Previous Topic: issec Utility—Display CA ControlMinder Daemon StatusNext Topic: seos2ldap Script—Export CA ControlMinder Users to LDAP


ldap2seos Script—Extract Users from LDAP for Adding into CA ControlMinder

Valid on UNIX

The ldap2seos utility extracts users from an LDAP database located at the server host and adds them to the CA ControlMinder database.

Important! CA ControlMinder lets you use LDAP users directly without importing them if the LDAP user store is used by the operating system, that is, it is an enterprise user store. Consider using this functionality of CA ControlMinder instead of the ldap2seos utility.

The ldap2seos utility extracts information from an LDAP server about the defined users. The extracted information is automatically used to execute selang commands to add the users to the database. The generated commands are also printed to the standard output and saved automatically to the file named /tmp/ldap2seos.tcl.log.

This utility requires access to a TCL shell environment. The ldap2seos script assumes that the TCL shell path is /usr/local/bin/tclsh. If the TCL shell is placed elsewhere, change the first line in the script.

For the utility to work correctly, CA ControlMinder must be running. The utility updates the database, so it must be run by a user with the ADMIN privilege. This user must also be authorized in the LDAP database settings to make the search query.

This script has the following format:

ldap2seos [options]
‑accfld account‑field

Specifies the LDAP field name containing the user ID for CA ControlMinder.

If the UNIX user ID is in the LDAP userid field, this option is unnecessary.

If the UNIX user ID is assigned to an LDAP field other than the userid field, specify the LDAP field as accountfield and the LDAP userid field is ignored.

Note: If the script cannot find the userid, users are not uploaded to the CA ControlMinder database.

‑b base‑entry

Specifies the base entry, in the LDAP database, from which the users are taken. The entry must be valid inside the LDAP database. If the base entry is omitted, LDAP uses the default base entry to provide the users.

‑d dn

Specifies an entry name to be used with the ‑w switch to authenticate to LDAP as another user; mostly needed to log into LDAP as admin user.

‑f filename

Specifies a file to which data retrieved from the LDAP server may be temporarily stored.

‑h

Displays help for this utility. The screen contains a listing and explanation of ldap2seos usage and options.

‑h ldap‑host

Specifies the name of the host where the LDAP database is located. The default is the local host.

‑l ldap‑dir

Specifies the directory containing the line command utilities that are assumed to be in the bin subdirectory. The default is /usr/local/ldap.

‑p port

Specifies the port LDAP uses for connections. The default is port 389.

‑u

Identical to ‑h, displays help. The screen contains a listing and explanation of ldap2seos usage and options.

‑w bindpasswd

Specifies the user password. To be used with the ‑d option where authentication is required to access the LDAP database.

Example: Extract User Information

The following command extracts information about users from the LDAP database at host myhost.mysite.com and tries to add them to the CA ControlMinder database.

ldap2seos ‑h myhost.mysite.com