Document toolboxDocument toolbox

14.1 sp_ldap

As can be seen from 14.1 LDAP Configuration the full power in configuring ServiceScheduling is contained in the LDAP_URL. A command line utility has been developed to allow users to validate the settings in sp083_system_parameters and also to export users from the LDAP Server into the ServiceScheduling Database.

The command utility is called sp_ldap, full details of how to run it are supplied on the command by running it with the –h option.

Modes of Operation 

Two modes of operation are supported.

Check Mode

Import Mode

This mode of operation allows users to check the setting of the sp083_system_parameters for LDAP. It can also validate a user and also authenticate him.

 

The options –c basically reads the LDAP_URL setting and attempts an anonymous bind to the LDAP server. This validates the host,portofLDAP_URLand the LDAP_version

 

The options –c and –u, additionally constructs this user’s DN using the method defined in LDAP_DN. If the DN was constructed via SEARCH then it will be a validated DN, if it was constructed via CONCATENATE then it has not.

 

The options –c, -u and –w additional authenticate the user and his password. This is a full check as performed by the spsecurity module.

This mode of operation allows the user to import users from the LDAP Server into the sp085_users table. Duplicated users will fail insertion into sp085_users, and deleted LDAP users will remain in sp085_users. This mode is invoked via the –i option.

Check using -n before applying

The –n option is a no operation mode, where details are displayed to the user but no action is performed against the ServiceScheduling database.

 

The –1 to –8 options allow the user to define how the sp085_users columns are populated. See for a reminder of what sp085_users looks like.

 

The –1 to –8 options relate to USER_ID to AUTH_TYPE. The parameters following each option tell the application how to populate the column for each user found in the LDAP directory. If the option for a column entry is not used then a NULL value is used. If the parameters begins with a plus (+) sign then this value is assumed to be an LDAP attribute type, the corresponding attribute value will be used to populate the table. If the parameter is simply a string (with the proceeding + sign) then that string is used. See example opposite.

 

 

 

 

 

Command Line Utility

C:\ >sp_ldap

Command line utility to verify or export data from

a LDAP server into the SERVICEOptimizer database Users table

 Usage: sp_ldap [options]

 

Common Options 
-d <database>Specify SERVICEOptimizer Database schema/password
-hDisplay help text
-u <user>

for Check: verify that this user exists

for Import: bind as this user

-w <user pw>password for user
Check Options 
-c 

Check the LDAP_URL specified in SYSTEM_PARAMETERS

                        (Default)

Import Options 
-iImport data from the LDAP Server to the USERS table
-nShow what would be done but don't actually do it
-1 <opt>populate the USER_ID with this value
-2 <opt>populate the USER_NAME wit this value
-3 <opt>populate the PROFILE this value
-4 <opt>populate the RESP_UNIT_NO with this value
-5 <opt>populate the RESP_UNIT_REF with this value
-6 <optpopulate the PRINTER with this value
-7 <opt>       populate the PASSWORD with this value
-8 <opt>populate the AUTH_TYPE with this value

where <opt> can either be

  •         a string, e.g. "A string", all entries will take this value
  •         a LDAP attribute type (proceeded with a + sign), e.g. +cn,

each entry will use the entries attribute value.

N.B. only the first value is used in multiple valued attributes.

Note

sp_ldap will always set the sp085_users.category field to "1".

Example Code

C:\ >sp_ldap -i -1 +uid -2 +cn -3 READONLY -8 LDAP -n
 
This line says populate the user_id with the attribute value 'uid', populate user_name with the attribute value 'cn' and populate auth_type with 'LDAP'. Since we have used -n option the action is displayed without being actioned (see results opposite)
 
(USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('tgri', 'Tony', 'READONLY', 'LDAP')
(USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('tmck', 'Tim M', 'READONLY', 'LDAP')
(USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('tlea', 'Tim L', 'READONLY', 'LDAP')
(USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('scom', 'Steve', 'READONLY', 'LDAP')
(USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('simon', 'Simon', 'READONLY', 'LDAP')
(USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('rcro', 'Ray', 'READONLY', 'LDAP')
(USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('jpen', 'John', 'READONLY', 'LDAP')
(USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('dbw', 'Don', 'READONLY', 'LDAP')
(USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('droy', 'Debbie', 'READONLY', 'LDAP')
(USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('dcg', 'Dave', 'READONLY', 'LDAP')