|
function deleteNetworkAddress(data) _, dn = nLDAP.getDN(data) status, nvalue = nLDAP.hasAttrValue(data, "networkAddress") if ( YES == status ) then msg1 = string.format("User (%s) has %d network address value(s):\r\n", dn, nvalue) for i = 1, nvalue do -- "*networkAddress*" tells the function to return the address as one-line _, s1 = nLDAP.decodeB64Data_N ("*networkAddress*", data.networkaddress[i], "networkAddress") msg1 = msg1 .. string.format(" %s\r\n", s1) end status, errMsg = nLDAP.deleteAttribute(dn, "networkAddress") if ( OK == status ) then msg1 = msg1 .. " - networkAddress attribute deleted.\r\n" else msg1 = msg1 .. string.format(" - failed to delete networkAddress attribute: (%s)\r\n", errMsg) end else msg1 = string.format("User (%s) has no network address value.\r\n", dn) end print(msg1) end bindDN = "cn=admin,o=org" bindPassword = "password" host = "10.1.1.1" status1, errMsg = nldap.bind(bindDN, bindPassword, host, LDAP_CLEARTEXT_PORT, NO_TLS) if ( OK == status1 ) then searchFilter = "(&(objectClass=user)(networkAddress=*))" attrsList = "networkAddress" status2, errMsg2 = nldap.search(TREE_ROOT, SEARCH_SUBTREE, searchFilter, attrsList) if ( OK == status2 ) then -- "set" the function to use; -- the function has to be defined before the main script body myFunction = deleteNetworkAddress -- process each found entry, using the function pointed to by myFunction nLDAP.processData() nLDAP.close() else printf("Search error", errMsg2) end else printf("Error connecting to LDAP server", errMsg) end
A Multi-Talented LDAP Tool ldapGadget is our main LDAP "tool engine." It is a script-driven Win32 console application, which makes it easy to run report or management tasks on an unattended scheduled basis. Within this "tool engine," we implemented the commonly-used standard LDAP access functions, such as bind and search, as high-level functions. This means you do not need to call more than a dozen functions and having to manage the library setups just to perform a simple search. |
Example 2 Have you ever had the need to import a CSV data file generated by another application (such as a spreadsheet) or system (such as a mainframe data export) into eDirectory or a LDAP database? Or need to export LDAP data to a CSV file for import into a spreadsheet? |
Extending ldapGadget APIs ldapGadget has over 30 high-level functions built-in and they are discussed in details in the ldapGadget API (PDF) document. If you need additional features or functions for ldapGadget, there are two options. If you are adventurous or cannot wait for an update, you can add the necessary extensions yourself. As ldapGadget is script-based, you can easily create and add new functions to your scripts as needed. |
We are more than happy to help you customize any of the scripts to suit your particular needs. If you have any task script suggestions, please let us know. |
ldapGadget Sample Scripts Due to update release scheduling, the ldapGadget test-drive may not always contain the latest sample scripts or the latest version of these scripts. The following, however, always links to the most up-to-date version of all the sample scripts available for ldapGadget. |
NBM-rules-baseline.txt (Dec 22, 2007), queries a BorderManager server for a copy of its defined rules. The resulting LDIF file will serve as the baseline for detecting changes. NBM-rules-check.txt (Dec 22, 2007), queries a Novell BorderManager server for a copy of its currently defined rules, compares them with the baseline data and reports any changes found. |
In addition to the built-in data manipulation functions, we also have an optional module specifically designed to deal with Novell BorderManager (NBM) rules. Additional modules, such as schema-specific functions and Universal Password status reporting, are in the works. |
A detailed discussion on how ldapGadget makes use of Lua can be found in the documentation files included with the ldapGadget evaluation. You can view on-line PDF versions of the ldapGadget usage documentation and the ldapGadget API documentation. |
We have chosen to embed Lua as the scripting engine as it is fast and portable, and its language syntax is very C-like and, therefore, straightforward to understand; Lua ("LOO-ah") itself is implemented using standard C. |
Download the ldapGadget evaluation now and try ldapGadget out yourself and see how it can save you hours of work and headaches. |
bulk-load.txt (Mar 30, 2008), creates an LDIF file that can be used to mass-create User objects. |
change-home-directory.txt (Mar 29, 2008), changes the Home Directory attribute value for selected users. |
check-pwd-expiration.txt (Dec 22, 2007), reports pending password expirations and optionally sends an email notification to the users. |
clear-net-addresses.txt (Dec 22, 2007), removes all Network Address attribute values from selected User objects. |
concurrent-connections.txt (Mar 30, 2008), reports any User that has only one concurrent connection and optionally increase the value. |
expire-user-password.txt (Dec 26, 2007), expires one or more user's password and resets Grace Logins to zero thus forcing the user to change his/her password on next login. |
inactive-users.txt (Mar 31, 2008), reports and optionally disables inactive users (based on number of days since last login); can also report on never-used accounts. |
ldapGadget-sample-scripts.zip (Apr 12, 2008) Contains all above scripts in one single ZIP file, including sample output from NBM-rules-check.txt |
Product Features and Benefits ldapGadget provides you with the following features and benefits: |
Light-weight and easy to install. ldapGadget has no dependencies on other products, such as PHP or Perl. Everything you need is included in the distribution (around 5 MB in size). We have opted to use Lua as the scripting engine as it is fast and has a very small footprint. To install, all you need is to unzip to a folder of your choice, customize the configuration file (if you are to use the SMTP functions), and ldapGadget is ready for use. |
Extensibility. You can easily add new functions, as necessary, to your scripts. As ldapGadget uses Lua as the scripting engine, therefore, new features can be added without having to update the core engine (ldapGadget.exe) itself. Many of the ldapGadget APIs are implemented as Lua functions. (We often prototype new functions in Lua as it is quick to do and easier to debug, and then re-code some of the more CPU-intensive or often-used routines in C for speed.) |
High-level API functions. ldapGadget includes over 30 high-level functions (new ones are constantly being added) that are specifically designed to simplify your tasks. They include time conversion APIs (between GMT and local time, as LDAP uses GMT), base64 data encoding and decoding (such as for dealing with network addresses and GUIDs), file format conversion between LDIF and CSV, and SMTP client functions. |
Novell Universal Password support. ldapGadget can (securely) extract and restore Universal Passwords (UP). You can use It to supplement your NDS/eDirectory object backup or use it to migrate user passwords between trees, without requiring Novell's Identity Manager (IDM) software. The extracted UP information is stored encrypted so the passwords are safe from preying eyes. |
ldapGadget script customization and development support. With our in-depth understanding of eDirectory and LDAP and programming expertise, we can help you in customizing or create new scripts and functions for your specific task requirements, so you can concentrate on the "what" without having to worry about the "how." |
Example 1 The following example script (adopted from clear-net-addresses.txt) illustrates the power and flexibility of ldapGadget. This script reports each of the network address entries found in an User object and then deletes the entire attribute - this is useful when you have stuck addresses and is preventing users from logging in due to concurrent login restrictions. |
Included with ldapGadget is a number of ready-to-use scripts for common and frequently-performed tasks to demonstrate its capabilities. You can use them as templates in designing new scripts. These scripts are written in such a way that, in most cases, all you need is to change some site-specific values (such as LDAP server address, search base, and so on) and they are ready to do the work for you. These customizable variables are grouped together in the "Customization Section" at the top of the script and are heavily commented. Alternatively, there are some ready-to-run applets that you can use instead. |
ldapGadget takes care of all the underlying function initialization (including SSL connection setup if required) and hard work for you. You just need to concentrate on the "big picture" of your desired reporting and management tasks. |
nLDAP.bind() - connects and authenticates to the server nLDAP.search() - performs the search nLDAP.close() - closes the server connection |
Although Novell's ICE utility can handle CSV files but its syntax is not very flexible nor straightforward, especially if you require some non-standard handling of the CSV data. |
ldapGadget can process a CSV file just like it does an LDIF file; you do not need to rework any of your scripts to specifically handle CSV files. ldapGadget includes a number of file conversion functions, and using just two function calls, ldapGadget can convert LDIF to CSV: |
nLDAP.loadLDIF() - reads in a LDIF data file nLDAP.saveAsCSV() - writes data in internal memory to an CSV file |
At the time of this writing, ldapGadget embeds Lua 5.1.3. You can find the manual for Lua 5.1 available on-line. The Lua reference manual is also available in a number of languages. |
Alternatively, you can always send us your enhancement ideas for consideration and implementation; we are like Dumbo and Bugs Bunny: "all (big) ears, all the time!" |
In addition to the official Lua reference material, there is a Lua user wiki where you can find supplementary information and resources on the Lua programming language. In particular, the site provides some good introductory Lua information and a very informative Lua tutorial. |
Easily Automated. ldapGadget is a Win32 console application and executes commands read from (script) files. Therefore, you can easily schedule its execution using any cron-like utility or even Windows's Scheduler to automate your daily reporting tasks. You can easily run ldapGadget as a Win32 service using, for example, Microsoft's srvany (found in the Windows Resource Kit) or XYNTService. |
nLDAP.loadCSV() - reads in a CSV data file nLDAP.saveAsLDIF() - writes data in internal memory to an LDIF file |
or convert a CSV file to LDIF: |
clear-dirxml-associations.txt (Apr 12, 2008), reports and creates a LDIF to clear stuck migrate DirXML association values. |
Using ldapGadget, only three function calls are needed to perform an LDAP search: |
eDirectory Events support. Monitor and report on eDirectory data changes, including login/logout events. Run the script as a Window service and have it email you alerts as necessary. |
mass-password-change.txt (Aug 20, 2008), change password of all users found within a given container. |
report-cert-expiration.txt (Aug 20, 2008), reports on the expiration date - in both GMT and local time - of all the KMO (Public Key certs) in your tree. |
You may prefer to use of one of our ready-to-run gadgets instead of developing your own scripts from scratch or modifying one of the sample scripts. |
Some of the above sample scripts, such as report-cert-expiration.txt, has been turned into ready-to-run gadgets where a GUI, additional features, and error checking has been added. |