How To Change POSIX uidNumber of Users

How to change POSIX uidNumber of Users

In case you need to reallocate your uidNumber attribute of your users you can use the following script.
Note: This is really rarely needed and it might have unforseen side effects. Use at your own risk!

#!/bin/bash

# To be used to reallocate the POSIX uidNumber on a Univention UCS Master with Samba4
#
# It will reassign the uidNumber of the given users to the given target number per user.
# It updates the Samba ID mapping, too
#
# Input file is a list of DNs to be changed

# Syntax of the required file (without the leading hashes '#'):
#
# uid=USER1,cn=users,dc=DOMAIN,dc=DE;NEWUIDNUMBER
# uid=USER2,cn=users,dc=DOMAIN,dc=DE;NEWUIDNUMBER

# Settings

IDMAPPATH=/var/lib/samba/private/idmap.ldb

DATAFILE=/root/Users
LDAPBASIS=`ucr get ldap/base`



for j in `cat $DATAFILE|grep -v "#" `; do
    i=`echo -n $j| cut -d ";" -f 1`
    nid=`echo -n $j| cut -d ";" -f 2`
    echo "$i will change to $nid"

    #Get data from openldap
    univention-ldapsearch -x -LLL -b $i > /tmp/ucsldaptemp
    OLDUID=$(cat /tmp/ucsldaptemp | grep uidNumber | cut -d " " -f 2)
    NEWUID=$nid
    SID=$(cat /tmp/ucsldaptemp | grep sambaSID | cut -d " " -f 2)
    HDIR=$(cat /tmp/ucsldaptemp | grep homeDirectory | cut -d " " -f 2)
    UNAME=$(cat /tmp/ucsldaptemp | grep uid: | cut -d " " -f 2)

    echo $i
    echo "OLDUID = $OLDUID"
    echo "NEWUID = $NEWUID"
    echo "SID = $SID"
    echo "HOMEDIR= $HDIR"
    echo "Username = $UNAME"

    # Hier UID im UCS LDAP ändern
    echo "dn: $i
changetype: modify
replace: uidNumber
uidNumber: $NEWUID" > /tmp/$UNAME.UCS.ldif

    ldapmodify -D cn=admin,$LDAPBASIS -y /etc/ldap.secret -h localhost -p 7389 -f /tmp/$UNAME.UCS.ldif

    # Change mapping im S4 idmap

    echo "dn: cn=$SID
changetype: modify
replace: xidNumber
xidNumber: $NEWUID" > /tmp/idmapchange$OLDUID-TO-$NEWUID.ldif

    ldbmodify --url=$IDMAPPFAD /tmp/idmapchange$OLDUID-TO-$NEWUID.ldif
    if [ $? -eq 0 ] ; then
        echo "$UNAME $OLDUID nach $NEWUID" >> /tmp/idmapchange_ok.log
        rm /tmp/idmapchange$OLDUID-TO-$NEWUID.ldif
    else
        echo $i >> /tmp/idmapchange_error.log
        cp /tmp/idmapchange$OLDUID-TO-$NEWUID.ldif /tmp/failed-idmapchange$OLDUID-TO-$NEWUID.ldif
    fi


chown -R --from $OLDUID $NEWUID $HDIR
# Add any commands you need. Ie "find /mnt/shares/firmendaten -uid $OLDUID -exec chown $NEWUID {} \;"

done

For the change to take effect in samba, winbind must be restarted and the name cache cleared (on master and share host)

root@dc0:~# net cache flush
root@dc0:~# /etc/init.d/winbind restart