ActiveDirectoryImporter

1. General Information

First of all, please make sure to read the chapter on General Information for all deegreeTools.

2. Description

The program synchronizes the User and Group instances stored in a SecurityManager with an ActiveDirectory-Server.

Synchronization involves four steps:

• synchronization of groups
• synchronization of users
• updating of the special group "SEC_ALL" (contains all users)
• testing of subadmin-role validity (only one role per user max)

Changes are committed after all steps succeeded. If an error occurs, changes in the SecurityManager are undone.

3. Library Dependancies

general libs

• deegree2.jar
  log4j-1.2.9.jar

database specific libs

• ojdbc14.jar

4. Usage

The program will be invoked as follows:

• java -classpath .;deegree2.jar org.deegree.tools.security.ActiveDirectoryImporter adexporter.properties

The program just receives one commandline parameter referencing a properties file that contains detailed informations for accessing a ActiveDirectory-Server. The properties file looks like this (example is available at org/deegree/tools/security/adexporter.properties in deegree2.jar):

• #
  # configuration properties file for ActiveDirectoryImporter
  #
  # connection information (for the ActiveDirectory host)
  ldapHost = 10.72.8.24
  ldapUser = UIon@TESTNET.LATLON.DE
  ldapPass = $LatLon01
  # mail information (for error messages and logs)
  mailSender = adimporter@lat-lon.de
  mailRcpt   = ade@XXXXXXX.de
  mailHost   = smtp.stadt.somewhere.de
  mailLog    = false
  # SQLRegistry configuration
  sqlDriver = oracle.jdbc.driver.OracleDriver
  sqlLogon  = jdbc:oracle:thin:@127.0.0.1:1521:latlon
  sqlUser   = LATLON
  sqlPass   = LATLON
  timeout   = 1200
  # LDAP-context / filter for objects to be considered as users (must have first and last name)
  userContext = DC=testnet,DC=stadt,DC=latlon,DC=de
  userFilter  = (&(|(|(company=latlon)(company=intevation))(company=deegree)(company=BA latlon-Nord)(company=BA bonn)(company=BA latlon-Mitte)) (&(&(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=stadt,DC=latlon,DC=de) (&(sn=*)(givenName=*)))(mail=*.latlon.de)))
  # attribute mapping for user objects
  userName      = sAMAccountName
  userTitle     = name
  userFirstName = givenName
  userLastName  = sn
  userMail      = mail
  userMemberOf  = memberOf
  # LDAP-context / filter for objects to be considered as groups
  #groupContext = OU=BUG,DC=fhhnet,DC=stadt,DC=latlon,DC=de
  groupContext = DC=testnet,DC=stadt,DC=latlon,DC=de
  groupFilter  = (&(objectCategory=CN=Group,CN=Schema,CN=Configuration,DC=stadt,DC=latlon,DC=de) (|(cn=G-BUG*)(cn=G-BSU*)(cn=G-GV*)(cn=G-N-*)(cn=G-E-*)(cn=G-M-*)))
  # attribute mapping for group objects
  groupName      = sAMAccountName
  groupTitle     = name
  groupMemberOf  = memberOf

look for other deegreeTools

---

CategoryDeegree2