The OMC includes a web service for importing users from a CSV file:
https://hostname/webservice/users/import
Using the following script, which can be found in the file doc/user_import/import_ldap_users.rb
, you can – after having configured it by adapting the variable values at the beginning of the script – import users from an LDAP server. LDAP groups can be assigned to OMC roles using the LDAP_GROUP_MAPPING
hash.
#!ruby require 'rubygems' require 'net/ldap' require 'csv' require 'uri' require 'net/https' HTTP_OMC_URL = 'https://hostname/webservice/users/import' HTTP_OMC_API_KEY = 'keykeykeykeykeykeykeykeykeykeykeykey' HTTP_PROXY_HOST = nil HTTP_PROXY_PORT = nil HTTP_PROXY_USERNAME = nil HTTP_PROXY_PASSWORD = nil LDAP_HOST = 'ldap.domain' LDAP_PORT = 389 LDAP_AUTH = nil LDAP_BASE = 'dc=company,dc=de' LDAP_USER_LOGIN = 'uid' LDAP_USER_EMAIL = 'mail' LDAP_USER_FULL_NAME = 'cn' LDAP_USER_FILTER = '(&(objectclass=posixAccount)(mail=*)(cn=*)(uid=*)(!(uid=root))(!(uid=vpn_*))(!(uid=user1))(!(uid=user32))(!(uid=otheruser))(!(uid=diradmin))(!(uid=user75))(!(uid=guest)))' LDAP_GROUP_FILTER = '(objectClass=posixGroup)' LDAP_GROUP_MEMBERS = 'memberUid' LDAP_GROUP_MEMBERS_ARE_DN = false LDAP_GROUP_MAPPING = { 'alle' => 'cn=alle,cn=groups,dc=company,dc=de', 'group1' => 'cn=group1,cn=groups,dc=company,dc=de', 'admin' => 'cn=admin,cn=groups,dc=company,dc=de', 'sales' => 'cn=sales,cn=groups,dc=company,dc=de', } class LdapUser attr_accessor :dn attr_accessor :login attr_accessor :full_name attr_accessor :email def roles @roles ||= [] @roles.join(' ') end def add_role(role) @roles ||= [] unless "#{role}" == '' @roles << role.to_s end end end class LdapImporter def make_user(ldap_entry) login = ldap_entry.__send__(LDAP_USER_LOGIN).to_s rescue nil full_name = ldap_entry.__send__(LDAP_USER_FULL_NAME).to_s rescue login email = ldap_entry.__send__(LDAP_USER_EMAIL).to_s rescue nil raise "no login for entry: #{ldap_entry.inspect}" if "#{login}" == '' user = LdapUser.new user.login = login user.full_name = full_name user.email = email user.dn = ldap_entry.dn.to_s user end def user_attributes [LDAP_USER_LOGIN, LDAP_USER_EMAIL, LDAP_USER_FULL_NAME, 'dn'] end def user_filter Net::LDAP::Filter.from_rfc2254(LDAP_USER_FILTER) end def get_all_users users = {} Net::LDAP.open( :host => LDAP_HOST, :port => LDAP_PORT, :auth => LDAP_AUTH) do |ldap| ldap.search( :base => LDAP_BASE, :filter => user_filter, :attributes => user_attributes, :return_result => false ) do |entry| user = make_user(entry) key = LDAP_GROUP_MEMBERS_ARE_DN ? user.dn : user.login users[key] = user end end users end def group_filter(group_dn) Net::LDAP::Filter.from_rfc2254(LDAP_GROUP_FILTER) & Net::LDAP::Filter.from_rfc2254(group_dn) end def get_members_of_group(group_dn) members = [] Net::LDAP.open( :host => LDAP_HOST, :port => LDAP_PORT, :auth => LDAP_AUTH) do |ldap| ldap.search( :base => LDAP_BASE, :filter => group_filter(group_dn), :attributes => ['dn', LDAP_GROUP_MEMBERS], :return_result => false ) do |entry| members = entry.__send__(LDAP_GROUP_MEMBERS) end end members end def add_group_assignments(users, group_mapping) group_mapping.each do |role, group_dn| get_members_of_group(group_dn).each do |member| user = users[member] user.add_role(role) if user end end end def generate_csv(users) csv_data = '' CSV::Writer.generate(csv_data, ',') do |csv| csv << [:login, :full_name, :email, :roles] users.values.each do |user| csv << [user.login, user.full_name, user.email, user.roles] end end csv_data end def post_to_webservice(csv_data) uri = URI.parse(HTTP_OMC_URL) http = Net::HTTP::Proxy( HTTP_PROXY_HOST, HTTP_PROXY_PORT, HTTP_PROXY_USERNAME, HTTP_PROXY_PASSWORD).new(uri.host, uri.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE res = http.start do |http| req = Net::HTTP::Post.new(uri.path) req.basic_auth('webservice', HTTP_OMC_API_KEY) req.set_form_data({'MAX_FILE_SIZE' => '1000000', 'csv' => csv_data}) http.request(req) end case res when Net::HTTPSuccess, Net::HTTPRedirection puts "HTTP-Response: #{res.code} #{res.class.name} #{res.message}" puts res.body else puts "HTTP-Response: #{res.code} #{res.class.name} #{res.message}" puts res.body exit(-1) end end def self.run importer = new users = importer.get_all_users exit(-1) if users.size < 50 importer.add_group_assignments(users, LDAP_GROUP_MAPPING) csv_data = importer.generate_csv(users) importer.post_to_webservice(csv_data) #puts csv_data end end LdapImporter.run