{ "info": { "author": "Jeff Katcher, Brian Hodges", "author_email": "dp@nowhere.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 5 - Production/Stable", "Environment :: Console", "Intended Audience :: Customer Service", "Intended Audience :: Developers", "Intended Audience :: Education", "Intended Audience :: End Users/Desktop", "Intended Audience :: Information Technology", "Intended Audience :: Science/Research", "Intended Audience :: System Administrators", "License :: OSI Approved :: Apache Software License", "Natural Language :: English", "Operating System :: MacOS :: MacOS X", "Operating System :: POSIX", "Operating System :: POSIX :: Linux", "Operating System :: POSIX :: Other", "Operating System :: Unix", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: Implementation :: CPython", "Programming Language :: Unix Shell", "Topic :: Software Development :: Libraries :: Python Modules", "Topic :: System :: Systems Administration", "Topic :: Utilities" ], "description": "ad2openldap - IDMAP for Linux replicated from AD\n================================================\n\nWhy ad2openldap ?\n-----------------\n\nad2openldap is a lightweight replicator for user, group and netgroup information from Microsoft\nActive Directory into an OpenLDAP server to serve as Unix IDMAP solution. The original version was\ndeveloped at Fred Hutch in 2010 to overcome frustrations with slow and unreliable Linux LDAP\nconnectivity to Active Directory and to isolate badly behaving HPC scripts (\"fork bombs\") from\ncritical AD infrastructure.\n\nad2openldap in 2018 and beyond\n------------------------------\n\nIn 2017 we observed that newer solutions have grown in complexity (SSSD, Centrify) but have not been\nable to match ad2openldap in performance and reliability (SSSD). As we are migrating more services\nto cloud we continue to benefit from LDAP caches/replicas that provide low latency ldap services and\nad2openldap continues to be a critical piece of infrastructure on more than 2000 servers/compute\nnodes on premise and in AWS and Google cloud. We decided to port the tool to Python3, add an easy\ninstaller via pip3 and test it on newer OS. We hope it will be as useful to others as it is to us.\n\nInstallation\n------------\n\nUbuntu\n^^^^^^\n\nOn Ubuntu you will be prompted for an new LDAP Administrator password. please remember this\npassword.\n\n::\n\n sudo apt install -y python3-pip slapd\n sudo pip3 install ad2openldap\n\nRHEL/CentOS 6 (untested in 2018)\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\n::\n\n sudo yum -y install epel-release\n sudo yum -y install python34 python34-setuptools python34-devel gcc slapd\n sudo easy_install-3.4 pip\n sudo pip3 install ad2openldap\n\nRHEL/CentOS 7 (untested in 2018)\n^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^\n\n::\n\n sudo yum -y install python??\n sudo pip3 install ad2openldap\n\nConfiguration\n-------------\n\n/etc/ad2openldap/ad2openldap.conf requires these minimum settings:\n\n::\n\n # openldap adimistrator password (you set this during installation)\n bind_dn_password: ChangeThisLocalAdminPassword12345\n # AD service account (userPrincipalName aka UPN)\n ad_account: ldap@example.com\n # password for AD service account\n ad_account_password: ChangeThisPassword\n # AD LDAP URL of one of your domain controllers\n ad_url: ldap://dc.example.com\n # The base DN to use from Active Directory, under which objects are retrieved.\n ad_base_dn: dc=example,dc=com\n\nexecute the setup script and enter items when prompted\n\n::\n\n ad2openlap3 setup\n\nthen create a cronjob in file /etc/cron.d/ad2openldap that runs ca. every 15 min\n\n::\n\n SHELL=/bin/bash\n MAILTO=alertemail@institute.org\n */15 * * * * root /usr/local/bin/ad2openldap3 deltasync\n --dont-blame-ad2openldap -v >>/var/log/ad2openldap/ad2openldap.log 2>&1 ;\n /usr/local/bin/ad2openldap3 healthcheck -N username\n\nIt is strongly recommended to up the default open files limit for slapd to at least 8192\n\n::\n\n echo \u201culimit -n 8192\u201d >> /etc/default/slapd (or /etc/defaults/slapd depending on distribution)\n\nTroubleshooting\n---------------\n\nUse the --verbose flag to log to STDOUT/STDERR.\n\nThe AD dumps and diffs are in /tmp by default:\n\n::\n\n ad_export.ldif - current dump\n ad_export.ldif.0 - last dump\n ad_export_delta.diff - computed differences between these files\n\nPossible failure modes are:\n\nLDAP server failure - needs restart, possibly followed by forced full update if corrupt or\nincomplete\n\nFirewall block still improperly active - look at update script for removal syntax (this failure is\nvery unlikely given the current process)\n\nBad or conflicting AD entities - a forced full update should remedy this\n\nIn the event that an incremental update is not possible or bypassed using the command line parameter\n'--fullsync', a full update will instead occur.\n\nA full update:\n\n- Dumps groups, users and NIS group entities from AD\n- Locks out remote access to the LDAP server via the firewall\n- Shuts down the LDAP server\n- Writes a new blank database using the LDIF template\n- Directly imports AD dump into database\n- Restarts LDAP server\n- Removes firewall block on LDAP server\n", "description_content_type": "", "docs_url": null, "download_url": "https://github.com/FredHutch/ad2openldap/tarball/1.0.2", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/FredHutch/ad2openldap", "keywords": "ldap", "license": "", "maintainer": "", "maintainer_email": "", "name": "ad2openldap", "package_url": "https://pypi.org/project/ad2openldap/", "platform": "", "project_url": "https://pypi.org/project/ad2openldap/", "project_urls": { "Download": "https://github.com/FredHutch/ad2openldap/tarball/1.0.2", "Homepage": "https://github.com/FredHutch/ad2openldap" }, "release_url": "https://pypi.org/project/ad2openldap/1.0.2/", "requires_dist": null, "requires_python": "", "summary": "ad2openldap is a lighweight Active Directory to Openldap replicator that helps replacing an IAM solution such as Centrify", "version": "1.0.2" }, "last_serial": 4346041, "releases": { "1.0.1.4": [ { "comment_text": "", "digests": { "md5": "45735fd9a5d7a3af07c56a74266659d7", "sha256": "5f4af898e4d85db30c9a95a4fe2574aa889c59a081b0c39db8b9d3273855aa44" }, "downloads": -1, "filename": "ad2openldap-1.0.1.4.tar.gz", "has_sig": false, "md5_digest": "45735fd9a5d7a3af07c56a74266659d7", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 33304, "upload_time": "2018-04-15T02:14:39", "url": "https://files.pythonhosted.org/packages/79/b4/e0c9edeb7a17b921af5eea1eb3aec3e9bd468265f2b9bb9b59f6f9bad2a6/ad2openldap-1.0.1.4.tar.gz" } ], "1.0.2": [ { "comment_text": "", "digests": { "md5": "9ce5db4633b6a8514c21ab1d92ab835e", "sha256": "a202e236d1504649f3017f5d9a3adb68e509a79c733fba12080e0b1ea1dab3db" }, "downloads": -1, "filename": "ad2openldap-1.0.2.tar.gz", "has_sig": false, "md5_digest": "9ce5db4633b6a8514c21ab1d92ab835e", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 34001, "upload_time": "2018-10-05T21:49:30", "url": "https://files.pythonhosted.org/packages/32/5c/5a095d11c401d86b8a0b2f6caae60c125cd97d4c3c6c6b6d94f64356deb2/ad2openldap-1.0.2.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "9ce5db4633b6a8514c21ab1d92ab835e", "sha256": "a202e236d1504649f3017f5d9a3adb68e509a79c733fba12080e0b1ea1dab3db" }, "downloads": -1, "filename": "ad2openldap-1.0.2.tar.gz", "has_sig": false, "md5_digest": "9ce5db4633b6a8514c21ab1d92ab835e", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 34001, "upload_time": "2018-10-05T21:49:30", "url": "https://files.pythonhosted.org/packages/32/5c/5a095d11c401d86b8a0b2f6caae60c125cd97d4c3c6c6b6d94f64356deb2/ad2openldap-1.0.2.tar.gz" } ] }