195 lines
6.1 KiB
ReStructuredText
195 lines
6.1 KiB
ReStructuredText
ldaptools
|
|
=========
|
|
|
|
Helper modules to work with LDAP directories and test LDAP tools against OpenLDAP.
|
|
|
|
- `ldaptools.ldif_utils`: simple parser for LDIF files
|
|
- `ldaptools.ldap_source`: generate a stream of LDAP entries from an LDAP URL
|
|
- `ldaptools.synchronize`: synchronization class to synchronize a source of LDAP records with a target
|
|
- `ldaptools.paged`: an LDAPObject implementating paged search requests
|
|
- `ldaptools.ldapsync`: a command line client to the Synchronize class
|
|
- `ldaptools.slapd`: launch a standalone slapd server, manipulate its configuration, it helps
|
|
in writing tests against OpenLDAP.
|
|
|
|
ldapsync
|
|
========
|
|
|
|
usage: ldapsync [-h] --object-class-pivot OBJECT_CLASS_PIVOT
|
|
[--attributes-file ATTRIBUTES_FILE] [--attributes ATTRIBUTES]
|
|
--source-uri SOURCE_URI --source-base-dn SOURCE_BASE_DN
|
|
[--source-bind-dn SOURCE_BIND_DN]
|
|
[--source-bind-password SOURCE_BIND_PASSWORD] --target-uri
|
|
TARGET_URI --target-base-dn TARGET_BASE_DN
|
|
[--target-bind-dn TARGET_BIND_DN]
|
|
[--target-bind-password TARGET_BIND_PASSWORD] [--fake]
|
|
[--verbose]
|
|
|
|
Synchronize an LDIF file or a source LDAP directory to another directory Base
|
|
DN of the source is remapped to another DN in the target directory
|
|
|
|
optional arguments:
|
|
-h, --help show this help message and exit
|
|
--object-class-pivot OBJECT_CLASS_PIVOT
|
|
an objectClass and an attribute name which is the
|
|
unique identifier for this class
|
|
--attributes-file ATTRIBUTES_FILE
|
|
a file containing the list of attributes to
|
|
synchronize
|
|
--attributes ATTRIBUTES
|
|
a list of attribute names separated by spaces
|
|
--source-uri SOURCE_URI
|
|
URL of an LDAP directory (ldapi://, ldap:// or
|
|
ldaps://) or path of and LDIF file
|
|
--source-base-dn SOURCE_BASE_DN
|
|
base DN of the source
|
|
--source-bind-dn SOURCE_BIND_DN
|
|
bind DN for a source LDAP directory
|
|
--source-bind-password SOURCE_BIND_PASSWORD
|
|
bind password for a source LDAP directory
|
|
--target-uri TARGET_URI
|
|
URL of the target LDAP directory
|
|
--target-base-dn TARGET_BASE_DN
|
|
base DN of the target LDAP directory
|
|
--target-bind-dn TARGET_BIND_DN
|
|
bind DN for a target LDAP directory
|
|
--target-bind-password TARGET_BIND_PASSWORD
|
|
bind password for a target LDAP directory
|
|
--fake compute synchronization actions but do not apply
|
|
--verbose print all actions to stdout
|
|
|
|
Exemple
|
|
-------
|
|
|
|
Synchronize tree of organizational units and people between an LDIF file and a local OpenLDAP directory::
|
|
|
|
ldapsync --attributes 'uid cn givenName sn dc ou o description mail member' \
|
|
--object-class-pivot 'inetOrgPerson uid' \
|
|
--object-class-pivot 'organizationalUnit ou' \
|
|
--object-class-pivot 'dcobject dc' \
|
|
--source-uri dump.ldif \
|
|
--source-base-dn dc=myorganization,dc=fr \
|
|
--target-uri ldapi:// \
|
|
--target-base-dn o=myorganization,dc=otherorganization,dc=fr \
|
|
--verbose
|
|
|
|
Synchronize tree of organizational units and people between two LDAP directories::
|
|
|
|
ldapsync --attributes 'uid cn givenName sn dc ou o description mail member' \
|
|
--object-class-pivot 'inetOrgPerson uid' \
|
|
--object-class-pivot 'organizationalUnit ou' \
|
|
--object-class-pivot 'dcobject dc' \
|
|
--source-uri ldap://ldap.myorganization.fr \
|
|
--source-bind-dn uid=admin,ou=people,dc=myorganization,dc=fr
|
|
--source-bind-password password
|
|
--source-base-dn dc=myorganization,dc=fr \
|
|
--target-uri ldap://ldap.otherorganization.fr
|
|
--target-bind-dn uid=admin,o=myorganization,dc=otherorganization,dc=fr
|
|
--target-bind-password password
|
|
--target-base-dn o=myorganization,dc=otherorganization,dc=fr \
|
|
--verbose
|
|
|
|
Changelog
|
|
=========
|
|
|
|
0.21
|
|
----
|
|
* fix warnings about file descriptor leaks and python-ldap3 bytes-mode
|
|
|
|
0.18
|
|
----
|
|
* fix conversion of text to bytes in LDIF parser
|
|
|
|
0.17
|
|
----
|
|
* Python3 compatibility
|
|
* fix test certificates
|
|
|
|
0.16
|
|
----
|
|
* add test certificates
|
|
|
|
0.15
|
|
----
|
|
* add support testing with TLS
|
|
* filter objectclass from sources, keep only known ones
|
|
|
|
0.14
|
|
----
|
|
* fix default ACL when creating slapd server
|
|
* fix grammar of LDIF configurations
|
|
|
|
0.13
|
|
----
|
|
|
|
* in ldapsync, do not delete records not pertaining to one of the objectclass listed in
|
|
--object-class-pivot
|
|
|
|
0.12
|
|
----
|
|
|
|
* wait for complete stop of the daemon when stopping
|
|
|
|
0.11
|
|
----
|
|
|
|
* remove debugging statements
|
|
|
|
0.10
|
|
----
|
|
|
|
* fix leak of standard file descriptors from slapd
|
|
|
|
0.9
|
|
---
|
|
|
|
* paged: fix paged search when the response contains no paged result extended control
|
|
* improvements to tox script
|
|
|
|
|
|
0.8
|
|
---
|
|
|
|
* improve display of actions and errors
|
|
* lowercase attributes in dn of LDIF sources
|
|
* fix bug when removing attributes from source outside the permitted attributes
|
|
* allow specifying case insensitive attributes for compare
|
|
|
|
0.7
|
|
---
|
|
|
|
* ldapsync: add a --source-filter parameter
|
|
|
|
0.6
|
|
---
|
|
|
|
* add empty attribute to new entry if attribute is present in target entry
|
|
* remove attributes outside of the specified attributes from source entries
|
|
* return an empty list of target base DN does no exist
|
|
* convert attribute names to istr
|
|
* fix typo
|
|
|
|
0.5
|
|
---
|
|
|
|
* setup.py: add long description
|
|
|
|
0.4
|
|
---
|
|
|
|
* remove debugging print
|
|
|
|
0.3
|
|
---
|
|
|
|
* setup.py: add dependency on setuptools
|
|
|
|
0.2
|
|
---
|
|
|
|
* improvements to tox script
|
|
|
|
0.1
|
|
---
|
|
|
|
* initial release
|