Thursday, April 30, 2009


Very slowly catching up...

A few years ago, I wrote a script that I called ldapsync that compares and synchronizes two LDAP servers. The options are designed to mirror the ones used by OpenLDAP's tools.
ldapsync [options]

--simpleauth -x Use simple authentication (default)
--binddn -D Secify the Distinguished Name to bind to LDAP
--secret -w Specify the password
--secretfile -y Specify a file to read for a password
--ldapuri -H Specify the URI of the LDAP server
--searchbase -b Specify search base
--filter -F Search filter
--scope -s Search scope (base, one, or sub)
--tls -Z[Z] Try StartTLS (use twice to require TLS)
--dryrun -n Show what changes would be made
--help -h Help message
--verbose -v Be more verbose
--debug -d Turn on debugging
So to compare server1 with server2, you might use a command like this:
    ldapsync -n -x -b dc=example,dc=com \
-H ldap://server1 \
-H ldap://server2
Reality is probably a lot more complicated than that, but you get the idea...

Anyway, the script is useful as-is, but it is probably not complete. Maybe it will be useful to someone else...