Zarafa DB to LDAP user plugin conversion

From Zarafa wiki

(Difference between revisions)
Jump to: navigation, search
(7 intermediate revisions not shown)
Line 1: Line 1:
-
The following script allows you to convert the mailboxes from a local Zarafa DB plugin to an Active Directory environment.
+
The following scripts allows you to convert the mailboxes from a local Zarafa DB plugin to an Active Directory environment.
 +
 
 +
[[File:Db-to-ldap.zip‎]]
'''Requirements:'''
'''Requirements:'''
-
- Make sure all local Zarafa users are also available in the Active Directory
+
* Make sure all local Zarafa users are also available in the Active Directory or OpenLDAP directory. The usernames used with the DB plugin, should be the same as the username in AD/LDAP.
-
- Install the perl module MIME::Base64 and DBI
+
* Install the perl module MIME::Base64 and DBI
-
- Make sure you have a successful backup of the Zarafa database
+
* Make sure you have a successful backup of the Zarafa database
-
 
+
-
 
+
-
<pre>
+
-
#!/usr/bin/perl -w
+
-
 
+
-
use strict;
+
-
use MIME::Base64;
+
-
use DBI;
+
-
 
+
-
if(@ARGV != 7) {
+
-
        print "Usage: $0 <mysqluser> <mysqlpass> <database> <ldaphost> <ldapbinduser> <ldapbindpass> <ldap_base_dn>\n";
+
-
        exit(1);
+
-
}
+
-
 
+
-
my ($dbuser, $dbpass, $db, $ldaphost, $ldapuser, $ldappass, $ldapbase) = @ARGV;
+
-
 
+
-
my $dbh = DBI->connect("DBI:mysql:database=$db;host=localhost",
+
-
                                $dbuser, $dbpass,
+
-
                                {'RaiseError' => 1});
+
-
 
+
-
open INPUT, "ldapsearch -x -H ldap://$ldaphost -b \"$ldapbase\" -D \"$ldapuser\" -w \"$ldappass\"|";
+
-
 
+
-
my %names;
+
-
my $objectsid;
+
-
 
+
-
while(<INPUT>) {
+
-
        if(/sAMAccountName: (\S+)/) {
+
-
#              print "name: $1\n";
+
-
                $names{$1}->{"objectsid"} = $objectsid;
+
-
        }
+
-
        if(/objectSid:: (\S+)/) {
+
-
#              print "objectSid: " . $dbh->quote(decode_base64($1)) . "\n";
+
-
                $objectsid = decode_base64($1);
+
-
        }
+
-
}
+
-
 
+
-
my $name;
+
-
 
+
-
foreach $name (keys %names) {
+
-
        my $q = $dbh->prepare("SELECT objectid FROM objectproperty WHERE propname='loginname' AND value='$name'");
+
-
        $q->execute;
+
-
 
+
-
        my $rows = $q->rows;
+
-
 
+
-
        if($rows == 1) {
+
-
                # Found a user with username in the database, so now we know the user id
+
-
                $names{$name}->{"userid"} = ($q->fetchrow_array())[0];
+
-
        }
+
-
 
+
-
my ($dbuser, $dbpass, $db, $ldaphost, $ldapuser, $ldappass, $ldapbase) = @ARGV;
+
-
 
+
-
my $dbh = DBI->connect("DBI:mysql:database=$db;host=localhost",
+
-
                                $dbuser, $dbpass,
+
-
                                {'RaiseError' => 1});
+
-
 
+
-
open INPUT, "ldapsearch -x -H ldap://$ldaphost -b \"$ldapbase\" -D \"$ldapuser\" -w \"$ldappass\"|";
+
-
 
+
-
my %names;
+
-
my $objectsid;
+
-
 
+
-
while(<INPUT>) {
+
-
        if(/sAMAccountName: (\S+)/) {
+
-
#              print "name: $1\n";
+
-
                $names{$1}->{"objectsid"} = $objectsid;
+
-
        }
+
-
        if(/objectSid:: (\S+)/) {
+
-
#              print "objectSid: " . $dbh->quote(decode_base64($1)) . "\n";
+
-
                $objectsid = decode_base64($1);
+
-
        }
+
-
}
+
-
 
+
-
my $name;
+
-
foreach $name (keys %names) {
+
'''Execution:'''
-
        my $q = $dbh->prepare("SELECT objectid FROM objectproperty WHERE propname='loginname' AND value='$name'");
+
* Shutdown Zarafa (which is configured for DB plugin)
-
        $q->execute;
+
* Run the db-to-ldap-plugin.pl script
 +
* Configure Zarafa for the LDAP plugin
 +
* Start Zarafa (with new LDAP plugin)
 +
* When this script is successfully executed, run the db-upgrade-addressbook-entryids.pl to fix all entries of all email items
 +
* Test if you can still reply internal emails from before the migration
 +
* Test if access to shared mailboxes is still working
-
        my $rows = $q->rows;
 
-
        if($rows == 1) {
+
<B>NOTE:</B> This is not officially supported. Zarafa Professional Services can help you with these upgrade processes. The order of execution is very important, the key is to have Zarafa not noticing that the "externid" of the "users" table have changed.
-
                # Found a user with username in the database, so now we know the user id
+
-
                $names{$name}->{"userid"} = ($q->fetchrow_array())[0];
+
-
        }
+
-
}
+
-
foreach $name (keys %names) {
 
-
        print "# $name\n";
 
-
        print "UPDATE users SET externid=" . $dbh->quote($names{$name}->{"objectsid"}) . " WHERE id=" . $names{$name}->{"userid"} . ";\n";
 
-
</pre>
+
<B>NOTE:</B> If you want to try this yourself, please try it first in a test environment if you don't then you might end up with all the mailstores unhooked on your production environment.

Revision as of 08:08, 29 March 2012

The following scripts allows you to convert the mailboxes from a local Zarafa DB plugin to an Active Directory environment.

File:Db-to-ldap.zip

Requirements:

  • Make sure all local Zarafa users are also available in the Active Directory or OpenLDAP directory. The usernames used with the DB plugin, should be the same as the username in AD/LDAP.
  • Install the perl module MIME::Base64 and DBI
  • Make sure you have a successful backup of the Zarafa database

Execution:

  • Shutdown Zarafa (which is configured for DB plugin)
  • Run the db-to-ldap-plugin.pl script
  • Configure Zarafa for the LDAP plugin
  • Start Zarafa (with new LDAP plugin)
  • When this script is successfully executed, run the db-upgrade-addressbook-entryids.pl to fix all entries of all email items
  • Test if you can still reply internal emails from before the migration
  • Test if access to shared mailboxes is still working


NOTE: This is not officially supported. Zarafa Professional Services can help you with these upgrade processes. The order of execution is very important, the key is to have Zarafa not noticing that the "externid" of the "users" table have changed.


NOTE: If you want to try this yourself, please try it first in a test environment if you don't then you might end up with all the mailstores unhooked on your production environment.

Personal tools