Inactivate users based on a LDAP GROUP for IBM Connections

One of our Connections customers has the following as a requirement:

Inactivate users based on LDAP GROUP

Solution


The solution I found was to create a text file based on LDAP group and run sync_all_dns.sh command and then run the command delete_or_inactivate_employees.sh

The java program


The class bellow read the LDAP and verify if the user is a member of the group. I not found good information on how to use the ITDS API to check if a user is a member of a group, so i need to do it "manually".

import java.io.BufferedWriter;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileWriter;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Properties;
import javax.naming.ldap.InitialLdapContext;

import javax.naming.*;

import javax.naming.directory.*;

public class GroupSearch

{

     public static boolean compara(String nome, ArrayList grupo) {

             
             boolean blnFound = grupo.contains(nome.toUpperCase());
             
             return blnFound;
     }

     @SuppressWarnings({ "rawtypes", "unchecked" })
     public static void main(String args[])

     {

             InitialLdapContext ctx = null;

             Hashtable hashtable null;
             
             Properties prop = new Properties();
               
                             
             try

             {
                     //load a properties file
                 prop.load(new FileInputStream("config.properties"));

            //get the property value and print it out
       
                 String url = "ldap://"+prop.getProperty("server");
                 String username = prop.getProperty("username");
                 String password = prop.getProperty("password");
                 String base = prop.getProperty("base");
                 String groupName = prop.getProperty("groupFilter");
                 String userFilter = prop.getProperty("userFilter");

                     // Set up LDAP config settings

                     hashtable = new Hashtable();

                     hashtable.put("java.naming.ldap.version", "3");

                     hashtable.put("java.naming.factory.initial",
                                     "com.sun.jndi.ldap.LdapCtxFactory");

                     hashtable.put("java.naming.security.authentication", "Simple");

                     hashtable.put("java.naming.referral", "follow");

                     hashtable.put("java.naming.provider.url", url);

                     hashtable.put("java.naming.security.principal", username);

                     hashtable.put("java.naming.security.credentials", password);

                     // Make LDAP connection

                     ctx = new InitialLdapContext(hashtable, null);

                     System.out.println("Connection established");

                     // Set up Search Controls"

                     SearchControls sc = new SearchControls();
                     SearchControls gc = new SearchControls();

                     sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
                     gc.setSearchScope(SearchControls.SUBTREE_SCOPE);
                     
                     sc.setReturningAttributes(new String [] { "uid","sn","cn"});

                     // perform search on directory
                     System.out.println("Searching the directory please wait.");
                     NamingEnumeration results = ctx.search(base,userFilter,sc);
                     NamingEnumeration groupResult = ctx.search(base,groupName, gc);
                     
                     // loop until we have gotten all entries returned by search

                     // Arraylist with group members

                     ArrayList members = new ArrayList();
                     while (groupResult.hasMore()) {

                             SearchResult gr = (SearchResult) groupResult.next();
                     

                             Attributes gattrs = gr.getAttributes();
                             NamingEnumeration gattrsList = gattrs.getAll();

                             while (gattrsList.hasMore()) {

                                     Attribute gatribute = (Attribute) gattrsList.next();
                                     NamingEnumeration values = gatribute.getAll();

                                     while (values.hasMore()) {

                                             members.add(values.next().toString().toUpperCase());

                                     }

                             }

                     }
                     // dump users to file
                     System.out.println("File createdrn BUILD SUCCESSFUL");
                     File file = new File ("delete_or_inactivate_employees.in");
                     if (!file.exists()){
                             file.createNewFile();
                     }
                     FileWriter fw = new FileWriter (file.getAbsoluteFile());
                     BufferedWriter bw = new BufferedWriter(fw);
                     
                     while (results.hasMore())

                     {

                             // get the SearchResult object

                             SearchResult sr = (SearchResult) results.next();
                             Attributes attributes=sr.getAttributes();
                             Attribute shortName = attributes.get("sn");
                             //ouptput DN of entry
                             
                             
                             String nome = sr.getName().toString()+","+base;
                             Attribute userName = attributes.get("uid");
                         String usuario = userName.toString();
                         
                                //IF A USER ARE ON THE GROUP WRITE TO FILE                                
                             if (compara(nome,members)){
                                             
                                     String dn = usuario.replace("uid: ", "$dn:uid=")+","+base+"rn";
                                     String cnshortName.toString().replace("sn: ","uid:")+"rn"+"."+"rn";
                                     bw.write(dn+cn);                
                             }
                                     
                     }

                     bw.close();        
                                             
                     // Close the connection to LDAP

                     ctx.close();

             }

             catch (Exception ex)

             {

                     System.out.println("EXCEPTION = " + ex.toString());

             }

     }

}

Configuration

The file config.properties set the parameters. GroupFilter is the filter for the desired group and userFilter is the filter to search for users on the ldap server. This filter must be the same used on the profiles_tdi.properties to avoid problems.

This file must be on the same folder of ExportLdap.jar

The file must have the following lines:

Server=
username=
password=
base=
groupFilter=
userFilter=

I put the files ExportLdap.jar and config.properties on /Wizards/TDIPopulation/linux/TDI

For example :

server=yourldapserver:389
username=cn=root
password=
base=
groupFilter=(&(objectclass=groupOfUniqueNames)(cn=DenyGroup))
userFilter=  (&(uid=*)(objectclass=inetOrgPerson))

Running the solution

Put the files config.properties and ExportLdap.jar in the folder:

/Wizards/TDIPopulation/linux/TDI

Run the  script sync_all_dns.sh

Run java –jar ExportLdap.jar

the program will genereate the file  delete_or_inactivate_employees.in

The final step run ./delete_or_inactivate_employees.sh script