LDAPTeamSync

Submitted by awilliam on Mon, 2006-02-27 17:14. dot NET | LDAP | OpenGroupware

2007-12-19 - As of zOGI r879 the LDAPTeamSync utility has been ported to use the zOGI API. Configuration of the utility remains the same, but it is now developed in the Consonance repository.

The 0.0.12 version of OGoMojo contains a utility called "LDAPTeamSync". This utility reads groups from a DSA and writes corresponding membership information to the OpenGroupware server, this allows you to automate pushing team membership from your LDAP server to your OpenGroupware instance. LDAPTeamSync supports both POSIX (RFC2307) stype groups and X.500 groups like groupOfNames where the member is the DN of an account.

Using LDAPTeamSync
First load the OpenGroupware schema into your DSA in order to establish the group relationships; you can get the OpenGroupware schema file here. Add the objectclass "opengroupwareentity" to group objects and store the id of the team in the required opengroupwareid attribute. You can find the id of an OGo team in the "company_id" field of the "team" table.

Note: LDAPTeamSync will *NOT* create teams, just updates membership. LDAPTeamSync does *NOT* write to or modify the contents of the DSA.

As with all the OGoMojo stuff the configuration is read from an INI file named "OGoMojo.ini", the utility will attempt to open this file in the current working directory and if that fails it will attempt to open the file in the "/etc" directory.

For syncing X.500 style groups such as a groupOfNames object like --

dn: cn=cis,ou=Groups,ou=JIVE,ou=SubSystems,o=Morrison Industries,c=US cn: cis member: cn=Adam Williams,ou=People,ou=Entities,ou=SAM,o=Morrison Industries, c=US member: cn=Richard Hopkins,ou=People,ou=Entities,ou=SAM,o=Morrison Industries,c=US member: cn=Steve VanderZouwen,ou=People,ou=Entities,ou=SAM,o=Morrison Industries,c=US description: CIS/IT Department objectClass: groupOfNames objectClass: top objectClass: opengroupwareentity businessCategory: jiveGroup owner: cn=Adam Williams,ou=People,ou=Entities,ou=SAM,ou=Entities,ou=SAM,o=Morrison Industries,c=US opengroupwareid: 11530

-- you can setup LDAPTeamSync to lookup the username for each of the members via the X500 mode:

[LDAPTeamSync] Hostname=gourd-amber.morrison.iserv.net Username=ogo Secret=********** DSA=littleboy.morrison.iserv.net Base=ou=Groups,ou=JIVE,ou=SubSystems,o=Morrison Industries,c=US Filter=(&(objectclass=opengroupwareentity)(objectclass=groupOfNames)) GroupAttribute=member BindDN=uid=nss,ou=System,ou=Entities,ou=SAM,o=Morrison Industries,c=US BindSecret=*********** Mode=X500 UserAttribute=uid

The directive "UserAttribute" specified the attribute in the user object that contains the login which corresponds to the OpenGroupware login.

For syncing an RFC2307 style POSIX group like --

dn: cn=cis,ou=Groups,ou=SAM,o=Morrison Industries,c=US cn: cis gidNumber: 230 allowprimary: Y objectClass: posixGroup objectClass: top objectClass: morrisongroup objectClass: sambaGroupMapping objectClass: opengroupwareentity sambaSID: S-1-5-21-2037442776-3290224752-88127236-1461 sambaGroupType: 2 displayName: IT Staff description: IT Staff opengroupwareid: 11530 memberUid: steve memberUid: supervisor memberUid: rhopkins memberUid: adam

-- you can setup LDAPTeamSync to use the simple POSIX mode:

[LDAPTeamSync] Hostname=gourd-amber.morrison.iserv.net Username=ogo Secret=********* DSA=littleboy.morrison.iserv.net Base=ou=Groups,ou=SAM,o=Morrison Industries,c=US Filter=(&(objectclass=opengroupwareentity)(objectclass=posixGroup)) GroupAttribute=member BindDN=uid=nss,ou=System,ou=Entities,ou=SAM,o=Morrison Industries,c=US BindSecret=************ Mode=POSIX

When run you'll see something like --

--- LDAP Group: ldap://littleboy.morrison.iserv.net/cn=cis,ou=Groups,ou=JIVE,ou=SubSystems,o=Morrison Industries,c=US RPC...Getting team id 11530 OGo Team Description: MI (CIS/IT) LDAP Members: cn=Adam Williams,ou=People,ou=Entities,ou=SAM,o=Morrison Industries,c=US (10100), cn=Richard Hopkins,ou=People,ou=Entities,ou=SAM,o=Morrison Industries,c=US (26850), cn=Steve VanderZouwen,ou=People,ou=Entities,ou=SAM,o=Morrison Industries,c=US (27190) 3 of 3 LDAP members have corresponding OGo accounts. RPC...Writing membership to OGo server. OGo Members:adam (Document/Account/10100), rhopkins (Document/Account/26850), steve (Document/Account/27190)

-- in X500 mode, or if in POSIX mode something like --

--- LDAP Group: ldap://littleboy.morrison.iserv.net/cn=cis,ou=Groups,ou=SAM,o=Morrison Industries,c=US RPC...Getting team id 11530 OGo Team Description: MI (CIS/IT) LDAP Members: steve (27190), supervisor (N/A), rhopkins (26850), adam (10100) 3 of 4 LDAP members have corresponding OGo accounts. RPC...Writing membership to OGo server. OGo Members:adam (Document/Account/10100), rhopkins (Document/Account/26850), steve (Document/Account/27190)

Note: In either mode LDAPTeamSync will gracefully handle LDAP group members that do not have corresponding OpenGroupware accounts.

2007-12-19 - As of zOGI r879 the LDAPTeamSync utility has been ported to use the zOGI API. Configuration of the utility remains the same, but it is now developed in the Consonance repository.

OLD: You can download the latest version of MOGI/OGoMojo here (the OGo docs plone) or here (the OGoMojo home page). All the operations supported by the RPC2 MOGI backend are listed at here.

» add new comment | 1137 reads

Poll

What Groupware Server Do You Interact With Most Frequently

Microsoft Exchange

40%

Novell Groupwise

20%

Orable Collaberation Suite

Microsoft Sharepoint

IBM Lotus Notes/Domino

OpenGroupware

40%

OpenXchange

Kolab

PHP Groupware

Total votes: 5

601 reads | older polls

User login

Who's new

Who's online

LDAPTeamSync

Poll

Recent blog posts

Search