localhostldapserver

ldapserver  时间:2021-05-01  阅读:()
CopyrightIBMCorporation2013TrademarksImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage1of9ImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerUsePythontoeasilyfindandimportuseraccountsintoIBMSecurityAccessManager—withnoscriptingexperiencerequiredOriPomerantzOctober15,2013SystemsadministratorsfrequentlyneedawaytoimportexistinguseraccountsfromanLDAPrepositoryintoIBMSecurityAccessManager.
Inthisarticle,getstartedwithanimportscriptwritteninPythonthatyoucanusetoreadusersinanLDAPrepository,thenimportthemusingtheIBMSecurityAccessManagerpdadmincommand.
IdentityandAccessManagementLearnmoreaboutidentityandaccessmanagementtoolsinIBM's"IdentityandAccessManagementBuyer'sGuide.
"IBMsecurityproductsareoftenimplementedasbrownfielddevelopments,meaningtheyarebuiltforanenvironmentwheresomesimilarapplicationalreadyexists.
IBMSecurityAccessManagerissuchaproduct,beingfrequentlydeployedintoenvironmentswhereaLightweightDirectoryAccessProtocol(LDAP)directoryserverisalreadyinplace.
Inthatcase,systemadministratorsneedtoknowhowtoimportuserentriesfromtheLDAPdirectoryserverintoIBMSecurityAccessManager.
Figure1showsasystemarchitecturewhereIBMSecurityAccessManagerhasbeenintroducedtoanexistingsystemthatincludesanLDAPdirectoryserverandback-endapplications.
developerWorksibm.
com/developerWorks/ImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage2of9Figure1.
AdirectoryserverarchitecturewithIBMSecurityAccessManagerInthisarticle,IpresentaPythonscript(seeDownload)youcanusefromthecommand-linetoautomaticallyfindandimportnewusersfromanLDAPrepositorytreeintoIBMSecurityAccessManager.
NotethatthisarticleassumesthatyouarefamiliarwithIBMSecurityAccessManagerandtheLightweightDirectoryAccessProtocol.
Youneedn'tbefamiliarwithPythontousetheimportscript.
AboutPythonPythonisascriptinglanguagethatisastandardpartofmostLinuxdistributions.
IfyourinstallationofIBMSecurityAccessManagerisrunningonWindows,youcandownloadPythontofollowthedemonstrationhere.
SeeRelatedtopicstolearnmoreaboutPython.
TheimportscriptInthissection,Iintroduceandexplainsomeelementsandstagesoftheimportscript,whichyoumaydownloadatanytime.
NotethatthescriptreliesonIBMSecurityAccessManager'spdadmincommand,soyoumustrunitonacomputerwiththeIBMSecurityAccessManagerruntimeenvironmentinstalled.
Figure2isaflowdiagramshowingthemajorprogressionsofthescript.
Figure2.
ThemajorstagesofthescriptListing1showstheimportscript.
Listing1.
Theimportscript#!
/usr/bin/pythonibm.
com/developerWorks/developerWorksImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage3of9#Authenticationldap_dn="cn=root"ldap_pwd="object00"ldap_server="localhost"sameb_uid="sec_master"sameb_pwd="object00"#ThepartoftheLDAPtreewhereyouexpectusersldap_base="o=xyz"#ThepartoftheLDAPtreewheretheSAMeb#configurationislocatedldap_sameb_base="secAuthority=Default"#Internalconfigurationldap_user_file="ldap_users"uid_file="uid_file"fromsubprocessimportcallcall("ldapsearch-LLL-D"+ldap_dn+"-w"+ldap_pwd+"-b"+ldap_base+"-h"+ldap_server"objectclass=inetOrgPersondn>"+ldap_user_file,shell=True)ldap_users=open(ldap_user_file,"r")forlineinldap_users:iflen(line)>1:dn=line[4:-1]ret_val=call("ldapsearch-D"+ldap_dn+"-w"+ldap_pwd+"-h"+ldap_server+"-b"+ldap_sameb_base+"secDN="+dn+"|grepnumEntries>/dev/null",shell=True)if(ret_val==1):print"Needtoimport"+dncall("ldapsearch-D"+ldap_dn+"-w"+ldap_pwd+"-h"+ldap_server+"-b"+dn+"objectClass=inetOrgPersonuid"+"|grepuid:>"+uid_file,shell=True)uid_f=open(uid_file,"r")uid=uid_f.
read()uid_f.
close()uid=uid[5:-1]call("pdadmin-a"+sameb_uid+"-p"+sameb_pwd+"userimport"+uid+""+dn,shell=True);call("pdadmin-a"+sameb_uid+"-p"+sameb_pwd+"usermodify"+uid+"account-validyes",shell=True);Inthenextsection,Iwon'texplaineverypartofthescript,justitsmajorfeatures.
ItishelpfulifyouarefamiliarwithPython,butnotnecessary.
I'llexplaintherelevantaspectsofPythonsyntaxforeachsettingandalsoshowyouwhereyouwouldneedtomodifyitforyourownuse.
ScriptsettingsNormally,Pythonlinesthatstartwithanumbersign(#)arecomments.
ThislineinListing1isaspecialcase,however.
TheUNIXconventionisthatfilesthatstartwithanumbersignfolloweddeveloperWorksibm.
com/developerWorks/ImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage4of9byanexclamationpoint(#!
)usetherestofthelineasthenameoftheinterpreterthatwillrunthefile.
Inthiscase,thefollowingcodeisthepathforthePythoninterpreter.
Youwouldmodifyitasneededforyourenvironment.
#!
/usr/bin/pythonThenextcodesnipcontainstheLDAPserver'slogon,password,andserverhostnameinformation.
Modifyitasneededforyourownsystem.
#Authenticationldap_dn="cn=root"ldap_pwd="object00"ldap_server="localhost"Next,thescriptpasseslogonandpasswordinformationtoIBMSecurityAccessManager.
Modifythesepartsforyourenvironment.
sameb_uid="sec_master"sameb_pwd="object00"ThenextpartisthebranchoftheLDAPtreethathasuserinformation.
Figure3showsanexampleofthelocationofusersintheLDAPtree.
Modifyasneededforyourconfiguration.
Figure3.
LDAPtreewithusers#ThepartoftheLDAPtreewhereyouexpectusersldap_base="ou=people,o=xyz"FilteringuseraccountsInadditiontolocatingusersintheLDAPtree,thescriptmustlimititselftouserswhoarenotalreadyinIBMSecurityAccessManager.
Tofilteroutthoseusers,thescriptneedstoknowthelocationintheLDAPtreeoftheIBMSecurityAccessManagerconfiguration.
Asshownbelow,thedefaultlocationissecAuthority=Default.
Youcanchangethisdefaultsettingwhenyoufirstconfigurethepolicyserver.
#ThepartoftheLDAPtreewheretheSAMeb#configurationislocatedldap_sameb_base="secAuthority=Default"Figure4showstheLDAPtreewiththedefaultlocationoftheIBMSecurityAccessManagerconfiguration.
ibm.
com/developerWorks/developerWorksImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage5of9Figure4.
LDAPtreewithsecAuthority=DefaultTowardtheendofthescriptyouseethefilesusedasintermediatestoragefortheoutputofcommandsusedtoobtainuserinformation.
Unlessyouhaveareasontorunmultipleinstancesofthescriptatonce,youshouldn'tneedtochangethefollowingfilenames:#Internalconfigurationldap_user_file="ldap_users"uid_file="uid_file"ScriptfunctionsThenextpartofthescriptusestheparametersdeclaredabovetoactuallyreadusersfromLDAPandimportthemintoIBMSecurityAccessManager.
ThescriptusesPython'ssubprocess.
callfunctiontorunshellcommands.
Thefollowinglineimportsthefunctionsothatitisavailable:fromsubprocessimportcallThenextlinecallsldapsearchtofindthelistofusers.
call("ldapsearch-LLL-D"+ldap_dn+"-w"+ldap_pwd+"-b"+ldap_base+"-h"+ldap_server"objectclass=inetOrgPersondn>"+ldap_user_file,shell=True)Withthedefaultconfiguration,thelinesaboverunthefollowingshellcommand.
ThiscommandsearchesforentitiesoftypeinetOrgPerson,whichisusedtorepresentpeople.
Itreadsonlytheirdistinguishednameandsendstheoutputtoafilecalledldapusers:ldapsearch-LLL-Dcn=root-wobject00-bou=people,o=xyz-hlocalhostobjectclass=inetOrgPersondn>ldapusersNext,thescriptopenstheldapusersfileandreadsit,linebyline.
NotethatPythonhandlesblocksbyindentation;soeverythingthatisindentedatleastoncefromthispointonwardisdoneonceperuser.
ldap_users=open(ldap_user_file,"r")forlineinldap_users:developerWorksibm.
com/developerWorks/ImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage6of9Note:Thelinesinldapusersareoftheform:dn:cn=jdoe,ou=users,o=xyz.
Thefirstfourcharactersaredn:followedbyaspace.
Theactualdistinguishednamestartsinthefifthcharacter,whichisnumber4whencountingfromzero.
Halfofthelinesinldapusersareblank.
Theotherhalfstartwithdn:.
Thiscodefragmentignorestheblanklinesanddiscardsthefirstfourcharactersoftheotherlines.
BecausePythonblocksaredesignatedbyindentation,therestofthescriptrunsonlyforlinesthatarenotblank.
iflen(line)>1:dn=line[4:-1]CheckingforexistingaccountsAspreviouslynoted,it'simportanttoensurethatyoudon'tduplicateexistingaccountswhenyouimportusersfromtheLDAPrepositoryintoIBMSecurityAccessManager.
UserentriesinIBMSecurityAccessManagerhaveasecDNattributewiththevalueoftheoriginaldistinguishedname.
ThefollowingcodesegmentusesldapsearchtolookforanentrywiththeappropriatesecDNvalue.
ret_val=call("ldapsearch-D"+ldap_dn+"-w"+ldap_pwd+"-h"+ldap_server+"-b"+ldap_sameb_base+"secDN="+dn+"|grepnumEntries>/dev/null",shell=True)Areturnvalueof1indicatesthatgrepfailed,meaningthatnoLDAPentrymatchesthefilter.
Inthatcase,thescriptimportstheuser,creatinganewLDAPentityfortheIBMSecurityAccessManageruserinformation.
if(ret_val==1):print"Needtoimport"+dnImportinganewuserToimportauserintoIBMSecurityAccessManageryoumustspecifytheuser'sUID,theidentifierthatheorsheusestologon.
Thefollowinglinesretrievethatvalue:call("ldapsearch-D"+ldap_dn+"-w"+ldap_pwd+"-h"+ldap_server+"-b"+dn+"objectClass=inetOrgPersonuid"+"|grepuid:>"+uid_file,shell=True)Thislinereadsthefirstlineofthefile:uid_f=open(uid_file,"r")uid=uid_f.
read()uid_f.
close()Notethattheabovelinespecifiesthatthefirstfivecharacters(uid:)shouldbediscarded.
Theremainingcharactersrepresenttheactualattributevalue.
ibm.
com/developerWorks/developerWorksImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage7of9uid=uid[5:-1]CreatingnewaccountsFinally,thescriptcreatesthenewaccountsinIBMSecurityAccessManagerusingpdadmin:call("pdadmin-a"+sameb_uid+"-p"+sameb_pwd+"userimport"+uid+""+dn,shell=True);call("pdadmin-a"+sameb_uid+"-p"+sameb_pwd+"usermodify"+uid+"account-validyes",shell=True)Notethatthescriptneedstoissuethesecondcommand(usermodify>uidInconclusionInthisarticle,I'veintroducedyoutoaPythonscriptthatmakesiteasytoimportnewuserstoIBMSecurityAccessManager.
Whilethescriptdoesn'tprovidealltheflexibilityofIBMTivoliDirectoryIntegrator,orthefunctionalityofIBMSecurityIdentityManager(seeRelatedtopics),itdoeshavetheadvantageofbeingfree.
AcknowledgmentsIwouldliketothankWindayaniAchmadZaenullahforidentifyingtheneedforthisarticleandLanceClintonforreviewingit.
Anyremainingmistakesaremyfault.
developerWorksibm.
com/developerWorks/ImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage8of9DownloadableresourcesDescriptionNameSizeImportpythonscriptautomatic_import_src.
zip(HTTP|FTP|Downloaddirector—)ibm.
com/developerWorks/developerWorksImportusersfromanLDAPdirectorytoIBMSecurityAccessManagerPage9of9Relatedtopics"IBMSecurityAccessManagerunboxed"(developerWorks,January2013):GetupandrunningwithIBMSecurityAccessManagerforWeb.
Thisseriesoffourvideosdemonstrateshowtoinstallthevirtualmachine,configurethecommand-lineinterface,andcreateareverseproxy.
IBMIdentityManagementandAccessManagementSolutions:GetanoverviewofIBMsecuritysolutionsforidentityandaccessmanagement.
"ApplicationdevelopmentinPythonwithibm_db:"GetstartedwithPythonfunctionsforaccessingandmanipulatingdatainanIBMdataserverdatabaseviatheibm_dbAPI.
"DiscoverPython,Part8:ReadingandwritingdatausingPython'sinputandoutputfunctionality"(developerWorks,January2006):LearnmoreaboutthemanyusesofPython.
IntroductiontoComputerScience:TryafreeonlinecourseteachingnewprogrammershowtowriteawebcrawlerusingPython.
IBMTivoliDirectoryIntegrator:DownloadafreetrialversionofIBMTivoliDirectoryIntegratorv7.
1andfindouthowyouuseittoenableconsistentdataacrossmultipleidentityorgenericdataresources.
IBMSecurityIdentityManager:Automatethecreation,modification,recertification,andterminationofuserprivilegesthroughouttheuserlifecycle.
DownloadPython.
CopyrightIBMCorporation2013(www.
ibm.
com/legal/copytrade.
shtml)Trademarks(www.
ibm.
com/developerworks/ibm/trademarks/)

Megalayer美国独立服务器配置及性能速度综合评测

Megalayer 商家在之前也有记录过,商家开始只有提供香港站群服务器和独立服务器,后来也有增加到美国独立服务器,以及前几天也有介绍到有增加香港VPS主机。对于香港服务器之前有过评测(Megalayer香港服务器配置一览及E3-1230 8GB服务器评测记录),这里申请到一台美国独立服务器,所以也准备简单的评测记录。目前市场上我们看到很多商家提供VPS或者云服务器基本上没有什么特别的,但是独立服...

ucloud国内云服务器2元/月起;香港云服务器4元/首月;台湾云服务器3元/首月

ucloud云服务器怎么样?ucloud为了扩大云服务器市场份额,给出了超低价云服务器的促销活动,活动仍然是此前的Ucloud全球大促活动页面。目前,ucloud国内云服务器2元/月起;香港云服务器4元/首月;台湾云服务器3元/首月。相当于2-4元就可以试用国内、中国香港、中国台湾这三个地域的云服务器1个月了。ucloud全球大促仅限新用户,国内云服务器个人用户低至56元/年起,香港云服务器也仅8...

Virtono:圣何塞VPS七五折月付2.2欧元起,免费双倍内存

Virtono是一家成立于2014年的国外VPS主机商,提供VPS和服务器租用等产品,商家支持PayPal、信用卡、支付宝等国内外付款方式,可选数据中心共7个:罗马尼亚2个,美国3个(圣何塞、达拉斯、迈阿密),英国和德国各1个。目前,商家针对美国圣何塞机房VPS提供75折优惠码,同时,下单后在LET回复订单号还能获得双倍内存的升级。下面以圣何塞为例,分享几款VPS主机配置信息。Cloud VPSC...

ldapserver为你推荐
小企业如何做品牌中小企业该如何才能打造自己的品牌?企业建网站企业为什么要建网站重庆网站制作请问一下重庆网站建设哪家公司做得好,价格又便宜哦?瑞东集团道恩集团的集团简介佛山海虹海虹好吃吗,我从来没吃过qq头像上传失败昨天和今天QQ头像上传失败,是怎么回事?图文模块图文模块的标题栏填什么啊?joomla模板网上下载的Joomla模板要怎么安装?zencartzencart opencart 哪个好空间导航自定义名称帮忙想个好听QQ空间自定义导航名字
老左 http500内部服务器错误 韩国名字大全 jsp空间 域名评估 上海电信测速 申请免费空间 实惠 云服务是什么意思 windowsserver2008r2 美国十大啦 俄勒冈州 文件传输 linuxvi命令 隐士ddos qq空间论坛 100m空间多少钱 服务器监测软件 免费空间申请 web服务器硬件配置 更多