• NAME
• SYNOPSIS
• DESCRIPTION
• BUGS
• DOWNLOAD
• COPYRIGHT AND LICENSE

NAME

egrid-ldap2users - Extract users information from LDAP entries

SYNOPSIS

egrid-ldap2users {-L|-P|-S|-G} --host HOSTNAME --basedn DN [OPTIONS]

Options:

-P, --passwd

Look for posixAccount entries, output content suitable for inclusion in /etc/passwd

-S, --shadow

Look for shadowAccount entries, output content suitable for inclusion in /etc/shadow

-G, --group

Look for posixGroup entries, output content suitable for inclusion in /etc/group

-L, --ldif

Dump posixAccount, shadowAccount and posixGroup entries in LDIF format

-m, --min MIN

Ignore entries with uidNumber less than MIN (default: 1)

-M, --max MAX

Ignore entries with uidNumber greater than MAX (default: 65534)

-h, --host

LDAP server hostname or IP address. Deprecated in favor of --uri.

-p, --port

LDAP server port (default: 389). Deprecated in favor of --uri.

-b, --basedn

base DN for LDAP search. Deprecated in favor of --uri.

-H, --uri URI

Set host, port and base DN simultaneously, using a URI of the form

  ldap://HOST[:PORT]/BASEDN

May be repeated multiple times; egrid-ldap2users will combine results in the output.

-o, --output

Filename to write output to

--safe

Don't write output file if it would be empty

--nosafe

Write output file even if empty

-A, --args-from FILE

Read additional command-line arguments from FILE as if they were typed on the command-line.

--help

Print help text and exit

-V, --version

Print version number and exit

Outputs to standard output if no --output option is given.

LDAP binds are always anonymous.

The 'userPassword' attribute is never checked; even in --shadow format, the password will be output as 'x'.

DESCRIPTION

egrid-ldap2users dumps user information gathered from an LDAP tree in either LDIF format or one of the traditional UNIX user database formats, that is, /etc/passwd, /etc/shadow or /etc/group.

By selecting an output format, one also implicitly selects a filter on LDAP search queries:

LDIF

queries the LDAP server for entries whose objectClass is posixAccount, shadowAccount, posixGroup or organizationalUnit;

passwd

queries the LDAP server for entries whose objectClass is posixAccount, and dumps the relevant data in /etc/passwd format.

shadow

queries the LDAP server for entries whose objectClass is posixAccount and shadowAccount, and dumps the relevant data in /etc/shadow format.

group

queries the LDAP server for entries whose objectClass is posixGroup, and dumps the relevant data in /etc/group format.

If the --min or --max options are used, only entries whose uidNumber (for posixAccount class) or gidNumber (for posixGroup class) falls within the specified range are printed.

BUGS

No support for LDAP over SSL.

There should be a way to spcify more complex filters, not just minimum UID and maximum UID.

The --verbose option does not yet report very much information.

DOWNLOAD

You can download RPM packages of the EGRID SE Tools from http://www.egrid.it/download/rpm/RPMS.egrid; Debian packages from http://www.egrid.it/download/deb/egrid.

You can browse the source code for this software from the EGRID CVS at http://www.egrid.it/cvs/middleware/se/

COPYRIGHT AND LICENSE

Copyright (c) 2004,2005 Riccardo Murri riccardo.murri@ictp.it for the EGRID project http://www.egrid.it/

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.