Understanding and Deploying LDAP Directory Services > 22. Directory Coexistence > Example 1: One-Way Synchronization with Join |
Example 1: One-Way Synchronization with JoinIn this example we develop a tool that can be used to implement periodic one-way synchronization with any system whose data can be expressed as a delimited text file. Many typical data sources provide tools to make this kind of data extract easy. Some provide the ability to extract only those changes that have occurred since the previous extract, in which case the tool runs more efficiently . Our tool is written in Perl, although it could easily have been written in another scripting language, such as JavaScript, or language, such as C, C++, or Java. We chose Perl because of its power and portability and its popularity in the system administrator community. The code for our synchronization tool is shown in Listing 22.1. Listing 22.1 An LDAP Perl synchronization tool with a join1. #!/usr/local/bin/perl 2. # 3. # ldapsync “ “ Perl 5 script that synchronizes a comma-separated 4. # text file of cn values, joining on uid attribute 5. # 6. # Requires: LDAPP (LDAP module for Perl) 7. # 8. use Ldapp; 9. # LDAP server information 10. $ldapbase = "dc=airius, dc=com"; 11. $ldaphost = "ldap.host.com"; 12. $ldapport = "389"; 13. @attrlist = ( "uid", "cn" ); 14. # Start of main: 15. # open an authenticated connection to the LDAP server 16. $ldap = new Ldapp( $ldaphost, $ldapport, "cn=directory manager", "passwd" ); 17. die "Unable to connect to server at ldap://$ldaphost:" 18. "$ldapport\n" unless $ldap; 19. # for each line of input, search for the directory 0entry 20. # corresponding to the first field, and see if its value 21. # for the second field needs to be updated 22. while (<STDIN>) { 23. # grab query string and chop off newline and 24. # return characters 25. $line = $_; 26. chop $line; 27. if ($line =~ /\r$/) { 28. chop $line; 29. } 30. # parse join attribute (uid) and attribute to 31. # be updated (cn) 32. @args = split(/,/, $line); 33. $key = @args[0]; 34. $value = @args[1]; 35. # search for entry with uid equal to the join attribute 36. $filter = "(uid=$key)"; 37. $entry = $ldap->search($ldapbase, " subtree ", 38. $filter, 0, @attrlist); 39. # found a match - update if necessary 40. if ($entry) { 41. print "Found entry with uid $key. Checking "; 42. if (!$entry->{@attrlist[1]} 43. $entry->{@attrlist[1]}[0] ne $value) { 44. print "Updating "; 45. # update entry by replacing cn value 46. } 47. print "\n"; 48. # no matching entry - add one 49. } else { 50. print "No entry found with uid $key. Creating "; 51. # add entry with appropriate cn value 52. print "\n"; 53. } 54. } 55. # clean up 56. $ldap->close; 57. exit 0; We've chosen to use the PerLDAP extensions to Perl 5 to give us access to LDAP in this implementation. You can get these extensions from the Netscape Web site at http://developer.netscape.com. The LDAP server information is specified on lines 9 “12. Some constants used elsewhere in our script are defined on line 13. An LDAP connection is opened on lines 15 “18, and the synchronization tool authenticates itself as the directory manager. This is necessary so that it can later update the directory. The main body of the example is contained in the while loop spanning lines 18 “50. This loop is executed as long as there is more input to be read. Each input line consists of a comma-separated pair of values. The first value is a login name used as the value of the uid attribute in the directory; we use this attribute to join entries in the directory with corresponding entries in the external data source. The second value is a name to be synchronized with the cn attribute of the directory. Lines 23 “29 trim off any trailing newline or carriage return characters. Lines 30 “34 parse the resulting line to extract the uid and cn values. The directory is searched for an entry matching the uid just read on lines 35 “38. The results are processed on lines 39 “53. As you will notice, the PerLDAP calls that actually update an entry or add a new entry on lines 45 and 51, respectively, have been left as an exercise for the reader.
|
Index terms contained in this sectionattributesjoin privacy 2nd 3rd 4th 5th coexistence (directories) one-way synchronization Perl tool listing 2nd 3rd 4th 5th security join attribute (privacy) 2nd 3rd 4th 5th data directory coexistence join attribute (privacy) 2nd 3rd 4th 5th one-way synchronization 2nd 3rd 4th 5th directories coexistence join attribute (privacy) 2nd 3rd 4th 5th one-way synchronization 2nd 3rd 4th 5th join attribute privacy Perl tool listing 2nd 3rd 4th 5th listings:Perl synchronization tool with join 2nd 3rd 4th 5th metadirectories directory coexistence join attribute (privacy) 2nd 3rd 4th 5th one-way synchronization 2nd 3rd 4th 5th one-way synchronization directory coexistence Perl tool listing 2nd 3rd 4th 5th privacy directory coexistence join attribute 2nd 3rd 4th 5th security privacy join attribute 2nd 3rd 4th 5th synchronization directory coexistence one-way 2nd 3rd 4th 5th |
2002, O'Reilly & Associates, Inc. |