes.
+
+-b
+   The user is an AIX account.
+
+-B
+   Must change password? 0 if no, 1 if yes.
+
+-c "comment"
+   The new user's comment field (gecos). This option is for gecos only! To set as user's full name use the -N and -S options.
+
+-C sambaHomePath
+   SMB home share, like '\\\\PDC-SRV\\homes'.
+
+-d home_dir
+   The new user will be created using home_dir for the user's login directory. The default is to append the login name to userHomePrefix (defined in the configuration file) and use that as the login directory name.
+
+-D sambaHomeDrive
+   Letter associated with home share, like 'H:'.
+
+-E sambaLogonScript
+   Relative to the [netlogon] share (DOS script to execute on login, like 'foo.bat'.
+
+-F sambaProfilePath
+   Profile directory, like '\\\\PDC-SRV\\profiles\\foo'.
+
+-g initial_group
+   The group name or number of the user's initial login group. The group name must exist. A group number must refer to an already existing group. The default group number is defined in the configuration file (defaultUserGid="513").
+
+-G group,[...]
+   A list of supplementary groups that the user is also a member of. Each group is separated from the next by a comma, with no intervening whitespace. The groups are subject to the same restrictions as the group given with the -g option. The default is for the user to belong only to the initial group.
+
+-H sambaAcctFlags
+   Spaces and trailing bracket are ignored (samba account control bits like '[NDHTUMWSLKI]').
+
+-i
+   Creates an interdomain trust account (machine Workstation). A password will be asked for the trust account.
+
+-k skeletonDir
+   When creating the user's home directory, copy files and directories from skeletonDir rather than /etc/skel. The -k option is only valid in conjunction with the -m option. The default is not to create the directory and not to copy any files.
+
+-m
+   The user's home directory will be created if it does not exist. The files contained in skeletonDir will be copied to the home directory if the -k option is used, otherwise the files contained in /etc/skel will be used instead.  Any directories contained in skeletonDir or /etc/skel will be created in the user's home directory as well.
+
+-M mail
+   E-mail addresses (multiple addresses are separated by commas).
+
+--non-unique
+   Allow the creation of a user account with a duplicate (non-unique) UID.
+
+-n
+   Do not print banner message.
+
+-N givenname
+   Family name. Defaults to username.
+
+-o node
+   The user's account will be created in the specified organizational unit. It is relative to the user suffix dn ($usersdn) defined in the configuration file.
+Ex: 'ou=admin,ou=all'
+
+-O localMailAddress
+   localMailAddresses (multiple addresses are separated by commas).
+
+-P
+   Ends by invoking smbldap-passwd.
+
+-p
+   Read password from STDIN without verification.
+
+-s shell
+   The name of the user's login shell. The default is to leave this field blank, which causes the system to select the default login shell.
+
+-S surname
+   Defaults to username.
+
+-t time
+   Wait <time> seconds before exiting script when adding computer's account. This is useful when Master/PDC and Slaves/BDCs are connected through the Internet (replication is not real time).
+
+-T mailToAddress
+   Forward address (multiple addresses are separated by commas).
+
+-u uid
+   The numerical value of the user's ID. This value must be unique, unless the --non-unique option is used. The value must be non-negative. The default is to use the smallest ID value greater than 1000 and greater than every other user.
+
+-w/-W
+   Creates an account for a Samba machine (Workstation), so that it can join a sambaDomainName. Normally -w is used for adding machines through Samba but -W can be used for manual addition of samba attributes.
+
+-X encoding
+   Specify input encoding for givenname and surname (default UTF-8).
+
+-Z name=value
+   Specify custom LDAP attributes, using comma-separated name=value pairs.
+
+=head1 SEE ALSO
+
+useradd(1)
+
+=cut
+
+#'
diff -Nru smbldap-tools-0.9.5/smbldap-userdel smbldap-tools-0.9.7/smbldap-userdel
--- smbldap-tools-0.9.5/smbldap-userdel	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/smbldap-userdel	1970-01-01 01:00:00.000000000 +0100
@@ -1,129 +0,0 @@
-#!/usr/bin/perl
-
-#  This code was developped by Jerome Tournier (jtournier@gmail.com) and
-#  contributors (their names can be found in the CONTRIBUTORS file).
-
-#  This was first contributed by IDEALX (http://www.opentrust.com/)
-
-#  This program is free software; you can redistribute it and/or
-#  modify it under the terms of the GNU General Public License
-#  as published by the Free Software Foundation; either version 2
-#  of the License, or (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-#  USA.
-
-# Purpose of smbldap-userdel : user (posix,shadow,samba) deletion
-
-use strict;
-use FindBin;
-use FindBin qw($RealBin);
-use lib "$RealBin/";
-use smbldap_tools;
-
-
-#####################
-
-use Getopt::Std;
-my %Options;
-
-my $ok = getopts('rR?', \%Options);
-
-if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) ) {
-    print_banner;
-    print "Usage: $0 [-r?] username\n";
-    print "  -r	remove home directory\n";
-    print "  -R	remove home directory interactively\n";
-    exit (1);
-}
-
-# Read only first @ARGV
-my $user = $ARGV[0];
-
-my $ldap_master=connect_ldap_master();
-
-my $dn;
-# user must not exist in LDAP
-if (!defined($dn=get_user_dn($user))) {
-    print "$0: user $user does not exist\n";
-    exit (6);
-}
-
-if ($< != 0) {
-    print "You must be root to delete an user\n";
-    exit (1);
-}
-
-my $homedir;
-if (defined($Options{'r'}) || defined($Options{'R'})) {
-    $homedir=get_homedir($user);
-    if ($homedir !~ /^\/.+\/(.*)$user/) {
-	print "Refusing to delete this home directory: $homedir\n";
-	exit (1);
-    }
-}
-
-# remove user from groups
-my @groups = &find_groups_of($user);
-foreach my $gname (@groups) {
-    if ($gname ne "") {
-	group_remove_member($gname, $user);
-    }
-}
-
-# XXX
-delete_user($user);
-
-# delete dir -- be sure that homeDir is not a strange value
-if ($homedir) {
-    my @rmargs = ( '-r' );
-    if (defined($Options{'R'})) {
-	push(@rmargs, '-i');
-    } elsif (defined($Options{'r'})) {
-	push(@rmargs, '-f');
-    }
-    # print "rm @rmargs $homedir\n";
-    system('rm', @rmargs, $homedir);
-}
-
-my $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";
-
-if ($nscd_status == 0) {
-    system "/etc/init.d/nscd restart > /dev/null 2>&1";
-}
-
-$ldap_master->unbind;		# take down session
-
-exit (0);
-
-############################################################
-
-=head1 NAME
-
-smbldap-userdel - Delete a user account and related files
-
-=head1 SYNOPSIS
-
-smbldap-userdel [-r] login
-
-=head1 DESCRIPTION
-
-The smbldap-userdel command modifies the system account files, deleting all entries that refer to user defined in "login". The named user must exist.
-
--r
-Files in the user's home directory will be removed along with the home directory itself. Files located in other file systems will have to be searched for and deleted manually.
-
-=head1 SEE ALSO
-
-userdel(1)
-
-=cut
-
-#'
diff -Nru smbldap-tools-0.9.5/smbldap-userdel.pl smbldap-tools-0.9.7/smbldap-userdel.pl
--- smbldap-tools-0.9.5/smbldap-userdel.pl	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/smbldap-userdel.pl	2011-07-12 15:29:04.000000000 +0200
@@ -0,0 +1,127 @@
+#!@PERL_CMD@
+
+# $Id$
+
+#  This code was developped by Jerome Tournier (jtournier@gmail.com) and
+#  contributors (their names can be found in the CONTRIBUTORS file).
+
+#  This was first contributed by IDEALX (http://www.opentrust.com/)
+
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Purpose of smbldap-userdel : user (posix,shadow,samba) deletion
+
+use strict;
+use warnings;
+use smbldap_tools;
+
+
+#####################
+
+use Getopt::Std;
+my %Options;
+
+my $ok = getopts('rR?', \%Options);
+
+if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) ) {
+    print_banner;
+    print "Usage: $0 [-rR?] username\n";
+    print "  -r	remove home directory\n";
+    print "  -R	remove home directory interactively\n";
+    print "  -? show this help message\n";
+    exit (1);
+}
+
+# Read only first @ARGV
+my $user = $ARGV[0];
+
+my $ldap_master=connect_ldap_master();
+
+# user must not exist in LDAP
+my $user_entry = read_user_entry($user);
+if (!defined($user_entry)) {
+    warn "User does not exist: $user\n";
+    exit (6);
+}
+
+# Canonize user name
+$user = $user_entry->get_value('uid');
+
+if ($< != 0) {
+    print "You must be root to delete an user\n";
+    exit (1);
+}
+
+my $homedir;
+if (defined($Options{'r'}) || defined($Options{'R'})) {
+    $homedir=get_homedir($user);
+    if ($homedir !~ /^\/.+\/(.*)$user/) {
+	print "Refusing to delete this home directory: $homedir\n";
+	exit (1);
+    }
+}
+
+# remove user from groups
+my @groups = &find_groups_of($user);
+foreach my $gname (@groups) {
+    if ($gname ne "") {
+	group_remove_member($gname, $user);
+    }
+}
+
+# XXX
+delete_user($user);
+
+# delete dir -- be sure that homeDir is not a strange value
+if ($homedir) {
+    my @rmargs = ( '-r' );
+    if (defined($Options{'R'})) {
+	push(@rmargs, '-i');
+    } elsif (defined($Options{'r'})) {
+	push(@rmargs, '-f');
+    }
+    # print "rm @rmargs $homedir\n";
+    system('rm', @rmargs, $homedir);
+}
+
+nsc_invalidate("passwd");
+
+$ldap_master->unbind;		# take down session
+
+exit (0);
+
+############################################################
+
+=head1 NAME
+
+smbldap-userdel - Delete a user account and related files
+
+=head1 SYNOPSIS
+
+smbldap-userdel [-r] login
+
+=head1 DESCRIPTION
+
+The smbldap-userdel command modifies the system account files, deleting all entries that refer to user defined in "login". The named user must exist.
+
+-r
+Files in the user's home directory will be removed along with the home directory itself. Files located in other file systems will have to be searched for and deleted manually.
+
+=head1 SEE ALSO
+
+userdel(1)
+
+=cut
+
+#'
diff -Nru smbldap-tools-0.9.5/smbldap-userinfo smbldap-tools-0.9.7/smbldap-userinfo
--- smbldap-tools-0.9.5/smbldap-userinfo	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/smbldap-userinfo	1970-01-01 01:00:00.000000000 +0100
@@ -1,446 +0,0 @@
-#!/usr/bin/perl -w
-
-#  This code was developped by Jerome Tournier (<jtournier@gmail.com>)
-#  This was first contributed by IDEALX (http://www.opentrust.com/)
-#  Originally developped by P.Wieleba@iem.pw.edu.pl
-#
-#  This program is free software; you can redistribute it and/or
-#  modify it under the terms of the GNU General Public License
-#  as published by the Free Software Foundation; either version 2
-#  of the License, or (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-#  USA.
-
-use strict;
-use Getopt::Std;
-use FindBin;
-use FindBin qw($RealBin);
-use lib "$RealBin/";
-use smbldap_tools;
-
-# function declaration
-sub exist_in_tab;
-
-my %Options;
-
-my $ok = getopts('f:r:w:h:o:s:l?v', \%Options);
-if ( (!$ok) || ($Options{'?'}) ) {
-    print "Usage: $0 [-frwhosh?] username\n";
-    print "  -?|-h show this help message\n";
-    print "  -f full_name\n";
-    print "  -r room_no\n";
-    print "  -w work_ph\n";
-    print "  -h home_ph\n";
-    print "  -o other\n";
-    print "  -s shell\n";
-    print "  -v show modified user record\n";
-    print "  -l only list user information\n";
-    exit (1);
-}
-
-
-my $user;
-my $pass;
-if ( $< != 0 ) {
-    my $current_user = getpwuid($<);
-    if ($current_user and $ARGV[0] and $current_user ne $ARGV[0] ) {
-        die "Only root can change other users inormation\n";
-    }
-} else {
-    if ( $ARGV[0] ) {
-    $user = $ARGV[0];
-}
-    $pass = 1;
-}
-
-if (!defined($user)) {
-    $user = getpwuid($<);
-}
-
-my ($dn,$ldap_master);
-
-# make a anonymous connection to get the corect user's dn (not necessarily in $config{usersdn}
-$ldap_master=connect_ldap_master();
-my $user_entry = read_user_entry($user);
-if (!defined($user_entry)) {
-    print "$0: user $user doesn't exist\n";
-    exit (1);
-}
-# get the dn of the user
-$dn= $user_entry->dn();
-my $entry = read_user_entry($user);
-# unbind from LDAP
-$ldap_master->unbind();
-
-if ($Options{'l'}) {
-    if (! $entry->get_value('userPassword')) {
-        print "ACL on userPassword requires authentication... \n";
-        # prompt for password
-        print "Please enter your UNIX password: ";
-        system "stty -echo" if (-t STDIN);
-        chomp($pass=<STDIN>);
-        system "stty echo" if (-t STDIN);
-        print "\n";
-        # now bind again with user's parameters
-        $config{masterDN}="$dn";
-        $config{masterPw}="$pass";
-        $ldap_master=connect_ldap_master();
-        $entry = read_user_entry($user);
-        if (!is_user_valid($user, $dn, $pass)) {
-            print "\nWarning: Authentication failure. Will not display account status (lock/unlock).\n\n";
-	} else {
-	    print "\n";
-	}
-        # unbind from LDAP
-        $ldap_master->unbind();
-    }
-
-    my %attrs = (
-		 'cn' => 'Full Name',
-		 'sn' => 'Family Name',
-		 'givenName'   => 'First Name',
-		 'LoginShell'  => 'User Shell',
-		 'roomNumber' => 'Room Number',
-		 'telephoneNumber' => 'Work Phone',
-		 'homePhone' => 'Home Phone',
-		 'other' => 'Other',
-		 'shadowMax' => 'Maximum number of days between Shadow password change',
-		 'shadowMin' => 'Minimum number of days between Shadow password change',
-		 'shadowInactive' => 'Shadow  Inactive',
-		 'shadowWarning' => 'Shadow Warning',
-		 'shadowExpire' => 'Shadow Expires',
-		 'shadowLastChange' => 'Shadow Last Change',
-                 'userPassword' => 'Shadow Account Satus',
-                 'sambaPwdLastSet' => 'Samba Password Last Set',
-                 'sambaPwdMustChange' => 'Samba Password Must Change',
-                 'sambaAcctFlags' => 'Samba Flags'
-		 );
-    foreach my $key ('cn','sn','givenName','LoginShell','roomNumber','telephoneNumber','homePhone','other','shadowMax','shadowMin','shadowWarning','shadowInactive','shadowExpire','shadowLastChange','userPassword','sambaPwdLastSet','sambaPwdMustChange','sambaAcctFlags') {
-        my $value=$entry->get_value("$key");
-        if (defined $value and ($key eq "shadowExpire" || $key eq "shadowLastChange")) {
-	    $value=localtime($value*86400);
-	    $value=~/(\w*)\s(\w*)\s*(\d*)\s*(\d*):(\d*):(\d*)\s*(\d*)/;
-	    $value="$1 $2 $3 $7";
-	}
-        if ($key eq "userPassword") {
-            my $status;
-        if ($value) {
-            if ( $value =~ /!/ ) {
-                $status="lock";
-            } else {
-                $status="unlock";
-            }
-        } else {
-                $status="unknown";
-        }
-            $value=$status;
-        }
-        if ($value and ($key eq "sambaPwdLastSet" || $key eq "sambaPwdMustChange") ) {
-	    $value=localtime($value);
-            $value=~/(\w*)\s(\w*)\s*(\d*)\s*(\d*):(\d*):(\d*)\s*(\d*)/;
-            $value="$1 $2 $3 $7 $4:$5";
-        }
-	if (! defined $value) {
-	    print "$attrs{$key}: -\n";
-	} else {
-	    print "$attrs{$key}: $value\n";
-	}
-        if ($value and $key eq "sambaAcctFlags") {
-            $value=~s/\s*//g;
-        }
-    }
-    exit;
-}
-
-# First, connecting to the directory
-if ($< != 0) {
-    # non-root user
-    if (!defined($pass)) {
-    # prompt for password
-    print "UNIX password: ";
-system "stty -echo" if (-t STDIN);
-chomp($pass=<STDIN>);
-system "stty echo" if (-t STDIN);
-print "\n";
-
-# now make a connection with the user's dn and password
-$config{masterDN}="$dn";
-$config{masterPw}="$pass";
-$ldap_master=connect_ldap_master();
-$dn=$config{masterDN};
-if (!is_user_valid($user, $dn, $pass)) {
-    print "Authentication failure\n";
-    exit (10);
-}
-}
-} else {
-    # root user
-    $ldap_master=connect_ldap_master();
-# test existence of user in LDAP
-my $dn_line;
-if (!defined($dn_line = get_user_dn($user))) {
-    print "$0: user $user doesn't exist\n";
-exit (10);
-}
-$dn = get_dn_from_line($dn_line);
-}
-
-# obtain old values
-$entry = read_user_entry($user);
-
-
-my %eng = (
-	   'name'   => 'Full Name',
-	   'shell'  => 'User Shell',
-	   'office' => 'Room Number',
-	   'wphone' => 'Work Phone',
-	   'hphone' => 'Home Phone',
-	   'other' => 'Other',
-	   'shadowMax' => 'Password Max',
-	   'shadowMin' => 'Password Min',
-	   'shadowInactive' => 'Password Inactive',
-	   'shadowExpire' => 'Account Expires',
-	   'shadowLastChange' => 'Last Change'
-	   );
-
-my $gecos = $entry->get_value('gecos');
-my %old;
-( $old{'name'},
-  $old{'office'},
-  $old{'wphone'},
-  $old{'hphone'},
-  $old{'other'}
-  ) = split(/,/,$gecos);
-$old{'shell'} = $entry->get_value('LoginShell');
-# unbind from LDAP
-$ldap_master->unbind();
-
-
-foreach my $key (keys %old) {
-    !defined($old{$key}) and $old{$key}="";
-}
-
-
-# read new values
-my %new;
-if ($Options{'f'}) {
-    $new{'name'} = $Options{'f'};
-}
-if ($Options{'r'}) {
-    $new{'office'} = $Options{'r'};
-}
-if ($Options{'w'}) {
-    $new{'wphone'} = $Options{'w'};
-}
-if ($Options{'h'}) {
-    $new{'hphone'} = $Options{'h'};
-}
-if ($Options{'o'}) {
-    $new{'other'} = $Options{'o'};
-}
-if ($Options{'s'}) {
-    $new{'shell'} = $Options{'s'};
-}
-if ( keys(%Options) < 1 or keys(%Options) == 1 and $Options{'v'} ) {
-    print "Changing the user information for $user\n";
-    print "Enter the new value, or press ENTER for the default\n";
-
-    print " $eng{'shell'} [$old{'shell'}]: ";
-    $new{'shell'} = readline(*STDIN);
-    print " $eng{'name'} [$old{'name'}]: ";
-    $new{'name'} = readline(*STDIN);
-    print " $eng{'office'} [$old{'office'}]: ";
-    $new{'office'} = readline(*STDIN);
-    print " $eng{'wphone'} [$old{'wphone'}]: ";
-    $new{'wphone'} = readline(*STDIN);
-    print " $eng{'hphone'} [$old{'hphone'}]: ";
-    $new{'hphone'} = readline(*STDIN);
-    print " $eng{'other'} [$old{'other'}]: ";
-    $new{'other'} = readline(*STDIN);
-}
-
-
-foreach my $key (keys %old) {
-    if (!$new{$key}) {
-	$new{$key} = $old{$key};
-    }
-}
-
-# simple check of new values
-foreach my $key (keys %new) {
-    chop($new{$key}) if ( $new{$key}=~/\n$/ );
-    if ($new{$key} =~ /^\s+$/ and $key ne 'shell') {
-	$new{$key} = "";
-    } elsif ($new{$key} =~ /^$/) {
-	$new{$key} = $old{$key};
-    } elsif ($key ne 'other' and $new{$key} =~ /.*,.*/) {
-	print "Comma cannot be used with $key.\n";
-	exit(6);
-    }
-    # $new{$key} eq "" 
-}
-
-# [TODO] check if shell really exists
-if ( $new{'shell'} and !($new{'shell'}=~/^\/.+\/.+/)
-     and ($old{'shell'}=~/^\/.+\/.+/)
-     ) {
-    $new{'shell'} = $old{'shell'};
-} elsif ( $new{'shell'} and !($new{'shell'}=~/^\/.+\/.+/)
-          or !$new{'shell'} and !$old{'shell'}
-	  ) {
-    $new{'shell'} = '/bin/sh';
-}
-
-if ( !$new{'name'} ) {
-    $new{'name'} = $user;
-}
-
-# prepare gecos field
-$gecos = join(',',
-	      ( $new{'name'},
-		$new{'office'},
-		$new{'wphone'},
-		$new{'hphone'},
-		$new{'other'}
-		)
-	      );
-
-my @tmp = split(/\s+/,$new{'name'});
-my $sn = $tmp[$#tmp];
-pop(@tmp);
-my $givenName = join(' ',@tmp);
-
-$entry->replace( 'gecos' => $gecos );
-$entry->replace( 'cn'    => $new{'name'} );
-
-if ( exist_in_tab( [$entry->get_value('objectClass')],'inetOrgPerson') ) {
-    if ( $sn ) {
-	$entry->replace('sn' => $sn);
-    } else {
-	$entry->replace('sn' => $user);
-    }
-    if ( $givenName ) {
-	$entry->replace('givenName' => $givenName);
-    } else {
-	$entry->get_value('givenName') and $entry->delete('givenName');
-    }
-    if ( $new{'office'} ) {
-	$entry->replace('roomNumber' => $new{'office'});
-    } else {
-	$entry->get_value('roomNumber') and $entry->delete('roomNumber');
-    }
-    if ( $new{'wphone'} ) {
-	$entry->replace('telephoneNumber' => $new{'wphone'});
-    } else {
-	$entry->get_value('telephoneNumber') and $entry->delete('telephoneNumber');
-    }
-    if ( $new{'hphone'} ) {
-	$entry->replace('homePhone' => $new{'hphone'});
-    } else {
-	$entry->get_value('homePhone') and $entry->delete('homePhone');
-    }
-}				#end of inetOrgPerson
-if ( $new{'shell'} ) {
-    $entry->replace('loginShell' => $new{'shell'});
-} else {
-    $entry->get_value('loginShell') and $entry->delete('loginShell');
-}
-
-if ($Options{'v'}) {
-    $entry->dump();
-}
-# bind to LDAP and update entry
-$ldap_master = connect_ldap_master();
-my $mesg = $entry->update($ldap_master);
-if ($mesg->is_error()) {
-    print "Error: " . $mesg->error() . "\n";
-} else {
-    print "LDAP updated\n";
-}
-$ldap_master and $ldap_master->unbind;
-
-# Check if a $text element exists in @table
-# eg. exist_in_tab(\@table,$text);
-sub exist_in_tab
-{
-    my($ref_tab,$text) = @_;
-    my @tab = @$ref_tab;
-
-    foreach my $elem (@tab) {
-	if ( lc($elem) eq lc($text) ) {
-	    return 1;
-	}
-    }
-    return 0;
-}
-
-########################################
-
-=head1 NAME
-
-smbldap-userinfo - change user real name, information and shell
-
-=head1 SYNOPSIS
-
-smbldap-userinfo [-f full_name] [-r room_no] [-w work_ph] [-h home_ph]
-[-o other] [-s login_shell] [-l] [-?] [-v]
-
-=head1 DESCRIPTION
-
-This command changes user gecos fields and login shell.
-The normal user can change only the fields for his own account,
-the super user may change the fiels for any account.
-
-If none of the options are selected, the command is run
-in an interactive mode for the current user account. User is
-asked for all fields. To accept a default value you should 
-just press <ENTER>, otherwise write text and press <ENTER>.
-
-posixAccount objectClasses has to be present in the modified
-entry. If inetOrgPerson objectClass is also present additional
-attributes will be changed (givenName,sn,roomNumber,telephoneNumber,
-homePhone)
-
--l
-       Display users informations and password status.
-
--f full_name
-       affected attributes: 'gecos', 'cn' (and 'givenName', 'sn'
-       if inetOrgPerson is present) 
-
--r room_number
-       affected attributes: 'gecos' (and 'roomNumber'
-       if inetOrgPerson is present)
-
--w work_phone
-       affected attributes: 'gecos' (and 'telephoneNumber'
-       if inetOrgPerson is present)
-
--h home_phone
-       affected attributes: 'gecos' (and 'homePhone'
-       if inetOrgPerson is present)
-
--o other
-       affected attributes: 'gecos'
-
--s login_shell
-       affected attributes: 'loginShell'
-
--?     show the help message
-
--v     verbose - show modified user entry
-
-=cut
-
-#'
-
-# The End
-
diff -Nru smbldap-tools-0.9.5/smbldap-userinfo.pl smbldap-tools-0.9.7/smbldap-userinfo.pl
--- smbldap-tools-0.9.5/smbldap-userinfo.pl	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/smbldap-userinfo.pl	2011-07-12 15:29:04.000000000 +0200
@@ -0,0 +1,434 @@
+#!@PERL_CMD@
+
+# $Id$
+
+#  This code was developped by Jerome Tournier (<jtournier@gmail.com>)
+#  This was first contributed by IDEALX (http://www.opentrust.com/)
+#  Originally developped by P.Wieleba@iem.pw.edu.pl
+#
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+use strict;
+use warnings;
+use Getopt::Std;
+use smbldap_tools;
+
+# function declaration
+sub exist_in_tab;
+
+my %Options;
+
+my $ok = getopts('f:h:lo:r:s:vw:?', \%Options);
+if ( (!$ok) || ($Options{'?'}) ) {
+    print "Usage: $0 [-fhlorsvw?] username\n";
+    print "  -f full_name\n";
+    print "  -h home_ph\n";
+    print "  -l only list user information\n";
+    print "  -o other\n";
+    print "  -r room_no\n";
+    print "  -s shell\n";
+    print "  -v show modified user record\n";
+    print "  -w work_ph\n";
+    print "  -? show this help message\n";
+    exit (1);
+}
+
+
+my $user;
+my $pass;
+if ( $< != 0 ) {
+    my $current_user = getpwuid($<);
+    if ($current_user and $ARGV[0] and $current_user ne $ARGV[0] ) {
+        die "Only root can change other users inormation\n";
+    }
+} else {
+    if ( $ARGV[0] ) {
+    $user = $ARGV[0];
+}
+    $pass = 1;
+}
+
+if (!defined($user)) {
+    $user = getpwuid($<);
+}
+
+my ($dn,$ldap_master);
+
+# make a anonymous connection to get the corect user's dn (not necessarily in $config{usersdn}
+$ldap_master=connect_ldap_master();
+my $user_entry = read_user_entry($user);
+if (!defined($user_entry)) {
+    print "$0: user $user doesn't exist\n";
+    exit (1);
+}
+# get the dn of the user
+$dn= $user_entry->dn();
+my $entry = read_user_entry($user);
+# unbind from LDAP
+$ldap_master->unbind();
+
+if ($Options{'l'}) {
+    if (! $entry->get_value('userPassword')) {
+        print "ACL on userPassword requires authentication... \n";
+	$pass = password_read("Please enter your UNIX password: ");
+        # now bind again with user's parameters
+        $config{masterDN}="$dn";
+        $config{masterPw}="$pass";
+        $ldap_master=connect_ldap_master();
+        $entry = read_user_entry($user);
+        if (!is_user_valid($user, $dn, $pass)) {
+            print "\nWarning: Authentication failure. Will not display account status (lock/unlock).\n\n";
+	} else {
+	    print "\n";
+	}
+        # unbind from LDAP
+        $ldap_master->unbind();
+    }
+
+    my %attrs = (
+		 'cn' => 'Full Name',
+		 'sn' => 'Family Name',
+		 'givenName'   => 'First Name',
+		 'LoginShell'  => 'User Shell',
+		 'roomNumber' => 'Room Number',
+		 'telephoneNumber' => 'Work Phone',
+		 'homePhone' => 'Home Phone',
+		 'other' => 'Other',
+		 'shadowMax' => 'Maximum number of days between Shadow password change',
+		 'shadowMin' => 'Minimum number of days between Shadow password change',
+		 'shadowInactive' => 'Shadow  Inactive',
+		 'shadowWarning' => 'Shadow Warning',
+		 'shadowExpire' => 'Shadow Expires',
+		 'shadowLastChange' => 'Shadow Last Change',
+                 'userPassword' => 'Shadow Account Satus',
+                 'sambaPwdLastSet' => 'Samba Password Last Set',
+                 'sambaPwdMustChange' => 'Samba Password Must Change',
+                 'sambaAcctFlags' => 'Samba Flags'
+		 );
+    foreach my $key ('cn','sn','givenName','LoginShell','roomNumber','telephoneNumber','homePhone','other','shadowMax','shadowMin','shadowWarning','shadowInactive','shadowExpire','shadowLastChange','userPassword','sambaPwdLastSet','sambaPwdMustChange','sambaAcctFlags') {
+        my $value=$entry->get_value("$key");
+        if (defined $value and ($key eq "shadowExpire" || $key eq "shadowLastChange")) {
+	    $value=localtime($value*86400);
+	    $value=~/(\w*)\s(\w*)\s*(\d*)\s*(\d*):(\d*):(\d*)\s*(\d*)/;
+	    $value="$1 $2 $3 $7";
+	}
+        if ($key eq "userPassword") {
+            my $status;
+        if ($value) {
+            if ( $value =~ /!/ ) {
+                $status="lock";
+            } else {
+                $status="unlock";
+            }
+        } else {
+                $status="unknown";
+        }
+            $value=$status;
+        }
+        if ($value and ($key eq "sambaPwdLastSet" || $key eq "sambaPwdMustChange") ) {
+	    $value=localtime($value);
+            $value=~/(\w*)\s(\w*)\s*(\d*)\s*(\d*):(\d*):(\d*)\s*(\d*)/;
+            $value="$1 $2 $3 $7 $4:$5";
+        }
+	if (! defined $value) {
+	    print "$attrs{$key}: -\n";
+	} else {
+	    print "$attrs{$key}: $value\n";
+	}
+        if ($value and $key eq "sambaAcctFlags") {
+            $value=~s/\s*//g;
+        }
+    }
+    exit;
+}
+
+# First, connecting to the directory
+if ($< != 0) {
+    # non-root user
+    if (!defined($pass)) {
+	$pass = password_read("UNIX password: ");
+
+# now make a connection with the user's dn and password
+$config{masterDN}="$dn";
+$config{masterPw}="$pass";
+$ldap_master=connect_ldap_master();
+$dn=$config{masterDN};
+if (!is_user_valid($user, $dn, $pass)) {
+    print "Authentication failure\n";
+    exit (10);
+}
+}
+} else {
+    # root user
+    $ldap_master=connect_ldap_master();
+# test existence of user in LDAP
+my $dn_line;
+if (!defined($dn_line = get_user_dn($user))) {
+    print "$0: user $user doesn't exist\n";
+exit (10);
+}
+$dn = get_dn_from_line($dn_line);
+}
+
+# obtain old values
+$entry = read_user_entry($user);
+
+
+my %eng = (
+	   'name'   => 'Full Name',
+	   'shell'  => 'User Shell',
+	   'office' => 'Room Number',
+	   'wphone' => 'Work Phone',
+	   'hphone' => 'Home Phone',
+	   'other' => 'Other',
+	   'shadowMax' => 'Password Max',
+	   'shadowMin' => 'Password Min',
+	   'shadowInactive' => 'Password Inactive',
+	   'shadowExpire' => 'Account Expires',
+	   'shadowLastChange' => 'Last Change'
+	   );
+
+my $gecos = $entry->get_value('gecos');
+my %old;
+( $old{'name'},
+  $old{'office'},
+  $old{'wphone'},
+  $old{'hphone'},
+  $old{'other'}
+  ) = split(/,/,$gecos);
+$old{'shell'} = $entry->get_value('LoginShell');
+# unbind from LDAP
+$ldap_master->unbind();
+
+
+foreach my $key (keys %old) {
+    !defined($old{$key}) and $old{$key}="";
+}
+
+
+# read new values
+my %new;
+if ($Options{'f'}) {
+    $new{'name'} = $Options{'f'};
+}
+if ($Options{'r'}) {
+    $new{'office'} = $Options{'r'};
+}
+if ($Options{'w'}) {
+    $new{'wphone'} = $Options{'w'};
+}
+if ($Options{'h'}) {
+    $new{'hphone'} = $Options{'h'};
+}
+if ($Options{'o'}) {
+    $new{'other'} = $Options{'o'};
+}
+if ($Options{'s'}) {
+    $new{'shell'} = $Options{'s'};
+}
+if ( keys(%Options) < 1 or keys(%Options) == 1 and $Options{'v'} ) {
+    print "Changing the user information for $user\n";
+    print "Enter the new value, or press ENTER for the default\n";
+
+    print " $eng{'shell'} [$old{'shell'}]: ";
+    $new{'shell'} = readline(*STDIN);
+    print " $eng{'name'} [$old{'name'}]: ";
+    $new{'name'} = readline(*STDIN);
+    print " $eng{'office'} [$old{'office'}]: ";
+    $new{'office'} = readline(*STDIN);
+    print " $eng{'wphone'} [$old{'wphone'}]: ";
+    $new{'wphone'} = readline(*STDIN);
+    print " $eng{'hphone'} [$old{'hphone'}]: ";
+    $new{'hphone'} = readline(*STDIN);
+    print " $eng{'other'} [$old{'other'}]: ";
+    $new{'other'} = readline(*STDIN);
+}
+
+
+foreach my $key (keys %old) {
+    if (!$new{$key}) {
+	$new{$key} = $old{$key};
+    }
+}
+
+# simple check of new values
+foreach my $key (keys %new) {
+    chop($new{$key}) if ( $new{$key}=~/\n$/ );
+    if ($new{$key} =~ /^\s+$/ and $key ne 'shell') {
+	$new{$key} = "";
+    } elsif ($new{$key} =~ /^$/) {
+	$new{$key} = $old{$key};
+    } elsif ($key ne 'other' and $new{$key} =~ /.*,.*/) {
+	print "Comma cannot be used with $key.\n";
+	exit(6);
+    }
+    # $new{$key} eq "" 
+}
+
+# [TODO] check if shell really exists
+if ( $new{'shell'} and !($new{'shell'}=~/^\/.+\/.+/)
+     and ($old{'shell'}=~/^\/.+\/.+/)
+     ) {
+    $new{'shell'} = $old{'shell'};
+} elsif ( $new{'shell'} and !($new{'shell'}=~/^\/.+\/.+/)
+          or !$new{'shell'} and !$old{'shell'}
+	  ) {
+    $new{'shell'} = '/bin/sh';
+}
+
+if ( !$new{'name'} ) {
+    $new{'name'} = $user;
+}
+
+# prepare gecos field
+$gecos = join(',',
+	      ( $new{'name'},
+		$new{'office'},
+		$new{'wphone'},
+		$new{'hphone'},
+		$new{'other'}
+		)
+	      );
+
+my @tmp = split(/\s+/,$new{'name'});
+my $sn = $tmp[$#tmp];
+pop(@tmp);
+my $givenName = join(' ',@tmp);
+
+$entry->replace( 'gecos' => $gecos );
+$entry->replace( 'cn'    => $new{'name'} );
+
+if ( exist_in_tab( [$entry->get_value('objectClass')],'inetOrgPerson') ) {
+    if ( $sn ) {
+	$entry->replace('sn' => $sn);
+    } else {
+	$entry->replace('sn' => $user);
+    }
+    if ( $givenName ) {
+	$entry->replace('givenName' => $givenName);
+    } else {
+	$entry->get_value('givenName') and $entry->delete('givenName');
+    }
+    if ( $new{'office'} ) {
+	$entry->replace('roomNumber' => $new{'office'});
+    } else {
+	$entry->get_value('roomNumber') and $entry->delete('roomNumber');
+    }
+    if ( $new{'wphone'} ) {
+	$entry->replace('telephoneNumber' => $new{'wphone'});
+    } else {
+	$entry->get_value('telephoneNumber') and $entry->delete('telephoneNumber');
+    }
+    if ( $new{'hphone'} ) {
+	$entry->replace('homePhone' => $new{'hphone'});
+    } else {
+	$entry->get_value('homePhone') and $entry->delete('homePhone');
+    }
+}				#end of inetOrgPerson
+if ( $new{'shell'} ) {
+    $entry->replace('loginShell' => $new{'shell'});
+} else {
+    $entry->get_value('loginShell') and $entry->delete('loginShell');
+}
+
+if ($Options{'v'}) {
+    $entry->dump();
+}
+# bind to LDAP and update entry
+$ldap_master = connect_ldap_master();
+my $mesg = $entry->update($ldap_master);
+if ($mesg->is_error()) {
+    print "Error: " . $mesg->error() . "\n";
+} else {
+    print "LDAP updated\n";
+}
+$ldap_master and $ldap_master->unbind;
+
+# Check if a $text element exists in @table
+# eg. exist_in_tab(\@table,$text);
+sub exist_in_tab
+{
+    my($ref_tab,$text) = @_;
+    my @tab = @$ref_tab;
+
+    foreach my $elem (@tab) {
+	if ( lc($elem) eq lc($text) ) {
+	    return 1;
+	}
+    }
+    return 0;
+}
+
+########################################
+
+=head1 NAME
+
+smbldap-userinfo - change user real name, information and shell
+
+=head1 SYNOPSIS
+
+smbldap-userinfo [-f full_name] [-r room_no] [-w work_ph] [-h home_ph]
+[-o other] [-s login_shell] [-l] [-?] [-v]
+
+=head1 DESCRIPTION
+
+This command changes user gecos fields and login shell.
+The normal user can change only the fields for his own account,
+the super user may change the fiels for any account.
+
+If none of the options are selected, the command is run
+in an interactive mode for the current user account. User is
+asked for all fields. To accept a default value you should 
+just press <ENTER>, otherwise write text and press <ENTER>.
+
+posixAccount objectClasses has to be present in the modified
+entry. If inetOrgPerson objectClass is also present additional
+attributes will be changed (givenName,sn,roomNumber,telephoneNumber,
+homePhone)
+
+-l
+       Display users informations and password status.
+
+-f full_name
+       affected attributes: 'gecos', 'cn' (and 'givenName', 'sn'
+       if inetOrgPerson is present) 
+
+-r room_number
+       affected attributes: 'gecos' (and 'roomNumber'
+       if inetOrgPerson is present)
+
+-w work_phone
+       affected attributes: 'gecos' (and 'telephoneNumber'
+       if inetOrgPerson is present)
+
+-h home_phone
+       affected attributes: 'gecos' (and 'homePhone'
+       if inetOrgPerson is present)
+
+-o other
+       affected attributes: 'gecos'
+
+-s login_shell
+       affected attributes: 'loginShell'
+
+-?     show the help message
+
+-v     verbose - show modified user entry
+
+=cut
+
+#'
+
+# The End
+
diff -Nru smbldap-tools-0.9.5/smbldap-userlist smbldap-tools-0.9.7/smbldap-userlist
--- smbldap-tools-0.9.5/smbldap-userlist	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/smbldap-userlist	1970-01-01 01:00:00.000000000 +0100
@@ -1,306 +0,0 @@
-#!/usr/bin/perl -w
-
-#  This code was developped by Jerome Tournier (jtournier@gmail.com) and
-#  contributors (their names can be found in the CONTRIBUTORS file).
-
-#  This was first created by tarjei Huse <tarjei@nu.no>
-
-#  This program is free software; you can redistribute it and/or
-#  modify it under the terms of the GNU General Public License
-#  as published by the Free Software Foundation; either version 2
-#  of the License, or (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-#  USA.
-
-# Purpose of smbldap-usermod : user (posix,shadow,samba) modification
-
-use strict;
-use Getopt::Std;
-use FindBin;
-use FindBin qw($RealBin);
-use lib "$RealBin/";
-use smbldap_tools;
-#use Date::Format; 
-
-# function declaration
-sub exist_in_tab;
-
-my %Options;
-
-my $ok = getopts('adelmugh?', \%Options);
-if ( (!$ok) || ($Options{'?'}) || $Options{'h'} ) {
-    print "Usage: $0 [options] [user template]\n\n";
-    print "Available UNIX options are:\n";
-    print "-a     Show gecos, password last change, expiration date and account status\n";
-    print "-g     Show gecos entry\n";
-    print "-d     Show last modification password date.\n";
-    print "-e     Show the expiration date\n";
-    print "-l     Show account status (locl/unlock)\n";
-    print "-m     Only list machines.\n";
-    print "-u     Only list users\n";
-    print "-?     show the help message\n";
-    exit (1);
-}
-
-die "Error: can't use both options -u and -m\n" if ($Options{u} && $Options{m});
-
-my $binduser;
-my $pass;
-
-if (!defined($binduser)) {
-    $binduser = getpwuid($<);
-}
-
-my $search;
-if ( $ARGV[0] ) {
-    if ( $< != 0 ) {
-        die "Only root can show other users inormations\n";
-    } else {
-        $search=$ARGV[0];
-    }
-} elsif ( $< != 0 ) {
-    $search=$binduser;
-}
-
-
-my ($dn,$ldap_master);
-# First, connecting to the directory
-if ($< != 0) {
-    # non-root user
-    if (!defined($pass)) {
-    # prompt for password
-    print "UNIX password: ";
-system "stty -echo" if (-t STDIN);
-chomp($pass=<STDIN>);
-system "stty echo" if (-t STDIN);
-print "\n";
-
-# JTO: search real basedn: may be different in case ou=bla1,ou=bla2 !
-# JTO: faire afficher egalement lock, expire et lastChange
-$config{masterDN}="uid=$binduser,$config{usersdn}";
-$config{masterPw}="$pass";
-$ldap_master=connect_ldap_master();
-$dn=$config{masterDN};
-if (!is_user_valid($binduser, $dn, $pass)) {
-    print "Authentication failure\n";
-    exit (10);
-}
-}
-} else {
-    # root user
-    $ldap_master=connect_ldap_master();
-# test existence of user in LDAP
-my $dn_line;
-}
-
-sub print_user {
-    my ($entry, %Options) = @_;
-    printf "%4s ", $entry->get_value('uidNumber') ;
-    printf "|%-20s ", $entry->get_value('uid');
-    if ($Options{'d'} || $Options{'a'}) {
-    	my $sambaPwdLastSet=$entry->get_value('sambaPwdLastSet');
-	if (defined $sambaPwdLastSet) {
-	    #printf "%-16s ", time2str("%D %H:%m", $sambaPwdLastSet);
-	    $sambaPwdLastSet=localtime($sambaPwdLastSet);
-	    #print "sambaPwdLastSet\n";
-	    $sambaPwdLastSet=~/(\w*)\s(\w*)\s*(\d*)\s*(\d*):(\d*):(\d*)\s*(\d*)/;
-	    $sambaPwdLastSet="$1 $2 $3 $7 $4:$5";
-	    printf "|%-23s", $sambaPwdLastSet;
-	} else {
-	    printf "|%-23s","- ";
-	}
-    	my $shadowLastChange=$entry->get_value('shadowLastChange');
-	if (defined $shadowLastChange) {
-	    $shadowLastChange=localtime($shadowLastChange*86400);
-	    $shadowLastChange=~/(\w*)\s(\w*)\s*(\d*)\s*(\d*):(\d*):(\d*)\s*(\d*)/;
-	    $shadowLastChange="$1 $2 $3 $7";
-	    printf "|%-18s", $shadowLastChange;
-	} else {
-	    printf "|%-18s","- ";
-	}
-	#print "\n";
-    }
-    if ($Options{'e'} || $Options{'a'}) {
-    	my $sambaPwdMustChange=$entry->get_value('sambaPwdMustChange');
-	if (defined $sambaPwdMustChange) {
-	    $sambaPwdMustChange=localtime($sambaPwdMustChange);
-            $sambaPwdMustChange=~/(\w*)\s(\w*)\s*(\d*)\s*(\d*):(\d*):(\d*)\s*(\d*)/;
-            $sambaPwdMustChange="$1 $2 $3 $7 $4:$5";
-	    printf "|%-22s", $sambaPwdMustChange;
-	} else {
-	    printf "|%-22s","- ";
-	}
-    	my $sambaKickoffTime=$entry->get_value('sambaKickoffTime');
-	if (defined $sambaKickoffTime) {
-	    $sambaKickoffTime=localtime($sambaKickoffTime);
-            $sambaKickoffTime=~/(\w*)\s(\w*)\s*(\d*)\s*(\d*):(\d*):(\d*)\s*(\d*)/;
-            $sambaKickoffTime="$1 $2 $3 $7 $4:$5";
-	    printf "|%-22s", $sambaKickoffTime;
-	} else {
-	    printf "|%-22s","- ";
-	}
-    	my $shadowExpire=$entry->get_value('shadowExpire');
-	if (defined $shadowExpire) {
-	    $shadowExpire=localtime($shadowExpire*86400);
-	    $shadowExpire=~/(\w*)\s(\w*)\s*(\d*)\s*(\d*):(\d*):(\d*)\s*(\d*)/;
-	    $shadowExpire="$1 $2 $3 $7";
-	    printf "|%-16s", $shadowExpire;
-	} else {
-	    printf "|%-16s","- ";
-	}
-    	my $shadowMin=$entry->get_value('shadowMin');
-	if (defined $shadowMin) {
-	    printf "|%-10s", $shadowMin;
-	} else {
-	    printf "|%-10s","- ";
-	}
-    	my $shadowMax=$entry->get_value('shadowMax');
-	if (defined $shadowMax) {
-	    printf "|%-10s", $shadowMax;
-	} else {
-	    printf "|%-10s","- ";
-	}
-    }
-    if ($Options{'l'} || $Options{'a'}) {
-    	my $userPassword=$entry->get_value('userPassword');
-	if (defined $userPassword) {
-            my $status;
-            if ( $userPassword =~ /!/ ) {
-                $status="locked";
-            } else {
-                $status="unlocked";
-            }
-	    printf "|%-10s", $status;
-	} else {
-	    printf "|%-10s","- ";
-	}
-    	my $sambaAcctFlags=$entry->get_value('sambaAcctFlags');
-	if (defined $sambaAcctFlags) {
-	    $sambaAcctFlags=~s/\s*//g;
-	    printf "|%-10s", $sambaAcctFlags;
-	} else {
-	    printf "|%-10s","- ";
-	}
-    }
-    if ((($Options{'g'} || $Options{'a'})))
-    {
-	if (defined $entry->get_value('gecos') and ($Options{'g'} || $Options{'a'}))
-	{
-	    printf "|%-10s", $entry->get_value('gecos');
-
-	} else {
-	    print "|-";
-	}
-    }
-    print "|\n";
-}
-
-my $attrs="['username','uidNumber','uid'";
-my $banner="uid  |username             ";
-if ($Options{'d'} || $Options{'a'})
-{
-    $banner .= "|sambaPwdLastSet        ";
-    $banner .= "|shadowLastChange  ";
-    $attrs  .=  ",'sambaPwdLastSet','shadowLastChange'";
-}
-if ($Options{'e'} || $Options{'a'})
-{
-    $banner .= "|sambaPwdMustChange    ";
-    $banner .= "|sambaKickoffTime      ";
-    $banner .= "|shadowExpire    ";
-    $banner .= "|shadowMax ";
-    $attrs  .= ",'sambaPwdMustChange','sambaKickoffTime','shadowExpire','shadowMax'";
-    $banner .= "|shadowMin ";
-    $attrs  .= ",'sambaPwdMustChange','sambaKickoffTime','shadowExpire','shadowMin'";
-}
-if ($Options{'l'} || $Options{'a'})
-{
-    $banner .= "|status UNX";
-    $banner .= "|status SMB";
-    $attrs  .= ",'userPassword','sambaAcctFlags'";
-}
-if ($Options{'g'} || $Options{'a'})
-{
-    $banner .= "|gecos      |";
-    $attrs  .= ",'gecos'";
-}
-$attrs.="]";
-print "$banner\n\n";
-my $filter;
-$filter = "(&(objectclass=posixAccount)";
-my $base;
-if ($Options{'m'}) {
-    # $filter .= "(sambaAcctFlags=[W          ])";
-    $base=$config{computersdn}
-} elsif ($Options{'u'}) {
-    # $filter .= "(sambaAcctFlags=[U          ])";
-    $base=$config{usersdn}
-} else {
-    $base=$config{suffix}
-}
-if ($search) {
-    $filter.="(uid=$search)";
-}
-
-$filter.=")";
-
-my  $mesg = $ldap_master->search ( base   => $base,
-                                   scope => $config{scope},
-                                   filter => $filter,
-				   attrs => "$attrs"
-				   );
-$mesg->code && warn $mesg->error;
-
-foreach my $entry ($mesg->all_entries) {
-    print_user($entry,%Options);
-}
-########################################
-
-=head1 NAME
-
-smbldap-userlist list users or machines with some info
-
-=head1 SYNOPSIS
-
-smbldap-userlist [-a] [-g] [-d] [-e] [-l] [-m] [user template]
-
-
-=head1 DESCRIPTION
-
--a     Show gecos, password last change, expiration date and account status
-
--g     Show gecos entry
-
--d     Show last modification password date
-
--e     Show the expiration date
-
--l     Show account status (locl/unlock)
-
--m     Only list machines
-
--u     Only list users
-
--?     show the help message
-
-=head1 EXAMPLE
-
-smbldap-userlist -a
-
-smbldap-userlist -a jtournier
-
-smbldap-userlist -a "*ourn*"
-
-=cut
-
-#'
-
-# The End
diff -Nru smbldap-tools-0.9.5/smbldap-userlist.pl smbldap-tools-0.9.7/smbldap-userlist.pl
--- smbldap-tools-0.9.5/smbldap-userlist.pl	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/smbldap-userlist.pl	2011-07-12 15:29:04.000000000 +0200
@@ -0,0 +1,298 @@
+#!@PERL_CMD@
+
+# $Id$
+
+#  This code was developped by Jerome Tournier (jtournier@gmail.com) and
+#  contributors (their names can be found in the CONTRIBUTORS file).
+
+#  This was first created by tarjei Huse <tarjei@nu.no>
+
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Purpose of smbldap-usermod : user (posix,shadow,samba) modification
+
+use strict;
+use warnings;
+use Getopt::Std;
+use smbldap_tools;
+
+# function declaration
+sub exist_in_tab;
+
+my %Options;
+
+my $ok = getopts('adeghlmu?', \%Options);
+if ( (!$ok) || ($Options{'?'}) || $Options{'h'} ) {
+    print "Usage: $0 [adeghlmu?] [user template]\n\n";
+    print "Available UNIX options are:\n";
+    print "-a     Show gecos, password last change, expiration date and account status\n";
+    print "-d     Show last modification password date.\n";
+    print "-e     Show the expiration date\n";
+    print "-g     Show gecos entry\n";
+    print "-l     Show account status (locl/unlock)\n";
+    print "-m     Only list machines.\n";
+    print "-u     Only list users\n";
+    print "-?|-h  show the help message\n";
+    exit (1);
+}
+
+die "Error: can't use both options -u and -m\n" if ($Options{u} && $Options{m});
+
+my $binduser;
+my $pass;
+
+if (!defined($binduser)) {
+    $binduser = getpwuid($<);
+}
+
+my $search;
+if ( $ARGV[0] ) {
+    if ( $< != 0 ) {
+        die "Only root can show other users inormations\n";
+    } else {
+        $search=$ARGV[0];
+    }
+} elsif ( $< != 0 ) {
+    $search=$binduser;
+}
+
+
+my ($dn,$ldap_master);
+# First, connecting to the directory
+if ($< != 0) {
+    # non-root user
+    if (!defined($pass)) {
+	$pass = password_read("UNIX password: ");
+
+# JTO: search real basedn: may be different in case ou=bla1,ou=bla2 !
+# JTO: faire afficher egalement lock, expire et lastChange
+$config{masterDN}="uid=$binduser,$config{usersdn}";
+$config{masterPw}="$pass";
+$ldap_master=connect_ldap_master();
+$dn=$config{masterDN};
+if (!is_user_valid($binduser, $dn, $pass)) {
+    print "Authentication failure\n";
+    exit (10);
+}
+}
+} else {
+    # root user
+    $ldap_master=connect_ldap_master();
+# test existence of user in LDAP
+my $dn_line;
+}
+
+sub print_user {
+    my ($entry, %Options) = @_;
+    printf "%4s ", $entry->get_value('uidNumber') ;
+    printf "|%-20s ", $entry->get_value('uid');
+    if ($Options{'d'} || $Options{'a'}) {
+    	my $sambaPwdLastSet=$entry->get_value('sambaPwdLastSet');
+	if (defined $sambaPwdLastSet) {
+	    #printf "%-16s ", time2str("%D %H:%m", $sambaPwdLastSet);
+	    $sambaPwdLastSet=localtime($sambaPwdLastSet);
+	    #print "sambaPwdLastSet\n";
+	    $sambaPwdLastSet=~/(\w*)\s(\w*)\s*(\d*)\s*(\d*):(\d*):(\d*)\s*(\d*)/;
+	    $sambaPwdLastSet="$1 $2 $3 $7 $4:$5";
+	    printf "|%-23s", $sambaPwdLastSet;
+	} else {
+	    printf "|%-23s","- ";
+	}
+    	my $shadowLastChange=$entry->get_value('shadowLastChange');
+	if (defined $shadowLastChange) {
+	    $shadowLastChange=localtime($shadowLastChange*86400);
+	    $shadowLastChange=~/(\w*)\s(\w*)\s*(\d*)\s*(\d*):(\d*):(\d*)\s*(\d*)/;
+	    $shadowLastChange="$1 $2 $3 $7";
+	    printf "|%-18s", $shadowLastChange;
+	} else {
+	    printf "|%-18s","- ";
+	}
+	#print "\n";
+    }
+    if ($Options{'e'} || $Options{'a'}) {
+    	my $sambaPwdMustChange=$entry->get_value('sambaPwdMustChange');
+	if (defined $sambaPwdMustChange) {
+	    $sambaPwdMustChange=localtime($sambaPwdMustChange);
+            $sambaPwdMustChange=~/(\w*)\s(\w*)\s*(\d*)\s*(\d*):(\d*):(\d*)\s*(\d*)/;
+            $sambaPwdMustChange="$1 $2 $3 $7 $4:$5";
+	    printf "|%-22s", $sambaPwdMustChange;
+	} else {
+	    printf "|%-22s","- ";
+	}
+    	my $sambaKickoffTime=$entry->get_value('sambaKickoffTime');
+	if (defined $sambaKickoffTime) {
+	    $sambaKickoffTime=localtime($sambaKickoffTime);
+            $sambaKickoffTime=~/(\w*)\s(\w*)\s*(\d*)\s*(\d*):(\d*):(\d*)\s*(\d*)/;
+            $sambaKickoffTime="$1 $2 $3 $7 $4:$5";
+	    printf "|%-22s", $sambaKickoffTime;
+	} else {
+	    printf "|%-22s","- ";
+	}
+    	my $shadowExpire=$entry->get_value('shadowExpire');
+	if (defined $shadowExpire) {
+	    $shadowExpire=localtime($shadowExpire*86400);
+	    $shadowExpire=~/(\w*)\s(\w*)\s*(\d*)\s*(\d*):(\d*):(\d*)\s*(\d*)/;
+	    $shadowExpire="$1 $2 $3 $7";
+	    printf "|%-16s", $shadowExpire;
+	} else {
+	    printf "|%-16s","- ";
+	}
+    	my $shadowMin=$entry->get_value('shadowMin');
+	if (defined $shadowMin) {
+	    printf "|%-10s", $shadowMin;
+	} else {
+	    printf "|%-10s","- ";
+	}
+    	my $shadowMax=$entry->get_value('shadowMax');
+	if (defined $shadowMax) {
+	    printf "|%-10s", $shadowMax;
+	} else {
+	    printf "|%-10s","- ";
+	}
+    }
+    if ($Options{'l'} || $Options{'a'}) {
+    	my $userPassword=$entry->get_value('userPassword');
+	if (defined $userPassword) {
+            my $status;
+            if ( $userPassword =~ /!/ ) {
+                $status="locked";
+            } else {
+                $status="unlocked";
+            }
+	    printf "|%-10s", $status;
+	} else {
+	    printf "|%-10s","- ";
+	}
+    	my $sambaAcctFlags=$entry->get_value('sambaAcctFlags');
+	if (defined $sambaAcctFlags) {
+	    $sambaAcctFlags=~s/\s*//g;
+	    printf "|%-10s", $sambaAcctFlags;
+	} else {
+	    printf "|%-10s","- ";
+	}
+    }
+    if ((($Options{'g'} || $Options{'a'})))
+    {
+	if (defined $entry->get_value('gecos') and ($Options{'g'} || $Options{'a'}))
+	{
+	    printf "|%-10s", $entry->get_value('gecos');
+
+	} else {
+	    print "|-";
+	}
+    }
+    print "|\n";
+}
+
+my $attrs="['username','uidNumber','uid'";
+my $banner="uid  |username             ";
+if ($Options{'d'} || $Options{'a'})
+{
+    $banner .= "|sambaPwdLastSet        ";
+    $banner .= "|shadowLastChange  ";
+    $attrs  .=  ",'sambaPwdLastSet','shadowLastChange'";
+}
+if ($Options{'e'} || $Options{'a'})
+{
+    $banner .= "|sambaPwdMustChange    ";
+    $banner .= "|sambaKickoffTime      ";
+    $banner .= "|shadowExpire    ";
+    $banner .= "|shadowMax ";
+    $attrs  .= ",'sambaPwdMustChange','sambaKickoffTime','shadowExpire','shadowMax'";
+    $banner .= "|shadowMin ";
+    $attrs  .= ",'sambaPwdMustChange','sambaKickoffTime','shadowExpire','shadowMin'";
+}
+if ($Options{'l'} || $Options{'a'})
+{
+    $banner .= "|status UNX";
+    $banner .= "|status SMB";
+    $attrs  .= ",'userPassword','sambaAcctFlags'";
+}
+if ($Options{'g'} || $Options{'a'})
+{
+    $banner .= "|gecos      |";
+    $attrs  .= ",'gecos'";
+}
+$attrs.="]";
+print "$banner\n\n";
+my $filter;
+$filter = "(&(objectclass=posixAccount)";
+my $base;
+if ($Options{'m'}) {
+    # $filter .= "(sambaAcctFlags=[W          ])";
+    $base=$config{computersdn}
+} elsif ($Options{'u'}) {
+    # $filter .= "(sambaAcctFlags=[U          ])";
+    $base=$config{usersdn}
+} else {
+    $base=$config{suffix}
+}
+if ($search) {
+    $filter.="(uid=$search)";
+}
+
+$filter.=")";
+
+my  $mesg = $ldap_master->search ( base   => $base,
+                                   scope => $config{scope},
+                                   filter => $filter,
+				   attrs => "$attrs"
+				   );
+$mesg->code && warn $mesg->error;
+
+foreach my $entry ($mesg->all_entries) {
+    print_user($entry,%Options);
+}
+########################################
+
+=head1 NAME
+
+smbldap-userlist list users or machines with some info
+
+=head1 SYNOPSIS
+
+smbldap-userlist [-a] [-g] [-d] [-e] [-l] [-m] [user template]
+
+
+=head1 DESCRIPTION
+
+-a     Show gecos, password last change, expiration date and account status
+
+-g     Show gecos entry
+
+-d     Show last modification password date
+
+-e     Show the expiration date
+
+-l     Show account status (locl/unlock)
+
+-m     Only list machines
+
+-u     Only list users
+
+-?     show the help message
+
+=head1 EXAMPLE
+
+smbldap-userlist -a
+
+smbldap-userlist -a jtournier
+
+smbldap-userlist -a "*ourn*"
+
+=cut
+
+#'
+
+# The End
diff -Nru smbldap-tools-0.9.5/smbldap-usermod smbldap-tools-0.9.7/smbldap-usermod
--- smbldap-tools-0.9.5/smbldap-usermod	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/smbldap-usermod	1970-01-01 01:00:00.000000000 +0100
@@ -1,1019 +0,0 @@
-#!/usr/bin/perl -w
-
-#  This code was developped by Jerome Tournier (jtournier@gmail.com) and
-#  contributors (their names can be found in the CONTRIBUTORS file).
-
-#  This was first contributed by IDEALX (http://www.opentrust.com/)
-
-#  This program is free software; you can redistribute it and/or
-#  modify it under the terms of the GNU General Public License
-#  as published by the Free Software Foundation; either version 2
-#  of the License, or (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-#  USA.
-
-# Purpose of smbldap-usermod : user (posix,shadow,samba) modification
-
-use strict;
-use FindBin;
-use FindBin qw($RealBin);
-use lib "$RealBin/";
-use smbldap_tools;
-use Time::Local;
-#####################
-
-use Getopt::Std;
-use Getopt::Long;
-my %Options;
-my $nscd_status;
-
-Getopt::Long::Configure('bundling');
-my $ok = GetOptions(
-    "A|sambaPwdCanChange=s"  => \$Options{A},
-    "B|sambaPwdMustChange=s" => \$Options{B},
-    "C|sambaHomePath=s"      => \$Options{C},
-    "D|sambaHomeDrive=s"     => \$Options{D},
-    "E|sambaLogonScript=s"   => \$Options{E},
-    "F|sambaProfilePath=s"   => \$Options{F},
-    "G|group=s"              => \$Options{G},
-    "H|sambaAcctFlags=s"     => \$Options{H},
-    "I|sambaDisable"         => \$Options{I},
-    "J|sambaEnable"          => \$Options{J},
-    "L|shadowLock"           => \$Options{L},
-    "M|mailAddresses=s"      => \$Options{M},
-    "N|givenName=s"          => \$Options{N},
-    "P=s"                    => \$Options{P},
-    "U|shadowUnlock"         => \$Options{U},
-    "S|surname=s"            => \$Options{S},
-    "T|mailToAddress=s"      => \$Options{T},
-    "Z|attr=s"               => \$Options{Z},
-    "a|addsambaSAMAccount"   => \$Options{a},
-    "c|gecos=s"              => \$Options{c},
-    "d|homedir=s"            => \$Options{d},
-    "e|expire=s"             => \$Options{e},
-    "sambaExpire=s"          => \$Options{sambaExpire},
-    "g|gid=s"                => \$Options{g},
-    "h|help"                 => \$Options{h},
-    "o|canBeNotUnique"       => \$Options{o},
-    "r|rename=s"             => \$Options{r},
-    "s|shell=s"              => \$Options{s},
-    "shadowExpire=s"         => \$Options{shadowExpire},
-    "shadowMax=s"            => \$Options{shadowMax},
-    "shadowMin=s"            => \$Options{shadowMin},
-    "shadowInactive=s"       => \$Options{shadowInactive},
-    "shadowWarning=s"        => \$Options{shadowWarning},
-    "u|uid=s"                => \$Options{u}
-);
-
-#my $ok = getopts('A:B:C:D:E:F:H:IJM:N:S:PT:ame:f:u:g:G:d:l:r:s:c:ok:?h', \%Options);
-
-if ( ( !$ok ) || ( @ARGV < 1 ) || ( $Options{'h'} ) ) {
-    print_banner;
-    print "Usage: $0 [options] username\n\n";
-
-    print "Available UNIX options are:\n";
-    print "  -c|--gecos <gecos>           gecos\n";
-    print "  -d|--homedir <dir>           home directory\n";
-    print "  -r|--rename <username>       username\n";
-    print "  -u|--uid <uidNumber>         uid\n";
-    print "  -o|--canBeNotUnique          uid can be non unique\n";
-    print "  -g|--gid <gidNumber          gid\n";
-    print
-      "  -G|--group [+-]<grp1,...>    supplementary groups (comma separated)\n";
-    print "  -s|--shell <shell>           shell\n";
-    print "  -N|--givenName <name>        given name (first name)\n";
-    print "  -S|--surname <suname>        surname (family name)\n";
-    print "  -P                           ends by invoking smbldap-passwd\n";
-    print "  -M|--mailAddresses <mail,>   mailAddresses (comma seperated)\n";
-    print
-"  -T|--mailToAddress <mail,>   mailToAddress (forward address) (comma seperated)\n";
-    print
-"  -e|--expire <date>           Sets both shadow and samba expiration date: like \"YYYY-MM-DD(HH:MM:SS)\", or \"yYmMdD\" to extand y year,m months and d days\n";
-    print
-"  --shadowExpire <date/n>      Shadow expiration date (like \"YYYY-MM-DD\") or 'n' days from today\n";
-    print
-"  --shadowMax <n>              User must change the password, at least, every 'n' days\n";
-    print
-"  --shadowMin <n>              user must wait 'n' days once the password has changed before changing it again\n";
-    print
-"  --shadowInactive <n>         number of days of inactivity allowed for the specified user\n";
-    print
-"  --shadowWarning <n>          User is warned that the password must be changed four days before the password expires\n";
-    print "  -L|--shadowLock              lock unix user's password\n";
-    print "  -U|--shadowUnlock            unlock unix user's password\n";
-    print
-"  -Z                           add custom attributes, as name=value pairs comma separated\n";
-    print "\n";
-    print "Available SAMBA options are:\n";
-    print "  -a|--addsambaSAMAccount        add sambaSAMAccount objectclass\n";
-    print
-"  --sambaExpire <date>           expire date (\"YYYY-MM-DD HH:MM:SS\")\n";
-    print
-"  -A|--sambaPwdCanChange         can change password ? 0 if no, 1 if yes\n";
-    print
-"  -B|--sambaPwdMustChange        must change password ? 0 if no, 1 if yes\n";
-    print
-"  -C|--sambaHomePath <dir>       sambaHomePath (SMB home share, like '\\\\PDC-SRV\\homes')\n";
-    print
-"  -D|--sambaHomeDrive <drive>    sambaHomeDrive (letter associated with home share, like 'H:')\n";
-    print
-"  -E|--sambaLogonScript <script> sambaLogonScript (DOS script to execute on login)\n";
-    print
-"  -F|--sambaProfilePath <path>   sambaProfilePath (profile directory, like '\\\\PDC-SRV\\profiles\\foo')\n";
-    print
-"  -H|--sambaAcctFlags <flags>    sambaAcctFlags (samba account control bits like '[NDHTUMWSLKI]')\n";
-    print
-"  -I|--sambaDisable              disable an user. Can't be used with -H or -J\n";
-    print
-"  -J|--sambaEnable               enable an user. Can't be used with -H or -I\n";
-    print "  -h|--help                      show this help message\n";
-    exit(1);
-}
-
-if ( $< != 0 ) {
-    print "You must be root to modify an user\n";
-    exit(1);
-}
-
-# Read only first @ARGV
-my $user = $ARGV[0];
-
-# Let's connect to the directory first
-my $ldap_master = connect_ldap_master();
-
-# Read user data
-my $user_entry = read_user_entry($user);
-if ( !defined($user_entry) ) {
-    print "$0: user $user doesn't exist\n";
-    exit(1);
-}
-
-my $samba = is_samba_user($user);
-
-# get the dn of the user
-my $dn = $user_entry->dn();
-
-my $tmp;
-my @mods;
-my @dels;
-if ( defined( $tmp = $Options{'a'} ) ) {
-    if ($samba) {
-        print "Error: Account for user $user already _is_ a Samba account!\n",
-          "Omit option -a!\n";
-        exit(1);
-    }
-
-    # Let's connect to the directory first
-    my $winmagic         = 2147483647;
-    my $valpwdcanchange  = 0;
-    my $valpwdmustchange = $winmagic;
-    my $valpwdlastset    = 0;
-    my $valacctflags     = "[UX]";
-    my $user_entry       = read_user_entry($user);
-    my $uidNumber        = $user_entry->get_value('uidNumber');
-    my $userRid          = 2 * $uidNumber + 1000;
-
-    # apply changes
-    my $modify = $ldap_master->modify(
-        "$dn",
-        changes => [
-            add => [ objectClass        => 'sambaSAMAccount' ],
-            add => [ sambaPwdLastSet    => "$valpwdlastset" ],
-            add => [ sambaLogonTime     => '0' ],
-            add => [ sambaLogoffTime    => '2147483647' ],
-            add => [ sambaKickoffTime   => '2147483647' ],
-            add => [ sambaPwdCanChange  => "$valpwdcanchange" ],
-            add => [ sambaPwdMustChange => "$valpwdmustchange" ],
-            add => [ sambaSID           => "$config{SID}-$userRid" ],
-            add => [ sambaAcctFlags     => "$valacctflags" ],
-        ]
-    );
-    if ( $modify->code ) {
-        warn "failed to modify entry: ", $modify->error;
-        exit 1;
-    }
-
-    # when adding samba attributes, try to set samba primary group as well.
-    my $group_entry =
-      read_group_entry_gid( $user_entry->get_value('gidNumber') );
-
-    # override group if new group id sould be set with this call as well
-    $group_entry = read_group_entry_gid( $Options{'g'} ) if $Options{'g'};
-    my $userGroupSID = $group_entry->get_value('sambaSID');
-    if ($userGroupSID) {
-        my $modify_grpSID = $ldap_master->modify( "$dn",
-            changes => [ add => [ sambaPrimaryGroupSID => "$userGroupSID" ], ]
-        );
-
-        if ( $modify_grpSID->code ) {
-            warn "failed to modify entry: ", $modify_grpSID->error;
-            exit 1;
-        }
-    }
-    else {    # no reason to abort imho
-        print
-"Warning: sambaPrimaryGroupSID could not be set beacuse group of user $user is not a mapped Domain group!\n",
-"To get a list of groups mapped to Domain groups, use \"net groupmap list\" on a Domain member machine.\n";
-    }
-
-# now it is a samba account. this flag is needed here if someone uses i. e. "-a -g newgroupid".
-# if not set here, the sambaPrimaryGroupSID value would not be updated
-    $samba = 1;
-
-}
-
-# Process options
-my $changed_uid;
-my $_userUidNumber;
-my $_userRid;
-
-if ( defined( $tmp = $Options{'u'} ) ) {
-    if ( !defined( $Options{'o'} ) ) {
-        $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";
-        if ( $nscd_status == 0 ) {
-            system "/etc/init.d/nscd stop > /dev/null 2>&1";
-        }
-
-        if ( getpwuid($tmp) ) {
-            if ( $nscd_status == 0 ) {
-                system "/etc/init.d/nscd start > /dev/null 2>&1";
-            }
-
-            print "$0: uid number $tmp exists\n";
-            exit(6);
-        }
-        if ( $nscd_status == 0 ) {
-            system "/etc/init.d/nscd start > /dev/null 2>&1";
-        }
-    }
-
-    push( @mods, 'uidNumber', $tmp );
-    $_userUidNumber = $tmp;
-    if ($samba) {
-
-        # as rid we use 2 * uid + 1000
-        my $_userRid = 2 * $_userUidNumber + 1000;
-        if ( defined( $Options{'x'} ) ) {
-            $_userRid = sprint( "%x", $_userRid );
-        }
-        push( @mods, 'sambaSID', $config{SID} . '-' . $_userRid );
-    }
-    $changed_uid = 1;
-}
-
-my $changed_gid;
-my $_userGidNumber;
-my $_userGroupSID;
-if ( defined( $tmp = $Options{'g'} ) ) {
-    $_userGidNumber = parse_group($tmp);
-    if ( $_userGidNumber < 0 ) {
-        print "$0: group $tmp doesn't exist\n";
-        exit(6);
-    }
-    push( @mods, 'gidNumber', $_userGidNumber );
-    if ($samba) {
-
-        # as grouprid we use the sambaSID attribute's value of the group
-        my $group_entry   = read_group_entry_gid($_userGidNumber);
-        my $_userGroupSID = $group_entry->get_value('sambaSID');
-        unless ($_userGroupSID) {
-            print
-"Error: sambaPrimaryGroupSid could not be set (sambaSID for group $_userGidNumber does not exist)\n";
-            exit(7);
-        }
-        push( @mods, 'sambaPrimaryGroupSid', $_userGroupSID );
-    }
-    $changed_gid = 1;
-}
-
-if ( defined( $tmp = $Options{'s'} ) ) {
-    push( @mods, 'loginShell' => $tmp );
-}
-
-if ( defined( $tmp = $Options{'c'} ) ) {
-    push(
-        @mods,
-        'gecos'       => $tmp,
-        'description' => $tmp
-    );
-}
-
-if ( defined( $tmp = $Options{'d'} ) ) {
-    push( @mods, 'homeDirectory' => $tmp );
-}
-
-# RFC 2256 & RFC 2798
-# sn: family name (option S)             # RFC 2256: family name of a person.
-# givenName: prenom (option N)           # RFC 2256: part of a person's name which is not their surname nor middle name.
-# cn: person's full name                 # RFC 2256: person's full name.
-# displayName: perferably displayed name # RFC 2798: preferred name of a person to be used when displaying entries.
-
-#givenname is the forename of a person (not famiy name) => http://en.wikipedia.org/wiki/Given_name
-#surname (or sn) is the familiy name => http://en.wikipedia.org/wiki/Surname
-# my surname (or sn): Tournier
-# my givenname: Jerome
-
-if ( defined( $tmp = $Options{'N'} ) ) {
-    push( @mods, 'givenName' => utf8Encode($tmp) );
-}
-
-if ( defined( $tmp = $Options{'S'} ) ) {
-    push( @mods, 'sn' => utf8Encode($tmp) );
-}
-
-my $cn;
-if ( $Options{'N'} or $Options{'S'} or $Options{'a'} ) {
-    $Options{'N'} = $user_entry->get_value('givenName') unless $Options{'N'};
-    $Options{'S'} = $user_entry->get_value('sn')        unless $Options{'S'};
-
-# if givenName eq sn eq username (default of smbldap-useradd), cn and displayName would
-# be "username username". So we just append surname if its not default
-# (there may be the very very special case of an user where those three values _are_ equal)
-    $cn = "$Options{'N'}";
-    $cn .= " " . $Options{'S'}
-      unless ( $Options{'S'} eq $Options{'N'} and $Options{'N'} eq $user );
-    my $push_val = utf8Encode($cn);
-    push( @mods, 'cn' => $push_val );
-
-    # set displayName for Samba account
-    if ($samba) {
-        push( @mods, 'displayName' => $push_val );
-    }
-}
-
-if ( defined $Options{'e'} ) {
-    if ( !defined $Options{'shadowExpire'} ) {
-        $Options{'shadowExpire'} = $Options{'e'};
-    }
-    if ( !defined $Options{'sambaExpire'} ) {
-        $Options{'sambaExpire'} = $Options{'e'};
-    }
-}
-
-sub parse_date_to_unix {
-    my ($date) = @_;
-
-    if ( $date =~ /(\d\d\d\d)-(\d?\d)-(\d?\d)(\s+(\d?\d):(\d\d):(\d\d))?/ ) {
-        my $localtime;
-        if ( defined $5 and defined $6 and defined $7 ) {
-            $localtime = timelocal( $7, $6, $5, $3, $2 - 1, $1 );
-        }
-        else {
-            $localtime = timelocal( 0, 0, 2, $3, $2 - 1, $1 );
-        }
-        my $shadowExpire = int($localtime);
-        $shadowExpire = sprintf( "%d", $shadowExpire );
-        return $shadowExpire;
-    }
-    else {
-        my $daysAdd = 0;
-
-        if ( $date =~ /(\d+)y/ ) {
-            $daysAdd += 365.3 * $1;
-        }
-
-        if ( $date =~ /(\d+)m/ ) {
-            $daysAdd += 30.4 * $1;
-        }
-
-        if ( $date =~ /(\d+)([^ym]{1}|$)/ ) {
-            $daysAdd += $1;
-        }
-
-        if ( $daysAdd > 0 ) {
-            return int( time + ( $daysAdd * 24 * 3600 ) );
-        }
-        else {
-            return -1;
-        }
-    }
-
-    return -1;
-}
-
-sub parse_date_to_unix_days {
-    my ($arg) = @_;
-    return int( parse_date_to_unix($arg) / 86400 );
-}
-
-# Shadow password parameters
-my $localtime = time() / 86400;
-if ( defined $Options{'shadowExpire'} ) {
-
-    # Unix expiration password
-    my $tmp = $Options{'shadowExpire'};
-    chomp($tmp);
-
-    #    my $expire=`date --date='$tmp' +%s`;
-    #    chomp($expire);
-    #    my $shadowExpire=int($expire/86400)+1;
-    # date syntax asked: YYYY-MM-DD
-
-    $tmp = parse_date_to_unix_days($tmp);
-    if ( $tmp != -1 ) {
-        push( @mods, 'shadowExpire', $tmp );
-    }
-    else {
-        print "Invalid format for '--shadowExpire' option.\n";
-    }
-}
-
-if ( defined $Options{'shadowWarning'} ) {
-    push( @mods, 'shadowWarning', $Options{shadowWarning} );
-}
-
-if ( defined $Options{'shadowMax'} ) {
-    push( @mods, 'shadowMax', $Options{shadowMax} );
-}
-
-if ( defined $Options{'shadowMin'} ) {
-    push( @mods, 'shadowMin', $Options{shadowMin} );
-}
-
-if ( defined $Options{'shadowInactive'} ) {
-    push( @mods, 'shadowInactive', $Options{shadowInactive} );
-}
-
-if ( defined $Options{'L'} ) {
-
-    # lock shadow account
-    $tmp = $user_entry->get_value('userPassword');
-    if ( !( $tmp =~ /!/ ) ) {
-        $tmp =~ s/}/}!/;
-    }
-    push( @mods, 'userPassword' => $tmp );
-}
-
-if ( defined $Options{'U'} ) {
-
-    # unlock shadow account
-    $tmp = $user_entry->get_value('userPassword');
-    if ( $tmp =~ /!/ ) {
-        $tmp =~ s/}!/}/;
-    }
-    push( @mods, 'userPassword' => $tmp );
-}
-
-my $mailobj = 0;
-if ( $tmp = $Options{'M'} ) {
-
-    # action si + or - for adding or deleting an entry
-    my $action = '';
-    if ( $tmp =~ s/^([+-])+\s*// ) {
-        $action = $1;
-    }
-    my @userMailLocal = &split_arg_comma($tmp);
-    my @mail;
-    foreach my $m (@userMailLocal) {
-        my $domain = $config{mailDomain};
-        if ( $m =~ /^(.+)@/ ) {
-            push( @mail, $m );
-
-            # mailLocalAddress contains only the first part
-            $m = $1;
-        }
-        else {
-            push( @mail, $m . ( $domain ? '@' . $domain : '' ) );
-        }
-    }
-    if ($action) {
-        my @old_MailLocal;
-        my @old_mail;
-        @old_mail      = $user_entry->get_value('mail');
-        @old_MailLocal = $user_entry->get_value('mailLocalAddress');
-        if ( $action eq '+' ) {
-            @userMailLocal = &list_union( \@old_MailLocal, \@userMailLocal );
-            @mail          = &list_union( \@old_mail,      \@mail );
-        }
-        elsif ( $action eq '-' ) {
-            @userMailLocal = &list_minus( \@old_MailLocal, \@userMailLocal );
-            @mail          = &list_minus( \@old_mail,      \@mail );
-        }
-    }
-    push( @mods, 'mailLocalAddress', [@userMailLocal] );
-    push( @mods, 'mail' => [@mail] );
-    $mailobj = 1;
-}
-
-if ( $tmp = $Options{'T'} ) {
-    my $action = '';
-    my @old;
-
-    # action si + or - for adding or deleting an entry
-    if ( $tmp =~ s/^([+-])+\s*// ) {
-        $action = $1;
-    }
-    my @userMailTo = &split_arg_comma($tmp);
-    if ($action) {
-        @old = $user_entry->get_value('mailRoutingAddress');
-    }
-    if ( $action eq '+' ) {
-        @userMailTo = &list_union( \@old, \@userMailTo );
-    }
-    elsif ( $action eq '-' ) {
-        @userMailTo = &list_minus( \@old, \@userMailTo );
-    }
-    push( @mods, 'mailRoutingAddress', [@userMailTo] );
-    $mailobj = 1;
-}
-if ($mailobj) {
-    my @objectclass = $user_entry->get_value('objectClass');
-    if ( !grep ( $_ =~ /^inetLocalMailRecipient$/i, @objectclass ) ) {
-        push( @mods,
-            'objectClass' => [ @objectclass, 'inetLocalMailRecipient' ] );
-    }
-}
-
-if ( defined( $tmp = $Options{'G'} ) ) {
-    my $action = '';
-    if ( $tmp =~ s/^([+-])+\s*// ) {
-        $action = $1;
-    }
-    if ( $action eq '-' ) {
-
-        # remove user from specified groups
-        foreach my $gname ( &split_arg_comma($tmp) ) {
-            group_remove_member( $gname, $user );
-        }
-    }
-    else {
-        if ( $action ne '+' ) {
-            my @old = &find_groups_of($user);
-
-            # remove user from old groups
-            foreach my $gname (@old) {
-                if ( $gname ne "" ) {
-                    group_remove_member( $gname, $user );
-                }
-            }
-        }
-
-        # add user to new groups
-        add_grouplist_user( $tmp, $user );
-    }
-}
-
-#
-# A : sambaPwdCanChange
-# B : sambaPwdMustChange
-# C : sambaHomePath
-# D : sambaHomeDrive
-# E : sambaLogonScript
-# F : sambaProfilePath
-# H : sambaAcctFlags
-
-my $attr;
-my $winmagic = 2147483647;
-
-$samba = is_samba_user($user);
-
-if ( defined( $tmp = $Options{'sambaExpire'} ) ) {
-    if ( $samba == 1 ) {
-        my $kickoffTime = parse_date_to_unix($tmp);
-        if ( $kickoffTime != -1 ) {
-            push( @mods, 'sambakickoffTime' => $kickoffTime );
-        }
-        else {
-            print "Invalid format for '--sambaExpire' option (" . $tmp . ").\n";
-        }
-    }
-    else {
-        print "User $user is not a samba user\n";
-    }
-}
-
-my $_sambaPwdCanChange;
-if ( defined( $tmp = $Options{'A'} ) ) {
-    if ( $samba == 1 ) {
-        $attr = "sambaPwdCanChange";
-        if ( $tmp != 0 ) {
-            $_sambaPwdCanChange = 0;
-        }
-        else {
-            $_sambaPwdCanChange = $winmagic;
-        }
-        push( @mods, 'sambaPwdCanChange' => $_sambaPwdCanChange );
-    }
-    else {
-        print "User $user is not a samba user\n";
-    }
-}
-
-my $_sambaPwdMustChange;
-if ( defined( $tmp = $Options{'B'} ) ) {
-    if ( $samba == 1 ) {
-        if ( $tmp != 0 ) {
-            $_sambaPwdMustChange = 0;
-
-            # To force a user to change his password:
-            # . the attribut sambaAcctFlags must not match the 'X' flag
-            my $_sambaAcctFlags;
-            my $flags = $user_entry->get_value('sambaAcctFlags');
-            if ( defined $flags and $flags =~ /X/ ) {
-                my $letters;
-                if ( $flags =~ /(\w+)/ ) {
-                    $letters = $1;
-                }
-                $letters =~ s/X//;
-                $_sambaAcctFlags = "\[$letters\]";
-                push( @mods, 'sambaAcctFlags' => $_sambaAcctFlags );
-            }
-            push( @mods, 'sambaPwdLastSet' => '0' );
-        }
-        else {
-            $_sambaPwdMustChange = $winmagic;
-        }
-        push( @mods, 'sambaPwdMustChange' => $_sambaPwdMustChange );
-    }
-    else {
-        print "User $user is not a samba user\n";
-    }
-}
-
-if ( defined( $tmp = $Options{'C'} ) ) {
-    if ( $samba == 1 ) {
-        if ( $tmp eq "" and defined $user_entry->get_value('sambaHomePath') ) {
-            push( @dels, 'sambaHomePath' => [] );
-        }
-        elsif ( $tmp ne "" ) {
-            push( @mods, 'sambaHomePath' => $tmp );
-        }
-    }
-    else {
-        print "User $user is not a samba user\n";
-    }
-}
-
-if ( defined( $tmp = $Options{'D'} ) ) {
-    if ( $samba == 1 ) {
-        if ( $tmp eq "" and defined $user_entry->get_value('sambaHomeDrive') ) {
-            push( @dels, 'sambaHomeDrive' => [] );
-        }
-        elsif ( $tmp ne "" ) {
-            $tmp = $tmp . ":" unless ( $tmp =~ /:/ );
-            push( @mods, 'sambaHomeDrive' => $tmp );
-        }
-    }
-    else {
-        print "User $user is not a samba user\n";
-    }
-}
-
-if ( defined( $tmp = $Options{'E'} ) ) {
-    if ( $samba == 1 ) {
-        if ( $tmp eq "" and defined $user_entry->get_value('sambaLogonScript') )
-        {
-            push( @dels, 'sambaLogonScript' => [] );
-        }
-        elsif ( $tmp ne "" ) {
-            push( @mods, 'sambaLogonScript' => $tmp );
-        }
-    }
-    else {
-        print "User $user is not a samba user\n";
-    }
-}
-
-if ( defined( $tmp = $Options{'F'} ) ) {
-    if ( $samba == 1 ) {
-        if ( $tmp eq "" and defined $user_entry->get_value('sambaProfilePath') )
-        {
-            push( @dels, 'sambaProfilePath' => [] );
-        }
-        elsif ( $tmp ne "" ) {
-            push( @mods, 'sambaProfilePath' => $tmp );
-        }
-    }
-    else {
-        print "User $user is not a samba user\n";
-    }
-}
-
-if ( $samba == 1
-    and
-    ( defined $Options{'H'} or defined $Options{'I'} or defined $Options{'J'} )
-  )
-{
-    my $_sambaAcctFlags;
-    if ( defined( $tmp = $Options{'H'} ) ) {
-
-        #$tmp =~ s/\\/\\\\/g;
-        $_sambaAcctFlags = $tmp;
-    }
-    else {
-
-        # I or J
-        my $flags;
-        $flags = $user_entry->get_value('sambaAcctFlags');
-
-        if ( defined( $tmp = $Options{'I'} ) ) {
-            if ( !( $flags =~ /D/ ) ) {
-                my $letters;
-                if ( $flags =~ /(\w+)/ ) {
-                    $letters = $1;
-                }
-                $_sambaAcctFlags = "\[D$letters\]";
-            }
-        }
-        elsif ( defined( $tmp = $Options{'J'} ) ) {
-            if ( $flags =~ /D/ ) {
-                my $letters;
-                if ( $flags =~ /(\w+)/ ) {
-                    $letters = $1;
-                }
-                $letters =~ s/D//;
-                $_sambaAcctFlags = "\[$letters\]";
-            }
-        }
-    }
-
-    if ( $_sambaAcctFlags and "$_sambaAcctFlags" ne '' ) {
-        push( @mods, 'sambaAcctFlags' => $_sambaAcctFlags );
-        my $date = time;
-        push( @mods, 'sambaPwdLastSet' => $date );
-    }
-
-}
-elsif ( !$samba == 1
-    and
-    ( defined $Options{'H'} or defined $Options{'I'} or defined $Options{'J'} )
-  )
-{
-    print "User $user is not a samba user\n";
-}
-
-if ( defined( $tmp = $Options{'Z'} ) ) {
-    my @namval = split /,/, $tmp;
-    if (@namval) {
-        foreach my $pair (@namval) {
-            my ( $name, $value ) = split /=/, $pair;
-            next if ( !$name or !$value );
-            push( @mods, $name => $value );
-        }
-    }
-
-}
-
-# apply changes
-my $modify = $ldap_master->modify( "$dn", 'replace' => {@mods} );
-$modify->code && warn "failed to modify entry: ", $modify->error;
-
-# we can delete only if @dels is not empty: we check the number of elements
-my $nb_to_del = scalar(@dels);
-if ( $nb_to_del != 0 ) {
-    $modify = $ldap_master->modify( "$dn", 'delete' => {@dels} );
-
-    # don't proceed on error
-    $modify->code && die "failed to modify entry: ", $modify->error;
-}
-
-# take down session
-$ldap_master->unbind;
-
-# asked to rename the account. only do that if new rdn doesn't equal old one
-if ( defined( my $new_user = $Options{'r'} ) and $Options{'r'} ne $user ) {
-    my $ldap_master = connect_ldap_master();
-    chomp($new_user);
-
-    # read eventual new user entry
-    my $new_user_entry = read_user_entry($new_user);
-    if ( defined($new_user_entry) ) {
-        print "$0: user $new_user already exists, cannot rename\n";
-        exit(8);
-    }
-
-    # we check the real dn as it could be a user or computer account
-    $dn = $user_entry->dn;
-    my $computer;
-    my ( $account, $rdn ) = ( $dn =~ m/([^,])*,(.*)$/ );
-    if ( $account =~ m/(.*)\$/ ) {
-
-        # it's a computer account
-        $computer = 1;
-        my $modify = $ldap_master->moddn(
-            "uid=$user,$rdn",
-            newrdn       => "uid=$new_user",
-            deleteoldrdn => "1",
-            newsuperior  => "$rdn"
-        );
-
-    }
-    else {
-        my $modify = $ldap_master->moddn(
-            "uid=$user,$rdn",
-            newrdn       => "uid=$new_user",
-            deleteoldrdn => "1",
-            newsuperior  => "$rdn"
-        );
-    }
-    $modify->code && die "failed to change dn: ", $modify->error;
-
-    # change cn, sn, displayName, givenName attributes
-    my $user_entry = read_user_entry($new_user);
-    my $dn         = $user_entry->dn();
-    my @mods;
-
-# If old sn is not old username (which would be the default) we assume that there is a surename that is correctly set
-# so no change is required here. If they equal, we use the new username for new sn unless
-# -S option is used (the sn value would have been set/updated before in that case).
-    push( @mods, 'sn' => $new_user )
-      unless ( $user_entry->get_value('sn')
-        and $user_entry->get_value('sn') ne $user or $Options{'S'} );
-
-# If old givenName is not old username (which would be the default) we assume that there is a
-# givenName correctly set so no change is required here. If they equal, we set givenName to the new username unless
-# the -N option is used (the givenName would have been set/updated before in that case).
-    push( @mods, 'givenName' => $new_user )
-      unless ( $user_entry->get_value('givenName')
-        and $user_entry->get_value('givenName') ne $new_user or $Options{'N'} );
-
-# common name, should be "fistname lastname". Same for displayName but only if $samba.
-# Uses utf8Encode like processing of options -S and -N above. If old cn is old username
-# (which would be the default) this field should be updated, unless -N _and_ -S is given.
-# Then assume it has been set correctly with -N and -S before.
-    push( @mods, "cn" => $new_user )
-      unless ( $user_entry->get_value("cn")
-        and $user_entry->get_value("cn") ne utf8Encode($user)
-        or $Options{'N'} and $Options{'S'} );
-    push( @mods, "displayName" => $new_user )
-      unless ( not $samba
-        or $user_entry->get_value("displayName")
-        and $user_entry->get_value("displayName") ne utf8Encode($user)
-        or $Options{'N'} and $Options{'S'} );
-
-    if ( @mods > 0 ) {    # only change if there is something to change
-        $modify =
-          $ldap_master->modify( "$dn", changes => [ 'replace' => [@mods] ] );
-        $modify->code && warn "failed to rename the user: ", $modify->error;
-    }
-
-    # changing username in groups
-    my @groups = &find_groups_of($user);
-    foreach my $gname (@groups) {
-        if ( $gname ne "" ) {
-            my $dn_line = get_group_dn($gname);
-            my $dn      = get_dn_from_line("$dn_line");
-            print "updating group $gname\n";
-            $modify = $ldap_master->modify(
-                "$dn",
-                changes => [
-                    'delete' => [ memberUid => $user ],
-                    'add'    => [ memberUid => $new_user ]
-                ]
-            );
-            $modify->code
-              && warn "failed to update user's supplementary group $gname: ",
-              $modify->error;
-        }
-    }
-
-    $ldap_master->unbind;
-}
-
-$nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";
-
-if ( $nscd_status == 0 ) {
-    system "/etc/init.d/nscd restart > /dev/null 2>&1";
-}
-
-if ( defined( $Options{'P'} ) ) {
-    exec "$RealBin/smbldap-passwd $user";
-}
-
-############################################################
-
-=head1 NAME
-
-smbldap-usermod - Modify a user account
-
-=head1 SYNOPSIS
-
-smbldap-usermod [-c gecos] [-d home_dir] [-r login_name] [-u uid] [-g gid] [-o] [-G group[,...]] [-s shell] [-N first_name] [-S surname] [-P] [-M mail[,...]] [-T mail,[..]] [--shadowExpire date/n] [--shadowMax n] [--shadowMin n] [--shadowInactive n] [--shadowWarning n] [-L] [-U] [-a] [-e expiration_date/n] [--sambaExpire date/n] [-A canchange] [-B mustchange] [-C smbhome] [-D homedrive] [-E scriptpath] [-F profilepath] [-H acctflags] [-I] [-J] [-h] login
-
-=head1 DESCRIPTION
-
-The smbldap-usermod  command  modifies the system account files to reflect the changes that are specified
-on the  command  line.
-
-=head2 UNIX options
-
--c, --gecos gecos
-    The new value of the user's comment field (gecos). (Don't use this to modify displayName or cn. Use -N and -S options combined instead).
-
--d, --homedir home_dir
-    The user's new login directory.
-
--r, --rename new_user
-    Allow to rename a user. This option will update the dn attribute for the user. You can also update others attributes using the corresponding script options.
-
--u, --uid uid
-    The numerical  value  of  the  user's  ID.   This value must be unique, unless the -o option is used.  The value must  be  non negative.  Any files which the user owns  and  which  are located  in  the directory tree rooted at the user's home directory will have the file user ID  changed  automatically.   Files outside of the user's home directory must be altered manually.
-
--o, --canBeNotUnique
-    uidNumber can be non unique
-
--g, --gid initial_group
-    The group name or number of the user's new initial login  group. The  group  name  must  exist. A group number must refer to an already existing group.  The default group number is 1.
-
--G, --group [+-]group,[...]
-    A list of supplementary groups which the user is also  a  member of.   Each  group is separated from the next by a comma, with no intervening whitespace.  The groups  are  subject  to  the  same restrictions as the group given with the -g option.  If the user is currently a member of a group which is not listed, the user will be removed from the group, unless the '+' or '-' caracter is used to add or remove groups to inital ones.
-
--s, --shel shell
-    The name of the user's new login shell.  Setting this  field  to blank causes the system to select the default
-    login shell.
-
--N, --givenName
-    set the user's given name (attribute givenName). Additionally used to set the first name in displayName and cn.
-
--S, --surname
-    Set the user's surname (attribute sn). Additionally used to set the last name in displayName and cn.
-
--P
-    End by invoking smbldap-passwd to change the user password (both unix and samba passwords)
-
--M, --mailAddresses  mail,[...]
-    mailAddresses (comma seperated)
-
--T, --mailToAddress  mail,[...]
-    mailToAddress (forward address) (comma seperated)
-
---shadowExpire <YYYY-MM-DD/n>
-    Set the expiration date for the user password. This only affect unix account. The date may be specified as either YYYY-MM-DD or 'n' days from day. The 'n' syntax also supports the extended format (#y)(#m)(#d) for years, months, and days from today. One need not specify all three, so all of the following are examples of valid input: '5y4m2d' (5 years, 4 months, and 2 days), '5y' (5 years), '5y2d' (5 years and 2 days), and '3' (3 days). This option calls the internal 'timelocal' command to set calculate the number of seconds from Junary 1 1970 to the specified date.
- 
---shadowMax <n>
-    User must change the password, at least, every 'n' days
-
---shadowMin <n>
-    User must wait 'n' days once the password has changed before changing it again
-
---shadowInactive <n>
-    Number of days of inactivity allowed for the specified user
-
---shadowWarning <n>
-    User is warned that the password must be changed four days before the password expires
-
--L, --shadowLock
-    Lock unix user's password. This puts a '!' in front of the encrypted password, effectively disabling the password.
-
--U, --shadowUnlock
-    Unlock unix user's password. This removes the '!' in front of the encrypted password.
-
-=head2 SAMBA options
-
--a, --addsambaSAMAccount
-    Add the sambaSAMAccount objectclass to the specified user account. This allow the user to become a samba user.
-
--e, --expire <YYYY-MM-DD(HH:MM:SS)/n>
-    Sets the expiration for both samba (--sambaExpire) and shadow (--shadowExpire).
-
---sambaExpire <YYYY-MM-DD HH:MM:SS/n>
-    Set the expiration date for the user account. This only affects the samba account. The date must be in the following format: YYYY-MM-DD HH:MM:SS. The n-days format of shadowExpire is also supported. This option uses the internal 'timelocal' command to set calculate the number of seconds from Junary 1 1970 to the specified date.
-
--x
-    Creates rid and primaryGroupID in hex instead of decimal (for Samba 2.2.2 unpatched only - higher versions always use decimal)
-
--A, --sambaPwdCanChange
-    can change password ? 0 if no, 1 if yes
-
--B, --sambaPwdMustChange
-    must change password ? 0 if no, 1 if yes
-
--C, --sambaHomePath path
-    sambaHomePath (SMB home share, like '\\\\PDC-SRV\\homes')
-
--D, --sambaHomeDrive drive
-    sambaHomeDrive (letter associated with home share, like 'H:')
-
--E, --sambaLogonScript script
-    sambaLogonScript, relative to the [netlogon] share (DOS script to execute on login, like 'foo.bat')
-
--F, --sambaProfilePath path
-    sambaProfilePath (profile directory, like '\\\\PDC-SRV\\profiles\\foo')
-
--H, --sambaAcctFlags flags
-    sambaAcctFlags, spaces and trailing bracket are ignored (samba account control bits like '[NDHTUMWSLKI]')
-
--I, --sambaDisable
-    disable user. Can't be used with -H or -J
-
--J, --sambaEnable
-    enable user. Can't be used with -H or -I
-
--h, --help
-    print this help
-
-=head1 SEE ALSO
-
-usermod(1)
-
-=cut
-
-#'
diff -Nru smbldap-tools-0.9.5/smbldap-usermod.pl smbldap-tools-0.9.7/smbldap-usermod.pl
--- smbldap-tools-0.9.5/smbldap-usermod.pl	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/smbldap-usermod.pl	2011-07-13 15:56:08.000000000 +0200
@@ -0,0 +1,1094 @@
+#!@PERL_CMD@
+
+# $Id$
+
+#  This code was developped by Jerome Tournier (jtournier@gmail.com) and
+#  contributors (their names can be found in the CONTRIBUTORS file).
+
+#  This was first contributed by IDEALX (http://www.opentrust.com/)
+
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Purpose of smbldap-usermod : user (posix,shadow,samba) modification
+
+use strict;
+use warnings;
+use FindBin qw($RealBin);
+use smbldap_tools;
+use Time::Local;
+#####################
+
+use Getopt::Long;
+my %Options;
+
+Getopt::Long::Configure('bundling');
+my $ok = GetOptions(
+    "A|sambaPwdCanChange=s"  => \$Options{A},
+    "B|sambaPwdMustChange=s" => \$Options{B},
+    "C|sambaHomePath=s"      => \$Options{C},
+    "D|sambaHomeDrive=s"     => \$Options{D},
+    "E|sambaLogonScript=s"   => \$Options{E},
+    "F|sambaProfilePath=s"   => \$Options{F},
+    "G|group=s"              => \$Options{G},
+    "H|sambaAcctFlags=s"     => \$Options{H},
+    "I|sambaDisable"         => \$Options{I},
+    "J|sambaEnable"          => \$Options{J},
+    "L|shadowLock"           => \$Options{L},
+    "M|mail=s"               => \$Options{M},
+    "N|givenName=s"          => \$Options{N},
+    "O|mailLocalAddress=s"   => \$Options{O},
+    "P"                      => \$Options{P},
+    "U|shadowUnlock"         => \$Options{U},
+    "S|surname=s"            => \$Options{S},
+    "T|mailToAddress=s"      => \$Options{T},
+    "X|inputEncoding=s"      => \$Options{X},
+    "Z|attr=s@"              => \$Options{Z},
+    "a|addsambaSAMAccount"   => \$Options{a},
+    "c|gecos=s"              => \$Options{c},
+    "d|homedir=s"            => \$Options{d},
+    "e|expire=s"             => \$Options{e},
+    "sambaExpire=s"          => \$Options{sambaExpire},
+    "g|gid=s"                => \$Options{g},
+    "h|?|help"               => \$Options{h},
+    "o|canBeNotUnique"       => \$Options{o},
+    "ou=s"                   => \$Options{ou},
+    "r|rename=s"             => \$Options{r},
+    "s|shell=s"              => \$Options{s},
+    "shadowExpire=s"         => \$Options{shadowExpire},
+    "shadowMax=s"            => \$Options{shadowMax},
+    "shadowMin=s"            => \$Options{shadowMin},
+    "shadowInactive=s"       => \$Options{shadowInactive},
+    "shadowWarning=s"        => \$Options{shadowWarning},
+    "u|uid=s"                => \$Options{u}
+);
+
+if ( ( !$ok ) || ( @ARGV < 1 ) || ( $Options{'h'} ) ) {
+    print_banner;
+    print "Usage: $0 [options] username\n\n";
+
+    print "Available UNIX options are:\n";
+    print "  -c|--gecos <gecos>           gecos\n";
+    print "  -d|--homedir <dir>           home directory\n";
+    print "  -r|--rename <username>       username\n";
+    print "  -u|--uid <uidNumber>         uid\n";
+    print "  -o|--canBeNotUnique          uid can be non unique\n";
+    print "  -g|--gid <gidNumber          gid\n";
+    print
+      "  -G|--group [+-]<grp1,...>    supplementary groups (comma separated)\n";
+    print "  -s|--shell <shell>           shell\n";
+    print "  -N|--givenName <name>        given name (first name)\n";
+    print "  -S|--surname <suname>        surname (family name)\n";
+    print "  -P                           ends by invoking smbldap-passwd\n";
+    print "  -M|--mail <mail,>            e-mail addresses (comma seperated)\n";
+    print
+"  -O|--mailLocalAddress <mail,> mailLocalAddress (comma separated)\n";
+    print
+"  -T|--mailToAddress <mail,>   mailToAddress (forward address) (comma separated)\n";
+    print
+"  -e|--expire <date>           Sets both shadow and samba expiration date: like \"YYYY-MM-DD(HH:MM:SS)\", or \"yYmMdD\" to extend y year,m months and d days\n";
+    print
+"  --shadowExpire <date/n>      Shadow expiration date (like \"YYYY-MM-DD\") or 'n' days from today\n";
+    print
+"  --shadowMax <n>              User must change the password, at least, every 'n' days\n";
+    print
+"  --shadowMin <n>              user must wait 'n' days once the password has changed before changing it again\n";
+    print
+"  --shadowInactive <n>         number of days of inactivity allowed for the specified user\n";
+    print
+"  --shadowWarning <n>          User is warned that the password must be changed four days before the password expires\n";
+    print "  -L|--shadowLock              lock unix user's password\n";
+    print "  -U|--shadowUnlock            unlock unix user's password\n";
+    print
+"  -Z                           add custom attributes, as name=value pairs comma separated\n";
+    print "\n";
+    print "Available SAMBA options are:\n";
+    print "  -a|--addsambaSAMAccount        add sambaSAMAccount objectclass\n";
+    print
+"  --sambaExpire <date>           expire date (\"YYYY-MM-DD HH:MM:SS\")\n";
+    print
+"  -A|--sambaPwdCanChange         can change password ? 0 if no, 1 if yes\n";
+    print
+"  -B|--sambaPwdMustChange        must change password ? 0 if no, 1 if yes\n";
+    print
+"  -C|--sambaHomePath <dir>       sambaHomePath (SMB home share, like '\\\\PDC-SRV\\homes')\n";
+    print
+"  -D|--sambaHomeDrive <drive>    sambaHomeDrive (letter associated with home share, like 'H:')\n";
+    print
+"  -E|--sambaLogonScript <script> sambaLogonScript (DOS script to execute on login)\n";
+    print
+"  -F|--sambaProfilePath <path>   sambaProfilePath (profile directory, like '\\\\PDC-SRV\\profiles\\foo')\n";
+    print
+"  -H|--sambaAcctFlags <flags>    sambaAcctFlags (samba account control bits like '[NDHTUMWSLKI]')\n";
+    print
+"  -I|--sambaDisable              disable an user. Can't be used with -H or -J\n";
+    print
+"  -J|--sambaEnable               enable an user. Can't be used with -H or -I\n";
+    print
+"  -X|--inputEncoding             input encoding for givenname and surname (defaults to UTF-8)\n";
+    print "  -h|--help                      show this help message\n";
+    exit(1);
+}
+
+if ( $< != 0 ) {
+    print "You must be root to modify an user\n";
+    exit(1);
+}
+
+# Read only first @ARGV
+my $user = $ARGV[0];
+
+# Get the input encoding
+my $characterSet;
+if ( defined( $Options{'X'} ) ) {
+	$characterSet = $Options{'X'};
+} else {
+	$characterSet = "UTF-8";
+}
+
+# Let's connect to the directory first
+my $ldap_master = connect_ldap_master();
+
+# Read user data
+my $user_entry = read_user_entry($user);
+if (!defined($user_entry)) {
+    warn "User does not exist: $user\n";
+    exit(1);
+}
+
+# Canonize user name
+$user = $user_entry->get_value('uid');
+
+my $samba = is_samba_user($user);
+
+# get the dn of the user
+my $dn = $user_entry->dn();
+
+my $tmp;
+my @mods;
+my @dels;
+if ( defined( $tmp = $Options{'a'} ) ) {
+    if ($samba) {
+        print "Error: Account for user $user already _is_ a Samba account!\n",
+          "Omit option -a!\n";
+        exit(1);
+    }
+
+    # Let's connect to the directory first
+    my $winmagic         = 2147483647;
+    my $valpwdcanchange  = 0;
+    my $valpwdmustchange = $winmagic;
+    my $valpwdlastset    = 0;
+    my $valacctflags     = "[UX]";
+    my $user_entry       = read_user_entry($user);
+    my $uidNumber        = $user_entry->get_value('uidNumber');
+    my $userRid          = user_next_rid($uidNumber);
+
+    # apply changes
+    my $modify = $ldap_master->modify(
+        "$dn",
+        changes => [
+            add => [ objectClass        => 'sambaSAMAccount' ],
+            add => [ sambaPwdLastSet    => "$valpwdlastset" ],
+            add => [ sambaLogonTime     => '0' ],
+            add => [ sambaLogoffTime    => '2147483647' ],
+            add => [ sambaKickoffTime   => '2147483647' ],
+            add => [ sambaPwdCanChange  => "$valpwdcanchange" ],
+            add => [ sambaPwdMustChange => "$valpwdmustchange" ],
+            add => [ sambaSID           => "$config{SID}-$userRid" ],
+            add => [ sambaAcctFlags     => "$valacctflags" ],
+        ]
+    );
+    if ( $modify->code ) {
+        warn "failed to modify entry: ", $modify->error;
+        exit 1;
+    }
+
+    # when adding samba attributes, try to set samba primary group as well.
+    my $group_entry =
+      read_group_entry_gid( $user_entry->get_value('gidNumber') );
+
+    # override group if new group id sould be set with this call as well
+    $group_entry = read_group_entry_gid( $Options{'g'} ) if $Options{'g'};
+    my $userGroupSID = $group_entry->get_value('sambaSID');
+    if ($userGroupSID) {
+        my $modify_grpSID = $ldap_master->modify( "$dn",
+            changes => [ add => [ sambaPrimaryGroupSID => "$userGroupSID" ], ]
+        );
+
+        if ( $modify_grpSID->code ) {
+            warn "failed to modify entry: ", $modify_grpSID->error;
+            exit 1;
+        }
+    }
+    else {    # no reason to abort imho
+        print
+"Warning: sambaPrimaryGroupSID could not be set beacuse group of user $user is not a mapped Domain group!\n",
+"To get a list of groups mapped to Domain groups, use \"net groupmap list\" on a Domain member machine.\n";
+    }
+
+# now it is a samba account. this flag is needed here if someone uses i. e. "-a -g newgroupid".
+# if not set here, the sambaPrimaryGroupSID value would not be updated
+    $samba = 1;
+
+}
+
+# Process options
+my $_userUidNumber;
+my $_userRid;
+
+if ( defined( $tmp = $Options{'u'} ) ) {
+    if ( !defined( $Options{'o'} ) ) {
+	nsc_invalidate("passwd");
+        if ( getpwuid($tmp) ) {
+            print "$0: uid number $tmp exists\n";
+            exit(6);
+        }
+    }
+
+    push( @mods, 'uidNumber', $tmp );
+    $_userUidNumber = $tmp;
+    if ($samba and my $rid_base = account_base_rid()) {
+	## For backward compatibility with smbldap-tools 0.9.6 and older
+	my $_userRid = 2 * $_userUidNumber + $rid_base;
+        push( @mods, 'sambaSID', $config{SID} . '-' . $_userRid );
+    }
+}
+
+my $_userGidNumber;
+my $_userGroupSID;
+if ( defined( $tmp = $Options{'g'} ) ) {
+    $_userGidNumber = parse_group($tmp);
+    if ( $_userGidNumber < 0 ) {
+        print "$0: group $tmp doesn't exist\n";
+        exit(6);
+    }
+    push( @mods, 'gidNumber', $_userGidNumber );
+    if ($samba) {
+
+        # as grouprid we use the sambaSID attribute's value of the group
+        my $group_entry   = read_group_entry_gid($_userGidNumber);
+        my $_userGroupSID = $group_entry->get_value('sambaSID');
+        unless ($_userGroupSID) {
+            print
+"Error: sambaPrimaryGroupSid could not be set (sambaSID for group $_userGidNumber does not exist)\n";
+            exit(7);
+        }
+        push( @mods, 'sambaPrimaryGroupSid', $_userGroupSID );
+    }
+}
+
+if ( defined( $tmp = $Options{'s'} ) ) {
+    push( @mods, 'loginShell' => $tmp );
+}
+
+if ( defined( $tmp = $Options{'c'} ) ) {
+    push(
+        @mods,
+        'gecos'       => $tmp,
+        'description' => $tmp
+    );
+}
+
+if ( defined( $tmp = $Options{'d'} ) ) {
+    push( @mods, 'homeDirectory' => $tmp );
+}
+
+# RFC 2256 & RFC 2798
+# sn: family name (option S)             # RFC 2256: family name of a person.
+# givenName: prenom (option N)           # RFC 2256: part of a person's name which is not their surname nor middle name.
+# cn: person's full name                 # RFC 2256: person's full name.
+# displayName: perferably displayed name # RFC 2798: preferred name of a person to be used when displaying entries.
+
+#givenname is the forename of a person (not famiy name) => http://en.wikipedia.org/wiki/Given_name
+#surname (or sn) is the familiy name => http://en.wikipedia.org/wiki/Surname
+# my surname (or sn): Tournier
+# my givenname: Jerome
+
+if ( defined( $tmp = $Options{'N'} ) ) {
+    push( @mods, 'givenName' => utf8Encode($characterSet,$tmp) );
+}
+
+if ( defined( $tmp = $Options{'S'} ) ) {
+    push( @mods, 'sn' => utf8Encode($characterSet,$tmp) );
+}
+
+my $cn;
+if ( $Options{'N'} or $Options{'S'} or $Options{'a'} ) {
+    $Options{'N'} = $user_entry->get_value('givenName') unless $Options{'N'};
+    $Options{'S'} = $user_entry->get_value('sn')        unless $Options{'S'};
+
+# if givenName eq sn eq username (default of smbldap-useradd), cn and displayName would
+# be "username username". So we just append surname if its not default
+# (there may be the very very special case of an user where those three values _are_ equal)
+    $cn = "$Options{'N'}";
+    $cn .= " " . $Options{'S'}
+      unless ( $Options{'S'} eq $Options{'N'} and $Options{'N'} eq $user );
+    my $push_val = utf8Encode($characterSet,$cn);
+    push( @mods, 'cn' => $push_val );
+
+    # set displayName for Samba account
+    if ($samba) {
+        push( @mods, 'displayName' => $push_val );
+    }
+}
+
+if ( defined $Options{'e'} ) {
+    if ( !defined $Options{'shadowExpire'} ) {
+        $Options{'shadowExpire'} = $Options{'e'};
+    }
+    if ( !defined $Options{'sambaExpire'} ) {
+        $Options{'sambaExpire'} = $Options{'e'};
+    }
+}
+
+sub parse_date_to_unix {
+    my ($date) = @_;
+
+    if ( $date =~ /(\d\d\d\d)-(\d?\d)-(\d?\d)(\s+(\d?\d):(\d\d):(\d\d))?/ ) {
+        my $localtime;
+        if ( defined $5 and defined $6 and defined $7 ) {
+            $localtime = timelocal( $7, $6, $5, $3, $2 - 1, $1 );
+        }
+        else {
+            $localtime = timelocal( 0, 0, 2, $3, $2 - 1, $1 );
+        }
+        my $shadowExpire = int($localtime);
+        $shadowExpire = sprintf( "%d", $shadowExpire );
+        return $shadowExpire;
+    }
+    else {
+        my $daysAdd = 0;
+
+        if ( $date =~ /(\d+)y/ ) {
+            $daysAdd += 365.3 * $1;
+        }
+
+        if ( $date =~ /(\d+)m/ ) {
+            $daysAdd += 30.4 * $1;
+        }
+
+        if ( $date =~ /(\d+)([^ym]{1}|$)/ ) {
+            $daysAdd += $1;
+        }
+
+        if ( $daysAdd > 0 ) {
+            return int( time + ( $daysAdd * 24 * 3600 ) );
+        }
+        else {
+            return -1;
+        }
+    }
+
+    return -1;
+}
+
+sub parse_date_to_unix_days {
+    my ($arg) = @_;
+    return int( parse_date_to_unix($arg) / 86400 );
+}
+
+# Shadow password parameters
+my $localtime = time() / 86400;
+if ( defined $Options{'shadowExpire'} ) {
+
+    # Unix expiration password
+    my $tmp = $Options{'shadowExpire'};
+    chomp($tmp);
+
+    #    my $expire=`date --date='$tmp' +%s`;
+    #    chomp($expire);
+    #    my $shadowExpire=int($expire/86400)+1;
+    # date syntax asked: YYYY-MM-DD
+
+    $tmp = parse_date_to_unix_days($tmp);
+    if ( $tmp != -1 ) {
+        push( @mods, 'shadowExpire', $tmp );
+    }
+    else {
+        print "Invalid format for '--shadowExpire' option.\n";
+    }
+}
+
+if ( defined $Options{'shadowWarning'} ) {
+    push( @mods, 'shadowWarning', $Options{shadowWarning} );
+}
+
+if ( defined $Options{'shadowMax'} ) {
+    push( @mods, 'shadowMax', $Options{shadowMax} );
+}
+
+if ( defined $Options{'shadowMin'} ) {
+    push( @mods, 'shadowMin', $Options{shadowMin} );
+}
+
+if ( defined $Options{'shadowInactive'} ) {
+    push( @mods, 'shadowInactive', $Options{shadowInactive} );
+}
+
+if ( defined $Options{'L'} ) {
+
+    # lock shadow account
+    $tmp = $user_entry->get_value('userPassword');
+    if ( !( $tmp =~ /!/ ) ) {
+        $tmp =~ s/}/}!/;
+    }
+    push( @mods, 'userPassword' => $tmp );
+}
+
+if ( defined $Options{'U'} ) {
+
+    # unlock shadow account
+    $tmp = $user_entry->get_value('userPassword');
+    if ( $tmp =~ /!/ ) {
+        $tmp =~ s/}!/}/;
+    }
+    push( @mods, 'userPassword' => $tmp );
+}
+
+if ( $tmp = $Options{'M'} ) {    
+
+    # action si + or - for adding or deleting an entry
+    my $action = '';
+    if ( $tmp =~ s/^([+-])+\s*// ) {
+        $action = $1;
+    }
+    my @mail = &split_arg_comma($tmp);
+    foreach my $m (@mail) {
+        my $domain = $config{mailDomain};
+        if ( $m !~ /^(.+)@/ ) {
+            $m = $m . ( $domain ? '@' . $domain : '' );
+        }
+    }
+    if ($action) {
+        my @old_mail;
+        @old_mail      = $user_entry->get_value('mail');
+        if ( $action eq '+' ) {
+            @mail          = &list_union( \@old_mail,      \@mail );
+        }
+        elsif ( $action eq '-' ) {
+            @mail          = &list_minus( \@old_mail,      \@mail );
+        }
+    }
+    push( @mods, 'mail' => [@mail] );
+}
+
+my $mailobj = 0;
+if ( $tmp = $Options{'O'} ) {    
+
+    # action si + or - for adding or deleting an entry
+    my $action = '';
+    if ( $tmp =~ s/^([+-])+\s*// ) {
+        $action = $1;
+    }
+    my @userMailLocal = &split_arg_comma($tmp);
+    if ($action) {
+        my @old_MailLocal;
+        @old_MailLocal = $user_entry->get_value('mailLocalAddress');
+        if ( $action eq '+' ) {
+            @userMailLocal = &list_union( \@old_MailLocal, \@userMailLocal );
+        }
+        elsif ( $action eq '-' ) {
+            @userMailLocal = &list_minus( \@old_MailLocal, \@userMailLocal );
+        }
+    }
+    push( @mods, 'mailLocalAddress', [@userMailLocal] );
+    $mailobj = 1;
+}
+
+if ( $tmp = $Options{'T'} ) {
+    my $action = '';
+    my @old;
+
+    # action si + or - for adding or deleting an entry
+    if ( $tmp =~ s/^([+-])+\s*// ) {
+        $action = $1;
+    }
+    my @userMailTo = &split_arg_comma($tmp);
+    if ($action) {
+        @old = $user_entry->get_value('mailRoutingAddress');
+    }
+    if ( $action eq '+' ) {
+        @userMailTo = &list_union( \@old, \@userMailTo );
+    }
+    elsif ( $action eq '-' ) {
+        @userMailTo = &list_minus( \@old, \@userMailTo );
+    }
+    push( @mods, 'mailRoutingAddress', [@userMailTo] );
+    $mailobj = 1;
+}
+if ($mailobj) {
+    my @objectclass = $user_entry->get_value('objectClass');
+    if ( !grep ( $_ =~ /^inetLocalMailRecipient$/i, @objectclass ) ) {
+        push( @mods,
+            'objectClass' => [ @objectclass, 'inetLocalMailRecipient' ] );
+    }
+}
+
+if ( defined( $tmp = $Options{'G'} ) ) {
+    my $action = '';
+    if ( $tmp =~ s/^([+-])+\s*// ) {
+        $action = $1;
+    }
+    if ( $action eq '-' ) {
+
+        # remove user from specified groups
+        foreach my $gname ( &split_arg_comma($tmp) ) {
+            group_remove_member( $gname, $user );
+        }
+    }
+    else {
+        if ( $action ne '+' ) {
+            my @old = &find_groups_of($user);
+
+            # remove user from old groups
+            foreach my $gname (@old) {
+                if ( $gname ne "" ) {
+                    group_remove_member( $gname, $user );
+                }
+            }
+        }
+
+        # add user to new groups
+        add_grouplist_user( $tmp, $user );
+    }
+}
+
+#
+# A : sambaPwdCanChange
+# B : sambaPwdMustChange
+# C : sambaHomePath
+# D : sambaHomeDrive
+# E : sambaLogonScript
+# F : sambaProfilePath
+# H : sambaAcctFlags
+
+my $attr;
+my $winmagic = 2147483647;
+
+$samba = is_samba_user($user);
+
+if ( defined( $tmp = $Options{'sambaExpire'} ) ) {
+    if ( $samba == 1 ) {
+        my $kickoffTime = parse_date_to_unix($tmp);
+        if ( $kickoffTime != -1 ) {
+            push( @mods, 'sambakickoffTime' => $kickoffTime );
+        }
+        else {
+            print "Invalid format for '--sambaExpire' option (" . $tmp . ").\n";
+        }
+    }
+    else {
+        print "User $user is not a samba user\n";
+    }
+}
+
+my $_sambaPwdCanChange;
+if ( defined( $tmp = $Options{'A'} ) ) {
+    if ( $samba == 1 ) {
+        $attr = "sambaPwdCanChange";
+        if ( $tmp != 0 ) {
+            $_sambaPwdCanChange = 0;
+        }
+        else {
+            $_sambaPwdCanChange = $winmagic;
+        }
+        push( @mods, 'sambaPwdCanChange' => $_sambaPwdCanChange );
+    }
+    else {
+        print "User $user is not a samba user\n";
+    }
+}
+
+if ( defined( $tmp = $Options{'B'} ) ) {
+    if ( $samba == 1 ) {
+        if ( $tmp != 0 ) {
+            # To force a user to change his password:
+            # . the attribut sambaAcctFlags must not match the 'X' flag
+            my $_sambaAcctFlags;
+            my $flags = $user_entry->get_value('sambaAcctFlags');
+            if ( defined $flags and $flags =~ /X/ ) {
+                my $letters;
+                if ( $flags =~ /(\w+)/ ) {
+                    $letters = $1;
+                }
+                $letters =~ s/X//;
+                $_sambaAcctFlags = "\[$letters\]";
+                push( @mods, 'sambaAcctFlags' => $_sambaAcctFlags );
+            }
+	    push(@mods, 'sambaPwdLastSet' => 0);
+	    push(@mods, 'sambaPwdMustChange' => 0);
+        }
+        else {
+	    push(@mods, 'sambaPwdLastSet' => time);
+	    push(@mods, 'sambaPwdMustChange' => $winmagic);
+        }
+    }
+    else {
+        print "User $user is not a samba user\n";
+    }
+}
+
+if ( defined( $tmp = $Options{'C'} ) ) {
+    if ( $samba == 1 ) {
+        if ( $tmp eq "" and defined $user_entry->get_value('sambaHomePath') ) {
+            push( @dels, 'sambaHomePath' => [] );
+        }
+        elsif ( $tmp ne "" ) {
+            push( @mods, 'sambaHomePath' => $tmp );
+        }
+    }
+    else {
+        print "User $user is not a samba user\n";
+    }
+}
+
+if ( defined( $tmp = $Options{'D'} ) ) {
+    if ( $samba == 1 ) {
+        if ( $tmp eq "" and defined $user_entry->get_value('sambaHomeDrive') ) {
+            push( @dels, 'sambaHomeDrive' => [] );
+        }
+        elsif ( $tmp ne "" ) {
+            $tmp = $tmp . ":" unless ( $tmp =~ /:/ );
+            push( @mods, 'sambaHomeDrive' => $tmp );
+        }
+    }
+    else {
+        print "User $user is not a samba user\n";
+    }
+}
+
+if ( defined( $tmp = $Options{'E'} ) ) {
+    if ( $samba == 1 ) {
+        if ( $tmp eq "" and defined $user_entry->get_value('sambaLogonScript') )
+        {
+            push( @dels, 'sambaLogonScript' => [] );
+        }
+        elsif ( $tmp ne "" ) {
+            push( @mods, 'sambaLogonScript' => $tmp );
+        }
+    }
+    else {
+        print "User $user is not a samba user\n";
+    }
+}
+
+if ( defined( $tmp = $Options{'F'} ) ) {
+    if ( $samba == 1 ) {
+        if ( $tmp eq "" and defined $user_entry->get_value('sambaProfilePath') )
+        {
+            push( @dels, 'sambaProfilePath' => [] );
+        }
+        elsif ( $tmp ne "" ) {
+            push( @mods, 'sambaProfilePath' => $tmp );
+        }
+    }
+    else {
+        print "User $user is not a samba user\n";
+    }
+}
+
+if ( $samba == 1
+    and
+    ( defined $Options{'H'} or defined $Options{'I'} or defined $Options{'J'} )
+  )
+{
+    my $_sambaAcctFlags;
+    if ( defined( $tmp = $Options{'H'} ) ) {
+
+        #$tmp =~ s/\\/\\\\/g;
+        $_sambaAcctFlags = $tmp;
+    }
+    else {
+
+        # I or J
+        my $flags;
+        $flags = $user_entry->get_value('sambaAcctFlags');
+
+        if ( defined( $tmp = $Options{'I'} ) ) {
+            if ( !( $flags =~ /D/ ) ) {
+                my $letters;
+                if ( $flags =~ /(\w+)/ ) {
+                    $letters = $1;
+                }
+                $_sambaAcctFlags = "\[D$letters\]";
+            }
+        }
+        elsif ( defined( $tmp = $Options{'J'} ) ) {
+            if ( $flags =~ /D/ ) {
+                my $letters;
+                if ( $flags =~ /(\w+)/ ) {
+                    $letters = $1;
+                }
+                $letters =~ s/D//;
+                $_sambaAcctFlags = "\[$letters\]";
+            }
+        }
+    }
+
+    if ( $_sambaAcctFlags and "$_sambaAcctFlags" ne '' ) {
+        push( @mods, 'sambaAcctFlags' => $_sambaAcctFlags );
+        my $date = time;
+        push( @mods, 'sambaPwdLastSet' => $date );
+    }
+
+}
+elsif ( !$samba == 1
+    and
+    ( defined $Options{'H'} or defined $Options{'I'} or defined $Options{'J'} )
+  )
+{
+    print "User $user is not a samba user\n";
+}
+
+if ( defined( $tmp = $Options{'Z'} ) ) {
+    my %mods;
+    for my $pair ( map { split /,/ } @{$Options{'Z'}} ) {
+	my ( $name, $value ) = split( /[=:]/, $pair, 2 );
+	$name = lc( $name );
+	if ( defined($value) ) {
+	    if ( $name =~ s/^([\+\-])// ) {
+		my $action = $1;
+		my @value_old = $mods{$name}
+		    ? @{$mods{$name}}
+		    : $user_entry->get_value($name);
+		my @value = ($action eq '+')
+		    ? list_union( \@value_old, [$value] )
+		    : list_minus( \@value_old, [$value] );
+		$mods{$name} = \@value;
+	    } else {
+		push( @{$mods{$name}}, $value );
+	    }
+	} elsif ( $name =~ s/^-// ) {
+	    $mods{$name} = [];
+	}
+    }
+
+    while ( my ($name, $value) = each( %mods ) ) {
+	push( @mods, $name => $value );
+    }
+}
+
+# apply changes
+my $modify = $ldap_master->modify( "$dn", 'replace' => {@mods} );
+$modify->code && warn "failed to modify entry: ", $modify->error;
+
+# we can delete only if @dels is not empty: we check the number of elements
+my $nb_to_del = scalar(@dels);
+if ( $nb_to_del != 0 ) {
+    $modify = $ldap_master->modify( "$dn", 'delete' => {@dels} );
+
+    # don't proceed on error
+    $modify->code && die "failed to modify entry: ", $modify->error;
+}
+
+if (defined(my $ou_rdn_hier = $Options{'ou'})) {
+    my @ou_rdn_hier = split(/,/, $ou_rdn_hier);
+    ## "foo,bar" -> "ou=foo,ou=bar"
+    for my $ou_rdn (@ou_rdn_hier) {
+	$ou_rdn = "ou=$ou_rdn" if ($ou_rdn !~ /^\w+=/);
+    }
+
+    my $dn = utf8Decode($characterSet,$user_entry->dn);
+    my ($rdn, $superior) = split(",", $dn, 2);
+    my $suffix = ($rdn =~ /\$$/) ?  $config{computersdn} : $config{usersdn};
+
+    my $rdn_new = $rdn; ## FIXME: Merge --rename=newname option
+    my $dn_new = join(",", $rdn_new, @ou_rdn_hier, $suffix);
+
+    if (lc($dn_new) ne lc($dn)) { ## FIXME: Use Unicode::Normalize::NFC() instaed of lc()
+	my $superior_new= $suffix;
+	for my $ou_rdn (reverse(@ou_rdn_hier)) {
+	    my $superior_new_superior = $superior_new;
+	    $superior_new = "$ou_rdn,$superior_new";
+	    my $mesg = $ldap_master->search(
+		base   => utf8Encode($characterSet,$superior_new_superior),
+		scope  => "one",
+		filter => "(&(objectClass=organizationalUnit)(".utf8Encode($characterSet,$ou_rdn)."))",
+	    );
+	    $mesg->code && die "Faild to search: $ou_rdn: ", $mesg->error;
+	    next if ($mesg->count ne 0);
+
+	    print "$superior_new does not exist. Creating it (Y/[N]) ? ";
+	    chomp(my $answ = <STDIN>);
+	    unless ($answ eq "y" || $answ eq "Y") {
+		print "exiting.\n";
+		exit(1);
+	    }
+
+	    # add organizational unit
+	    my $ou = $ou_rdn;
+	    $ou =~ s/^.*=//;
+	    my $add = $ldap_master->add(
+		utf8Encode($characterSet,$superior_new),
+		attr => [
+		    'objectclass' => 'organizationalUnit',
+		    'ou'          => utf8Encode($characterSet,$ou),
+		]
+	    );
+	    $add->code && die "Failed to add entry: $superior_new: ", $add->error;
+	    print "$superior_new created\n";
+	}
+
+	my $modify = $ldap_master->moddn(
+	    utf8Encode($characterSet,$dn),
+	    newrdn       => $rdn_new,
+	    newsuperior  => utf8Encode($characterSet,$superior_new),
+	    deleteoldrdn => 1,
+	);
+	$modify->code && die "Failed to modify DN: $dn -> $dn_new: ", $modify->error;
+
+	# Re-read user entry
+	$user_entry = read_user_entry($user);
+    }
+}
+
+# asked to rename the account. only do that if new rdn doesn't equal old one
+if ( defined( my $new_user = $Options{'r'} ) and $Options{'r'} ne $user ) {
+    my $ldap_master = connect_ldap_master();
+    chomp($new_user);
+
+    # read eventual new user entry
+    my $new_user_entry = read_user_entry($new_user);
+    if ( defined($new_user_entry) ) {
+        print "$0: user $new_user already exists, cannot rename\n";
+        exit(8);
+    }
+
+    # we check the real dn as it could be a user or computer account
+    $dn = $user_entry->dn;
+    my $computer;
+    my ( $account, $rdn ) = ( $dn =~ m/([^,])*,(.*)$/ );
+    if ( $account =~ m/(.*)\$/ ) {
+
+        # it's a computer account
+        $computer = 1;
+        my $modify = $ldap_master->moddn(
+            "uid=$user,$rdn",
+            newrdn       => "uid=$new_user",
+            deleteoldrdn => "1",
+            newsuperior  => "$rdn"
+        );
+
+    }
+    else {
+        my $modify = $ldap_master->moddn(
+            "uid=$user,$rdn",
+            newrdn       => "uid=$new_user",
+            deleteoldrdn => "1",
+            newsuperior  => "$rdn"
+        );
+    }
+    $modify->code && die "failed to change dn: ", $modify->error;
+
+    # change cn, sn, displayName, givenName attributes
+    my $user_entry = read_user_entry($new_user);
+    my $dn         = $user_entry->dn();
+    my @mods;
+
+# If old sn is not old username (which would be the default) we assume that there is a surename that is correctly set
+# so no change is required here. If they equal, we use the new username for new sn unless
+# -S option is used (the sn value would have been set/updated before in that case).
+    push( @mods, 'sn' => $new_user )
+      unless ( $user_entry->get_value('sn')
+        and $user_entry->get_value('sn') ne $user or $Options{'S'} );
+
+# If old givenName is not old username (which would be the default) we assume that there is a
+# givenName correctly set so no change is required here. If they equal, we set givenName to the new username unless
+# the -N option is used (the givenName would have been set/updated before in that case).
+    push( @mods, 'givenName' => $new_user )
+      unless ( $user_entry->get_value('givenName')
+        and $user_entry->get_value('givenName') ne $new_user or $Options{'N'} );
+
+# common name, should be "fistname lastname". Same for displayName but only if $samba.
+# Uses utf8Encode like processing of options -S and -N above. If old cn is old username
+# (which would be the default) this field should be updated, unless -N _and_ -S is given.
+# Then assume it has been set correctly with -N and -S before.
+    push( @mods, "cn" => $new_user )
+      unless ( $user_entry->get_value("cn")
+        and $user_entry->get_value("cn") ne utf8Encode($characterSet,$user)
+        or $Options{'N'} and $Options{'S'} );
+    push( @mods, "displayName" => $new_user )
+      unless ( not $samba
+        or $user_entry->get_value("displayName")
+        and $user_entry->get_value("displayName") ne utf8Encode($characterSet,$user)
+        or $Options{'N'} and $Options{'S'} );
+
+    if ( @mods > 0 ) {    # only change if there is something to change
+        $modify =
+          $ldap_master->modify( "$dn", changes => [ 'replace' => [@mods] ] );
+        $modify->code && warn "failed to rename the user: ", $modify->error;
+    }
+
+    # changing username in groups
+    my @groups = &find_groups_of($user);
+    foreach my $gname (@groups) {
+        if ( $gname ne "" ) {
+            my $dn_line = get_group_dn($gname);
+            my $dn      = get_dn_from_line("$dn_line");
+            print "updating group $gname\n";
+            $modify = $ldap_master->modify(
+                "$dn",
+                changes => [
+                    'delete' => [ memberUid => $user ],
+                    'add'    => [ memberUid => $new_user ]
+                ]
+            );
+            $modify->code
+              && warn "failed to update user's supplementary group $gname: ",
+              $modify->error;
+        }
+    }
+}
+
+$ldap_master->unbind;
+
+nsc_invalidate("passwd");
+nsc_invalidate("group");
+
+if ( defined( $Options{'P'} ) ) {
+    exec("$RealBin/smbldap-passwd", $user);
+}
+
+exit(0);
+
+############################################################
+
+=head1 NAME
+
+smbldap-usermod - Modify a user account
+
+=head1 SYNOPSIS
+
+smbldap-usermod [-c gecos] [-d home_dir] [-r login_name] [-u uid] [-g gid] [-o] [-G group[,...]] [-s shell] [-N first_name] [-S surname] [-P] [-M mail[,...]] [-T mail,[..]] [--shadowExpire date/n] [--shadowMax n] [--shadowMin n] [--shadowInactive n] [--shadowWarning n] [-L] [-U] [-a] [-e expiration_date/n] [--sambaExpire date/n] [-A canchange] [-B mustchange] [-C smbhome] [-D homedrive] [-E scriptpath] [-F profilepath] [-H acctflags] [-I] [-J] [-h] login
+
+=head1 DESCRIPTION
+
+The smbldap-usermod  command  modifies the system account files to reflect the changes that are specified
+on the  command  line.
+
+=head2 UNIX options
+
+-c, --gecos gecos
+    The new value of the user's comment field (gecos). (Don't use this to modify displayName or cn. Use -N and -S options combined instead).
+
+-d, --homedir home_dir
+    The user's new login directory.
+
+-r, --rename new_user
+    Allow to rename a user. This option will update the dn attribute for the user. You can also update others attributes using the corresponding script options.
+
+-u, --uid uid
+    The numerical  value  of  the  user's  ID.   This value must be unique, unless the -o option is used.  The value must  be  non negative.  Any files which the user owns  and  which  are located  in  the directory tree rooted at the user's home directory will have the file user ID  changed  automatically.   Files outside of the user's home directory must be altered manually.
+
+-o, --canBeNotUnique
+    uidNumber can be non unique
+
+-g, --gid initial_group
+    The group name or number of the user's new initial login  group. The  group  name  must  exist. A group number must refer to an already existing group.  The default group number is 1.
+
+-G, --group [+-]group,[...]
+    A list of supplementary groups which the user is also  a  member of.   Each  group is separated from the next by a comma, with no intervening whitespace.  The groups  are  subject  to  the  same restrictions as the group given with the -g option.  If the user is currently a member of a group which is not listed, the user will be removed from the group, unless the '+' or '-' caracter is used to add or remove groups to inital ones.
+
+-s, --shel shell
+    The name of the user's new login shell.  Setting this  field  to blank causes the system to select the default
+    login shell.
+
+-N, --givenName
+    set the user's given name (attribute givenName). Additionally used to set the first name in displayName and cn.
+
+-S, --surname
+    Set the user's surname (attribute sn). Additionally used to set the last name in displayName and cn.
+
+-P
+    End by invoking smbldap-passwd to change the user password (both unix and samba passwords)
+
+-M, --mailAddresses  mail,[...]
+    mailAddresses (comma seperated)
+
+-T, --mailToAddress  mail,[...]
+    mailToAddress (forward address) (comma seperated)
+
+--shadowExpire <YYYY-MM-DD/n>
+    Set the expiration date for the user password. This only affect unix account. The date may be specified as either YYYY-MM-DD or 'n' days from day. The 'n' syntax also supports the extended format (#y)(#m)(#d) for years, months, and days from today. One need not specify all three, so all of the following are examples of valid input: '5y4m2d' (5 years, 4 months, and 2 days), '5y' (5 years), '5y2d' (5 years and 2 days), and '3' (3 days). This option calls the internal 'timelocal' command to set calculate the number of seconds from Junary 1 1970 to the specified date.
+ 
+--shadowMax <n>
+    User must change the password, at least, every 'n' days
+
+--shadowMin <n>
+    User must wait 'n' days once the password has changed before changing it again
+
+--shadowInactive <n>
+    Number of days of inactivity allowed for the specified user
+
+--shadowWarning <n>
+    User is warned that the password must be changed four days before the password expires
+
+-L, --shadowLock
+    Lock unix user's password. This puts a '!' in front of the encrypted password, effectively disabling the password.
+
+-U, --shadowUnlock
+    Unlock unix user's password. This removes the '!' in front of the encrypted password.
+
+=head2 SAMBA options
+
+-a, --addsambaSAMAccount
+    Add the sambaSAMAccount objectclass to the specified user account. This allow the user to become a samba user.
+
+-e, --expire <YYYY-MM-DD(HH:MM:SS)/n>
+    Sets the expiration for both samba (--sambaExpire) and shadow (--shadowExpire).
+
+--ou node
+    The user's account will be moved to the specified organazional unit. It is relative to the user suffix dn ($usersdn) defined in the configuration file.
+    Ex: 'ou=admin,ou=all'
+
+--sambaExpire <YYYY-MM-DD HH:MM:SS/n>
+    Set the expiration date for the user account. This only affects the samba account. The date must be in the following format: YYYY-MM-DD HH:MM:SS. The n-days format of shadowExpire is also supported. This option uses the internal 'timelocal' command to set calculate the number of seconds from Junary 1 1970 to the specified date.
+
+-A, --sambaPwdCanChange
+    can change password ? 0 if no, 1 if yes
+
+-B, --sambaPwdMustChange
+    must change password ? 0 if no, 1 if yes
+
+-C, --sambaHomePath path
+    sambaHomePath (SMB home share, like '\\\\PDC-SRV\\homes')
+
+-D, --sambaHomeDrive drive
+    sambaHomeDrive (letter associated with home share, like 'H:')
+
+-E, --sambaLogonScript script
+    sambaLogonScript, relative to the [netlogon] share (DOS script to execute on login, like 'foo.bat')
+
+-F, --sambaProfilePath path
+    sambaProfilePath (profile directory, like '\\\\PDC-SRV\\profiles\\foo')
+
+-H, --sambaAcctFlags flags
+    sambaAcctFlags, spaces and trailing bracket are ignored (samba account control bits like '[NDHTUMWSLKI]')
+
+-I, --sambaDisable
+    disable user. Can't be used with -H or -J
+
+-J, --sambaEnable
+    enable user. Can't be used with -H or -I
+
+-h, --help
+    print this help
+
+=head1 SEE ALSO
+
+usermod(1)
+
+=cut
+
+#'
diff -Nru smbldap-tools-0.9.5/smbldap-usershow smbldap-tools-0.9.7/smbldap-usershow
--- smbldap-tools-0.9.5/smbldap-usershow	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/smbldap-usershow	1970-01-01 01:00:00.000000000 +0100
@@ -1,89 +0,0 @@
-#!/usr/bin/perl -w
-
-#  This code was developped by Jerome Tournier (jtournier@gmail.com) and
-#  contributors (their names can be found in the CONTRIBUTORS file).
-
-#  This was first contributed by IDEALX (http://www.opentrust.com/)
-
-#  This program is free software; you can redistribute it and/or
-#  modify it under the terms of the GNU General Public License
-#  as published by the Free Software Foundation; either version 2
-#  of the License, or (at your option) any later version.
-#
-#  This program is distributed in the hope that it will be useful,
-#  but WITHOUT ANY WARRANTY; without even the implied warranty of
-#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-#  GNU General Public License for more details.
-#
-#  You should have received a copy of the GNU General Public License
-#  along with this program; if not, write to the Free Software
-#  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,
-#  USA.
-
-# Purpose of smbldap-userdisplay : user (posix,shadow,samba) display
-
-use strict;
-use FindBin;
-use FindBin qw($RealBin);
-use lib "$RealBin/";
-use smbldap_tools;
-
-use Getopt::Std;
-my %Options;
-
-my $ok = getopts('?h',\%Options);
-
-if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) ) {
-    print_banner;
-    print "Usage: $0 [-h?] username\n";
-    print "  -h	print Samba dates in human-readable form\n";
-    print "  -?	show this help message\n";
-    exit (1);
-}
-
-# Read only first @ARGV
-my $user = $ARGV[0];
-
-my $nscd_status = system "/etc/init.d/nscd status >/dev/null 2>&1";
-if ($nscd_status == 0) {
-    system "/etc/init.d/nscd restart > /dev/null 2>&1";
-}
-
-my $ldap_slave=connect_ldap_slave();
-
-my $lines;
-if ($Options{'h'}) {
-	$lines = utf8Decode(read_user_human_readable($user));
-} else {
-	$lines = utf8Decode(read_user($user));
-}
-
-if ($lines) {
-    print "$lines\n";
-} else {
-    print "user $user doesn't exist\n";
-    exit (1);
-}
-
-# take down session
-$ldap_slave->unbind;
-
-exit(0);
-
-############################################################
-
-=head1 NAME
-
-smbldap-usershow - Show a user account informations
-
-=head1 SYNOPSIS
-
-smbldap-usershow login
-
-=head1 DESCRIPTION
-
-The smbldap-usershow command displays the informations associated with the login. The named user must exist.
-
-=cut
-
-#'
diff -Nru smbldap-tools-0.9.5/smbldap-usershow.pl smbldap-tools-0.9.7/smbldap-usershow.pl
--- smbldap-tools-0.9.5/smbldap-usershow.pl	1970-01-01 01:00:00.000000000 +0100
+++ smbldap-tools-0.9.7/smbldap-usershow.pl	2011-07-12 15:29:04.000000000 +0200
@@ -0,0 +1,91 @@
+#!@PERL_CMD@
+
+# $Id$
+
+#  This code was developped by Jerome Tournier (jtournier@gmail.com) and
+#  contributors (their names can be found in the CONTRIBUTORS file).
+
+#  This was first contributed by IDEALX (http://www.opentrust.com/)
+
+#  This program is free software: you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation, either version 2 of the License, or
+#  (at your option) any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License
+#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# Purpose of smbldap-userdisplay : user (posix,shadow,samba) display
+
+use strict;
+use warnings;
+use smbldap_tools;
+
+use Getopt::Std;
+my %Options;
+
+my $ok = getopts('hX:?',\%Options);
+
+if ( (!$ok) || (@ARGV < 1) || ($Options{'?'}) ) {
+    print_banner;
+    print "Usage: $0 [-hX?] username\n";
+    print "  -h	print Samba dates in human-readable form\n";
+    print "  -X	output character set (default UTF-8)\n";
+    print "  -?	show this help message\n";
+    exit (1);
+}
+
+# Read only first @ARGV
+my $user = $ARGV[0];
+
+# Get the input encoding
+my $characterSet;
+if ( defined( $Options{'X'} ) ) {
+	$characterSet = $Options{'X'};
+} else {
+	$characterSet = "UTF-8";
+}
+
+my $ldap_slave=connect_ldap_slave();
+
+my $lines;
+if ($Options{'h'}) {
+	$lines = utf8Decode($characterSet,read_user_human_readable($user));
+} else {
+	$lines = utf8Decode($characterSet,read_user($user));
+}
+
+if ($lines) {
+    print "$lines\n";
+} else {
+    print "user $user doesn't exist\n";
+    exit (1);
+}
+
+# take down session
+$ldap_slave->unbind;
+
+exit(0);
+
+############################################################
+
+=head1 NAME
+
+smbldap-usershow - Show a user account informations
+
+=head1 SYNOPSIS
+
+smbldap-usershow login
+
+=head1 DESCRIPTION
+
+The smbldap-usershow command displays the informations associated with the login. The named user must exist.
+
+=cut
+
+#'
diff -Nru smbldap-tools-0.9.5/TODO smbldap-tools-0.9.7/TODO
--- smbldap-tools-0.9.5/TODO	2008-04-22 10:13:29.000000000 +0200
+++ smbldap-tools-0.9.7/TODO	2011-07-12 15:29:04.000000000 +0200
@@ -1,4 +1,4 @@
-# $Source: $
+# $Id$
 #
 ## TODO list - First In, Last in the list...
 ## (BF: Bug Report / FR: Feature Request)
@@ -28,5 +28,3 @@
      a SAM (in LDAP) database. No sorcery, just LDIF, but usefull
      for non-LDAP gurus
 FR * adding migration tools from migration from W2K and NetWare to Samba-LDAP
-
-# - The End