How To Change POSIX uidNumber of Users

Knowledge Base Community
, , ,
#1

How to change POSIX uidNumber of Users

In case you need to reallocate your uidNumber attribute of your users you can use the following script.
Note: This is really rarely needed and it might have unforseen side effects. Use at your own risk!

#!/bin/bash

# To be used to reallocate the POSIX uidNumber on a Univention UCS Master with Samba4
#
# It will reassign the uidNumber of the given users to the given target number per user.
# It updates the Samba ID mapping, too
#
# Input file is a list of DNs to be changed

# Syntax of the required file (without the leading hashes '#'):
#
# uid=USER1,cn=users,dc=DOMAIN,dc=DE;NEWUIDNUMBER
# uid=USER2,cn=users,dc=DOMAIN,dc=DE;NEWUIDNUMBER

# Settings

IDMAPPATH=/var/lib/samba/private/idmap.ldb

DATAFILE=/root/Users
LDAPBASIS=`ucr get ldap/base`



for j in `cat $DATAFILE|grep -v "#" `; do
    i=`echo -n $j| cut -d ";" -f 1`
    nid=`echo -n $j| cut -d ";" -f 2`
    echo "$i will change to $nid"

    #Get data from openldap
    univention-ldapsearch -x -LLL -b $i > /tmp/ucsldaptemp
    OLDUID=$(cat /tmp/ucsldaptemp | grep uidNumber | cut -d " " -f 2)
    NEWUID=$nid
    SID=$(cat /tmp/ucsldaptemp | grep sambaSID | cut -d " " -f 2)
    HDIR=$(cat /tmp/ucsldaptemp | grep homeDirectory | cut -d " " -f 2)
    UNAME=$(cat /tmp/ucsldaptemp | grep uid: | cut -d " " -f 2)

    echo $i
    echo "OLDUID = $OLDUID"
    echo "NEWUID = $NEWUID"
    echo "SID = $SID"
    echo "HOMEDIR= $HDIR"
    echo "Username = $UNAME"

    # Hier UID im UCS LDAP ändern
    echo "dn: $i
changetype: modify
replace: uidNumber
uidNumber: $NEWUID" > /tmp/$UNAME.UCS.ldif

    ldapmodify -D cn=admin,$LDAPBASIS -y /etc/ldap.secret -h localhost -p 7389 -f /tmp/$UNAME.UCS.ldif

    # Change mapping im S4 idmap

    echo "dn: cn=$SID
changetype: modify
replace: xidNumber
xidNumber: $NEWUID" > /tmp/idmapchange$OLDUID-TO-$NEWUID.ldif

    ldbmodify --url=$IDMAPPFAD /tmp/idmapchange$OLDUID-TO-$NEWUID.ldif
    if [ $? -eq 0 ] ; then
        echo "$UNAME $OLDUID nach $NEWUID" >> /tmp/idmapchange_ok.log
        rm /tmp/idmapchange$OLDUID-TO-$NEWUID.ldif
    else
        echo $i >> /tmp/idmapchange_error.log
        cp /tmp/idmapchange$OLDUID-TO-$NEWUID.ldif /tmp/failed-idmapchange$OLDUID-TO-$NEWUID.ldif
    fi


chown -R --from $OLDUID $NEWUID $HDIR
# Add any commands you need. Ie "find /mnt/shares/firmendaten -uid $OLDUID -exec chown $NEWUID {} \;"

done

For the change to take effect in samba, winbind must be restarted and the name cache cleared (on master and share host)

root@dc0:~# net cache flush
root@dc0:~# /etc/init.d/winbind restart
Q&A: Is it possible to to modify the uid or guid from a user
Mastodon