1#!/usr/bin/perl -w 2 3# $Id: configure.pl,v 1.1.1.1 2010-07-16 07:33:12 winniec Exp $ 4# $Source: /ramdisk/repositories/20_cvs_clean_up/2011-02-11_sj/src/router/samba/samba-3.0.25b/examples/LDAP/smbldap-tools-0.9.2/configure.pl,v $ 5 6# This script can help you setting up the smbldap_conf.pl file. It will get all the defaults value 7# that are defined in the smb.conf configuration file. You should then start with this configuration 8# file. You will also need the SID for your samba domain: set up the controler domain before using 9# this script. 10 11# This code was developped by IDEALX (http://IDEALX.org/) and 12# contributors (their names can be found in the CONTRIBUTORS file). 13# 14# Copyright (C) 2002 IDEALX 15# 16# This program is free software; you can redistribute it and/or 17# modify it under the terms of the GNU General Public License 18# as published by the Free Software Foundation; either version 2 19# of the License, or (at your option) any later version. 20# 21# This program is distributed in the hope that it will be useful, 22# but WITHOUT ANY WARRANTY; without even the implied warranty of 23# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 24# GNU General Public License for more details. 25# 26# You should have received a copy of the GNU General Public License 27# along with this program; if not, write to the Free Software 28# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 29# USA. 30 31 32use strict; 33use File::Basename; 34 35# we need to be root to configure the scripts 36if ($< != 0) { 37 die "Only root can configure the smbldap-tools scripts\n"; 38} 39 40print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 41 smbldap-tools script configuration 42 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= 43Before starting, check 44 . if your samba controller is up and running. 45 . if the domain SID is defined (you can get it with the 'net getlocalsid') 46 47 . you can leave the configuration using the Crtl-c key combination 48 . empty value can be set with the \".\" character\n"; 49print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n"; 50 51# we first check if Samba is up and running 52my $test_smb=`pidof smbd`; 53chomp($test_smb); 54die "\nSamba need to be started first !\n" if ($test_smb eq "" || not defined $test_smb); 55 56print "Looking for configuration files...\n\n"; 57my $smb_conf=""; 58if (-e "/etc/samba/smb.conf") { 59 $smb_conf="/etc/samba/smb.conf"; 60} elsif (-e "/usr/local/samba/lib/smb.conf") { 61 $smb_conf="/usr/local/samba/lib/smb.conf"; 62} 63print "Samba Configuration File Path [$smb_conf] > "; 64chomp(my $config_smb=<STDIN>); 65if ($config_smb ne "") { 66 $smb_conf=$config_smb; 67} 68 69my $conf_dir; 70if (-d "/etc/opt/IDEALX/smbldap-tools") { 71 $conf_dir="/etc/opt/IDEALX/smbldap-tools/"; 72} elsif (-d "/etc/smbldap-tools") { 73 $conf_dir="/etc/smbldap-tools/"; 74} else { 75 $conf_dir="/etc/opt/IDEALX/smbldap-tools/"; 76} 77 78print "\nThe default directory in which the smbldap configuration files are stored is shown.\n"; 79print "If you need to change this, enter the full directory path, then press enter to continue.\n"; 80print "Smbldap-tools Configuration Directory Path [$conf_dir] > "; 81my $conf_dir_tmp; 82chomp($conf_dir_tmp=<STDIN>); 83if ($conf_dir_tmp ne "") { 84 $conf_dir=$conf_dir_tmp; 85} 86 87$conf_dir=~s/(\w)$/$1\//; 88if (! -d $conf_dir) { 89 mkdir "$conf_dir"; 90} 91 92my $smbldap_conf="$conf_dir"."smbldap.conf"; 93my $smbldap_bind_conf="$conf_dir"."smbldap_bind.conf"; 94 95 96 97# Let's read the smb.conf configuration file 98my %config; 99open (CONFIGFILE, "$smb_conf") || die "Unable to open $smb_conf for reading !\n"; 100 101while (<CONFIGFILE>) { 102 103 chomp($_); 104 105 ## eat leading whitespace 106 $_=~s/^\s*//; 107 108 ## eat trailing whitespace 109 $_=~s/\s*$//; 110 111 112 ## throw away comments 113 next if (($_=~/^#/) || ($_=~/^;/)); 114 115 ## check for a param = value 116 if ($_=~/=/) { 117 #my ($param, $value) = split (/=/, $_); 118 my ($param, $value) = ($_=~/([^=]*)=(.*)/i); 119 $param=~s/./\l$&/g; 120 $param=~s/\s+//g; 121 $value=~s/^\s+//; 122 123 $value=~s/"//g; 124 125 $config{$param} = $value; 126 #print "param=$param\tvalue=$value\n"; 127 128 next; 129 } 130} 131close (CONFIGFILE); 132 133print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"; 134print "Let's start configuring the smbldap-tools scripts ...\n\n"; 135 136# This function need 4 parameters: 137# . the description of the parameter 138# . name of the key it is related to in the %config hash (key similar as the name parameter in 139# smb.conf). You can get all the available keys using this: 140# foreach my $tmp (keys %config) { 141# print "key=$tmp\t value=$config{$tmp}\n"; 142# } 143# . if no value is found in smb.conf for the keys, this value is proposed 144# . the 'insist' variable: if set to 1, then the script will always call for a value 145# for the parameter. In other words, there's not default value, and it can't be set 146# to a null caracter string. 147 148sub read_entry 149 { 150 my $description=shift; 151 my $value=shift; 152 my $example_value=shift; 153 my $insist=shift; 154 my $value_tmp; 155 chomp($value); 156 $insist=0 if (! defined $insist); 157 if (defined $config{$value} and $config{$value} ne "") { 158 print "$description [$config{$value}] > "; 159 $value_tmp=$config{$value}; 160 } else { 161 print "$description [$example_value] > "; 162 $value_tmp="$example_value"; 163 } 164 chomp(my $get=<STDIN>); 165 if ($get eq "") { 166 $value=$value_tmp; 167 } elsif ($get eq ".") { 168 $value=""; 169 } else { 170 $value=$get; 171 } 172 if ($insist == 1 and "$value" eq "") { 173 while ($insist == 1) { 174 print " Warning: You really need to set this parameter...\n"; 175 $description=~s/. / /; 176 if (defined $config{$value}) { 177 print "$description [$config{$value}] > "; 178 $value_tmp=$config{$value}; 179 } else { 180 print "$description [$value] > "; 181 $value_tmp="$value"; 182 } 183 chomp(my $get=<STDIN>); 184 if ($get eq "") { 185 $value=$value_tmp; 186 } elsif ($get eq ".") { 187 $value=""; 188 } else { 189 $value=$get; 190 $insist=0; 191 } 192 } 193 } 194 return $value; 195 } 196 197print ". workgroup name: name of the domain Samba act as a PDC\n"; 198my $workgroup=read_entry(" workgroup name","workgroup","",0); 199 200print ". netbios name: netbios name of the samba controler\n"; 201my $netbios_name=read_entry(" netbios name","netbiosname","",0); 202 203print ". logon drive: local path to which the home directory will be connected (for NT Workstations). Ex: 'H:'\n"; 204my $logondrive=read_entry(" logon drive","logondrive","",0); 205 206print ". logon home: home directory location (for Win95/98 or NT Workstation).\n (use %U as username) Ex:'\\\\$netbios_name\\%U'\n"; 207my $logonhome=read_entry(" logon home (press the \".\" character if you don't want homeDirectory)","logonhome","\\\\$netbios_name\\%U",0); 208#$logonhome=~s/\\/\\\\/g; 209 210print ". logon path: directory where roaming profiles are stored. Ex:'\\\\$netbios_name\\profiles\\\%U'\n"; 211my $logonpath=read_entry(" logon path (press the \".\" character if you don't want roaming profile)","logonpath","\\\\$netbios_name\\profiles\\\%U",0); 212#$logonpath=~s/\\/\\\\/g; 213 214my $userHome=read_entry(". home directory prefix (use %U as username)","","/home/\%U",0); 215 216my $userHomeDirectoryMode=read_entry(". default users' homeDirectory mode","","700",0); 217 218my $userScript=read_entry(". default user netlogon script (use %U as username)","logonscript","",0); 219 220my $defaultMaxPasswordAge=read_entry(" default password validation time (time in days)","","45",0); 221 222############################# 223# ldap directory parameters # 224############################# 225my $ldap_suffix=read_entry(". ldap suffix","ldapsuffix","",0); 226my $ldap_group_suffix=read_entry(". ldap group suffix","ldapgroupsuffix","",0); 227$ldap_group_suffix=~s/ou=//; 228my $ldap_user_suffix=read_entry(". ldap user suffix","ldapusersuffix","",0); 229$ldap_user_suffix=~s/ou=//; 230my $ldap_machine_suffix=read_entry(". ldap machine suffix","ldapmachinesuffix","",0); 231$ldap_machine_suffix=~s/ou=//; 232my $ldap_idmap_suffix=read_entry(". Idmap suffix","ldapidmapsuffix","ou=Idmap",0); 233print ". sambaUnixIdPooldn: object where you want to store the next uidNumber\n"; 234print " and gidNumber available for new users and groups\n"; 235my $sambaUnixIdPooldn=read_entry(" sambaUnixIdPooldn object (relative to \${suffix})","","sambaDomainName=$workgroup",0); 236 237# parameters for the master ldap server 238my ($trash1,$server); 239if (defined $config{passdbbackend}) { 240 ($trash1,$server)=($config{passdbbackend}=~m/(.*)ldap:\/\/(.*)/); 241} else { 242 $server="127.0.0.1"; 243} 244$server=~s/\///; 245my $ldapmasterserver; 246print ". ldap master server: IP adress or DNS name of the master (writable) ldap server\n"; 247$ldapmasterserver=read_entry(" ldap master server","",$server,0); 248my $ldapmasterport; 249if (defined $config{ldapport}) { 250 $ldapmasterport=read_entry(". ldap master port","ldapport","",0); 251} else { 252 $ldapmasterport=read_entry(". ldap master port","","389",0); 253} 254my $ldap_master_admin_dn=read_entry(". ldap master bind dn","ldapadmindn","",0); 255system "stty -echo"; 256my $ldap_master_bind_password=read_entry(". ldap master bind password","","",1); 257print "\n"; 258system "stty echo"; 259 260# parameters for the slave ldap server 261print ". ldap slave server: IP adress or DNS name of the slave ldap server: can also be the master one\n"; 262my $ldap_slave_server=read_entry(" ldap slave server","","$server",0); 263my $ldap_slave_port; 264if (defined $config{ldapport}) { 265 $ldap_slave_port=read_entry(". ldap slave port","ldapport","",0); 266} else { 267 $ldap_slave_port=read_entry(". ldap slave port","","389",0); 268} 269my $ldap_slave_admin_dn=read_entry(". ldap slave bind dn","ldapadmindn","",0); 270system "stty -echo"; 271my $ldap_slave_bind_password=read_entry(". ldap slave bind password","","",1); 272print "\n"; 273system "stty echo"; 274my $ldaptls=read_entry(". ldap tls support (1/0)","","0",0); 275my ($cert_verify,$cert_cafile,$cert_clientcert,$cert_clientkey)=("","","",""); 276if ($ldaptls == 1) { 277 $cert_verify=read_entry(". How to verify the server's certificate (none, optional or require)","","require",0); 278 $cert_cafile=read_entry(". CA certificate file","","$conf_dir/ca.pem",0); 279 $cert_clientcert=read_entry(". certificate to use to connect to the ldap server","","$conf_dir/smbldap-tools.pem",0); 280 $cert_clientkey=read_entry(". key certificate to use to connect to the ldap server","","$conf_dir/smbldap-tools.key",0); 281} 282 283# let's test if any sid is available 284# Here is the strategy: If smb.conf has 'domain master = No' 285# this means we are a BDC and we must obtain the SID from the PDC 286# using the command 'net rpc getsid -S PDC -Uroot%password' BEFORE 287# executing this script - that then guarantees the correct SID is available. 288my $sid_tmp=`net getlocalsid \$netbios_name 2>/dev/null | cut -f2 -d: | sed "s/ //g"`; 289chomp $sid_tmp; 290print ". SID for domain $config{workgroup}: SID of the domain (can be obtained with 'net getlocalsid $netbios_name')\n"; 291my $sid=read_entry(" SID for domain $config{workgroup}","","$sid_tmp",0); 292 293print ". unix password encryption: encryption used for unix passwords\n"; 294my $cryp_algo=read_entry(" unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA)","","SSHA",0); 295my $crypt_salt_format=""; 296if ( $cryp_algo eq "CRYPT" ) { 297 print ". crypt salt format: If hash_encrypt is set to CRYPT, you may set \n"; 298 print " a salt format. The default is \"\%s\", but many systems will generate\n"; 299 print " MD5 hashed passwords if you use \"\$1\$\%\.8s\"\n"; 300 $crypt_salt_format=read_entry(" crypt salt format","","\%s",0); 301} 302 303my $default_user_gidnumber=read_entry(". default user gidNumber","","513",0); 304 305my $default_computer_gidnumber=read_entry(". default computer gidNumber","","515",0); 306 307my $userLoginShell=read_entry(". default login shell","","/bin/bash",0); 308 309my $skeletonDir=read_entry(". default skeleton directory","","/etc/skel",0); 310 311my $mailDomain=read_entry(". default domain name to append to mail adress", "","",0); 312 313print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=\n"; 314my $template_smbldap=" 315# \$Source: /ramdisk/repositories/20_cvs_clean_up/2011-02-11_sj/src/router/samba/samba-3.0.25b/examples/LDAP/smbldap-tools-0.9.2/configure.pl,v $ 316# \$Id: configure.pl,v 1.1.1.1 2010-07-16 07:33:12 winniec Exp $ 317# 318# smbldap-tools.conf : Q & D configuration file for smbldap-tools 319 320# This code was developped by IDEALX (http://IDEALX.org/) and 321# contributors (their names can be found in the CONTRIBUTORS file). 322# 323# Copyright (C) 2001-2002 IDEALX 324# 325# This program is free software; you can redistribute it and/or 326# modify it under the terms of the GNU General Public License 327# as published by the Free Software Foundation; either version 2 328# of the License, or (at your option) any later version. 329# 330# This program is distributed in the hope that it will be useful, 331# but WITHOUT ANY WARRANTY; without even the implied warranty of 332# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 333# GNU General Public License for more details. 334# 335# You should have received a copy of the GNU General Public License 336# along with this program; if not, write to the Free Software 337# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, 338# USA. 339 340# Purpose : 341# . be the configuration file for all smbldap-tools scripts 342 343############################################################################## 344# 345# General Configuration 346# 347############################################################################## 348 349# Put your own SID. To obtain this number do: \"net getlocalsid\". 350# If not defined, parameter is taking from \"net getlocalsid\" return 351SID=\"$sid\" 352 353# Domain name the Samba server is in charged. 354# If not defined, parameter is taking from smb.conf configuration file 355# Ex: sambaDomain=\"IDEALX-NT\" 356sambaDomain=\"$workgroup\" 357 358############################################################################## 359# 360# LDAP Configuration 361# 362############################################################################## 363 364# Notes: to use to dual ldap servers backend for Samba, you must patch 365# Samba with the dual-head patch from IDEALX. If not using this patch 366# just use the same server for slaveLDAP and masterLDAP. 367# Those two servers declarations can also be used when you have 368# . one master LDAP server where all writing operations must be done 369# . one slave LDAP server where all reading operations must be done 370# (typically a replication directory) 371 372# Slave LDAP server 373# Ex: slaveLDAP=127.0.0.1 374# If not defined, parameter is set to \"127.0.0.1\" 375slaveLDAP=\"$ldap_slave_server\" 376 377# Slave LDAP port 378# If not defined, parameter is set to \"389\" 379slavePort=\"$ldap_slave_port\" 380 381# Master LDAP server: needed for write operations 382# Ex: masterLDAP=127.0.0.1 383# If not defined, parameter is set to \"127.0.0.1\" 384masterLDAP=\"$ldapmasterserver\" 385 386# Master LDAP port 387# If not defined, parameter is set to \"389\" 388masterPort=\"$ldapmasterport\" 389 390# Use TLS for LDAP 391# If set to 1, this option will use start_tls for connection 392# (you should also used the port 389) 393# If not defined, parameter is set to \"1\" 394ldapTLS=\"$ldaptls\" 395 396# How to verify the server's certificate (none, optional or require) 397# see \"man Net::LDAP\" in start_tls section for more details 398verify=\"$cert_verify\" 399 400# CA certificate 401# see \"man Net::LDAP\" in start_tls section for more details 402cafile=\"$cert_cafile\" 403 404# certificate to use to connect to the ldap server 405# see \"man Net::LDAP\" in start_tls section for more details 406clientcert=\"$cert_clientcert\" 407 408# key certificate to use to connect to the ldap server 409# see \"man Net::LDAP\" in start_tls section for more details 410clientkey=\"$cert_clientkey\" 411 412# LDAP Suffix 413# Ex: suffix=dc=IDEALX,dc=ORG 414suffix=\"$ldap_suffix\" 415 416# Where are stored Users 417# Ex: usersdn=\"ou=Users,dc=IDEALX,dc=ORG\" 418# Warning: if 'suffix' is not set here, you must set the full dn for usersdn 419usersdn=\"ou=$ldap_user_suffix,\${suffix}\" 420 421# Where are stored Computers 422# Ex: computersdn=\"ou=Computers,dc=IDEALX,dc=ORG\" 423# Warning: if 'suffix' is not set here, you must set the full dn for computersdn 424computersdn=\"ou=$ldap_machine_suffix,\${suffix}\" 425 426# Where are stored Groups 427# Ex: groupsdn=\"ou=Groups,dc=IDEALX,dc=ORG\" 428# Warning: if 'suffix' is not set here, you must set the full dn for groupsdn 429groupsdn=\"ou=$ldap_group_suffix,\${suffix}\" 430 431# Where are stored Idmap entries (used if samba is a domain member server) 432# Ex: groupsdn=\"ou=Idmap,dc=IDEALX,dc=ORG\" 433# Warning: if 'suffix' is not set here, you must set the full dn for idmapdn 434idmapdn=\"$ldap_idmap_suffix,\${suffix}\" 435 436# Where to store next uidNumber and gidNumber available for new users and groups 437# If not defined, entries are stored in sambaDomainName object. 438# Ex: sambaUnixIdPooldn=\"sambaDomainName=\${sambaDomain},\${suffix}\" 439# Ex: sambaUnixIdPooldn=\"cn=NextFreeUnixId,\${suffix}\" 440sambaUnixIdPooldn=\"$sambaUnixIdPooldn,\${suffix}\" 441 442# Default scope Used 443scope=\"sub\" 444 445# Unix password encryption (CRYPT, MD5, SMD5, SSHA, SHA, CLEARTEXT) 446hash_encrypt=\"$cryp_algo\" 447 448# if hash_encrypt is set to CRYPT, you may set a salt format. 449# default is \"\%s\", but many systems will generate MD5 hashed 450# passwords if you use \"\$1\$\%\.8s\". This parameter is optional! 451crypt_salt_format=\"$crypt_salt_format\" 452 453############################################################################## 454# 455# Unix Accounts Configuration 456# 457############################################################################## 458 459# Login defs 460# Default Login Shell 461# Ex: userLoginShell=\"/bin/bash\" 462userLoginShell=\"$userLoginShell\" 463 464# Home directory 465# Ex: userHome=\"/home/\%U\" 466userHome=\"$userHome\" 467 468# Default mode used for user homeDirectory 469userHomeDirectoryMode=\"$userHomeDirectoryMode\" 470 471# Gecos 472userGecos=\"System User\" 473 474# Default User (POSIX and Samba) GID 475defaultUserGid=\"$default_user_gidnumber\" 476 477# Default Computer (Samba) GID 478defaultComputerGid=\"$default_computer_gidnumber\" 479 480# Skel dir 481skeletonDir=\"$skeletonDir\" 482 483# Default password validation time (time in days) Comment the next line if 484# you don't want password to be enable for defaultMaxPasswordAge days (be 485# careful to the sambaPwdMustChange attribute's value) 486defaultMaxPasswordAge=\"$defaultMaxPasswordAge\" 487 488############################################################################## 489# 490# SAMBA Configuration 491# 492############################################################################## 493 494# The UNC path to home drives location (\%U username substitution) 495# Just set it to a null string if you want to use the smb.conf 'logon home' 496# directive and/or disable roaming profiles 497# Ex: userSmbHome=\"\\\\PDC-SMB3\\%U\" 498userSmbHome=\"$logonhome\" 499 500# The UNC path to profiles locations (\%U username substitution) 501# Just set it to a null string if you want to use the smb.conf 'logon path' 502# directive and/or disable roaming profiles 503# Ex: userProfile=\"\\\\PDC-SMB3\\profiles\\\%U\" 504userProfile=\"$logonpath\" 505 506# The default Home Drive Letter mapping 507# (will be automatically mapped at logon time if home directory exist) 508# Ex: userHomeDrive=\"H:\" 509userHomeDrive=\"$logondrive\" 510 511# The default user netlogon script name (\%U username substitution) 512# if not used, will be automatically username.cmd 513# make sure script file is edited under dos 514# Ex: userScript=\"startup.cmd\" # make sure script file is edited under dos 515userScript=\"$userScript\" 516 517# Domain appended to the users \"mail\"-attribute 518# when smbldap-useradd -M is used 519# Ex: mailDomain=\"idealx.com\" 520mailDomain=\"$mailDomain\" 521 522############################################################################## 523# 524# SMBLDAP-TOOLS Configuration (default are ok for a RedHat) 525# 526############################################################################## 527 528# Allows not to use smbpasswd (if with_smbpasswd == 0 in smbldap_conf.pm) but 529# prefer Crypt::SmbHash library 530with_smbpasswd=\"0\" 531smbpasswd=\"/usr/bin/smbpasswd\" 532 533# Allows not to use slappasswd (if with_slappasswd == 0 in smbldap_conf.pm) 534# but prefer Crypt:: libraries 535with_slappasswd=\"0\" 536slappasswd=\"/usr/sbin/slappasswd\" 537 538# comment out the following line to get rid of the default banner 539# no_banner=\"1\" 540"; 541 542my $template_smbldap_bind=" 543############################ 544# Credential Configuration # 545############################ 546# Notes: you can specify two differents configuration if you use a 547# master ldap for writing access and a slave ldap server for reading access 548# By default, we will use the same DN (so it will work for standard Samba 549# release) 550slaveDN=\"$ldap_master_admin_dn\" 551slavePw=\"$ldap_master_bind_password\" 552masterDN=\"$ldap_slave_admin_dn\" 553masterPw=\"$ldap_slave_bind_password\" 554"; 555 556print "backup old configuration files:\n"; 557print " $smbldap_conf->$smbldap_conf.old\n"; 558print " $smbldap_bind_conf->$smbldap_bind_conf.old\n"; 559rename "$smbldap_conf","$smbldap_conf.old"; 560rename "$smbldap_bind_conf","$smbldap_bind_conf.old"; 561 562print "writing new configuration file:\n"; 563open (SMBLDAP,'>',"$smbldap_conf") || die "Unable to open $smbldap_conf for writing !\n"; 564print SMBLDAP "$template_smbldap"; 565close(SMBLDAP); 566print " $smbldap_conf done.\n"; 567my $mode=0644; 568chmod $mode,"$smbldap_conf","$smbldap_conf.old"; 569 570open (SMBLDAP_BIND,'>',"$smbldap_bind_conf") || die "Unable to open $smbldap_bind_conf for writing !\n"; 571print SMBLDAP_BIND "$template_smbldap_bind"; 572close(SMBLDAP_BIND); 573print " $smbldap_bind_conf done.\n"; 574$mode=0600; 575chmod $mode,"$smbldap_bind_conf","$smbldap_bind_conf.old"; 576 577 578 579