Go to file
Paul Marillonnet 7511765128 slapd: drop hdb backend (#63945)
as it is no longer part of openldap>=2.5, see the release note
    https://www.openldap.org/doc/admin25/appendix-changes.html
2022-04-14 17:49:15 +02:00
debian debian: use debhelper compat level 12 2021-12-12 14:09:30 +01:00
src/ldaptools slapd: drop hdb backend (#63945) 2022-04-14 17:49:15 +02:00
tests py3: fix conversion of text to bytes in LDIF parser 2019-03-15 00:19:04 +01:00
.coveragerc add .coveragerc 2016-03-18 14:25:54 +01:00
Jenkinsfile jenkins: build packages for buster & bullseye 2021-12-12 14:10:03 +01:00
MANIFEST.in initial release 2016-02-16 01:19:55 +01:00
README.rst misc: complete changelog 2020-04-25 11:03:33 +02:00
setup.py trivial: remove python 2 from classifiers 2022-02-02 08:12:56 +01:00
tox.ini tox.ini: set pytest junit_family 2020-04-25 09:30:31 +02:00

README.rst

ldaptools
=========

Helper modules to work with LDAP directories and test LDAP tools against OpenLDAP.

- `ldaptools.ldif_utils`: simple parser for LDIF files
- `ldaptools.ldap_source`: generate a stream of LDAP entries from an LDAP URL
- `ldaptools.synchronize`: synchronization class to synchronize a source of LDAP records with a target
- `ldaptools.paged`: an LDAPObject implementating paged search requests
- `ldaptools.ldapsync`: a command line client to the Synchronize class
- `ldaptools.slapd`: launch a standalone slapd server, manipulate its configuration, it helps
  in writing tests against OpenLDAP.

ldapsync
========

        usage: ldapsync [-h] --object-class-pivot OBJECT_CLASS_PIVOT
                        [--attributes-file ATTRIBUTES_FILE] [--attributes ATTRIBUTES]
                        --source-uri SOURCE_URI --source-base-dn SOURCE_BASE_DN
                        [--source-bind-dn SOURCE_BIND_DN]
                        [--source-bind-password SOURCE_BIND_PASSWORD] --target-uri
                        TARGET_URI --target-base-dn TARGET_BASE_DN
                        [--target-bind-dn TARGET_BIND_DN]
                        [--target-bind-password TARGET_BIND_PASSWORD] [--fake]
                        [--verbose]

        Synchronize an LDIF file or a source LDAP directory to another directory Base
        DN of the source is remapped to another DN in the target directory

        optional arguments:
          -h, --help            show this help message and exit
          --object-class-pivot OBJECT_CLASS_PIVOT
                                an objectClass and an attribute name which is the
                                unique identifier for this class
          --attributes-file ATTRIBUTES_FILE
                                a file containing the list of attributes to
                                synchronize
          --attributes ATTRIBUTES
                                a list of attribute names separated by spaces
          --source-uri SOURCE_URI
                                URL of an LDAP directory (ldapi://, ldap:// or
                                ldaps://) or path of and LDIF file
          --source-base-dn SOURCE_BASE_DN
                                base DN of the source
          --source-bind-dn SOURCE_BIND_DN
                                bind DN for a source LDAP directory
          --source-bind-password SOURCE_BIND_PASSWORD
                                bind password for a source LDAP directory
          --target-uri TARGET_URI
                                URL of the target LDAP directory
          --target-base-dn TARGET_BASE_DN
                                base DN of the target LDAP directory
          --target-bind-dn TARGET_BIND_DN
                                bind DN for a target LDAP directory
          --target-bind-password TARGET_BIND_PASSWORD
                                bind password for a target LDAP directory
          --fake                compute synchronization actions but do not apply
          --verbose             print all actions to stdout

Exemple
-------

Synchronize tree of organizational units and people between an LDIF file and a local OpenLDAP directory::

        ldapsync --attributes 'uid cn givenName sn dc ou o description mail member' \
                 --object-class-pivot 'inetOrgPerson uid' \
                 --object-class-pivot 'organizationalUnit ou' \
                 --object-class-pivot 'dcobject dc' \
                 --source-uri dump.ldif \
                 --source-base-dn dc=myorganization,dc=fr \
                 --target-uri ldapi:// \
                 --target-base-dn o=myorganization,dc=otherorganization,dc=fr \
                 --verbose

Synchronize tree of organizational units and people between two LDAP directories::

        ldapsync --attributes 'uid cn givenName sn dc ou o description mail member' \
                 --object-class-pivot 'inetOrgPerson uid' \
                 --object-class-pivot 'organizationalUnit ou' \
                 --object-class-pivot 'dcobject dc' \
                 --source-uri ldap://ldap.myorganization.fr \
                 --source-bind-dn uid=admin,ou=people,dc=myorganization,dc=fr
                 --source-bind-password password
                 --source-base-dn dc=myorganization,dc=fr \
                 --target-uri ldap://ldap.otherorganization.fr
                 --target-bind-dn uid=admin,o=myorganization,dc=otherorganization,dc=fr
                 --target-bind-password password
                 --target-base-dn o=myorganization,dc=otherorganization,dc=fr \
                 --verbose

Changelog
=========

0.21
----
* fix warnings about file descriptor leaks and python-ldap3 bytes-mode

0.18
----
* fix conversion of text to bytes in LDIF parser

0.17
----
* Python3 compatibility
* fix test certificates

0.16
----
* add test certificates

0.15
----
* add support testing with TLS
* filter objectclass from sources, keep only known ones

0.14
----
* fix default ACL when creating slapd server
* fix grammar of LDIF configurations

0.13
----

* in ldapsync, do not delete records not pertaining to one of the objectclass listed in
  --object-class-pivot

0.12
----

* wait for complete stop of the daemon when stopping

0.11
----

* remove debugging statements

0.10
----

* fix leak of standard file descriptors from slapd

0.9
---

* paged: fix paged search when the response contains no paged result extended control
* improvements to tox script


0.8
---

* improve display of actions and errors
* lowercase attributes in dn of LDIF sources
* fix bug when removing attributes from source outside the permitted attributes
* allow specifying case insensitive attributes for compare

0.7
---

* ldapsync: add a --source-filter parameter

0.6
---

* add empty attribute to new entry if attribute is present in target entry
* remove attributes outside of the specified attributes from source entries
* return an empty list of target base DN does no exist
* convert attribute names to istr
* fix typo

0.5
---

* setup.py: add long description

0.4
---

* remove debugging print

0.3
---

* setup.py: add dependency on setuptools

0.2
---

* improvements to tox script

0.1
---

* initial release