ldaptools

ldaptools

Helper modules to work with LDAP directories and test LDAP tools against OpenLDAP.

• ldaptools.ldif_utils: simple parser for LDIF files
• ldaptools.ldap_source: generate a stream of LDAP entries from an LDAP URL
• ldaptools.synchronize: synchronization class to synchronize a source of LDAP records with a target
• ldaptools.paged: an LDAPObject implementating paged search requests
• ldaptools.ldapsync: a command line client to the Synchronize class
• ldaptools.slapd: launch a standalone slapd server, manipulate its configuration, it helps in writing tests against OpenLDAP.

ldapsync

    usage: ldapsync [-h] --object-class-pivot OBJECT_CLASS_PIVOT
                    [--attributes-file ATTRIBUTES_FILE] [--attributes ATTRIBUTES]
                    --source-uri SOURCE_URI --source-base-dn SOURCE_BASE_DN
                    [--source-bind-dn SOURCE_BIND_DN]
                    [--source-bind-password SOURCE_BIND_PASSWORD] --target-uri
                    TARGET_URI --target-base-dn TARGET_BASE_DN
                    [--target-bind-dn TARGET_BIND_DN]
                    [--target-bind-password TARGET_BIND_PASSWORD] [--fake]
                    [--verbose]

    Synchronize an LDIF file or a source LDAP directory to another directory Base
    DN of the source is remapped to another DN in the target directory

    optional arguments:
      -h, --help            show this help message and exit
      --object-class-pivot OBJECT_CLASS_PIVOT
                            an objectClass and an attribute name which is the
                            unique identifier for this class
      --attributes-file ATTRIBUTES_FILE
                            a file containing the list of attributes to
                            synchronize
      --attributes ATTRIBUTES
                            a list of attribute names separated by spaces
      --source-uri SOURCE_URI
                            URL of an LDAP directory (ldapi://, ldap:// or
                            ldaps://) or path of and LDIF file
      --source-base-dn SOURCE_BASE_DN
                            base DN of the source
      --source-bind-dn SOURCE_BIND_DN
                            bind DN for a source LDAP directory
      --source-bind-password SOURCE_BIND_PASSWORD
                            bind password for a source LDAP directory
      --target-uri TARGET_URI
                            URL of the target LDAP directory
      --target-base-dn TARGET_BASE_DN
                            base DN of the target LDAP directory
      --target-bind-dn TARGET_BIND_DN
                            bind DN for a target LDAP directory
      --target-bind-password TARGET_BIND_PASSWORD
                            bind password for a target LDAP directory
      --fake                compute synchronization actions but do not apply
      --verbose             print all actions to stdout

Exemple

Synchronize tree of organizational units and people between an LDIF file and a local OpenLDAP directory::

    ldapsync --attributes 'uid cn givenName sn dc ou o description mail member' \
             --object-class-pivot 'inetOrgPerson uid' \
             --object-class-pivot 'organizationalUnit ou' \
             --object-class-pivot 'dcobject dc' \
             --source-uri dump.ldif \
             --source-base-dn dc=myorganization,dc=fr \
             --target-uri ldapi:// \
             --target-base-dn o=myorganization,dc=otherorganization,dc=fr \
             --verbose

Synchronize tree of organizational units and people between two LDAP directories::

    ldapsync --attributes 'uid cn givenName sn dc ou o description mail member' \
             --object-class-pivot 'inetOrgPerson uid' \
             --object-class-pivot 'organizationalUnit ou' \
             --object-class-pivot 'dcobject dc' \
             --source-uri ldap://ldap.myorganization.fr \
             --source-bind-dn uid=admin,ou=people,dc=myorganization,dc=fr
             --source-bind-password password
             --source-base-dn dc=myorganization,dc=fr \
             --target-uri ldap://ldap.otherorganization.fr
             --target-bind-dn uid=admin,o=myorganization,dc=otherorganization,dc=fr
             --target-bind-password password
             --target-base-dn o=myorganization,dc=otherorganization,dc=fr \
             --verbose

Changelog

0.21

• fix warnings about file descriptor leaks and python-ldap3 bytes-mode

0.18

• fix conversion of text to bytes in LDIF parser

0.17

• Python3 compatibility
• fix test certificates

0.16

• add test certificates

0.15

• add support testing with TLS
• filter objectclass from sources, keep only known ones

0.14

• fix default ACL when creating slapd server
• fix grammar of LDIF configurations

0.13

• in ldapsync, do not delete records not pertaining to one of the objectclass listed in --object-class-pivot

0.12

• wait for complete stop of the daemon when stopping

0.11

• remove debugging statements

0.10

• fix leak of standard file descriptors from slapd

0.9

• paged: fix paged search when the response contains no paged result extended control
• improvements to tox script

0.8

• improve display of actions and errors
• lowercase attributes in dn of LDIF sources
• fix bug when removing attributes from source outside the permitted attributes
• allow specifying case insensitive attributes for compare

0.7

• ldapsync: add a --source-filter parameter

0.6

• add empty attribute to new entry if attribute is present in target entry
• remove attributes outside of the specified attributes from source entries
• return an empty list of target base DN does no exist
• convert attribute names to istr
• fix typo

0.5

• setup.py: add long description

0.4

• remove debugging print

0.3

• setup.py: add dependency on setuptools

0.2

• improvements to tox script

0.1

• initial release