Reminder: Do not include any PHI or PII in Confluence. If you require 508 accessibility assistance or any other support for this system, then please send an email to onc-jira-questions@healthit.gov
Table of Contents |
---|
Introduction
The LDAP Loader utility creates and (optionally) loads deployment-specific LDAP Data Interchange Format (LDIF) files.
The user is required to specify the target deployment domain at runtime, as explained below.
Command Line
The utility is invoked on the command line:
$ ./ldaploader.sh --help
Usage:
ldaploader [--help --bdn <dn> --bps <password> -d <name> -i <path> -l|+l --dn <dn> --ol <path>]
--help Print help information.
--bdn (--binddn) dn Distinguished name to use when binding to a LDAP service.
--bps (--bindpass) password Password to use when binding to a LDAP service.
-d (--domain) name Domain name to load LDAP data for.
-i (--in) path Path to the input directory or archive file from which to read certificates/keys.
-l (-load) Whether to load LDAP entries.
--dn (--loaddn) dn Distinguished name to load the LDAP entries into.
--ol (--outldifs) path Path to the output directory into which to write parsed LDIF files.
Required Options
-d (--domain) name Domain name to load data for.
Optional Options
--bdn (--binddn) dn Distinguished name to use when binding to a LDAP service.
...
- The default value of the --ol (--outldifs) option is: <script path>/../out/ldaploader/ldif
Example
$ ./ldaploader.sh -d localhost
Wrote 10 LDIF entries to file: out/ldaploader/ldif/default.ldif
Loaded 9 LDIF (path=utils/ldaploader/ldif/default.ldif) entries into LDAP service (ldap://ldap.localhost:10389/).
Wrote 4 LDIF entries to file: out/ldaploader/ldif/domain2ldap1.ldif
Loaded 4 LDIF (path=utils/ldaploader/ldif/domain2ldap1.ldif) entries into LDAP service (ldap://ldap.localhost:11389/).
Deployment
- Note: The LDAP Loader utility always performs a minimum amount of changes (if loading is enabled).
- The LDIF files are generated by performing a diff between a set of complete/template files and the existing entries in the target LDAP service(s).
- If an entry with a matching Distinguished Name (DN) already exists, it is modified.
- If an entry attribute already exists, its value is overwritten, unless the bytes of the existing/loading values are equivalent. If this is the case, the entry attribute is altogether excluded from the resulting LDIF file(s).