LDAPAccountSync
LDAPAccountSync (introduced with OGoMojo 0.0.14) is a utility to push LDAP account information into the OpenGroupware server. If the create mode is enabled LDAPAccountSync will create a new OGo account if an account corresponding to the LDAP account is not found, if update mode is enabled LDAPAccountSync will only update the contact information of the OGo accounts that match an LDAP account. Both modes can be enabled simultaneously. The mapping of LDAP attributes to OGo contact properties is entirely configurable (via the OGoMojo.ini configuration file).
Note: LDAPAccountSync does not require any additional schema on the LDAP server.
OGoMojo.ini Snippet
[LDAPAccountSync]
Hostname=gourd-amber.morrison.iserv.net
Username=ogo
Secret=**********
DSA=littleboy.morrison.iserv.net
Base=ou=People,ou=Entities,ou=SAM,o=Morrison Industries,c=US
Filter=(&(objectclass=morrisonperson)(morrisonactiveuser=Y))
BindDN=uid=nss,ou=System,ou=Entities,ou=SAM,o=Morrison Industries,c=US
BindSecret=*********
LoginAttribute=uid
CreateEnabled=true
UpdateEnabled=true
AttributeMap=FirstName=givenName,MiddleName=,LastName=sn,DisplayName=displayName,BirthDate=\
birthDate,Comment=,Email1=mail,Email2=,Email3=,JobTitle=title,OtherTitle1=,OtherTitle2=,\
Phone=01_tel=telephoneNumber,Phone=03_tel_funk=mobile
Note: The AttributeMap line is broken only for readability, in the actual INI file this must be one unbroken line.
Directives
- Hostname - The hostname of the OGo XML-RPC server
- Username - The OGo administrative user account.
- Secret - The password for the OGo administrative user account.
- DSA - The hostname of the DSA (LDAP Server).
- Base - The base of the container containing user accounts.
- Filter - The LDAP filter to qualify objects for syncing.
- BindDN - The DN to use when binding to the LDAP server.
- BindSecret - The secret to use when binding to the LDAP server.
- LoginAttribute - The LDAP attribute containing the user account name.
- CreateEnabled - "true" to enable creation of new accounts.
- UpdateEnabled - "true" to update contact information for existing accounts.
- AttributeMap - The mapping of LDAP attributes to OGo server properties; these are comma separated tuples internally delimited by the equality symbol.
- Standard properties: Pairs of LDAP attribute (right side) to an OGo property (left side). The standard MOGI contact properties are:
- FirstName
- MiddleName
- LastName
- DisplayName
- BirthDate
- Comment - There is currently a bug which prevents mapping to the comment property from working, mapping to the comment property will cause LDAPAccount sync to crash.
- Email1
- Email2
- Email3
- JobTitle
- OtherTitle1
- OtherTitle2
- Phone Numbers - To map an LDAP attribute to a phone number use a triple such as
PhoneNumber={type}={attribute}. "type" must be a valid OGo phone number type, if this type is not valid LDAPAccount sync will silently ignore the mapping. This stores the specified attribute into the dial number value of the phone number, there is currently no mechanism to map an LDAP attribute to the info value of the phone number. - Extended Attributes - Not yet supported.
- Addresses - Not yet supported.
When run LDAPAccountSync will produce output like:
---
LDAP Object: ldap://littleboy.morrison.iserv.net/cn=Joan
Strickland,ou=People,ou=Entities,ou=SAM,o=Morrison Industries,c=US
(Login=jstrickl)
OGo Account: Document/Account/1096090
Updating contact information...
...Getting contact information
...Updating FirstName property
...Updating LastName property
...Updating Birthdate property
...Updating Email1 property
...Updating JobTitle property
...Updating Phone number, 01_tel
...Updating Phone number, 03_tel_funk
...Writing object to the server (Document/Contact/1096090) - Standard properties: Pairs of LDAP attribute (right side) to an OGo property (left side). The standard MOGI contact properties are: