APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Another Password to Ldap Script

By Tony Gibson
HBCS LTD
Email: [email protected]

I wanted to thank you for your insight into LDAP that you had posted on your web page. I found it to be straight to the point and it saved me a great deal of time in the installation and configuration of our LDAP server. I also liked your Perl script for creating an LDBM backend database for LDAP.

I have to admit that I used your Perl script as a basis for one that I wrote. I took a little bit of a different path in the actual creation and maintenance of the LDBM database. We deal with medical data here and must adhere to pretty severe security standards in general for our systems. So I did not want to setup a user with write access to the LDBM database, just on general principle. I have instead chosen to recreate the entire database every night.

I also had to deal with the fact that our gecos entries were not entirely uniform in the data that they contained. We also have what we call Bot accounts that are used for various processing jobs and file transfers to and from our various Hospital systems. Regrettably these Bot accounts are interspersed among the regular user accounts, so I did not have the luxury of being able to filter them out as was possible with the system accounts.

Well, I just wanted to let you know that the information you have posted was useful to me and tell you thanks. I have included the source of the Perl script I wrote, please feel free to use it or modify it to your needs.

--Tony Gibson
SR. Project Manager, LAN Systems
HBCS LTD.

#!/usr/bin/perl
# passwd2ldap.pl
# Reads /etc/passwd and passes it to ldif file 
# in preparation for creation of LDBM for LDAP server.
# Modified to work in HBCS environment by Tony Gibson 10/2001
open(PASSWD,"</etc/passwd") || die "Could not open passwd File: $!";
open (EXCEPT,"/etc/hbcs/ldap.exceptions") || die "Could not open Exceptions File: $!";

# Read in exceptions file and put into array.
while(<EXCEPT>) 
{
    ($uname,$info)=split /\:/;
    push (@exceptions,$uname);
}
close (EXCEPT);

# Create ascii version of LDBM file and put in headers.
open (LDIF,">/etc/openldap/ldif.new") || die "Could not create LDIF file: $!";
print LDIF "dn:o=hbcs,c=US\n";
print LDIF "o=HBCS\n";
print LDIF "objectclass:organization\n\n";
$checkflag=0;

# Read in passwd file to create user LDBM entries.
while(<PASSWD>) 
{
   # Break out each user's entries in passwd file.
   ($login,$x, $uid,$group,$comment,$homedir)=split /\:/;
   next if  $uid < 102 ;
   # Break out all possible entries in gecos field of passwd file.
   ($FullName,$Office,$WorkPhone,$Location)=split(/\,/,$comment);
   # Break out the name portion of gecos field.
   ($fname,$middle,$lname)=split(/ /,$FullName);
  
   # Compensate for people with no middle initial.
   if (!($lname))
   {
     $lname = $middle;
     undef ($middle);
   }   
   
   # Check each passwd entry against exceptions file.
   foreach $check(@exceptions)
   {
     if ($check eq $login) 
     {
       $checkflag=1
     }
   }
   
   # If passwd entry is not in exceptions file then add to LDBM.
   if ($checkflag != 1)
   {
   print LDIF "dn: cn=$fname $middle $lname, o=hbcs, c=US\n";
   print LDIF "cn: $fname $middle $lname\n";
   print LDIF "sn: $lname\n";
   print LDIF "givenname: $fname\n";
   print LDIF "mail:${login}\@hbcs.org\n";
   print LDIF "objectclass: person\n\n";
   }
 $checkflag=0; 
}

close LDIF;

# Move the new LDIF file to the current LDIF file.
# We do this so that we have an ascii readable version
# of what we are running in LDBM.
rename("/etc/openldap/ldif.new", "/etc/openldap/ldif.cur") || die "no Ldif file was created: $!";

# Stop the LDAP daemon before loading new LDBM files.
system("/etc/rc.d/init.d/ldap stop");
if ($? != 0) {die "Failed to Stop LDAP daemon: $!"}

# Delete current LDBM files to ensure a clean load.
while (</var/lib/ldap/*>) {unlink $_ || die "Failed to Delete LDBM files: $!"};

# Use LDAP tool to create LDBM from LDIF file.
system("/usr/sbin/ldif2ldbm -i /etc/openldap/ldif.cur -f /etc/openldap/slapd.conf");
if ($? != 0) {die "Failed to Load new LDBM files: $!"}

# Start the LDAP daemon up with the new LDBM files.
system("/etc/rc.d/init.d/ldap start");
 


Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> Another Password to Ldap Script




Increase ad revenue 50-250% with Ezoic


More Articles by © Tony Gibson



Kerio Samepage


Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us





When Life Gives You Questions, Google has Answers (AJ Carpio)

Two years from now, spam will be solved. (Bill Gates, 2004)












This post tagged: