[rt-users] LDAP user import utility updated: group handling

Stanislav Sinyagin ssinyagin at yahoo.com
Thu Dec 19 05:46:04 EST 2002


Hi all, 

this is the next update of rtimportldap. 

--group option is replced with --groupadd

Added --groupbind options which synchronises the 
   RT group(s) with the LDAP persons returned by the filter. 

See TAR attached and README below.

Regards, 
Stanislav
========================================================================

$Id: rtimportldap.README,v 1.4 2002/12/19 10:40:08 stsiny Exp $
------------------------------------------------------------------------------
rtimportldap.pl:
  The utility for importing the RT users from LDAP directory

Author: Stanislav Sinyagin <ssinyagin at yahoo.com>


This script is written as generic as possible, but tested
in Microsoft Active Directory/Exchange 2000 environment only.

The script does not care about passwords. Old users' passwords
are not touched, and the new users are created without password.
Apache/mod_auth_ldap may be used for user authentication against
the LDAP server.

The script is reenterable: existing users are updated,
and non-existing ones are created. Thus, it may be used
every time you make changes in your LDAP directory.

Usage: ./rtimportldap.pl options...
Options ([M] means mandatory, [O] means optional):
  --rc       filename         [O] read options from file
                                  opt=value pairs one per line
  --server   hostname         [M] LDAP server
  --port     port             [O] LDAP TCP port. Default: 389
  --ldapver  3|2              [O] LDAP version. Default: 3
  --binddn   dn               [O] Bind DN
  --bindpw   password         [O] Bind password
  --basedn   dn               [M] Base DN
  --filter   filter           [O] Search filter. Default:
         (|(objectClass=organizationalPerson)(objectClass=person))
  --uidattr  attr             [O] Username attribute. Default: "uid"
  --map      lattr:rattr      [O] Mapping of LDAP to RT attribute
  --groupadd groupname        [O] Add the users to these groups
  --groupbind groupname       [O] Add the users to these groups and
                                         delete members not found in LDAP
  --disabled 1|0              [O] Set disabled. Default: 0
  --privileged 1|0            [O] Set privileged. Default: 1
  --help                      [O] This help message

The filter is automatically updated so that the UID attribute
is explicitly searched in the directory. This means that
the script may report zero entries found.

The script accepts more than one instance of --groupadd, --groupbind and --map
options.

Microsoft AD specifics:

   Option "--uidattr sAMAccountName" is neccessary.

   LDAP attribute 'company' is Microsoft-specific, not defined
   in standard schemas that come with OpenLDAP. We map it to 
   'Organization' RT attribute.

   MS AD requires non-anonymous binding. In anonymous mode,
   it shows only the topmost entry. For normal work, you
   must bind as a valid domain or host user.


-----------------------------------------------------------------------------
Copyright (c) 2002 Stanislav Sinyagin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rtimportldap.tar
Type: application/x-tar
Size: 20480 bytes
Desc: rtimportldap.tar
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20021219/dd9b4c96/attachment.tar>


More information about the rt-users mailing list