##############################################################
# Copy members from Lotus Domino groups to Tivoli LDAP groups.
##############################################################
puts "\n executing [info script]\n"
# make script drive independent.
set drive [lindex [file split [info script]] 0 ]
puts "\n proclib = $drive/scripts/TCL/proclib"
source [ file join $drive /scripts/TCL/proclib/checkFile_proc.tcl ]
source [ file join $drive /scripts/TCL/proclib/smtp_proc.tcl ]
source [ file join $drive /scripts/TCL/proclib/netSend_proc.tcl ]
source [ file join $drive /scripts/TCL/proclib/reportHeader_proc.tcl ]
package require ldap
###########################################
# Get the members of the group from Lotus
# For each Lotus member get the UID
# Get the base dn of the groups in ldap
# Get the base dn of the corresponding member in ldap
# Update the ldap group.
###########################################
proc replicateGroups { groupList s1 s2 bindDn pw reportFileId attr } {
global sourceServer
global targetServer
# group membership information is returned as given name and surname.
# Get the uid using given name and surname.
foreach { x } $groupList {
puts [ format "\n%-30s %s" { } {***********} ]
puts $reportFileId [ format "\n%-30s %s" { } {***********} ]
puts "\nMapping persons from \"[lindex $x 0 ]\" on Lotus to \"[lindex $x 1 ]\"\.\n"
puts $reportFileId "\nMapping persons from \"[lindex $x 0 ]\" on Lotus to \"[lindex $x 1 ]\"\.\n"
set sourceGroupCn (cn=[lindex $x 0 ])
# search from the root dse by using a null string for the base option.
if { [ catch { ldap::search $sourceServer "" "$sourceGroupCn" {member} } r ] == 0 } {
# search returns null if no matches.
foreach i [ lindex $r 0 1 1 ] {
set cn [ string trimright $i {,o=ABC} ]
set uid [ lindex [ ldap::search $sourceServer "o=ABC" ($cn) {uid} ] 0 1 1 ]
# Lotus Notes Ldap groups may contain members that no longer exist in Lotus Schema hence uid may be null string.
if { [ string is space -strict $uid ] == 1 || $uid == {} } {
puts $reportFileId "############### Error"
puts $reportFileId "############### $cn does not exist in Lotus Notes"
} else {
lappend cnList cn\=$uid
unset uid
}
}
} else {
puts "r = $r"
puts $reportFileId $r
return -code error $r
}
# skip this loop if the source group is null(not found).
if { [ info exist cnList ] == 1 } {
# build ldap entry for the IBM ldap group
set targetGroupCn (cn=[lindex $x 1 ])
# get the full dn of the target group.
set baseDnGroup [ lindex [ ldap::search $targetServer "o=ABC,dc=com.au,c=au" "$targetGroupCn" {cn} ] 0 0 ]
# call proc process person to move members to group.
processPerson $reportFileId $baseDnGroup $cnList $attr
} else {
puts "\n$sourceGroupCn does not exist on Lotus server $s1\."
puts $reportFileId "\n$sourceGroupCn does not exist on ldap server $s1\."
}
}
}
###########################################
# Get the members of the group from Lotus
# For each Lotus member get the UID
###########################################
proc processPerson { reportFileId baseDnGroup cnList attr } {
global sourceServer
global targetServer
foreach i $cnList {
# get the full dn of the target person.
# we assume that the target person is already in the ldap schema but not in the group.
# NB the cn of the target person must be unique in the schema.
# NB the cn must exist in the schema.
set baseDnPerson [ lindex [ ldap::search $targetServer "o=ABC,dc=com.au,c=au" "($i)" {cn}] 0 0 ]
if { [ string is space -strict $baseDnPerson ] == 1 || $baseDnPerson == {} } {
puts $reportFileId "\n############### Error"
puts $reportFileId "############### $i does not exist in IBM Ldap"
} else {
# check whether the person is already a member of the group
set memberOf [ lindex [ ldap::search $targetServer "o=ABC,dc=com.au,c=au" "($i)" {ibm-allGroups} ] 0 1 1 ]
if { [ lsearch -regexp $memberOf "(?ni)$baseDnGroup" ] != -1 } {
puts "\nEntry $baseDnPerson is already a member of $baseDnGroup"
puts $reportFileId "\nEntry $baseDnPerson is already a member of $baseDnGroup"
} else {
puts "\nAdd $baseDnPerson to $baseDnGroup"
puts $reportFileId "\nAdd $baseDnPerson to $baseDnGroup"
puts "\nldap::modify $targetServer $baseDnGroup {} {} [ list $attr $baseDnPerson ] "
if { [ catch { [ ldap::modify $targetServer $baseDnGroup {} {} [ list $attr $baseDnPerson ] ] } r ] == 0 } {
puts "\n$baseDnPerson added to $baseDnGroup"
puts $reportFileId "\n$baseDnPerson added to $baseDnGroup"
} else {
puts "\n$r"
puts $reportFileId "\n$r"
}
}
}
}
}
###########################################
# Email Report
###########################################
proc emailReport { reportFile reportFileId } {
flush $reportFileId
set computerName $::env(COMPUTERNAME)
set subject "$computerName - Lotus - LDAP Replication"
sendSimpleMessage youremail@xxx.com $subject $reportFile
}
######################################
# Control Section.
######################################
######################################
# Set Variables
######################################
set fileDate [ clock format [ clock seconds ] -format %Y-%m-%d_%H.%M.%S ]
set reportFile [ file join $drive reports/ldap/lotusReplicationGroups_$fileDate\.txt ]
set s1 xxxxxxx
set s2 yyyyyyy
set bindDn "cn=frrfr"
set pw password
set attr uniqueMember
puts "\ns1 = $s1"
puts "s2 = $s2\n"
puts "reportfile = $reportFile\n"
######################################
# Report Header.
######################################
set reportFileId [ open $reportFile w ]
set header "$::env(COMPUTERNAME) - Lotus LDAP Replication"
set baseDN "ou=ldapgroups,o=ABC,dc=com.au,c=au"
reportHeader $reportFileId $header $reportFile
# map the Lotus Roles to the LDAP groups
lappend groupList [ list "DominoGroup 1" LdapGroup1 ]
lappend groupList [ list "DominoGroup 2" LdapGroup2 ]
lappend groupList [ list "DominoGroup 3" LdapGroup3 ]
lappend groupList [ list "DominoGroup 4" LdapGroup4 ]
# connect to ldap
set sourceServer [ ldap::connect $s1 389 ]
::ldap::bind $sourceServer
set targetServer [ ldap::connect $s2 389 ]
::ldap::bind $targetServer $bindDn $pw
global sourceServer
global targetServer
######################################
# Extract dominoPersons from Lotus.
######################################
if { [ catch { replicateGroups $groupList $s1 $s2 $bindDn $pw $reportFileId $attr } r ] == 0 } {
puts "\nr = $r"
} else {
puts "\n = $r"
puts $reportFileId \n$r
}
::ldap::unbind $sourceServer
::ldap::unbind $targetServer
::ldap::disconnect $sourceServer
::ldap::disconnect $targetServer
emailReport $reportFile $reportFileId
close $reportFileId
######################################
# END.
######################################
