ActiveDirectoryImporter
1. General Information
First of all, please make sure to read the chapter on General Information for all deegreeTools.
2. Description
The program synchronizes the User and Group instances stored in a SecurityManager with an ActiveDirectory-Server.
Synchronization involves four steps:
- synchronization of groups
- synchronization of users
- updating of the special group "SEC_ALL" (contains all users)
- testing of subadmin-role validity (only one role per user max)
Changes are committed after all steps succeeded. If an error occurs, changes in the SecurityManager are undone.
3. Library Dependancies
general libs
deegree2.jar log4j-1.2.9.jar
database specific libs
ojdbc14.jar
4. Usage
The program will be invoked as follows:
java -classpath .;deegree2.jar org.deegree.tools.security.ActiveDirectoryImporter adexporter.properties
The program just receives one commandline parameter referencing a properties file that contains detailed informations for accessing a ActiveDirectory-Server. The properties file looks like this (example is available at org/deegree/tools/security/adexporter.properties in deegree2.jar):
# # configuration properties file for ActiveDirectoryImporter # # connection information (for the ActiveDirectory host) ldapHost = 10.72.8.24 ldapUser = UIon@TESTNET.LATLON.DE ldapPass = $LatLon01 # mail information (for error messages and logs) mailSender = adimporter@lat-lon.de mailRcpt = ade@XXXXXXX.de mailHost = smtp.stadt.somewhere.de mailLog = false # SQLRegistry configuration sqlDriver = oracle.jdbc.driver.OracleDriver sqlLogon = jdbc:oracle:thin:@127.0.0.1:1521:latlon sqlUser = LATLON sqlPass = LATLON timeout = 1200 # LDAP-context / filter for objects to be considered as users (must have first and last name) userContext = DC=testnet,DC=stadt,DC=latlon,DC=de userFilter = (&(|(|(company=latlon)(company=intevation))(company=deegree)(company=BA latlon-Nord)(company=BA bonn)(company=BA latlon-Mitte)) (&(&(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=stadt,DC=latlon,DC=de) (&(sn=*)(givenName=*)))(mail=*.latlon.de))) # attribute mapping for user objects userName = sAMAccountName userTitle = name userFirstName = givenName userLastName = sn userMail = mail userMemberOf = memberOf # LDAP-context / filter for objects to be considered as groups #groupContext = OU=BUG,DC=fhhnet,DC=stadt,DC=latlon,DC=de groupContext = DC=testnet,DC=stadt,DC=latlon,DC=de groupFilter = (&(objectCategory=CN=Group,CN=Schema,CN=Configuration,DC=stadt,DC=latlon,DC=de) (|(cn=G-BUG*)(cn=G-BSU*)(cn=G-GV*)(cn=G-N-*)(cn=G-E-*)(cn=G-M-*))) # attribute mapping for group objects groupName = sAMAccountName groupTitle = name groupMemberOf = memberOf
look for other deegreeTools