kdb-uidextract — Helper for creating a gromox-kdb2mt ACL map


python /usr/libexec/gromox/kdb-uidextract


kdb-uidextract is a Python script utilizing python-kopano bindings to read user object descriptions off a Kopano installation and produce a user listing suitable for consumption by the gromox-kdb2mt --user-map option.

This script is meant to be executed on a live Kopano system and does not rely on Gromox components at all.

kdb-uidextract first queries the server on the current machine for all participating Kopano servers in the cluster. This requires that all Kopano servers accept TLS connections (/etc/kopano/server.cfg:server_ssl_port, server_ssl_key_file, sslkeys_path) and have authentication keys set up for the SYSTEM account (in the directory specified by sslkeys_path).

The resulting map for kdb2mt is printed to stdout.


This program offers no command-line options.


By way of the kopano Python module, /etc/kopano/admin.cfg is sourced for TLS certificate parameters. Confer with the kopano-admin.cfg(5) manpage.


The output is a JSON file containing an array of user objects. Each user object is a dictionary with zero or more attributes; these can be:

  • "na": username

  • "sv": server GUID, represented as 16 ASCII characters, case-insensitive

  • "st": store GUID, represented as 16 ASCII characters, case-insensitive

  • "id": per-database(!) numeric user ID

  • "em": e-mail address associated with the Kopano account

  • "to": e-mail address that gromox-kdb2mt(8) should map the Kopano user to

null values and empty strings are allowed. Take note that in multi-server Kopano installations, every LDAP user will appear in all the kopano-server databases, and with generally different user IDs.

 {"em": "[email protected]", "na": "boss", "sv":
"0123456789abcdef0123456789abcdef", "st": "0123456789abcdef0123456789abcdef",
"to": "[email protected]", "id": 3},
 {"em": "[email protected]", "na": "boss", "sv":
"123456789abcdef0123456789abcdef0", "st": "0123456789abcdef0123456789abcdef",
"to": "[email protected]", "id": 91}

See also

gromox(7), gromox-kdb2mt(8gx), kdb-uidextract-limited(8)