[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

RE: LDAP Groups

From: André Pönitz <andre_at_wasy.de>
Date: 2005-10-27 06:46:44 CEST

Lucas Zechim wrote:
> Someone here, know or have a script to get LDAP Groups information and
> generate a svn_authz file?

Do you mean something like the following?

-------------------------------- snip --------------------------------
!/usr/bin/perl -w

#{[(
use Net::LDAP;
use Net::LDAP::Util;
use Net::LDAP::Entry;
use strict;

my $ldapbinddn = 'CN=...,OU=...,DC=...,DC=de';
my $ldapbindpw = '...';

my $ldapserver = '....org';
my $ldapsvnbase = 'ou=...,dc=...,dc=...';
my $ldapuserbase = 'ou=users,dc=...,dc=..';

my $the_ldap;

sub fail {
        print STDERR @_;
        exit 1;
}

sub dn_to_name {
        my ($dn) = @_;
        #print STDERR "dn_to_name '$dn'\n";
        if ($dn =~ m/[^,]*cn=([^,]*),.*/i) {
                return $1;
        }
        return "Nobody";
}

sub ldap_handle_result {
        my ($msg) = @_;
        if (ref $msg) {
                if ($msg->code) {
                        print STDERR "Error ".($msg->code).": ".
                                        Net::LDAP::Util::ldap_error_text($msg)
                }
        } else {
                fail "ldap_handle_result broken";
        }
}

sub ldap_bind {
        $the_ldap = Net::LDAP->new($ldapserver);
        defined($the_ldap) or fail "could not create LDAP connection: $@";
        ldap_handle_result
                $the_ldap->bind('dn' => $ldapbinddn, 'password' => $ldapbindpw);
}

sub ldap_unbind {
        $the_ldap->unbind;
}

sub ldap_search {
        my ($basedn, $filter, $scope) = @_;
        my $msg = $the_ldap->search(base => $basedn, filter => $filter, scope => $scope);
        ldap_handle_result $msg;
        return $msg->entries;
}

sub main {
        ldap_bind;

        my %accounts = ();

        foreach my $entry (ldap_search $ldapuserbase, '(objectClass=user)', 'sub') {
                my $account = $entry->get_value('samaccountname');
                print "USER:$account:".$entry->dn()."\n";
                $accounts{$entry->dn()} = $account;
                #print STDERR $entry->dn().": ".$accounts{$entry->dn}."\n";
        }

        foreach my $entry (ldap_search $ldapsvnbase, '(objectClass=group)', 'one') {
                my $group = dn_to_name $entry->dn();
                print "GROUP:$group:";
                foreach my $user ($entry->get_value('member')) {
                        fail " unknown: $user" unless defined $accounts{$user};
                        print " $accounts{$user}";
                }
                print "\n";
        }

        ldap_unbind;
}

main;
exit 0;

-------------------------------- snip --------------------------------

Andre'

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Thu Oct 27 06:48:45 2005

This is an archived mail posted to the Subversion Users mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.