localhostldapserver

ldapserver  时间:2021-05-01  阅读:()
CopyrightIBMCorporation2013TrademarksImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage1of9ImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerUsePythontoeasilyfindandimportuseraccountsintoIBMSecurityAccessManager—withnoscriptingexperiencerequiredOriPomerantzOctober15,2013SystemsadministratorsfrequentlyneedawaytoimportexistinguseraccountsfromanLDAPrepositoryintoIBMSecurityAccessManager.
Inthisarticle,getstartedwithanimportscriptwritteninPythonthatyoucanusetoreadusersinanLDAPrepository,thenimportthemusingtheIBMSecurityAccessManagerpdadmincommand.
IdentityandAccessManagementLearnmoreaboutidentityandaccessmanagementtoolsinIBM's"IdentityandAccessManagementBuyer'sGuide.
"IBMsecurityproductsareoftenimplementedasbrownfielddevelopments,meaningtheyarebuiltforanenvironmentwheresomesimilarapplicationalreadyexists.
IBMSecurityAccessManagerissuchaproduct,beingfrequentlydeployedintoenvironmentswhereaLightweightDirectoryAccessProtocol(LDAP)directoryserverisalreadyinplace.
Inthatcase,systemadministratorsneedtoknowhowtoimportuserentriesfromtheLDAPdirectoryserverintoIBMSecurityAccessManager.
Figure1showsasystemarchitecturewhereIBMSecurityAccessManagerhasbeenintroducedtoanexistingsystemthatincludesanLDAPdirectoryserverandback-endapplications.
developerWorksibm.
com/developerWorks/ImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage2of9Figure1.
AdirectoryserverarchitecturewithIBMSecurityAccessManagerInthisarticle,IpresentaPythonscript(seeDownload)youcanusefromthecommand-linetoautomaticallyfindandimportnewusersfromanLDAPrepositorytreeintoIBMSecurityAccessManager.
NotethatthisarticleassumesthatyouarefamiliarwithIBMSecurityAccessManagerandtheLightweightDirectoryAccessProtocol.
Youneedn'tbefamiliarwithPythontousetheimportscript.
AboutPythonPythonisascriptinglanguagethatisastandardpartofmostLinuxdistributions.
IfyourinstallationofIBMSecurityAccessManagerisrunningonWindows,youcandownloadPythontofollowthedemonstrationhere.
SeeRelatedtopicstolearnmoreaboutPython.
TheimportscriptInthissection,Iintroduceandexplainsomeelementsandstagesoftheimportscript,whichyoumaydownloadatanytime.
NotethatthescriptreliesonIBMSecurityAccessManager'spdadmincommand,soyoumustrunitonacomputerwiththeIBMSecurityAccessManagerruntimeenvironmentinstalled.
Figure2isaflowdiagramshowingthemajorprogressionsofthescript.
Figure2.
ThemajorstagesofthescriptListing1showstheimportscript.
Listing1.
Theimportscript#!
/usr/bin/pythonibm.
com/developerWorks/developerWorksImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage3of9#Authenticationldap_dn="cn=root"ldap_pwd="object00"ldap_server="localhost"sameb_uid="sec_master"sameb_pwd="object00"#ThepartoftheLDAPtreewhereyouexpectusersldap_base="o=xyz"#ThepartoftheLDAPtreewheretheSAMeb#configurationislocatedldap_sameb_base="secAuthority=Default"#Internalconfigurationldap_user_file="ldap_users"uid_file="uid_file"fromsubprocessimportcallcall("ldapsearch-LLL-D"+ldap_dn+"-w"+ldap_pwd+"-b"+ldap_base+"-h"+ldap_server"objectclass=inetOrgPersondn>"+ldap_user_file,shell=True)ldap_users=open(ldap_user_file,"r")forlineinldap_users:iflen(line)>1:dn=line[4:-1]ret_val=call("ldapsearch-D"+ldap_dn+"-w"+ldap_pwd+"-h"+ldap_server+"-b"+ldap_sameb_base+"secDN="+dn+"|grepnumEntries>/dev/null",shell=True)if(ret_val==1):print"Needtoimport"+dncall("ldapsearch-D"+ldap_dn+"-w"+ldap_pwd+"-h"+ldap_server+"-b"+dn+"objectClass=inetOrgPersonuid"+"|grepuid:>"+uid_file,shell=True)uid_f=open(uid_file,"r")uid=uid_f.
read()uid_f.
close()uid=uid[5:-1]call("pdadmin-a"+sameb_uid+"-p"+sameb_pwd+"userimport"+uid+""+dn,shell=True);call("pdadmin-a"+sameb_uid+"-p"+sameb_pwd+"usermodify"+uid+"account-validyes",shell=True);Inthenextsection,Iwon'texplaineverypartofthescript,justitsmajorfeatures.
ItishelpfulifyouarefamiliarwithPython,butnotnecessary.
I'llexplaintherelevantaspectsofPythonsyntaxforeachsettingandalsoshowyouwhereyouwouldneedtomodifyitforyourownuse.
ScriptsettingsNormally,Pythonlinesthatstartwithanumbersign(#)arecomments.
ThislineinListing1isaspecialcase,however.
TheUNIXconventionisthatfilesthatstartwithanumbersignfolloweddeveloperWorksibm.
com/developerWorks/ImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage4of9byanexclamationpoint(#!
)usetherestofthelineasthenameoftheinterpreterthatwillrunthefile.
Inthiscase,thefollowingcodeisthepathforthePythoninterpreter.
Youwouldmodifyitasneededforyourenvironment.
#!
/usr/bin/pythonThenextcodesnipcontainstheLDAPserver'slogon,password,andserverhostnameinformation.
Modifyitasneededforyourownsystem.
#Authenticationldap_dn="cn=root"ldap_pwd="object00"ldap_server="localhost"Next,thescriptpasseslogonandpasswordinformationtoIBMSecurityAccessManager.
Modifythesepartsforyourenvironment.
sameb_uid="sec_master"sameb_pwd="object00"ThenextpartisthebranchoftheLDAPtreethathasuserinformation.
Figure3showsanexampleofthelocationofusersintheLDAPtree.
Modifyasneededforyourconfiguration.
Figure3.
LDAPtreewithusers#ThepartoftheLDAPtreewhereyouexpectusersldap_base="ou=people,o=xyz"FilteringuseraccountsInadditiontolocatingusersintheLDAPtree,thescriptmustlimititselftouserswhoarenotalreadyinIBMSecurityAccessManager.
Tofilteroutthoseusers,thescriptneedstoknowthelocationintheLDAPtreeoftheIBMSecurityAccessManagerconfiguration.
Asshownbelow,thedefaultlocationissecAuthority=Default.
Youcanchangethisdefaultsettingwhenyoufirstconfigurethepolicyserver.
#ThepartoftheLDAPtreewheretheSAMeb#configurationislocatedldap_sameb_base="secAuthority=Default"Figure4showstheLDAPtreewiththedefaultlocationoftheIBMSecurityAccessManagerconfiguration.
ibm.
com/developerWorks/developerWorksImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage5of9Figure4.
LDAPtreewithsecAuthority=DefaultTowardtheendofthescriptyouseethefilesusedasintermediatestoragefortheoutputofcommandsusedtoobtainuserinformation.
Unlessyouhaveareasontorunmultipleinstancesofthescriptatonce,youshouldn'tneedtochangethefollowingfilenames:#Internalconfigurationldap_user_file="ldap_users"uid_file="uid_file"ScriptfunctionsThenextpartofthescriptusestheparametersdeclaredabovetoactuallyreadusersfromLDAPandimportthemintoIBMSecurityAccessManager.
ThescriptusesPython'ssubprocess.
callfunctiontorunshellcommands.
Thefollowinglineimportsthefunctionsothatitisavailable:fromsubprocessimportcallThenextlinecallsldapsearchtofindthelistofusers.
call("ldapsearch-LLL-D"+ldap_dn+"-w"+ldap_pwd+"-b"+ldap_base+"-h"+ldap_server"objectclass=inetOrgPersondn>"+ldap_user_file,shell=True)Withthedefaultconfiguration,thelinesaboverunthefollowingshellcommand.
ThiscommandsearchesforentitiesoftypeinetOrgPerson,whichisusedtorepresentpeople.
Itreadsonlytheirdistinguishednameandsendstheoutputtoafilecalledldapusers:ldapsearch-LLL-Dcn=root-wobject00-bou=people,o=xyz-hlocalhostobjectclass=inetOrgPersondn>ldapusersNext,thescriptopenstheldapusersfileandreadsit,linebyline.
NotethatPythonhandlesblocksbyindentation;soeverythingthatisindentedatleastoncefromthispointonwardisdoneonceperuser.
ldap_users=open(ldap_user_file,"r")forlineinldap_users:developerWorksibm.
com/developerWorks/ImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage6of9Note:Thelinesinldapusersareoftheform:dn:cn=jdoe,ou=users,o=xyz.
Thefirstfourcharactersaredn:followedbyaspace.
Theactualdistinguishednamestartsinthefifthcharacter,whichisnumber4whencountingfromzero.
Halfofthelinesinldapusersareblank.
Theotherhalfstartwithdn:.
Thiscodefragmentignorestheblanklinesanddiscardsthefirstfourcharactersoftheotherlines.
BecausePythonblocksaredesignatedbyindentation,therestofthescriptrunsonlyforlinesthatarenotblank.
iflen(line)>1:dn=line[4:-1]CheckingforexistingaccountsAspreviouslynoted,it'simportanttoensurethatyoudon'tduplicateexistingaccountswhenyouimportusersfromtheLDAPrepositoryintoIBMSecurityAccessManager.
UserentriesinIBMSecurityAccessManagerhaveasecDNattributewiththevalueoftheoriginaldistinguishedname.
ThefollowingcodesegmentusesldapsearchtolookforanentrywiththeappropriatesecDNvalue.
ret_val=call("ldapsearch-D"+ldap_dn+"-w"+ldap_pwd+"-h"+ldap_server+"-b"+ldap_sameb_base+"secDN="+dn+"|grepnumEntries>/dev/null",shell=True)Areturnvalueof1indicatesthatgrepfailed,meaningthatnoLDAPentrymatchesthefilter.
Inthatcase,thescriptimportstheuser,creatinganewLDAPentityfortheIBMSecurityAccessManageruserinformation.
if(ret_val==1):print"Needtoimport"+dnImportinganewuserToimportauserintoIBMSecurityAccessManageryoumustspecifytheuser'sUID,theidentifierthatheorsheusestologon.
Thefollowinglinesretrievethatvalue:call("ldapsearch-D"+ldap_dn+"-w"+ldap_pwd+"-h"+ldap_server+"-b"+dn+"objectClass=inetOrgPersonuid"+"|grepuid:>"+uid_file,shell=True)Thislinereadsthefirstlineofthefile:uid_f=open(uid_file,"r")uid=uid_f.
read()uid_f.
close()Notethattheabovelinespecifiesthatthefirstfivecharacters(uid:)shouldbediscarded.
Theremainingcharactersrepresenttheactualattributevalue.
ibm.
com/developerWorks/developerWorksImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage7of9uid=uid[5:-1]CreatingnewaccountsFinally,thescriptcreatesthenewaccountsinIBMSecurityAccessManagerusingpdadmin:call("pdadmin-a"+sameb_uid+"-p"+sameb_pwd+"userimport"+uid+""+dn,shell=True);call("pdadmin-a"+sameb_uid+"-p"+sameb_pwd+"usermodify"+uid+"account-validyes",shell=True)Notethatthescriptneedstoissuethesecondcommand(usermodify>uidInconclusionInthisarticle,I'veintroducedyoutoaPythonscriptthatmakesiteasytoimportnewuserstoIBMSecurityAccessManager.
Whilethescriptdoesn'tprovidealltheflexibilityofIBMTivoliDirectoryIntegrator,orthefunctionalityofIBMSecurityIdentityManager(seeRelatedtopics),itdoeshavetheadvantageofbeingfree.
AcknowledgmentsIwouldliketothankWindayaniAchmadZaenullahforidentifyingtheneedforthisarticleandLanceClintonforreviewingit.
Anyremainingmistakesaremyfault.
developerWorksibm.
com/developerWorks/ImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage8of9DownloadableresourcesDescriptionNameSizeImportpythonscriptautomatic_import_src.
zip(HTTP|FTP|Downloaddirector—)ibm.
com/developerWorks/developerWorksImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage9of9Relatedtopics"IBMSecurityAccessManagerunboxed"(developerWorks,January2013):GetupandrunningwithIBMSecurityAccessManagerforWeb.
Thisseriesoffourvideosdemonstrateshowtoinstallthevirtualmachine,configurethecommand-lineinterface,andcreateareverseproxy.
IBMIdentityManagementandAccessManagementSolutions:GetanoverviewofIBMsecuritysolutionsforidentityandaccessmanagement.
"ApplicationdevelopmentinPythonwithibm_db:"GetstartedwithPythonfunctionsforaccessingandmanipulatingdatainanIBMdataserverdatabaseviatheibm_dbAPI.
"DiscoverPython,Part8:ReadingandwritingdatausingPython'sinputandoutputfunctionality"(developerWorks,January2006):LearnmoreaboutthemanyusesofPython.
IntroductiontoComputerScience:TryafreeonlinecourseteachingnewprogrammershowtowriteawebcrawlerusingPython.
IBMTivoliDirectoryIntegrator:DownloadafreetrialversionofIBMTivoliDirectoryIntegratorv7.
1andfindouthowyouuseittoenableconsistentdataacrossmultipleidentityorgenericdataresources.
IBMSecurityIdentityManager:Automatethecreation,modification,recertification,andterminationofuserprivilegesthroughouttheuserlifecycle.
DownloadPython.
CopyrightIBMCorporation2013(www.
ibm.
com/legal/copytrade.
shtml)Trademarks(www.
ibm.
com/developerworks/ibm/trademarks/)

HyperVMart:加拿大vps,2核/3G/25G NVMe/G口不限流量/季付$10.97,免费Windows系统

hypervmart怎么样?hypervmart是一家成立了很多年的英国主机商家,上一次分享他家还是在2年前,商家销售虚拟主机、独立服务器和VPS,VPS采用Hyper-V虚拟架构,这一点从他家的域名上也可以看出来。目前商家针对VPS有一个75折的优惠,而且VPS显示的地区为加拿大,但是商家提供的测速地址为荷兰和英国,他家的优势就是给到G口不限流量,硬盘为NVMe固态硬盘,这个配置用来跑跑数据非常...

onevps:新增(支付宝+中文网站),香港/新加坡/日本等9机房,1Gbps带宽,不限流量,仅需$4/月

onevps最新消息,为了更好服务中国区用户:1、网站支付方式新增了支付宝,即将增加微信;原信用卡、PayPal方式不变;(2)可以切换简体中文版网站,在网站顶部右上角找到那个米字旗,下拉可以换中国简体版本。VPS可选机房有:中国(香港)、新加坡、日本(东京)、美国(纽约、洛杉矶)、英国(伦敦)、荷兰(阿姆斯特丹)、瑞士(苏黎世)、德国(法兰克福)、澳大利亚(悉尼)。不管你的客户在亚太区域、美洲区...

CloudCone中国新年特别套餐,洛杉矶1G内存VPS年付13.5美元起

CloudCone针对中国农历新年推出了几款特别套餐, 其中2019年前注册的用户可以以13.5美元/年的价格购买一款1G内存特价套餐,以及另外提供了两款不限制注册时间的用户可购买年付套餐。CloudCone是Quadcone旗下成立于2017年的子品牌,提供VPS及独立服务器租用,也是较早提供按小时计费VPS的商家之一,支持使用PayPal或者支付宝等付款方式。下面列出几款特别套餐配置信息。CP...

ldapserver为你推荐
操作httpthinkphpthinkphp与PHP的差别,怎么查看thinkphp编写的系统?iproute网关怎么设置?重庆电信断网这几天为什么重庆电信的网络总是这么不稳定163yeah请问163油箱和yeah邮箱的区别,已经和163其他邮箱的区别!波音737起飞爆胎飞机会爆胎的吗?碧海银沙网怎样在碧海银沙网里发布图片?pintang俏品堂是干什么的?很多论坛都有他们的踪迹。三五互联科技股份有限公司厦门三五互联科技股份有限公司 怎么样?123456hd有很多App后面都有hd是什么意思
四川虚拟主机 过期已备案域名 主机点评 国外php主机 iisphpmysql 42u机柜尺寸 tk域名 网盘申请 100m免费空间 合租空间 169邮箱 isp服务商 免费智能解析 web服务器安全 免费网页空间 七夕快乐英语 视频服务器是什么 数据库空间 贵阳电信测速 服务器防御 更多