localhostldapserver
ldapserver 时间:2021-05-01 阅读:()
CopyrightIBMCorporation2013TrademarksImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage1of9ImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerUsePythontoeasilyfindandimportuseraccountsintoIBMSecurityAccessManager—withnoscriptingexperiencerequiredOriPomerantzOctober15,2013SystemsadministratorsfrequentlyneedawaytoimportexistinguseraccountsfromanLDAPrepositoryintoIBMSecurityAccessManager.
Inthisarticle,getstartedwithanimportscriptwritteninPythonthatyoucanusetoreadusersinanLDAPrepository,thenimportthemusingtheIBMSecurityAccessManagerpdadmincommand.
IdentityandAccessManagementLearnmoreaboutidentityandaccessmanagementtoolsinIBM's"IdentityandAccessManagementBuyer'sGuide.
"IBMsecurityproductsareoftenimplementedasbrownfielddevelopments,meaningtheyarebuiltforanenvironmentwheresomesimilarapplicationalreadyexists.
IBMSecurityAccessManagerissuchaproduct,beingfrequentlydeployedintoenvironmentswhereaLightweightDirectoryAccessProtocol(LDAP)directoryserverisalreadyinplace.
Inthatcase,systemadministratorsneedtoknowhowtoimportuserentriesfromtheLDAPdirectoryserverintoIBMSecurityAccessManager.
Figure1showsasystemarchitecturewhereIBMSecurityAccessManagerhasbeenintroducedtoanexistingsystemthatincludesanLDAPdirectoryserverandback-endapplications.
developerWorksibm.
com/developerWorks/ImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage2of9Figure1.
AdirectoryserverarchitecturewithIBMSecurityAccessManagerInthisarticle,IpresentaPythonscript(seeDownload)youcanusefromthecommand-linetoautomaticallyfindandimportnewusersfromanLDAPrepositorytreeintoIBMSecurityAccessManager.
NotethatthisarticleassumesthatyouarefamiliarwithIBMSecurityAccessManagerandtheLightweightDirectoryAccessProtocol.
Youneedn'tbefamiliarwithPythontousetheimportscript.
AboutPythonPythonisascriptinglanguagethatisastandardpartofmostLinuxdistributions.
IfyourinstallationofIBMSecurityAccessManagerisrunningonWindows,youcandownloadPythontofollowthedemonstrationhere.
SeeRelatedtopicstolearnmoreaboutPython.
TheimportscriptInthissection,Iintroduceandexplainsomeelementsandstagesoftheimportscript,whichyoumaydownloadatanytime.
NotethatthescriptreliesonIBMSecurityAccessManager'spdadmincommand,soyoumustrunitonacomputerwiththeIBMSecurityAccessManagerruntimeenvironmentinstalled.
Figure2isaflowdiagramshowingthemajorprogressionsofthescript.
Figure2.
ThemajorstagesofthescriptListing1showstheimportscript.
Listing1.
Theimportscript#!
/usr/bin/pythonibm.
com/developerWorks/developerWorksImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage3of9#Authenticationldap_dn="cn=root"ldap_pwd="object00"ldap_server="localhost"sameb_uid="sec_master"sameb_pwd="object00"#ThepartoftheLDAPtreewhereyouexpectusersldap_base="o=xyz"#ThepartoftheLDAPtreewheretheSAMeb#configurationislocatedldap_sameb_base="secAuthority=Default"#Internalconfigurationldap_user_file="ldap_users"uid_file="uid_file"fromsubprocessimportcallcall("ldapsearch-LLL-D"+ldap_dn+"-w"+ldap_pwd+"-b"+ldap_base+"-h"+ldap_server"objectclass=inetOrgPersondn>"+ldap_user_file,shell=True)ldap_users=open(ldap_user_file,"r")forlineinldap_users:iflen(line)>1:dn=line[4:-1]ret_val=call("ldapsearch-D"+ldap_dn+"-w"+ldap_pwd+"-h"+ldap_server+"-b"+ldap_sameb_base+"secDN="+dn+"|grepnumEntries>/dev/null",shell=True)if(ret_val==1):print"Needtoimport"+dncall("ldapsearch-D"+ldap_dn+"-w"+ldap_pwd+"-h"+ldap_server+"-b"+dn+"objectClass=inetOrgPersonuid"+"|grepuid:>"+uid_file,shell=True)uid_f=open(uid_file,"r")uid=uid_f.
read()uid_f.
close()uid=uid[5:-1]call("pdadmin-a"+sameb_uid+"-p"+sameb_pwd+"userimport"+uid+""+dn,shell=True);call("pdadmin-a"+sameb_uid+"-p"+sameb_pwd+"usermodify"+uid+"account-validyes",shell=True);Inthenextsection,Iwon'texplaineverypartofthescript,justitsmajorfeatures.
ItishelpfulifyouarefamiliarwithPython,butnotnecessary.
I'llexplaintherelevantaspectsofPythonsyntaxforeachsettingandalsoshowyouwhereyouwouldneedtomodifyitforyourownuse.
ScriptsettingsNormally,Pythonlinesthatstartwithanumbersign(#)arecomments.
ThislineinListing1isaspecialcase,however.
TheUNIXconventionisthatfilesthatstartwithanumbersignfolloweddeveloperWorksibm.
com/developerWorks/ImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage4of9byanexclamationpoint(#!
)usetherestofthelineasthenameoftheinterpreterthatwillrunthefile.
Inthiscase,thefollowingcodeisthepathforthePythoninterpreter.
Youwouldmodifyitasneededforyourenvironment.
#!
/usr/bin/pythonThenextcodesnipcontainstheLDAPserver'slogon,password,andserverhostnameinformation.
Modifyitasneededforyourownsystem.
#Authenticationldap_dn="cn=root"ldap_pwd="object00"ldap_server="localhost"Next,thescriptpasseslogonandpasswordinformationtoIBMSecurityAccessManager.
Modifythesepartsforyourenvironment.
sameb_uid="sec_master"sameb_pwd="object00"ThenextpartisthebranchoftheLDAPtreethathasuserinformation.
Figure3showsanexampleofthelocationofusersintheLDAPtree.
Modifyasneededforyourconfiguration.
Figure3.
LDAPtreewithusers#ThepartoftheLDAPtreewhereyouexpectusersldap_base="ou=people,o=xyz"FilteringuseraccountsInadditiontolocatingusersintheLDAPtree,thescriptmustlimititselftouserswhoarenotalreadyinIBMSecurityAccessManager.
Tofilteroutthoseusers,thescriptneedstoknowthelocationintheLDAPtreeoftheIBMSecurityAccessManagerconfiguration.
Asshownbelow,thedefaultlocationissecAuthority=Default.
Youcanchangethisdefaultsettingwhenyoufirstconfigurethepolicyserver.
#ThepartoftheLDAPtreewheretheSAMeb#configurationislocatedldap_sameb_base="secAuthority=Default"Figure4showstheLDAPtreewiththedefaultlocationoftheIBMSecurityAccessManagerconfiguration.
ibm.
com/developerWorks/developerWorksImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage5of9Figure4.
LDAPtreewithsecAuthority=DefaultTowardtheendofthescriptyouseethefilesusedasintermediatestoragefortheoutputofcommandsusedtoobtainuserinformation.
Unlessyouhaveareasontorunmultipleinstancesofthescriptatonce,youshouldn'tneedtochangethefollowingfilenames:#Internalconfigurationldap_user_file="ldap_users"uid_file="uid_file"ScriptfunctionsThenextpartofthescriptusestheparametersdeclaredabovetoactuallyreadusersfromLDAPandimportthemintoIBMSecurityAccessManager.
ThescriptusesPython'ssubprocess.
callfunctiontorunshellcommands.
Thefollowinglineimportsthefunctionsothatitisavailable:fromsubprocessimportcallThenextlinecallsldapsearchtofindthelistofusers.
call("ldapsearch-LLL-D"+ldap_dn+"-w"+ldap_pwd+"-b"+ldap_base+"-h"+ldap_server"objectclass=inetOrgPersondn>"+ldap_user_file,shell=True)Withthedefaultconfiguration,thelinesaboverunthefollowingshellcommand.
ThiscommandsearchesforentitiesoftypeinetOrgPerson,whichisusedtorepresentpeople.
Itreadsonlytheirdistinguishednameandsendstheoutputtoafilecalledldapusers:ldapsearch-LLL-Dcn=root-wobject00-bou=people,o=xyz-hlocalhostobjectclass=inetOrgPersondn>ldapusersNext,thescriptopenstheldapusersfileandreadsit,linebyline.
NotethatPythonhandlesblocksbyindentation;soeverythingthatisindentedatleastoncefromthispointonwardisdoneonceperuser.
ldap_users=open(ldap_user_file,"r")forlineinldap_users:developerWorksibm.
com/developerWorks/ImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage6of9Note:Thelinesinldapusersareoftheform:dn:cn=jdoe,ou=users,o=xyz.
Thefirstfourcharactersaredn:followedbyaspace.
Theactualdistinguishednamestartsinthefifthcharacter,whichisnumber4whencountingfromzero.
Halfofthelinesinldapusersareblank.
Theotherhalfstartwithdn:.
Thiscodefragmentignorestheblanklinesanddiscardsthefirstfourcharactersoftheotherlines.
BecausePythonblocksaredesignatedbyindentation,therestofthescriptrunsonlyforlinesthatarenotblank.
iflen(line)>1:dn=line[4:-1]CheckingforexistingaccountsAspreviouslynoted,it'simportanttoensurethatyoudon'tduplicateexistingaccountswhenyouimportusersfromtheLDAPrepositoryintoIBMSecurityAccessManager.
UserentriesinIBMSecurityAccessManagerhaveasecDNattributewiththevalueoftheoriginaldistinguishedname.
ThefollowingcodesegmentusesldapsearchtolookforanentrywiththeappropriatesecDNvalue.
ret_val=call("ldapsearch-D"+ldap_dn+"-w"+ldap_pwd+"-h"+ldap_server+"-b"+ldap_sameb_base+"secDN="+dn+"|grepnumEntries>/dev/null",shell=True)Areturnvalueof1indicatesthatgrepfailed,meaningthatnoLDAPentrymatchesthefilter.
Inthatcase,thescriptimportstheuser,creatinganewLDAPentityfortheIBMSecurityAccessManageruserinformation.
if(ret_val==1):print"Needtoimport"+dnImportinganewuserToimportauserintoIBMSecurityAccessManageryoumustspecifytheuser'sUID,theidentifierthatheorsheusestologon.
Thefollowinglinesretrievethatvalue:call("ldapsearch-D"+ldap_dn+"-w"+ldap_pwd+"-h"+ldap_server+"-b"+dn+"objectClass=inetOrgPersonuid"+"|grepuid:>"+uid_file,shell=True)Thislinereadsthefirstlineofthefile:uid_f=open(uid_file,"r")uid=uid_f.
read()uid_f.
close()Notethattheabovelinespecifiesthatthefirstfivecharacters(uid:)shouldbediscarded.
Theremainingcharactersrepresenttheactualattributevalue.
ibm.
com/developerWorks/developerWorksImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage7of9uid=uid[5:-1]CreatingnewaccountsFinally,thescriptcreatesthenewaccountsinIBMSecurityAccessManagerusingpdadmin:call("pdadmin-a"+sameb_uid+"-p"+sameb_pwd+"userimport"+uid+""+dn,shell=True);call("pdadmin-a"+sameb_uid+"-p"+sameb_pwd+"usermodify"+uid+"account-validyes",shell=True)Notethatthescriptneedstoissuethesecondcommand(usermodify>uidInconclusionInthisarticle,I'veintroducedyoutoaPythonscriptthatmakesiteasytoimportnewuserstoIBMSecurityAccessManager.
Whilethescriptdoesn'tprovidealltheflexibilityofIBMTivoliDirectoryIntegrator,orthefunctionalityofIBMSecurityIdentityManager(seeRelatedtopics),itdoeshavetheadvantageofbeingfree.
AcknowledgmentsIwouldliketothankWindayaniAchmadZaenullahforidentifyingtheneedforthisarticleandLanceClintonforreviewingit.
Anyremainingmistakesaremyfault.
developerWorksibm.
com/developerWorks/ImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage8of9DownloadableresourcesDescriptionNameSizeImportpythonscriptautomatic_import_src.
zip(HTTP|FTP|Downloaddirector—)ibm.
com/developerWorks/developerWorksImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage9of9Relatedtopics"IBMSecurityAccessManagerunboxed"(developerWorks,January2013):GetupandrunningwithIBMSecurityAccessManagerforWeb.
Thisseriesoffourvideosdemonstrateshowtoinstallthevirtualmachine,configurethecommand-lineinterface,andcreateareverseproxy.
IBMIdentityManagementandAccessManagementSolutions:GetanoverviewofIBMsecuritysolutionsforidentityandaccessmanagement.
"ApplicationdevelopmentinPythonwithibm_db:"GetstartedwithPythonfunctionsforaccessingandmanipulatingdatainanIBMdataserverdatabaseviatheibm_dbAPI.
"DiscoverPython,Part8:ReadingandwritingdatausingPython'sinputandoutputfunctionality"(developerWorks,January2006):LearnmoreaboutthemanyusesofPython.
IntroductiontoComputerScience:TryafreeonlinecourseteachingnewprogrammershowtowriteawebcrawlerusingPython.
IBMTivoliDirectoryIntegrator:DownloadafreetrialversionofIBMTivoliDirectoryIntegratorv7.
1andfindouthowyouuseittoenableconsistentdataacrossmultipleidentityorgenericdataresources.
IBMSecurityIdentityManager:Automatethecreation,modification,recertification,andterminationofuserprivilegesthroughouttheuserlifecycle.
DownloadPython.
CopyrightIBMCorporation2013(www.
ibm.
com/legal/copytrade.
shtml)Trademarks(www.
ibm.
com/developerworks/ibm/trademarks/)
Inthisarticle,getstartedwithanimportscriptwritteninPythonthatyoucanusetoreadusersinanLDAPrepository,thenimportthemusingtheIBMSecurityAccessManagerpdadmincommand.
IdentityandAccessManagementLearnmoreaboutidentityandaccessmanagementtoolsinIBM's"IdentityandAccessManagementBuyer'sGuide.
"IBMsecurityproductsareoftenimplementedasbrownfielddevelopments,meaningtheyarebuiltforanenvironmentwheresomesimilarapplicationalreadyexists.
IBMSecurityAccessManagerissuchaproduct,beingfrequentlydeployedintoenvironmentswhereaLightweightDirectoryAccessProtocol(LDAP)directoryserverisalreadyinplace.
Inthatcase,systemadministratorsneedtoknowhowtoimportuserentriesfromtheLDAPdirectoryserverintoIBMSecurityAccessManager.
Figure1showsasystemarchitecturewhereIBMSecurityAccessManagerhasbeenintroducedtoanexistingsystemthatincludesanLDAPdirectoryserverandback-endapplications.
developerWorksibm.
com/developerWorks/ImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage2of9Figure1.
AdirectoryserverarchitecturewithIBMSecurityAccessManagerInthisarticle,IpresentaPythonscript(seeDownload)youcanusefromthecommand-linetoautomaticallyfindandimportnewusersfromanLDAPrepositorytreeintoIBMSecurityAccessManager.
NotethatthisarticleassumesthatyouarefamiliarwithIBMSecurityAccessManagerandtheLightweightDirectoryAccessProtocol.
Youneedn'tbefamiliarwithPythontousetheimportscript.
AboutPythonPythonisascriptinglanguagethatisastandardpartofmostLinuxdistributions.
IfyourinstallationofIBMSecurityAccessManagerisrunningonWindows,youcandownloadPythontofollowthedemonstrationhere.
SeeRelatedtopicstolearnmoreaboutPython.
TheimportscriptInthissection,Iintroduceandexplainsomeelementsandstagesoftheimportscript,whichyoumaydownloadatanytime.
NotethatthescriptreliesonIBMSecurityAccessManager'spdadmincommand,soyoumustrunitonacomputerwiththeIBMSecurityAccessManagerruntimeenvironmentinstalled.
Figure2isaflowdiagramshowingthemajorprogressionsofthescript.
Figure2.
ThemajorstagesofthescriptListing1showstheimportscript.
Listing1.
Theimportscript#!
/usr/bin/pythonibm.
com/developerWorks/developerWorksImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage3of9#Authenticationldap_dn="cn=root"ldap_pwd="object00"ldap_server="localhost"sameb_uid="sec_master"sameb_pwd="object00"#ThepartoftheLDAPtreewhereyouexpectusersldap_base="o=xyz"#ThepartoftheLDAPtreewheretheSAMeb#configurationislocatedldap_sameb_base="secAuthority=Default"#Internalconfigurationldap_user_file="ldap_users"uid_file="uid_file"fromsubprocessimportcallcall("ldapsearch-LLL-D"+ldap_dn+"-w"+ldap_pwd+"-b"+ldap_base+"-h"+ldap_server"objectclass=inetOrgPersondn>"+ldap_user_file,shell=True)ldap_users=open(ldap_user_file,"r")forlineinldap_users:iflen(line)>1:dn=line[4:-1]ret_val=call("ldapsearch-D"+ldap_dn+"-w"+ldap_pwd+"-h"+ldap_server+"-b"+ldap_sameb_base+"secDN="+dn+"|grepnumEntries>/dev/null",shell=True)if(ret_val==1):print"Needtoimport"+dncall("ldapsearch-D"+ldap_dn+"-w"+ldap_pwd+"-h"+ldap_server+"-b"+dn+"objectClass=inetOrgPersonuid"+"|grepuid:>"+uid_file,shell=True)uid_f=open(uid_file,"r")uid=uid_f.
read()uid_f.
close()uid=uid[5:-1]call("pdadmin-a"+sameb_uid+"-p"+sameb_pwd+"userimport"+uid+""+dn,shell=True);call("pdadmin-a"+sameb_uid+"-p"+sameb_pwd+"usermodify"+uid+"account-validyes",shell=True);Inthenextsection,Iwon'texplaineverypartofthescript,justitsmajorfeatures.
ItishelpfulifyouarefamiliarwithPython,butnotnecessary.
I'llexplaintherelevantaspectsofPythonsyntaxforeachsettingandalsoshowyouwhereyouwouldneedtomodifyitforyourownuse.
ScriptsettingsNormally,Pythonlinesthatstartwithanumbersign(#)arecomments.
ThislineinListing1isaspecialcase,however.
TheUNIXconventionisthatfilesthatstartwithanumbersignfolloweddeveloperWorksibm.
com/developerWorks/ImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage4of9byanexclamationpoint(#!
)usetherestofthelineasthenameoftheinterpreterthatwillrunthefile.
Inthiscase,thefollowingcodeisthepathforthePythoninterpreter.
Youwouldmodifyitasneededforyourenvironment.
#!
/usr/bin/pythonThenextcodesnipcontainstheLDAPserver'slogon,password,andserverhostnameinformation.
Modifyitasneededforyourownsystem.
#Authenticationldap_dn="cn=root"ldap_pwd="object00"ldap_server="localhost"Next,thescriptpasseslogonandpasswordinformationtoIBMSecurityAccessManager.
Modifythesepartsforyourenvironment.
sameb_uid="sec_master"sameb_pwd="object00"ThenextpartisthebranchoftheLDAPtreethathasuserinformation.
Figure3showsanexampleofthelocationofusersintheLDAPtree.
Modifyasneededforyourconfiguration.
Figure3.
LDAPtreewithusers#ThepartoftheLDAPtreewhereyouexpectusersldap_base="ou=people,o=xyz"FilteringuseraccountsInadditiontolocatingusersintheLDAPtree,thescriptmustlimititselftouserswhoarenotalreadyinIBMSecurityAccessManager.
Tofilteroutthoseusers,thescriptneedstoknowthelocationintheLDAPtreeoftheIBMSecurityAccessManagerconfiguration.
Asshownbelow,thedefaultlocationissecAuthority=Default.
Youcanchangethisdefaultsettingwhenyoufirstconfigurethepolicyserver.
#ThepartoftheLDAPtreewheretheSAMeb#configurationislocatedldap_sameb_base="secAuthority=Default"Figure4showstheLDAPtreewiththedefaultlocationoftheIBMSecurityAccessManagerconfiguration.
ibm.
com/developerWorks/developerWorksImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage5of9Figure4.
LDAPtreewithsecAuthority=DefaultTowardtheendofthescriptyouseethefilesusedasintermediatestoragefortheoutputofcommandsusedtoobtainuserinformation.
Unlessyouhaveareasontorunmultipleinstancesofthescriptatonce,youshouldn'tneedtochangethefollowingfilenames:#Internalconfigurationldap_user_file="ldap_users"uid_file="uid_file"ScriptfunctionsThenextpartofthescriptusestheparametersdeclaredabovetoactuallyreadusersfromLDAPandimportthemintoIBMSecurityAccessManager.
ThescriptusesPython'ssubprocess.
callfunctiontorunshellcommands.
Thefollowinglineimportsthefunctionsothatitisavailable:fromsubprocessimportcallThenextlinecallsldapsearchtofindthelistofusers.
call("ldapsearch-LLL-D"+ldap_dn+"-w"+ldap_pwd+"-b"+ldap_base+"-h"+ldap_server"objectclass=inetOrgPersondn>"+ldap_user_file,shell=True)Withthedefaultconfiguration,thelinesaboverunthefollowingshellcommand.
ThiscommandsearchesforentitiesoftypeinetOrgPerson,whichisusedtorepresentpeople.
Itreadsonlytheirdistinguishednameandsendstheoutputtoafilecalledldapusers:ldapsearch-LLL-Dcn=root-wobject00-bou=people,o=xyz-hlocalhostobjectclass=inetOrgPersondn>ldapusersNext,thescriptopenstheldapusersfileandreadsit,linebyline.
NotethatPythonhandlesblocksbyindentation;soeverythingthatisindentedatleastoncefromthispointonwardisdoneonceperuser.
ldap_users=open(ldap_user_file,"r")forlineinldap_users:developerWorksibm.
com/developerWorks/ImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage6of9Note:Thelinesinldapusersareoftheform:dn:cn=jdoe,ou=users,o=xyz.
Thefirstfourcharactersaredn:followedbyaspace.
Theactualdistinguishednamestartsinthefifthcharacter,whichisnumber4whencountingfromzero.
Halfofthelinesinldapusersareblank.
Theotherhalfstartwithdn:.
Thiscodefragmentignorestheblanklinesanddiscardsthefirstfourcharactersoftheotherlines.
BecausePythonblocksaredesignatedbyindentation,therestofthescriptrunsonlyforlinesthatarenotblank.
iflen(line)>1:dn=line[4:-1]CheckingforexistingaccountsAspreviouslynoted,it'simportanttoensurethatyoudon'tduplicateexistingaccountswhenyouimportusersfromtheLDAPrepositoryintoIBMSecurityAccessManager.
UserentriesinIBMSecurityAccessManagerhaveasecDNattributewiththevalueoftheoriginaldistinguishedname.
ThefollowingcodesegmentusesldapsearchtolookforanentrywiththeappropriatesecDNvalue.
ret_val=call("ldapsearch-D"+ldap_dn+"-w"+ldap_pwd+"-h"+ldap_server+"-b"+ldap_sameb_base+"secDN="+dn+"|grepnumEntries>/dev/null",shell=True)Areturnvalueof1indicatesthatgrepfailed,meaningthatnoLDAPentrymatchesthefilter.
Inthatcase,thescriptimportstheuser,creatinganewLDAPentityfortheIBMSecurityAccessManageruserinformation.
if(ret_val==1):print"Needtoimport"+dnImportinganewuserToimportauserintoIBMSecurityAccessManageryoumustspecifytheuser'sUID,theidentifierthatheorsheusestologon.
Thefollowinglinesretrievethatvalue:call("ldapsearch-D"+ldap_dn+"-w"+ldap_pwd+"-h"+ldap_server+"-b"+dn+"objectClass=inetOrgPersonuid"+"|grepuid:>"+uid_file,shell=True)Thislinereadsthefirstlineofthefile:uid_f=open(uid_file,"r")uid=uid_f.
read()uid_f.
close()Notethattheabovelinespecifiesthatthefirstfivecharacters(uid:)shouldbediscarded.
Theremainingcharactersrepresenttheactualattributevalue.
ibm.
com/developerWorks/developerWorksImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage7of9uid=uid[5:-1]CreatingnewaccountsFinally,thescriptcreatesthenewaccountsinIBMSecurityAccessManagerusingpdadmin:call("pdadmin-a"+sameb_uid+"-p"+sameb_pwd+"userimport"+uid+""+dn,shell=True);call("pdadmin-a"+sameb_uid+"-p"+sameb_pwd+"usermodify"+uid+"account-validyes",shell=True)Notethatthescriptneedstoissuethesecondcommand(usermodify>uid
Whilethescriptdoesn'tprovidealltheflexibilityofIBMTivoliDirectoryIntegrator,orthefunctionalityofIBMSecurityIdentityManager(seeRelatedtopics),itdoeshavetheadvantageofbeingfree.
AcknowledgmentsIwouldliketothankWindayaniAchmadZaenullahforidentifyingtheneedforthisarticleandLanceClintonforreviewingit.
Anyremainingmistakesaremyfault.
developerWorksibm.
com/developerWorks/ImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage8of9DownloadableresourcesDescriptionNameSizeImportpythonscriptautomatic_import_src.
zip(HTTP|FTP|Downloaddirector—)ibm.
com/developerWorks/developerWorksImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage9of9Relatedtopics"IBMSecurityAccessManagerunboxed"(developerWorks,January2013):GetupandrunningwithIBMSecurityAccessManagerforWeb.
Thisseriesoffourvideosdemonstrateshowtoinstallthevirtualmachine,configurethecommand-lineinterface,andcreateareverseproxy.
IBMIdentityManagementandAccessManagementSolutions:GetanoverviewofIBMsecuritysolutionsforidentityandaccessmanagement.
"ApplicationdevelopmentinPythonwithibm_db:"GetstartedwithPythonfunctionsforaccessingandmanipulatingdatainanIBMdataserverdatabaseviatheibm_dbAPI.
"DiscoverPython,Part8:ReadingandwritingdatausingPython'sinputandoutputfunctionality"(developerWorks,January2006):LearnmoreaboutthemanyusesofPython.
IntroductiontoComputerScience:TryafreeonlinecourseteachingnewprogrammershowtowriteawebcrawlerusingPython.
IBMTivoliDirectoryIntegrator:DownloadafreetrialversionofIBMTivoliDirectoryIntegratorv7.
1andfindouthowyouuseittoenableconsistentdataacrossmultipleidentityorgenericdataresources.
IBMSecurityIdentityManager:Automatethecreation,modification,recertification,andterminationofuserprivilegesthroughouttheuserlifecycle.
DownloadPython.
CopyrightIBMCorporation2013(www.
ibm.
com/legal/copytrade.
shtml)Trademarks(www.
ibm.
com/developerworks/ibm/trademarks/)
- localhostldapserver相关文档
- Simplifiedldapserver
- instructorsldapserver
- contentsldapserver
- LISTSERVLDAPDocumentation
- 思科ldapserver
- 单点ldapserver
Hostio€5/月KVM-2GB/25GB/5TB/荷兰机房
Hostio是一家成立于2006年的国外主机商,提供基于KVM架构的VPS主机,AMD EPYC CPU,NVMe硬盘,1-10Gbps带宽,最低月付5欧元起。商家采用自己的网络AS208258,宿主机采用2 x AMD Epyc 7452 32C/64T 2.3Ghz CPU,16*32GB内存,4个Samsung PM983 NVMe SSD,提供IPv4+IPv6。下面列出几款主机配置信息。...
印象云七夕促销,所有机器7折销售,美国CERA低至18元/月 年付217元!
印象云,成立于2019年3月的商家,公司注册于中国香港,国人运行。目前主要从事美国CERA机房高防VPS以及香港三网CN2直连VPS和美国洛杉矶GIA三网线路服务器销售。印象云香港三网CN2机房,主要是CN2直连大陆,超低延迟!对于美国CERA机房应该不陌生,主要是做高防服务器产品的,并且此机房对中国大陆支持比较友好,印象云美国高防VPS服务器去程是163直连、三网回程CN2优化,单IP默认给20...
Raksmart:香港高防服务器/20Mbps带宽(cn2+bgp)/40G-100Gbps防御
RAKsmart怎么样?RAKsmart香港机房新增了付费的DDoS高防保护服务,香港服务器默认接入20Mbps的大陆优化带宽(电信走CN2、联通和移动走BGP)。高防服务器需要在下单页面的IP Addresses Option里面选择购买,分:40Gbps大陆优化高防IP-$461/月、100Gbps国际BGP高防IP-$692/月,有兴趣的可以根据自己的需求来选择!点击进入:RAKsmart官...
ldapserver为你推荐
-
servererror电脑连接路由登录提示server error:401 N/A,如何处理?phpcms模板PHPCMS V9模板建企业网站建立一个企业网站要多少钱360arp防火墙在哪360ARP防火墙正大天地网正大光明是什么数字泉州商标注册泉州注册一个商标具体要怎么弄?具体流程是什么?oa办公软件价格一个oa系统多少钱discuz教程Discuz! Database Error怎么解决啊?我的电脑打不开这个网啊很久了。其他电脑可以。discuz7.0discuz6.1和discuz7.0哪个好用?邮件管理系统哪个邮件管理软件好?