/usr/share/quota/ldap/setSystemQuotas.pl is in quota 4.03-2.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 | #!/usr/bin/perl -w
# $0 -b "ou=People,dc=borgia,dc=com" -Q /dev/with/quota=0:0:0:0 -F '(attr=value)'
# Synopsis
# setSystemQuotas.pl is a script solely for modifying the quota attribute in
# LDAP. It expects that the users you intend to have quotas already have the
# systemQuotas objectClass set.
# This tool is capable of applying standard LDAP filters to the user-supplied
# base DN for modifying multiple users' quotas at once.
# Examples:
# Set quota on /dev/sda7 and /dev/sda8 for user stefan
# ./setSystemQuotas.pl -b "uid=stefan,ou=People,dc=borgia,dc=com" -Q /dev/sda7=4000000:4400000:10000:11000 -Q /dev/sda8=4000000:4400000:10000:11000
#
# Set quota on /dev/sda8 for user all People with description of Student
# ./setSystemQuotas.pl -b "ou=People,dc=borgia,dc=com" -Q /dev/sda8=40000:44000:1000:1100 -F "(description=Student)"
#
# Delete quotas for user stefan
# ./setSystemQuotas.pl -b "uid=stefan,ou=People,dc=borgia,dc=com"
use strict;
use Net::LDAP;
use Getopt::Long;
chomp(my $Password = `cat /etc/ldap.secret`);
my $Host = 'localhost';
my $Port = '389';
my $BindDN = 'cn=Manager,dc=borgia,dc=com';
my $SSL = 0;
my $b = '';
my %Q = ();
my $F = '';
GetOptions(
'b=s' => \$b,
'Q=s' => \%Q,
'F=s' => \$F,
);
die "Usage: $0 -b userdn [-F '(extrafilter)'] [-Q /fs=sb:hb:sf:hf ...]\n" unless $b;
foreach ( keys %Q ) {
local @_ = split /:/, $Q{$_};
unless ( $#_ == 3 ) {
print "Ignoring $_: invalid format\n";
delete $Q{$_};
}
}
my $ldap = connectLDAP();
my $quota = {};
my $search;
$search = $ldap->search(
base => $b,
filter => "(&(objectClass=systemQuotas)$F)",
attrs => ['*', 'quota'],
);
$search->code && die $search->error;
my $i = 0;
my $max = $search->count;
for ( $i=0; $i<$max; $i++ ) {
my $entry = $search->entry($i);
my $dn = $entry->dn;
if ( keys %Q ) {
$quota->{$dn} = 1;
foreach ( $entry->get_value('quota') ) {
my @quota = split /:/;
my $fs = shift @quota;
delete $quota->{$dn} if $quota->{$dn} == 1;
$quota->{$dn}->{$fs} = join ':', @quota;
}
} else {
$quota->{$dn} = 0;
delete $quota->{$dn} unless $entry->get_value('quota');
}
}
foreach my $dn ( keys %{$quota} ) {
if ( ref $quota->{$dn} eq 'HASH' ) {
print STDERR "Modify $dn:\n";
foreach ( keys %Q ) {
print STDERR "\t$_:$Q{$_}\n";
$quota->{$dn}->{$_} = $Q{$_};
}
my @quota = map { "$_:$quota->{$dn}->{$_}" } keys %{$quota->{$dn}};
my $modify = $ldap->modify(
$dn,
replace => {
quota => [@quota],
},
);
$modify->code && warn "Failed to modify quota: ", $modify->error, "\n";
} else {
if ( $quota->{$dn} == 1 ) {
delete $quota->{$dn};
print STDERR "Add $dn:\n";
foreach ( keys %Q ) {
print STDERR "\t$_:$Q{$_}\n";
$quota->{$dn}->{$_} = $Q{$_}
}
my @quota = map { "$_:$quota->{$dn}->{$_}" } keys %{$quota->{$dn}};
my $modify = $ldap->modify(
$dn,
add => {
quota => [@quota],
},
);
$modify->code && warn "Failed to modify quota: ", $modify->error, "\n";
} elsif ( $quota->{$dn} == 0 ) {
print STDERR "Delete $dn:\n";
my $modify = $ldap->modify(
$dn,
delete => ['quota'],
);
$modify->code && warn "Failed to modify quota: ", $modify->error, "\n";
}
}
}
$ldap->unbind;
sub connectLDAP {
# bind to a directory with dn and password
my $ldap = Net::LDAP->new(
$Host,
port => $Port,
version => 3,
# debug => 0xffff,
) or die "Can't contact LDAP server ($@)\n";
if ( $SSL ) {
$ldap->start_tls(
# verify => 'require',
# clientcert => 'mycert.pem',
# clientkey => 'mykey.pem',
# decryptkey => sub { 'secret'; },
# capath => '/usr/local/cacerts/'
);
}
$ldap->bind($BindDN, password=>$Password);
return $ldap;
}
|