[rt-users] LDAP user import utility updated: group handling
Stanislav Sinyagin
ssinyagin at yahoo.com
Thu Dec 19 05:46:04 EST 2002
Hi all,
this is the next update of rtimportldap.
--group option is replced with --groupadd
Added --groupbind options which synchronises the
RT group(s) with the LDAP persons returned by the filter.
See TAR attached and README below.
Regards,
Stanislav
========================================================================
$Id: rtimportldap.README,v 1.4 2002/12/19 10:40:08 stsiny Exp $
------------------------------------------------------------------------------
rtimportldap.pl:
The utility for importing the RT users from LDAP directory
Author: Stanislav Sinyagin <ssinyagin at yahoo.com>
This script is written as generic as possible, but tested
in Microsoft Active Directory/Exchange 2000 environment only.
The script does not care about passwords. Old users' passwords
are not touched, and the new users are created without password.
Apache/mod_auth_ldap may be used for user authentication against
the LDAP server.
The script is reenterable: existing users are updated,
and non-existing ones are created. Thus, it may be used
every time you make changes in your LDAP directory.
Usage: ./rtimportldap.pl options...
Options ([M] means mandatory, [O] means optional):
--rc filename [O] read options from file
opt=value pairs one per line
--server hostname [M] LDAP server
--port port [O] LDAP TCP port. Default: 389
--ldapver 3|2 [O] LDAP version. Default: 3
--binddn dn [O] Bind DN
--bindpw password [O] Bind password
--basedn dn [M] Base DN
--filter filter [O] Search filter. Default:
(|(objectClass=organizationalPerson)(objectClass=person))
--uidattr attr [O] Username attribute. Default: "uid"
--map lattr:rattr [O] Mapping of LDAP to RT attribute
--groupadd groupname [O] Add the users to these groups
--groupbind groupname [O] Add the users to these groups and
delete members not found in LDAP
--disabled 1|0 [O] Set disabled. Default: 0
--privileged 1|0 [O] Set privileged. Default: 1
--help [O] This help message
The filter is automatically updated so that the UID attribute
is explicitly searched in the directory. This means that
the script may report zero entries found.
The script accepts more than one instance of --groupadd, --groupbind and --map
options.
Microsoft AD specifics:
Option "--uidattr sAMAccountName" is neccessary.
LDAP attribute 'company' is Microsoft-specific, not defined
in standard schemas that come with OpenLDAP. We map it to
'Organization' RT attribute.
MS AD requires non-anonymous binding. In anonymous mode,
it shows only the topmost entry. For normal work, you
must bind as a valid domain or host user.
-----------------------------------------------------------------------------
Copyright (c) 2002 Stanislav Sinyagin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rtimportldap.tar
Type: application/x-tar
Size: 20480 bytes
Desc: rtimportldap.tar
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20021219/dd9b4c96/attachment.tar>
More information about the rt-users
mailing list