Previous Topic: ldap2seos Script—Extract Users from LDAP for Adding into CA ControlMinderNext Topic: migopts Utility—Translate Unicenter Security Settings


seos2ldap Script—Export CA ControlMinder Users to LDAP

seos2ldap exports CA ControlMinder users from the database to an LDAP database located at a server host. It extracts appropriate information about users from the CA ControlMinder database. It then transmits the information to the selected server's LDAP database. The extracted information is used to generate an LDIF file. Specified users are added to the LDAP database. The responses are saved automatically to the file named /tmp/seos2ldap.tcl.log.

This utility requires access to a TCL shell environment. ldap2seos assumes that the TCL shell path is /usr/local/bin/tclsh. If the TCL shell is placed elsewhere, change the first line in the script.

For the utility to work correctly, CA ControlMinder must be running. The utility reads from the database, so it must be run by a user with the ADMIN privilege. This user must also be authorized in the LDAP database settings to make changes.

The entry schema, if you elect to use one, for the LDAP database should look like the schema for the Netscape server. If you have changed the Netscape schema, or are using another type of LDAP server, you may need to edit the seos2ldap sample script accordingly.

If a CA ControlMinder database user already appears in the LDAP database, the user is not added. An error message is produced but the export process continues.

This script has the following format:

seos2ldap [options]
‑b base-entry

Specifies the base entry, in the LDAP database, that stores user information. The entry must be valid inside the LDAP database. If the base entry is omitted, LDAP prompts the user to provide it.

‑d dn

Specifies an entry name to be used with the ‑w switch to authenticate to LDAP as another user. This option is required to log into LDAP as an admin user.

‑f filename

Specifies a file to which data retrieved from the LDAP server may be temporarily stored.

‑h

Displays a help for the utility. The screen contains a listing and explanation of ldap2seos usage and options.

‑h ldap‑host

Specifies the name of the host where the LDAP database is located. The default is the local host.

‑l ldap‑dir

Specifies the directory containing the line command utilities that are assumed to be in the bin subdirectory. The default is /usr/local/ldap.

‑noprompt

Cancels base entry prompt. If you did not use the ‑b baseentry flag to specify the base LDAP entry, by default seos2ldap prompts for a base entry. This flag suppresses the prompt.

‑p port

Defines the port LDAP uses for connections. The default is port 389.

‑u

Identical to ‑h, displays help. The screen contains a listing and explanation of ldap2seos usage and options.

‑w bindpasswd

Defines the user password. Use this with the ‑d option where authentication is required to access the LDAP database.

Example: Export User Information

The following command extracts information about users from the CA ControlMinder database and creates an LDIF file named SeOS_user_dump. The command adds records to the LDAP database at host myhost.mysite.com. You can edit the LDIF file later and update LDAP manually.

seos2ldap ‑h myhost.mysite.com