-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
greetings,
please advise
how can I run external script on event (LDAP operation)?
for example: I am generating config files for users from LDAP data with perl script
I want to re-generate config files each time LDAP operation (modify, add, delete) performed
how to do that and what is the best way to do that?
- -- Zeus V. Panchenko jid:zeus@im.ibs.dn.ua IT Dpt., I.B.S. LLC GMT+2 (EET)
On 07/30/2018 02:32 PM, Zeus Panchenko wrote:
how can I run external script on event (LDAP operation)?
for example: I am generating config files for users from LDAP data with perl script
Basically you have two options:
1. run something within slapd (back-perl or back-sock)
2. implement a syncrepl consumer
Note that with 1. the actions *block* a slapd thread. Thus you have to be super-cautious with correct error handling.
In any case you should implement a fall-back sync which corrects all inconsistencies if something with processing the events went wrong.
Ciao, Michael.
thanks to everybody for soon reply
Michael Ströder michael@stroeder.com wrote:
On 07/30/2018 02:32 PM, Zeus Panchenko wrote: Basically you have two options:
- run something within slapd (back-perl or back-sock)
I'm still missing something ... what is/are the condition/s to see a candidate object to sync?
I'm trying a sample from doc to Net::LDAP::Control::SyncRequest as well as sample from SATOH Fumiyasu code
I modify some attribute and after that run the code:
---[ quotation start ]------------------------------------------- ... my $req = $ldap_crud->control_sync_req; # which is wrapper for Net::LDAP::Control::SyncRequest->new( mode => LDAP_SYNC_REFRESH_AND_PERSIST, ); log_debug { np( $req ) }; my $mesg = $ldap_crud->search({ base => $ldap_crud->{cfg}->{base}->{acc_root}, filter => "(objectClass=*)", control => [ $req ], callback => sub { # log_debug {np(@_)}; my $msg = shift;; my $obj = shift; my @controls = $msg->control; if ( defined $obj && $obj->isa('Net::LDAP::Entry') ) { log_debug { $obj->dn . ' ; ' . np(@controls)}; my $syncstate = undef; for my $control (@controls) { if ( $control->isa('Net::LDAP::Control::SyncState') ) { $syncstate = $control; log_debug {np($syncstate)}; last; } } } }, sizelimit => 0, attrs => [ '*' ] }); ... ---[ quotation end ]-------------------------------------------
but Net::LDAP::Message object returned by search, contains method `controls' set to undef
---[ quotation start ]------------------------------------------- 2018.07.31 13:38:38 [DEBUG]: L00830 @ UMI::Controller::Root::test: Controller/Root.pm: Net::LDAP::Search { Parents Net::LDAP::Message public methods (12) : all_entries, as_struct, count, decode, entries, entry, first_entry, next_entry, pop_entry, references, shift_entry, sorted private methods (0) internals: { callback sub { ... }, controls undef, ctrl_hash undef, entries [ [0] Net::LDAP::Entry, ... [388] Net::LDAP::Entry ], errorMessage "", matchedDN "", mesgid 70, parent Net::LDAP, raw undef, resultCode 0 } } ---[ quotation end ]-------------------------------------------
while Net::LDAP::Control::SyncRequest->new() returns valid object
---[ quotation start ]------------------------------------------- 2018.07.31 14:01:16 [DEBUG]: L00807 @ UMI::Controller::Root::test: Controller/Root.pm: Net::LDAP::Control::SyncRequest { Parents Net::LDAP::Control public methods (5) : cookie, init, mode, reloadHint, value private methods (0) internals: { asn { cookie undef, mode 3, reloadHint 0 }, mode 3, type "1.3.6.1.4.1.4203.1.9.1.1" } } ---[ quotation end ]-------------------------------------------
though after been fed to search, control "disappears" ...
where am I wrong?
On 07/31/2018 02:12 PM, Zeus Panchenko wrote:
Michael Ströder michael@stroeder.com wrote:
On 07/30/2018 02:32 PM, Zeus Panchenko wrote: Basically you have two options:
- run something within slapd (back-perl or back-sock)
I'm still missing something ... what is/are the condition/s to see a candidate object to sync?
(It seems you chose option 2. and not 1. as mentioned above.)
The syncrepl protocol is specified in
https://tools.ietf.org/html/rfc4533
Ciao, Michael.
Just FYI.
On Mon, 30 Jul 2018 21:32:57 +0900, Zeus Panchenko wrote:
how can I run external script on event (LDAP operation)?
I wrote an experimental Perl script a few years ago.
https://github.com/fumiyas/ldap2any
This uses LDAP syncrepl consumer (Net::LDAP::Control::SyncRequest) to monitor LDAP DIT changes in an OpenLDAP server.
for example: I am generating config files for users from LDAP data with perl script
I want to re-generate config files each time LDAP operation (modify, add, delete) performed
how to do that and what is the best way to do that?
Our database is fairly small, so we use active polling of a subtree.
Our use-case is syncing user account subtree to Google (GCDS, formerly GADS). So we have a script that searches one and only one record with modifyTimestamp newer than the marker. If anything found, it runs the sync utility.
It's under GPLv3 here: https://github.com/devgateway/ldapwatch
Usage: /usr/local/bin/ldapwatch ldaps://ldap.example.org ou=people,dc=example,dc=org '/opt/google/sync/sync-cmd --foobar'
On 07/30/2018 08:32 AM, Zeus Panchenko wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
greetings,
please advise
how can I run external script on event (LDAP operation)?
for example: I am generating config files for users from LDAP data with perl script
I want to re-generate config files each time LDAP operation (modify, add, delete) performed
how to do that and what is the best way to do that?
Zeus V. Panchenko jid:zeus@im.ibs.dn.ua IT Dpt., I.B.S. LLC GMT+2 (EET) -----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQQYIXL6FUmD7SUfqoOveOk+D/ejKgUCW18FeQAKCRCveOk+D/ej KtXaAJ949HG/9hwOP9z5RgvSUfjRR27nQQCgljD0MPOTdZevhdBt2u87Oeq1Frk= =NBxz -----END PGP SIGNATURE-----
openldap-technical@openldap.org
-
Michael Ströder -
SATOH Fumiyasu -
Styopa Semenukha -
Zeus Panchenko