Previous Topic: Transferring User NamesNext Topic: Configuring Settings


S50CREATE_Ldap_u

S50CREATE_Ldap_u.sh uploads new UNIX users to LDAP as they are created.

CA ControlMinder supplies a sample shell script to import new UNIX users automatically to an LDAP server. The script you need can vary from the sample.

To employ the sample shell script, assuming that you are already using the provided exit script, do the following:

  1. Copy the S50CREATE_Ldap_u.sh file to the directory ACInstallDir/exits/USER_POST. In this directory, the script becomes a post‑user exit.
  2. In the seos.ini file in the [ldap], set the base_entry token to the LDAP base entry.

    For example, for an organization named ServerWorld, located in Canada, the base entry might be: o=ServerWorld, c=CA.

  3. In the same section, set the host name to the host name of the LDAP server. Set the path to the LDAP base directory. (The sample script looks for the line command utilities in the bin directory under that directory.)

Common Names (cn) are derived from the user's full name. If the CA ControlMinder database contains, for example, only the user name and surname, these will comprise the Common Name. You are essentially locked into the Common Name, so we recommend that you do not base it on a user name.

Each user subsequently added to UNIX with selang is automatically uploaded to the LDAP server. If the user already exists in LDAP, an error message results.

When you add users with this script, the relevant LDAP replies and warnings, if any exist, are collected in the /tmp/add_User2Ldap.tcl.log file. You can examine this file, using vi or any other standard UNIX editor, to check for errors. The file is overwritten with the new set of replies and warnings each time you add new users.

More information:

How the Provided selang Exit Script Works