14.1 sp_ldap
On This Page:
Related Pages:
As can be seen from 14.1 LDAP Configuration the full power in configuring ServiceScheduling is contained in the LDAP_URL. A command line utility has been developed to allow users to validate the settings in sp083_system_parameters and also to export users from the LDAP Server into the ServiceScheduling Database.
The command utility is called sp_ldap, full details of how to run it are supplied on the command by running it with the –h option.
Modes of Operation
Two modes of operation are supported.
Check Mode | Import Mode |
---|---|
This mode of operation allows users to check the setting of the sp083_system_parameters for LDAP. It can also validate a user and also authenticate him.
The options –c basically reads the LDAP_URL setting and attempts an anonymous bind to the LDAP server. This validates the host,portofLDAP_URLand the LDAP_version
The options –c and –u, additionally constructs this user’s DN using the method defined in LDAP_DN. If the DN was constructed via SEARCH then it will be a validated DN, if it was constructed via CONCATENATE then it has not.
The options –c, -u and –w additional authenticate the user and his password. This is a full check as performed by the spsecurity module. | This mode of operation allows the user to import users from the LDAP Server into the sp085_users table. Duplicated users will fail insertion into sp085_users, and deleted LDAP users will remain in sp085_users. This mode is invoked via the –i option. Check using -n before applying The –n option is a no operation mode, where details are displayed to the user but no action is performed against the ServiceScheduling database.
The –1 to –8 options allow the user to define how the sp085_users columns are populated. See for a reminder of what sp085_users looks like.
The –1 to –8 options relate to USER_ID to AUTH_TYPE. The parameters following each option tell the application how to populate the column for each user found in the LDAP directory. If the option for a column entry is not used then a NULL value is used. If the parameters begins with a plus (+) sign then this value is assumed to be an LDAP attribute type, the corresponding attribute value will be used to populate the table. If the parameter is simply a string (with the proceeding + sign) then that string is used. See example opposite.
|
Command Line Utility
C:\ >sp_ldap
Command line utility to verify or export data from
a LDAP server into the SERVICEOptimizer database Users table
Usage: sp_ldap [options]
Common Options | |
---|---|
-d <database> | Specify SERVICEOptimizer Database schema/password |
-h | Display help text |
-u <user> | for Check: verify that this user exists for Import: bind as this user |
-w <user pw> | password for user |
Check Options | |
---|---|
-c | Check the LDAP_URL specified in SYSTEM_PARAMETERS (Default) |
Import Options | |
---|---|
-i | Import data from the LDAP Server to the USERS table |
-n | Show what would be done but don't actually do it |
-1 <opt> | populate the USER_ID with this value |
-2 <opt> | populate the USER_NAME wit this value |
-3 <opt> | populate the PROFILE this value |
-4 <opt> | populate the RESP_UNIT_NO with this value |
-5 <opt> | populate the RESP_UNIT_REF with this value |
-6 <opt | populate the PRINTER with this value |
-7 <opt> | populate the PASSWORD with this value |
-8 <opt> | populate the AUTH_TYPE with this value |
where <opt> can either be
- a string, e.g. "A string", all entries will take this value
- a LDAP attribute type (proceeded with a + sign), e.g. +cn,
each entry will use the entries attribute value.
Example Code
C:\ >sp_ldap -i -1 +uid -2 +cn -3 READONLY -8 LDAP -n This line says populate the user_id with the attribute value 'uid', populate user_name with the attribute value 'cn' and populate auth_type with 'LDAP'. Since we have used -n option the action is displayed without being actioned (see results opposite) (USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('tgri', 'Tony', 'READONLY', 'LDAP') (USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('tmck', 'Tim M', 'READONLY', 'LDAP') (USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('tlea', 'Tim L', 'READONLY', 'LDAP') (USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('scom', 'Steve', 'READONLY', 'LDAP') (USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('simon', 'Simon', 'READONLY', 'LDAP') (USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('rcro', 'Ray', 'READONLY', 'LDAP') (USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('jpen', 'John', 'READONLY', 'LDAP') (USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('dbw', 'Don', 'READONLY', 'LDAP') (USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('droy', 'Debbie', 'READONLY', 'LDAP') (USER_ID, USER_NAME, PROFILE, AUTH_TYPE) ('dcg', 'Dave', 'READONLY', 'LDAP')