localhostldapserver

ldapserver  时间:2021-05-01  阅读:()
CopyrightIBMCorporation2013TrademarksImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage1of9ImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerUsePythontoeasilyfindandimportuseraccountsintoIBMSecurityAccessManager—withnoscriptingexperiencerequiredOriPomerantzOctober15,2013SystemsadministratorsfrequentlyneedawaytoimportexistinguseraccountsfromanLDAPrepositoryintoIBMSecurityAccessManager.
Inthisarticle,getstartedwithanimportscriptwritteninPythonthatyoucanusetoreadusersinanLDAPrepository,thenimportthemusingtheIBMSecurityAccessManagerpdadmincommand.
IdentityandAccessManagementLearnmoreaboutidentityandaccessmanagementtoolsinIBM's"IdentityandAccessManagementBuyer'sGuide.
"IBMsecurityproductsareoftenimplementedasbrownfielddevelopments,meaningtheyarebuiltforanenvironmentwheresomesimilarapplicationalreadyexists.
IBMSecurityAccessManagerissuchaproduct,beingfrequentlydeployedintoenvironmentswhereaLightweightDirectoryAccessProtocol(LDAP)directoryserverisalreadyinplace.
Inthatcase,systemadministratorsneedtoknowhowtoimportuserentriesfromtheLDAPdirectoryserverintoIBMSecurityAccessManager.
Figure1showsasystemarchitecturewhereIBMSecurityAccessManagerhasbeenintroducedtoanexistingsystemthatincludesanLDAPdirectoryserverandback-endapplications.
developerWorksibm.
com/developerWorks/ImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage2of9Figure1.
AdirectoryserverarchitecturewithIBMSecurityAccessManagerInthisarticle,IpresentaPythonscript(seeDownload)youcanusefromthecommand-linetoautomaticallyfindandimportnewusersfromanLDAPrepositorytreeintoIBMSecurityAccessManager.
NotethatthisarticleassumesthatyouarefamiliarwithIBMSecurityAccessManagerandtheLightweightDirectoryAccessProtocol.
Youneedn'tbefamiliarwithPythontousetheimportscript.
AboutPythonPythonisascriptinglanguagethatisastandardpartofmostLinuxdistributions.
IfyourinstallationofIBMSecurityAccessManagerisrunningonWindows,youcandownloadPythontofollowthedemonstrationhere.
SeeRelatedtopicstolearnmoreaboutPython.
TheimportscriptInthissection,Iintroduceandexplainsomeelementsandstagesoftheimportscript,whichyoumaydownloadatanytime.
NotethatthescriptreliesonIBMSecurityAccessManager'spdadmincommand,soyoumustrunitonacomputerwiththeIBMSecurityAccessManagerruntimeenvironmentinstalled.
Figure2isaflowdiagramshowingthemajorprogressionsofthescript.
Figure2.
ThemajorstagesofthescriptListing1showstheimportscript.
Listing1.
Theimportscript#!
/usr/bin/pythonibm.
com/developerWorks/developerWorksImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage3of9#Authenticationldap_dn="cn=root"ldap_pwd="object00"ldap_server="localhost"sameb_uid="sec_master"sameb_pwd="object00"#ThepartoftheLDAPtreewhereyouexpectusersldap_base="o=xyz"#ThepartoftheLDAPtreewheretheSAMeb#configurationislocatedldap_sameb_base="secAuthority=Default"#Internalconfigurationldap_user_file="ldap_users"uid_file="uid_file"fromsubprocessimportcallcall("ldapsearch-LLL-D"+ldap_dn+"-w"+ldap_pwd+"-b"+ldap_base+"-h"+ldap_server"objectclass=inetOrgPersondn>"+ldap_user_file,shell=True)ldap_users=open(ldap_user_file,"r")forlineinldap_users:iflen(line)>1:dn=line[4:-1]ret_val=call("ldapsearch-D"+ldap_dn+"-w"+ldap_pwd+"-h"+ldap_server+"-b"+ldap_sameb_base+"secDN="+dn+"|grepnumEntries>/dev/null",shell=True)if(ret_val==1):print"Needtoimport"+dncall("ldapsearch-D"+ldap_dn+"-w"+ldap_pwd+"-h"+ldap_server+"-b"+dn+"objectClass=inetOrgPersonuid"+"|grepuid:>"+uid_file,shell=True)uid_f=open(uid_file,"r")uid=uid_f.
read()uid_f.
close()uid=uid[5:-1]call("pdadmin-a"+sameb_uid+"-p"+sameb_pwd+"userimport"+uid+""+dn,shell=True);call("pdadmin-a"+sameb_uid+"-p"+sameb_pwd+"usermodify"+uid+"account-validyes",shell=True);Inthenextsection,Iwon'texplaineverypartofthescript,justitsmajorfeatures.
ItishelpfulifyouarefamiliarwithPython,butnotnecessary.
I'llexplaintherelevantaspectsofPythonsyntaxforeachsettingandalsoshowyouwhereyouwouldneedtomodifyitforyourownuse.
ScriptsettingsNormally,Pythonlinesthatstartwithanumbersign(#)arecomments.
ThislineinListing1isaspecialcase,however.
TheUNIXconventionisthatfilesthatstartwithanumbersignfolloweddeveloperWorksibm.
com/developerWorks/ImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage4of9byanexclamationpoint(#!
)usetherestofthelineasthenameoftheinterpreterthatwillrunthefile.
Inthiscase,thefollowingcodeisthepathforthePythoninterpreter.
Youwouldmodifyitasneededforyourenvironment.
#!
/usr/bin/pythonThenextcodesnipcontainstheLDAPserver'slogon,password,andserverhostnameinformation.
Modifyitasneededforyourownsystem.
#Authenticationldap_dn="cn=root"ldap_pwd="object00"ldap_server="localhost"Next,thescriptpasseslogonandpasswordinformationtoIBMSecurityAccessManager.
Modifythesepartsforyourenvironment.
sameb_uid="sec_master"sameb_pwd="object00"ThenextpartisthebranchoftheLDAPtreethathasuserinformation.
Figure3showsanexampleofthelocationofusersintheLDAPtree.
Modifyasneededforyourconfiguration.
Figure3.
LDAPtreewithusers#ThepartoftheLDAPtreewhereyouexpectusersldap_base="ou=people,o=xyz"FilteringuseraccountsInadditiontolocatingusersintheLDAPtree,thescriptmustlimititselftouserswhoarenotalreadyinIBMSecurityAccessManager.
Tofilteroutthoseusers,thescriptneedstoknowthelocationintheLDAPtreeoftheIBMSecurityAccessManagerconfiguration.
Asshownbelow,thedefaultlocationissecAuthority=Default.
Youcanchangethisdefaultsettingwhenyoufirstconfigurethepolicyserver.
#ThepartoftheLDAPtreewheretheSAMeb#configurationislocatedldap_sameb_base="secAuthority=Default"Figure4showstheLDAPtreewiththedefaultlocationoftheIBMSecurityAccessManagerconfiguration.
ibm.
com/developerWorks/developerWorksImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage5of9Figure4.
LDAPtreewithsecAuthority=DefaultTowardtheendofthescriptyouseethefilesusedasintermediatestoragefortheoutputofcommandsusedtoobtainuserinformation.
Unlessyouhaveareasontorunmultipleinstancesofthescriptatonce,youshouldn'tneedtochangethefollowingfilenames:#Internalconfigurationldap_user_file="ldap_users"uid_file="uid_file"ScriptfunctionsThenextpartofthescriptusestheparametersdeclaredabovetoactuallyreadusersfromLDAPandimportthemintoIBMSecurityAccessManager.
ThescriptusesPython'ssubprocess.
callfunctiontorunshellcommands.
Thefollowinglineimportsthefunctionsothatitisavailable:fromsubprocessimportcallThenextlinecallsldapsearchtofindthelistofusers.
call("ldapsearch-LLL-D"+ldap_dn+"-w"+ldap_pwd+"-b"+ldap_base+"-h"+ldap_server"objectclass=inetOrgPersondn>"+ldap_user_file,shell=True)Withthedefaultconfiguration,thelinesaboverunthefollowingshellcommand.
ThiscommandsearchesforentitiesoftypeinetOrgPerson,whichisusedtorepresentpeople.
Itreadsonlytheirdistinguishednameandsendstheoutputtoafilecalledldapusers:ldapsearch-LLL-Dcn=root-wobject00-bou=people,o=xyz-hlocalhostobjectclass=inetOrgPersondn>ldapusersNext,thescriptopenstheldapusersfileandreadsit,linebyline.
NotethatPythonhandlesblocksbyindentation;soeverythingthatisindentedatleastoncefromthispointonwardisdoneonceperuser.
ldap_users=open(ldap_user_file,"r")forlineinldap_users:developerWorksibm.
com/developerWorks/ImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage6of9Note:Thelinesinldapusersareoftheform:dn:cn=jdoe,ou=users,o=xyz.
Thefirstfourcharactersaredn:followedbyaspace.
Theactualdistinguishednamestartsinthefifthcharacter,whichisnumber4whencountingfromzero.
Halfofthelinesinldapusersareblank.
Theotherhalfstartwithdn:.
Thiscodefragmentignorestheblanklinesanddiscardsthefirstfourcharactersoftheotherlines.
BecausePythonblocksaredesignatedbyindentation,therestofthescriptrunsonlyforlinesthatarenotblank.
iflen(line)>1:dn=line[4:-1]CheckingforexistingaccountsAspreviouslynoted,it'simportanttoensurethatyoudon'tduplicateexistingaccountswhenyouimportusersfromtheLDAPrepositoryintoIBMSecurityAccessManager.
UserentriesinIBMSecurityAccessManagerhaveasecDNattributewiththevalueoftheoriginaldistinguishedname.
ThefollowingcodesegmentusesldapsearchtolookforanentrywiththeappropriatesecDNvalue.
ret_val=call("ldapsearch-D"+ldap_dn+"-w"+ldap_pwd+"-h"+ldap_server+"-b"+ldap_sameb_base+"secDN="+dn+"|grepnumEntries>/dev/null",shell=True)Areturnvalueof1indicatesthatgrepfailed,meaningthatnoLDAPentrymatchesthefilter.
Inthatcase,thescriptimportstheuser,creatinganewLDAPentityfortheIBMSecurityAccessManageruserinformation.
if(ret_val==1):print"Needtoimport"+dnImportinganewuserToimportauserintoIBMSecurityAccessManageryoumustspecifytheuser'sUID,theidentifierthatheorsheusestologon.
Thefollowinglinesretrievethatvalue:call("ldapsearch-D"+ldap_dn+"-w"+ldap_pwd+"-h"+ldap_server+"-b"+dn+"objectClass=inetOrgPersonuid"+"|grepuid:>"+uid_file,shell=True)Thislinereadsthefirstlineofthefile:uid_f=open(uid_file,"r")uid=uid_f.
read()uid_f.
close()Notethattheabovelinespecifiesthatthefirstfivecharacters(uid:)shouldbediscarded.
Theremainingcharactersrepresenttheactualattributevalue.
ibm.
com/developerWorks/developerWorksImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage7of9uid=uid[5:-1]CreatingnewaccountsFinally,thescriptcreatesthenewaccountsinIBMSecurityAccessManagerusingpdadmin:call("pdadmin-a"+sameb_uid+"-p"+sameb_pwd+"userimport"+uid+""+dn,shell=True);call("pdadmin-a"+sameb_uid+"-p"+sameb_pwd+"usermodify"+uid+"account-validyes",shell=True)Notethatthescriptneedstoissuethesecondcommand(usermodify>uidInconclusionInthisarticle,I'veintroducedyoutoaPythonscriptthatmakesiteasytoimportnewuserstoIBMSecurityAccessManager.
Whilethescriptdoesn'tprovidealltheflexibilityofIBMTivoliDirectoryIntegrator,orthefunctionalityofIBMSecurityIdentityManager(seeRelatedtopics),itdoeshavetheadvantageofbeingfree.
AcknowledgmentsIwouldliketothankWindayaniAchmadZaenullahforidentifyingtheneedforthisarticleandLanceClintonforreviewingit.
Anyremainingmistakesaremyfault.
developerWorksibm.
com/developerWorks/ImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage8of9DownloadableresourcesDescriptionNameSizeImportpythonscriptautomatic_import_src.
zip(HTTP|FTP|Downloaddirector—)ibm.
com/developerWorks/developerWorksImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage9of9Relatedtopics"IBMSecurityAccessManagerunboxed"(developerWorks,January2013):GetupandrunningwithIBMSecurityAccessManagerforWeb.
Thisseriesoffourvideosdemonstrateshowtoinstallthevirtualmachine,configurethecommand-lineinterface,andcreateareverseproxy.
IBMIdentityManagementandAccessManagementSolutions:GetanoverviewofIBMsecuritysolutionsforidentityandaccessmanagement.
"ApplicationdevelopmentinPythonwithibm_db:"GetstartedwithPythonfunctionsforaccessingandmanipulatingdatainanIBMdataserverdatabaseviatheibm_dbAPI.
"DiscoverPython,Part8:ReadingandwritingdatausingPython'sinputandoutputfunctionality"(developerWorks,January2006):LearnmoreaboutthemanyusesofPython.
IntroductiontoComputerScience:TryafreeonlinecourseteachingnewprogrammershowtowriteawebcrawlerusingPython.
IBMTivoliDirectoryIntegrator:DownloadafreetrialversionofIBMTivoliDirectoryIntegratorv7.
1andfindouthowyouuseittoenableconsistentdataacrossmultipleidentityorgenericdataresources.
IBMSecurityIdentityManager:Automatethecreation,modification,recertification,andterminationofuserprivilegesthroughouttheuserlifecycle.
DownloadPython.
CopyrightIBMCorporation2013(www.
ibm.
com/legal/copytrade.
shtml)Trademarks(www.
ibm.
com/developerworks/ibm/trademarks/)

旅途云(¥48 / 月),雅安高防4核4G、洛阳BGP 2核2G

公司成立于2007年,是国内领先的互联网业务平台服务提供商。公司专注为用户提供低价高性能云计算产品,致力于云计算应用的易用性开发,并引导云计算在国内普及。目前,旅途云公司研发以及运营云服务基础设施服务平台(IaaS),面向全球客户提供基于云计算的IT解决方案与客户服务,拥有丰富的国内BGP、双线高防、香港等优质的IDC资源。点击进入:旅途云官方网商家LOGO优惠方案:CPU内存硬盘带宽/流量/防御...

简单测评melbicom俄罗斯莫斯科数据中心的VPS,三网CN2回国,电信双程cn2

melbicom从2015年就开始运作了,在国内也是有一定的粉丝群,站长最早是从2017年开始介绍melbicom。上一次测评melbicom是在2018年,由于期间有不少人持续关注这个品牌,而且站长貌似也听说过路由什么的有变动的迹象。为此,今天重新对莫斯科数据中心的VPS进行一次简单测评,数据仅供参考。官方网站: https://melbicom.net比特币、信用卡、PayPal、支付宝、银联...

RepriseHosting:$27.97/月-L5640,16G内存,1TB硬盘,10TB月流量,西雅图机房

RepriseHosting是成立于2012年的国外主机商,提供独立服务器租用和VPS主机等产品,数据中心在美国西雅图和拉斯维加斯机房。商家提供的独立服务器以较低的价格为主,目前针对西雅图机房部分独立服务器提供的优惠仍然有效,除了价格折扣外,还免费升级内存和带宽,商家支持使用支付宝或者PayPal、信用卡等付款方式。配置一 $27.97/月CPU:Intel Xeon L5640内存:16GB(原...

ldapserver为你推荐
扁豆网易yeahflashfxp用Flashfxp上传网站的具体步骤波音737起飞爆胎一般的客机的起飞速度是多少?ldapserverLDAP3是什么的是cuteftp宜人贷官网宜人贷是不是骗局,借了五万,每月还2030元,还十个月了,想一次性还完,他们说我正大天地网二三线城市适合做生鲜b2b电商吗oa办公软件价格一般中小企业用的OA办公系统需要多少钱?申请400电话申请400电话需要哪些流程?办理哪些证明?zencart模板求zen-cart 模板结构
vps推荐 hawkhost优惠码 视频存储服务器 http500内部服务器错误 xfce 52测评网 qingyun 河南移动m值兑换 789 西安主机 阿里云邮箱怎么注册 .htaccess 认证机构 ssd 回程 隐士ddos 电脑主机配置 监控主机 六维空间登陆首页 好看的空间名字 更多