Copy members from specified Domino groups to Tivoli LDAP server.
Tcl, 246 lines
Download
Copy to clipboard1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 | ##############################################################
# Copy members from Lotus Domino groups to Tivoli LDAP groups.
##############################################################
puts "\n executing [info script]\n"
# make script drive independent.
set drive [lindex [file split [info script]] 0 ]
puts "\n proclib = $drive/scripts/TCL/proclib"
source [ file join $drive /scripts/TCL/proclib/checkFile_proc.tcl ]
source [ file join $drive /scripts/TCL/proclib/smtp_proc.tcl ]
source [ file join $drive /scripts/TCL/proclib/netSend_proc.tcl ]
source [ file join $drive /scripts/TCL/proclib/reportHeader_proc.tcl ]
package require ldap
###########################################
# Get the members of the group from Lotus
# For each Lotus member get the UID
# Get the base dn of the groups in ldap
# Get the base dn of the corresponding member in ldap
# Update the ldap group.
###########################################
proc replicateGroups { groupList s1 s2 bindDn pw reportFileId attr } {
global sourceServer
global targetServer
# group membership information is returned as given name and surname.
# Get the uid using given name and surname.
foreach { x } $groupList {
puts [ format "\n%-30s %s" { } {***********} ]
puts $reportFileId [ format "\n%-30s %s" { } {***********} ]
puts "\nMapping persons from \"[lindex $x 0 ]\" on Lotus to \"[lindex $x 1 ]\"\.\n"
puts $reportFileId "\nMapping persons from \"[lindex $x 0 ]\" on Lotus to \"[lindex $x 1 ]\"\.\n"
set sourceGroupCn (cn=[lindex $x 0 ])
# search from the root dse by using a null string for the base option.
if { [ catch { ldap::search $sourceServer "" "$sourceGroupCn" {member} } r ] == 0 } {
# search returns null if no matches.
foreach i [ lindex $r 0 1 1 ] {
set cn [ string trimright $i {,o=ABC} ]
set uid [ lindex [ ldap::search $sourceServer "o=ABC" ($cn) {uid} ] 0 1 1 ]
# Lotus Notes Ldap groups may contain members that no longer exist in Lotus Schema hence uid may be null string.
if { [ string is space -strict $uid ] == 1 || $uid == {} } {
puts $reportFileId "############### Error"
puts $reportFileId "############### $cn does not exist in Lotus Notes"
} else {
lappend cnList cn\=$uid
unset uid
}
}
} else {
puts "r = $r"
puts $reportFileId $r
return -code error $r
}
# skip this loop if the source group is null(not found).
if { [ info exist cnList ] == 1 } {
# build ldap entry for the IBM ldap group
set targetGroupCn (cn=[lindex $x 1 ])
# get the full dn of the target group.
set baseDnGroup [ lindex [ ldap::search $targetServer "o=ABC,dc=com.au,c=au" "$targetGroupCn" {cn} ] 0 0 ]
# call proc process person to move members to group.
processPerson $reportFileId $baseDnGroup $cnList $attr
} else {
puts "\n$sourceGroupCn does not exist on Lotus server $s1\."
puts $reportFileId "\n$sourceGroupCn does not exist on ldap server $s1\."
}
}
}
###########################################
# Get the members of the group from Lotus
# For each Lotus member get the UID
###########################################
proc processPerson { reportFileId baseDnGroup cnList attr } {
global sourceServer
global targetServer
foreach i $cnList {
# get the full dn of the target person.
# we assume that the target person is already in the ldap schema but not in the group.
# NB the cn of the target person must be unique in the schema.
# NB the cn must exist in the schema.
set baseDnPerson [ lindex [ ldap::search $targetServer "o=ABC,dc=com.au,c=au" "($i)" {cn}] 0 0 ]
if { [ string is space -strict $baseDnPerson ] == 1 || $baseDnPerson == {} } {
puts $reportFileId "\n############### Error"
puts $reportFileId "############### $i does not exist in IBM Ldap"
} else {
# check whether the person is already a member of the group
set memberOf [ lindex [ ldap::search $targetServer "o=ABC,dc=com.au,c=au" "($i)" {ibm-allGroups} ] 0 1 1 ]
if { [ lsearch -regexp $memberOf "(?ni)$baseDnGroup" ] != -1 } {
puts "\nEntry $baseDnPerson is already a member of $baseDnGroup"
puts $reportFileId "\nEntry $baseDnPerson is already a member of $baseDnGroup"
} else {
puts "\nAdd $baseDnPerson to $baseDnGroup"
puts $reportFileId "\nAdd $baseDnPerson to $baseDnGroup"
puts "\nldap::modify $targetServer $baseDnGroup {} {} [ list $attr $baseDnPerson ] "
if { [ catch { [ ldap::modify $targetServer $baseDnGroup {} {} [ list $attr $baseDnPerson ] ] } r ] == 0 } {
puts "\n$baseDnPerson added to $baseDnGroup"
puts $reportFileId "\n$baseDnPerson added to $baseDnGroup"
} else {
puts "\n$r"
puts $reportFileId "\n$r"
}
}
}
}
}
###########################################
# Email Report
###########################################
proc emailReport { reportFile reportFileId } {
flush $reportFileId
set computerName $::env(COMPUTERNAME)
set subject "$computerName - Lotus - LDAP Replication"
sendSimpleMessage youremail@xxx.com $subject $reportFile
}
######################################
# Control Section.
######################################
######################################
# Set Variables
######################################
set fileDate [ clock format [ clock seconds ] -format %Y-%m-%d_%H.%M.%S ]
set reportFile [ file join $drive reports/ldap/lotusReplicationGroups_$fileDate\.txt ]
set s1 xxxxxxx
set s2 yyyyyyy
set bindDn "cn=frrfr"
set pw password
set attr uniqueMember
puts "\ns1 = $s1"
puts "s2 = $s2\n"
puts "reportfile = $reportFile\n"
######################################
# Report Header.
######################################
set reportFileId [ open $reportFile w ]
set header "$::env(COMPUTERNAME) - Lotus LDAP Replication"
set baseDN "ou=ldapgroups,o=ABC,dc=com.au,c=au"
reportHeader $reportFileId $header $reportFile
# map the Lotus Roles to the LDAP groups
lappend groupList [ list "DominoGroup 1" LdapGroup1 ]
lappend groupList [ list "DominoGroup 2" LdapGroup2 ]
lappend groupList [ list "DominoGroup 3" LdapGroup3 ]
lappend groupList [ list "DominoGroup 4" LdapGroup4 ]
# connect to ldap
set sourceServer [ ldap::connect $s1 389 ]
::ldap::bind $sourceServer
set targetServer [ ldap::connect $s2 389 ]
::ldap::bind $targetServer $bindDn $pw
global sourceServer
global targetServer
######################################
# Extract dominoPersons from Lotus.
######################################
if { [ catch { replicateGroups $groupList $s1 $s2 $bindDn $pw $reportFileId $attr } r ] == 0 } {
puts "\nr = $r"
} else {
puts "\n = $r"
puts $reportFileId \n$r
}
::ldap::unbind $sourceServer
::ldap::unbind $targetServer
::ldap::disconnect $sourceServer
::ldap::disconnect $targetServer
emailReport $reportFile $reportFileId
close $reportFileId
######################################
# END.
######################################
|
Tags: ldap
