www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: LDAP - a simple script that may help with initial account creation
Date Tue, 07 Apr 2009 12:45:53 GMT
On 07/04/2009, Tony Stevenson <tony@pc-tony.com> wrote:
> I have now used this to import all users into ldap.
>
>
>  **Skipped 162 entries due to no match for loginID in ICLAS.
>  **Skipped 0 because loginid was already found as a uid in LDAP.
>  **Attempted to make 1975 entries to LDAP.
>
>
>  So we now have a way to import all users from /etc/master.passwd - As for
> the 162 failed imports, I am working my way through those to see if it is a
> scripting issue, or as it seems more likely an issue with there iclas.txt

There are a few active entries in passwd which don't have entries in
iclas.txt; these are marked as exceptions in noclas.txt

However there are a lot of disabled passwd entries, these don't always
have entries in iclas.txt.

There is a script I wrote to check authorization, iclas and passwd at:

 https://svn.apache.org/repos/asf/infrastructure/trunk/tools/validation

perl -w authcheck.pl -auth=authorization/asf-authorization
-iclas=officers/iclas.txt

This requires a work sub-directory which should contain a copy of
passwd if you want to check against it.

Output is to the work directory.

>
>  Chris, thanks again for your help and perl-y fu.
>
>
>  I am now working on testing LDAP access from FreeBSD (PAM/NSS_LDAP) and
> from Solaris (httpd module)
>
>
>  Cheers,
>  Tony
>
>
>
>
>
>  On 5 Apr 2009, at 20:49, chris wrote:
>
>
> >
> >
> > >
> > > > Is the user's public name going to be part of the LDAP database?
> > > > If so, the /etc/passwd file is likely to be the best source, as users
> > > > can correct this, unlike ICLAS.
> > > >
> > > Exactly.
> > >
> >
> > So pull from gecos field then.   What all do you guys have in there, just
> the full name?  That field is often populated by a "," separated list of
> stuff.
> >
> >
> > > We will use the mail address from .forward as that is the file we honour
> for all userid@apache.org addresses.  Now some folks don't forward their
> mail on, they collect it.  But that is ok too.
> > > Folks are most likely to maintain this address as that is ultimately the
> way they get to read their email.  :-)
> > >
> >
> > Done.  If .forward is unreadable or empty this is left undefined.
> > Latest revision is here http://arreyder.com/pass2ldap.pl
> >
> > crr/arreyder
> >
> >
> >
> >
> >
> >
>
>
>
>  Cheers,
>  Tony
>
>
>  -----------------------------------------
>  Tony Stevenson
>  tony@pc-tony.com  //  pctony@apache.org  // pctony@freenode.net
>  http://blog.pc-tony.com/
>
>  1024D/51047D66 ECAF DC55 C608 5E82 0B5E  3359 C9C7 924E 5104 7D66
>  -----------------------------------------
>
>
>
>
>
>

Mime
View raw message