A.P. Lawrence

Passwd to LDAP

This is a simple program that reads the Unix /etc/passwd and updates a LDAP server.

See LDAP Basics for an introduction to LDAP.

Once this server is running, browser clients with LDAP capability can use it as an alternate source for their address books. If it is run regularly as a cron job, or manually when user information is modified, the user community will always have fresh information about other users email addresses. Additional, we can use the comment field in /etc/passwd to provide other information if desired.

This server will use the following slapd.conf file:

include         /usr/local/etc/slapd.at.conf
include         /usr/local/etc/slapd.oc.conf
schemacheck     off
referral        ldap://ldap.itd.umich.edu

#######################################################################
# ldbm database definitions
#######################################################################

database        ldbm
suffix          "dc=unixorg.com"
directory       /ldap
rootdn          "cn=root, uid=0, dc=unixorg.com"
rootpw           2mny2b2ez

We'll initialize it with

ldif2ldbm -i ldif -f /usr/local/etc/slapd.conf

using this file as "ldif"

dn: dc=unixorg.com
dc: unixorg.com
objectclass: organization

Now, after starting the server with "slapd", we can use the actual program itself:

#!/usr/bin/perl
# passwd2ldap.pl
# Reads /etc/passwd and passes it to our LDAP server
# © January 2000 A.P. Lawrence
open(PASSWD,"</etc/passwd");
while(<PASSWD>) {
   ($login,$x, $uid,$group,$comment,$homedir)=split /\:/;
   next if  $uid < 200 ;
   # We only want real users
   ($name,$extension,$department)=split(/\;/,$comment);
   # we extend the comment field by allowing extra information
   # separated by ";"'s.
   $name=$login if not $name;
   $extension="unknown" if not $extension;
   $department="(unassigned)" if not $department;
   # now we need to see if this is a new or old entry so we add or modify as needed
   $isnotnew=qx(/usr/local/bin/ldapsearch -b "dc=unixorg.com" "(uid=$uid)");
   if ($isnotnew) {
       open(OUT, "|/usr/local/bin/ldapmodify -r -D \"cn=root, uid=0, dc=unixorg.com\" -w \"2mny2b2ez\"");
   }
   else {
       open(OUT, "|/usr/local/bin/ldapadd -D \"cn=root, uid=0, dc=unixorg.com\" -w \"2mny2b2ez\"");
   }
   print OUT "dn: uid:$uid, dc=unixorg.com\n";
   ($cn,$sn)=split(/ /,$name);
   $cn=$login if not $cn;
   $sn=$login if not $sn;
   print OUT "uid: $uid\n";
   print OUT "cn: $name\n";
   print OUT "sn: $sn\n";
   print OUT "extension: $extension\n";
   print OUT "department: $department\n";
   print OUT "mail:${login}\@unixorg.com\n";
   print OUT "objectclass: person\n";
   close OUT;
}

Download passwd2ldap.pl

Netscape

Open up your Netscape browser, and go to Address Book. Drag down file and tell it you want to add a New Directory . I called mine "Local LDAP". Enter the FQN (Fully Qualified Name- example: scobox.landc.com) of your server into the LDAP Server box. In the Server Root box, I'd enter "dc=unixorg.com", and you'd enter the equivalent for your server. You don't need to change anything else; no login, no secure connection, leave the port (389) alone. Click OK to save it. Now, "Local LDAP" appears in the list. Highlight it, and type "*" in the search box- you'll see your entries. Even better, double click on one of the entries and you'll get all of the information that your server got from /etc/passwd.

Now go to create a new Email message. Choose "Address Book", and notice that you can choose addresses from your "Local LDAP", and that if you highlight and choose "Properties", you get the full information as before.