LDAP and Internationalization

Understanding and Deploying LDAP Directory Services > 22. Directory Coexistence > Example 1: One-Way Synchronization with Join

<  BACK CONTINUE  >
153021169001182127177100019128036004029190136140232051053054012003015023072067158018127

Example 1: One-Way Synchronization with Join

In this example we develop a tool that can be used to implement periodic one-way synchronization with any system whose data can be expressed as a delimited text file. Many typical data sources provide tools to make this kind of data extract easy. Some provide the ability to extract only those changes that have occurred since the previous extract, in which case the tool runs more efficiently .

Our tool is written in Perl, although it could easily have been written in another scripting language, such as JavaScript, or language, such as C, C++, or Java. We chose Perl because of its power and portability and its popularity in the system administrator community. The code for our synchronization tool is shown in Listing 22.1.

Listing 22.1 An LDAP Perl synchronization tool with a join

1. #!/usr/local/bin/perl 2. # 3. # ldapsync “ “ Perl 5 script that synchronizes a comma-separated 4. # text file of cn values, joining on uid attribute 5. # 6. # Requires: LDAPP (LDAP module for Perl) 7. # 8. use Ldapp; 9. # LDAP server information 10. $ldapbase = "dc=airius, dc=com"; 11. $ldaphost = "ldap.host.com"; 12. $ldapport = "389"; 13. @attrlist = ( "uid", "cn" ); 14. # Start of main: 15. # open an authenticated connection to the LDAP server 16. $ldap = new Ldapp( $ldaphost, $ldapport, "cn=directory manager", "passwd" ); 17. die "Unable to connect to server at ldap://$ldaphost:" 18. "$ldapport\n" unless $ldap; 19. # for each line of input, search for the directory 0entry 20. # corresponding to the first field, and see if its value 21. # for the second field needs to be updated 22. while (<STDIN>) { 23. # grab query string and chop off newline and 24. # return characters 25. $line = $_; 26. chop $line; 27. if ($line =~ /\r$/) { 28. chop $line; 29. } 30. # parse join attribute (uid) and attribute to 31. # be updated (cn) 32. @args = split(/,/, $line); 33. $key = @args[0]; 34. $value = @args[1]; 35. # search for entry with uid equal to the join attribute 36. $filter = "(uid=$key)"; 37. $entry = $ldap->search($ldapbase, " subtree ", 38. $filter, 0, @attrlist); 39. # found a match - update if necessary 40. if ($entry) { 41. print "Found entry with uid $key. Checking "; 42. if (!$entry->{@attrlist[1]} 43. $entry->{@attrlist[1]}[0] ne $value) { 44. print "Updating "; 45. # update entry by replacing cn value 46. } 47. print "\n"; 48. # no matching entry - add one 49. } else { 50. print "No entry found with uid $key. Creating "; 51. # add entry with appropriate cn value 52. print "\n"; 53. } 54. } 55. # clean up 56. $ldap->close; 57. exit 0;

We've chosen to use the PerLDAP extensions to Perl 5 to give us access to LDAP in this implementation. You can get these extensions from the Netscape Web site at http://developer.netscape.com.

The LDAP server information is specified on lines 9 “12. Some constants used elsewhere in our script are defined on line 13.

An LDAP connection is opened on lines 15 “18, and the synchronization tool authenticates itself as the directory manager. This is necessary so that it can later update the directory.

The main body of the example is contained in the while loop spanning lines 18 “50. This loop is executed as long as there is more input to be read. Each input line consists of a comma-separated pair of values. The first value is a login name used as the value of the uid attribute in the directory; we use this attribute to join entries in the directory with corresponding entries in the external data source. The second value is a name to be synchronized with the cn attribute of the directory.

Lines 23 “29 trim off any trailing newline or carriage return characters. Lines 30 “34 parse the resulting line to extract the uid and cn values.

The directory is searched for an entry matching the uid just read on lines 35 “38. The results are processed on lines 39 “53. As you will notice, the PerLDAP calls that actually update an entry or add a new entry on lines 45 and 51, respectively, have been left as an exercise for the reader.



Understanding and Deploying LDAP Directory Services,  2002 New Riders Publishing
<  BACK CONTINUE  >

Index terms contained in this section

attributes
         join
                    privacy 2nd 3rd 4th 5th
coexistence (directories)
         one-way synchronization
                    Perl tool listing 2nd 3rd 4th 5th
         security
                    join attribute (privacy) 2nd 3rd 4th 5th
data
         directory coexistence
                    join attribute (privacy) 2nd 3rd 4th 5th
                    one-way synchronization 2nd 3rd 4th 5th
directories
         coexistence
                    join attribute (privacy) 2nd 3rd 4th 5th
                    one-way synchronization 2nd 3rd 4th 5th
join attribute
         privacy
                    Perl tool listing 2nd 3rd 4th 5th
listings:Perl synchronization tool with join 2nd 3rd 4th 5th
metadirectories
         directory coexistence
                    join attribute (privacy) 2nd 3rd 4th 5th
                    one-way synchronization 2nd 3rd 4th 5th
one-way synchronization
         directory coexistence
                    Perl tool listing 2nd 3rd 4th 5th
privacy
         directory coexistence
                    join attribute 2nd 3rd 4th 5th
security
         privacy
                    join attribute 2nd 3rd 4th 5th
synchronization
         directory coexistence
                    one-way 2nd 3rd 4th 5th

2002, O'Reilly & Associates, Inc.



Understanding and Deploying LDAP Directory Services
Understanding and Deploying LDAP Directory Services (2nd Edition)
ISBN: 0672323168
EAN: 2147483647
Year: 1997
Pages: 245

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net