kdb-uidextract

Name

kdb-uidextract — Helper for creating a gromox-kdb2mt ACL map

Synopsis

python /usr/libexec/gromox/kdb-uidextract

Description

kdb-uidextract is a Python script utilizing python-kopano bindings to read user object descriptions off a Kopano installation and produce a user listing suitable for consumption by the gromox-kdb2mt --user-map option.

This script is meant to be executed on a live Kopano system and does not rely on Gromox components at all.

kdb-uidextract first queries the server on the current machine for all participating Kopano servers in the cluster. This requires that all Kopano servers accept TLS connections (/etc/kopano/server.cfg:server_ssl_port, server_ssl_key_file, sslkeys_path) and have authentication keys set up for the SYSTEM account (in the directory specified by sslkeys_path).

The resulting map for kdb2mt is printed to stdout.

Options

This program offers no command-line options.

Files

By way of the kopano Python module, /etc/kopano/admin.cfg is sourced for TLS certificate parameters. Confer with the kopano-admin.cfg(5) manpage.

Format

The output is a JSON file containing an array of user objects. Each user object is a dictionary with zero or more attributes; these can be:

"na": username
"sv": server GUID, represented as 16 ASCII characters, case-insensitive
"st": store GUID, represented as 16 ASCII characters, case-insensitive
"id": per-database(!) numeric user ID
"em": e-mail address associated with the Kopano account
"to": e-mail address that gromox-kdb2mt(8) should map the Kopano user to

null values and empty strings are allowed. Take note that in multi-server Kopano installations, every LDAP user will appear in all the kopano-server databases, and with generally different user IDs.

[
 {"em": "[email protected]", "na": "boss", "sv":
"0123456789abcdef0123456789abcdef", "st": "0123456789abcdef0123456789abcdef",
"to": "[email protected]", "id": 3},
 {"em": "[email protected]", "na": "boss", "sv":
"123456789abcdef0123456789abcdef0", "st": "0123456789abcdef0123456789abcdef",
"to": "[email protected]", "id": 91}
]