| Panel |
|---|
On This Page: Related Pages: |
As can be seen from Admin ServiceOptimizer Further Detail Access Control LDAP Configuration the full power in configuring ServiceScheduling is contained in the LDAP_URL. A command line utility has been developed to allow users to validate the settings in sp083_system_parameters and also to export users from the LDAP Server into the ServiceScheduling Database.
The command utility is called sp_ldap, full details of how to run it are supplied on the command by running it with the –h option.
Modes of Operation
Two modes of operation are supported.
Check Mode | Import Mode | |||||
|---|---|---|---|---|---|---|
This mode of operation allows users to check the setting of the sp083_system_parameters for LDAP. It can also validate a user and also authenticate him.
The options –c basically reads the LDAP_URL setting and attempts an anonymous bind to the LDAP server. This validates the host,portofLDAP_URLand the LDAP_version
The options –c and –u, additionally constructs this user’s DN using the method defined in LDAP_DN. If the DN was constructed via SEARCH then it will be a validated DN, if it was constructed via CONCATENATE then it has not.
The options –c, -u and –w additional authenticate the user and his password. This is a full check as performed by the spsecurity module. | This mode of operation allows the user to import users from the LDAP Server into the sp085_users table. Duplicated users will fail insertion into sp085_users, and deleted LDAP users will remain in sp085_users. This mode is invoked via the –i option.
The –1 to –8 options allow the user to define how the sp085_users columns are populated. See for a reminder of what sp085_users looks like.
The –1 to –8 options relate to USER_ID to AUTH_TYPE. The parameters following each option tell the application how to populate the column for each user found in the LDAP directory. If the option for a column entry is not used then a NULL value is used. If the parameters begins with a plus (+) sign then this value is assumed to be an LDAP attribute type, the corresponding attribute value will be used to populate the table. If the parameter is simply a string (with the proceeding + sign) then that string is used. See example opposite.
|
Command Line Utility
C:\ >sp_ldap
Command line utility to verify or export data from
a LDAP server into the SERVICEOptimizer database Users table
Usage: sp_ldap [options]
| Common Options | |
|---|---|
| -d <database> | Specify SERVICEOptimizer Database schema/password |
| -h | Display help text |
| -u <user> | for Check: verify that this user exists for Import: bind as this user |
| -w <user pw> | password for user |
| Check Options | |
|---|---|
| -c | Check the LDAP_URL specified in SYSTEM_PARAMETERS (Default) |
| Import Options | |
|---|---|
| -i | Import data from the LDAP Server to the USERS table |
| -n | Show what would be done but don't actually do it |
| -1 <opt> | populate the USER_ID with this value |
| -2 <opt> | populate the USER_NAME wit this value |
| -3 <opt> | populate the PROFILE this value |
| -4 <opt> | populate the RESP_UNIT_NO with this value |
| -5 <opt> | populate the RESP_UNIT_REF with this value |
| -6 <opt | populate the PRINTER with this value |
| -7 <opt> | populate the PASSWORD with this value |
| -8 <opt> | populate the AUTH_TYPE with this value |
where <opt> can either be
- a string, e.g. "A string", all entries will take this value
- a LDAP attribute type (proceeded with a + sign), e.g. +cn,
each entry will use the entries attribute value.
| Note |
|---|
| N.B. only the first value is used in multiple valued attributes. |
Example Code
| Code Block | ||
|---|---|---|
| ||
C:\ >sp_ldap -i -1 +uid -2 +cn -3 READONLY -8 LDAP -n
This line says populate the user_id with the attribute value 'uid', populate user_name with the attribute value 'cn' and populate auth_type with 'LDAP'. Since we have used -n option the action is displayed without being actioned (see results opposite)
(USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('tgri', 'Tony', 'READONLY', 'LDAP')
(USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('tmck', 'Tim M', 'READONLY', 'LDAP')
(USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('tlea', 'Tim L', 'READONLY', 'LDAP')
(USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('scom', 'Steve', 'READONLY', 'LDAP')
(USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('simon', 'Simon', 'READONLY', 'LDAP')
(USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('rcro', 'Ray', 'READONLY', 'LDAP')
(USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('jpen', 'John', 'READONLY', 'LDAP')
(USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('dbw', 'Don', 'READONLY', 'LDAP')
(USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('droy', 'Debbie', 'READONLY', 'LDAP')
(USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('dcg', 'Dave', 'READONLY', 'LDAP') |