ldap account backup

Discuss the Scalix Server software

Moderators: ScalixSupport, admin

les
Scalix Star
Scalix Star
Posts: 819
Joined: Thu Feb 23, 2006 10:18 am
Location: Sydney, Australia

ldap account backup

Postby les » Tue Feb 13, 2007 2:55 am

Hi,

I have a question.....

All user account info in scalix is held in ldap, right?

If i wanted to export all user and password info as a seperate backup how would i go about it? Are there any gotchas? can i just use slapcat?

TIA
Regards,

Les Stott

Valerion
Scalix Star
Scalix Star
Posts: 2730
Joined: Thu Feb 26, 2004 7:40 am
Location: Johannesburg, South Africa
Contact:

Postby Valerion » Tue Feb 13, 2007 5:12 am

Actually the information is held in the internal SYSTEM directory. The Scalix LDAP daemon is simply an interface into this.

omsearch -s -m @ALL-ATTR@

You can get more information in the hidden USERLIST directory

omsearch -s -d USERLIST -t h -m @ALL-ATTR@

Seems the password is store in there in a hashed form, you won't be able to retrieve it in a plaintext way.

Of course, given all this info, I am not entirely sure this will help you, as you can't really consititure more than the user's details this way.

The best way is to get all the relevant info is with an omshowu on each user, then use that information in a subsequent omaddu. This will create the user mailbox plus all the needed directory entries for you. Combined with a sxmboxexp you can get the user back exactly the way it was.

les
Scalix Star
Scalix Star
Posts: 819
Joined: Thu Feb 23, 2006 10:18 am
Location: Sydney, Australia

Postby les » Tue Feb 13, 2007 9:07 am

Valerion wrote:Actually the information is held in the internal SYSTEM directory. The Scalix LDAP daemon is simply an interface into this.

omsearch -s -m @ALL-ATTR@

You can get more information in the hidden USERLIST directory

omsearch -s -d USERLIST -t h -m @ALL-ATTR@

Seems the password is store in there in a hashed form, you won't be able to retrieve it in a plaintext way.


Thats ok, don't need to read the password entries in plain text.

Of course, given all this info, I am not entirely sure this will help you, as you can't really consititure more than the user's details this way.

The best way is to get all the relevant info is with an omshowu on each user, then use that information in a subsequent omaddu. This will create the user mailbox plus all the needed directory entries for you. Combined with a sxmboxexp you can get the user back exactly the way it was.


what i was really after was a way to easily restore a user (or group of users) account (including all atributes - i.e. password and everything) if necessary.

Primarily its being able to restore the user password back to what it was.....

with openldap thats relatively straight-forward with slapcat.

omshowu and omsearch can give me almost everything.

omldapsearch does an export output to ldif with ....

omldapsearch -L UTF8-N -s sub "cn=*"

and omldapadd or omldapmodify can reimport via ldif format.

But again, its not everything.

Given that ldap is more or less just a frontend is there any other tools to export the system user list (including all user attributes) to a file, and be able to re-import that back in if necessary?

TIA
Regards,

Les Stott

kanderson

Postby kanderson » Tue Feb 13, 2007 11:11 am

Could you move your users to using openLDAP for authentication? This would allow you to export things using more familiar tools.

I'm sure it can be done, a tool names p-synch allows you to synchronize passwords to/from an openmail (read scalix) server. I don't know exactly how though. Hopefully one of these things will point you in the right general direction.

Kev.

les
Scalix Star
Scalix Star
Posts: 819
Joined: Thu Feb 23, 2006 10:18 am
Location: Sydney, Australia

Postby les » Tue Feb 13, 2007 4:29 pm

kanderson wrote:Could you move your users to using openLDAP for authentication? This would allow you to export things using more familiar tools.

I'm sure it can be done, a tool names p-synch allows you to synchronize passwords to/from an openmail (read scalix) server. I don't know exactly how though. Hopefully one of these things will point you in the right general direction.

Kev.


possible, but i wasn't looking to change that much server side. Thanks for the tip though.

I thought there would be some way of exporting full user info with some already existing tools?
Regards,

Les Stott

kanderson

Postby kanderson » Tue Feb 13, 2007 6:07 pm

If psynch can do it, than so can we. But I suspect you'll need some assistance from Scalix to make it all work...

Kev


Return to “Scalix Server”



Who is online

Users browsing this forum: No registered users and 12 guests

cron