Schema and LDAP help

[davidz]

I apologize if this isn't the best place to ask this question but I was hoping someone here would know more about this and could help me out.

I have scalix/ldap integration working great. My problem now, is that I need to modify my current LDAP directory to include the scalix schema items. I know how to modify each user individually by doing this:

Code: Select all

ldapmodify -x -D "uid=Manager,ou=Users,dc=foo,dc=com" -W -v -f /tmp/modify.ldif


And this is what /tmp/modify.ldif looks like:

Code: Select all

dn: uid=username,ou=Users,dc=foo,dc=com
changetype: modify
add: objectClass
objectClass: exScalixClass
-
add: exScalixObject
exScalixObject: TRUE
-
add: exScalixMailnode
exScalixMailnode: mailnode,domain
-
add: exScalixMsglang
exScalixMsglang: ENGLISH
-
add: exScalixAdmin
exScalixAdmin: TRUE
-
add: exScalixMboxadmin
exScalixMboxadmin: FALSE
-


That will modify that one user and I can use omldapsync and it works great. But I have about 200 users in my LDAP directory that I need to modify. How can I do this without having to do it one at a time? I'm not experienced enough with scripting or I'd just do that, and I've searched google but can't find anything close enough to my situation to make work.

Additionally how do I setup my OpenLdap server to require these attributes when I create a new user? So I don't have this extra step every time I add someone to my directory. Thanks in advance!

[florian]

Hi David,

thanks for your post. I believe your understanding is correct and you'll need to do some scriptng to progress here. Unfortunately, I don't have a finished script lying around that does your required tricks, but maybe someone else on the forum has - this is more an OpenLDAP question than anything else.

Having said that, OpenLDAP is not particularly good at GUI integration or automation - have you look at the Fedora Directory Server for a free alternative? This is a lot more powerful in that sense.

Hope this helps anyway,
Florian.

[davidz]

I'm going to post this just in case someone else has some of the same problems I've been having. This is the script that I used to modify all my current ldap entries to add the Scalix attributes. First I create a list of users entries to modify using a simple ldapsearch:

Code: Select all

ldapsearch -x |grep ou=Users > userlist


Sample Output:

Code: Select all

dn: uid=user1,ou=Users,dc=foo,dc=com
dn: uid=user2,ou=Users,dc=foo,dc=com
dn: uid=user3,ou=Users,dc=foo,dc=com
dn: uid=user4,ou=Users,dc=foo,dc=com


You can adjust your ldapsearch to provide the correct results for you. What I needed was a list of the full DN of the user. This was used in the script below.

Code: Select all

#!/usr/bin/perl

$infile="userlist";

open (INFILE, $infile);
@mylines=<INFILE>;

foreach $line (@mylines) {
chop ($line);
$outfile="modifyusers";
open (OUT, ">$outfile");

#Next line is what changes for each value in array above...
print OUT "$line\n";
print OUT <<EOM;
changetype: modify
add: objectClass
objectClass: exScalixClass
-
add: exScalixObject
exScalixObject: TRUE
-
add: exScalixMailnode
exScalixMailnode: hermes,sutc
-
add: exScalixMsglang
exScalixMsglang: ENGLISH
-
add: exScalixAdmin
exScalixAdmin: TRUE
-
add: exScalixMboxadmin
exScalixMboxadmin: FALSE
-
EOM

close (OUT);
# The first line just prints the output to the screen, the second will do the operation
# Uncomment the one you want to do.  I use the first to test then actually do it.
#print "$line\n";
#print "ldapmodify -x -D \"uid=Manager,ou=Users,dc=foo,dc=com\" -W -v -f $outfile\n";

} #end for loop



If there are entries you don't want in scalix you can modify the "userlist' file and remove them. There is probably a more professional way to do this script but this is all I could come up with. Any comments would be appreciated.

Just as a side note, I plan on hacking the smbldap-useradd script so it will create these attributes when I create a samba/domain user with it. That way each new user in the LDAP directory will have all the necessary attributes. Then a cron job will run on my Scalix server to run omldapsync every 30 minutes.