...
If you can see the existing JIRA/Confluence User Directory, the properties map to ldapsearch
parameters as follows:
Auto-generating ldapsearch commands
Iff If you're using PostgreSQL as the database, you can generate the correct ldapsearch
command directly from the database. Save this SQL to a file, crowd_to_ldapsearch.sql
:
Code Block | ||||
---|---|---|---|---|
| ||||
WITH ldap AS ( select * from crosstab('select directory_id, attribute_name, attribute_value from cwd_directory_attribute order by 1,2', $$values ('ldap.url'), ('ldap.userdn'), ('ldap.password'), ('ldap.basedn'), ('ldap.user.dn'), ('ldap.user.filter'), ('ldap.user.username'), ('ldap.user.displayname'), ('ldap.user.email'), ('ldap.user.firstname'), ('ldap.user.lastname') $$) AS ct(directory_id int, "url" varchar, "userdn" varchar, "password" varchar, "basedn" varchar, "user.dn" varchar, "user.filter" varchar, "user.username" varchar, "user.displayname" varchar, "user.email" varchar, "user.firstname" varchar, "user.lastname" varchar) ) SELECT '# For directory ' || directory_id ||' ldapsearch \ -LL -x -z5 \ -H ' || url || ' \ -D ''' || userdn || ''' \ -w ''' || password || ''' \ -b ''' || "user.dn" || ',' || basedn || ''' \ -s sub \ ''' || "user.filter" || ''' ' || "user.username" || ' ' || "user.displayname" || ' ' || "user.firstname" || ' ' || "user.lastname" || ' ' || "user.email" FROM ldap; |
...
The output is one ldapsearch
command per LDAP directory configured:
Code Block |
---|
jturner@jturner-desktop~ $ atl_psql -tAq < ~/crowd_to_ldapsearch.sql ␀ # For directory 10000 ldapsearch \ -LL -x -z5 \ -H ldaps://tx-dc2.corp.example.com:636 \ -D 'CN=svcLDAPquery,CN=Managed Service Accounts,DC=corp,DC=example,DC=com' \ -w 'REDACTED' \ -b 'OU=Internal,DC=corp,DC=example,DC=com' \ -s sub \ '(&(objectCategory=Person)(sAMAccountName=*))' sAMAccountName displayName givenName sn mail Time: 2.063 ms |
...