Zarafa DB to LDAP user plugin conversion

From Zarafa wiki

(Difference between revisions)
Jump to: navigation, search
(New page: The following script allows you to convert a Zarafa DB plugin to an Active Directory environment. Before you run this script make sure you have a successful backup. <pre> #!/usr/bin/per...)
 
(10 intermediate revisions not shown)
Line 1: Line 1:
-
The following script allows you to convert a Zarafa DB plugin to an Active Directory environment.
+
The following scripts allows you to convert the mailboxes from a local Zarafa DB plugin to an Active Directory environment.
-
Before you run this script make sure you have a successful backup.
+
[[File:Db-to-ldap.zip‎]]
 +
'''Requirements:'''
 +
* Make sure all local Zarafa users are also available in the Active Directory or OpenLDAP directory. The usernames used with the DB plugin, should be the same as the username in AD/LDAP.
 +
* Install the perl module MIME::Base64 and DBI
 +
* Make sure you have a successful backup of the Zarafa database
-
<pre>
+
'''Execution:'''
-
#!/usr/bin/perl -w
+
* Shutdown Zarafa (which is configured for DB plugin)
 +
* Set the user_plugin option in the server.cfg to ldap
 +
* Enable the safe mode by setting the option ''user_safe_mode = yes''
 +
* Run the db-to-ldap-plugin.pl script
 +
* Configure Zarafa for the LDAP plugin
 +
* Start Zarafa (with new LDAP plugin)
 +
* When this script is successfully executed, run the db-upgrade-addressbook-entryids.pl to fix all entries of all email items
 +
* Test if you can still reply internal emails from before the migration
 +
* Test if access to shared mailboxes is still working
 +
* Disable the safe_mode and reload the zarafa-server to activate the change
-
use strict;
 
-
use MIME::Base64;
 
-
use DBI;
 
-
if(@ARGV != 7) {
+
<B>NOTE:</B> This is not officially supported. Zarafa Professional Services can help you with these upgrade processes. The order of execution is very important, the key is to have Zarafa not noticing that the "externid" of the "users" table have changed.
-
        print "Usage: $0 <mysqluser> <mysqlpass> <database> <ldaphost> <ldapbinduser> <ldapbindpass> <ldap_base_dn>\n";
+
-
        exit(1);
+
-
}
+
-
my ($dbuser, $dbpass, $db, $ldaphost, $ldapuser, $ldappass, $ldapbase) = @ARGV;
 
-
my $dbh = DBI->connect("DBI:mysql:database=$db;host=localhost",
+
<B>NOTE:</B> If you want to try this yourself, please try it first in a test environment if you don't then you might end up with all the mailstores unhooked on your production environment.
-
                                $dbuser, $dbpass,
+
-
                                {'RaiseError' => 1});
+
-
 
+
-
open INPUT, "ldapsearch -x -H ldap://$ldaphost -b \"$ldapbase\" -D \"$ldapuser\" -w \"$ldappass\"|";
+
-
 
+
-
my %names;
+
-
my $objectsid;
+
-
 
+
-
while(<INPUT>) {
+
-
        if(/sAMAccountName: (\S+)/) {
+
-
#              print "name: $1\n";
+
-
                $names{$1}->{"objectsid"} = $objectsid;
+
-
        }
+
-
        if(/objectSid:: (\S+)/) {
+
-
#              print "objectSid: " . $dbh->quote(decode_base64($1)) . "\n";
+
-
                $objectsid = decode_base64($1);
+
-
        }
+
-
}
+
-
 
+
-
my $name;
+
-
 
+
-
foreach $name (keys %names) {
+
-
        my $q = $dbh->prepare("SELECT objectid FROM objectproperty WHERE propname='loginname' AND value='$name'");
+
-
        $q->execute;
+
-
 
+
-
        my $rows = $q->rows;
+
-
 
+
-
        if($rows == 1) {
+
-
                # Found a user with username in the database, so now we know the user id
+
-
                $names{$name}->{"userid"} = ($q->fetchrow_array())[0];
+
-
        }
+
-
 
+
-
my ($dbuser, $dbpass, $db, $ldaphost, $ldapuser, $ldappass, $ldapbase) = @ARGV;
+
-
 
+
-
my $dbh = DBI->connect("DBI:mysql:database=$db;host=localhost",
+
-
                                $dbuser, $dbpass,
+
-
                                {'RaiseError' => 1});
+
-
 
+
-
open INPUT, "ldapsearch -x -H ldap://$ldaphost -b \"$ldapbase\" -D \"$ldapuser\" -w \"$ldappass\"|";
+
-
 
+
-
my %names;
+
-
my $objectsid;
+
-
 
+
-
while(<INPUT>) {
+
-
        if(/sAMAccountName: (\S+)/) {
+
-
#              print "name: $1\n";
+
-
                $names{$1}->{"objectsid"} = $objectsid;
+
-
        }
+
-
        if(/objectSid:: (\S+)/) {
+
-
#              print "objectSid: " . $dbh->quote(decode_base64($1)) . "\n";
+
-
                $objectsid = decode_base64($1);
+
-
        }
+
-
}
+
-
 
+
-
my $name;
+
-
 
+
-
foreach $name (keys %names) {
+
-
        my $q = $dbh->prepare("SELECT objectid FROM objectproperty WHERE propname='loginname' AND value='$name'");
+
-
        $q->execute;
+
-
 
+
-
        my $rows = $q->rows;
+
-
 
+
-
        if($rows == 1) {
+
-
                # Found a user with username in the database, so now we know the user id
+
-
                $names{$name}->{"userid"} = ($q->fetchrow_array())[0];
+
-
        }
+
-
}
+
-
 
+
-
foreach $name (keys %names) {
+
-
        print "# $name\n";
+
-
        print "UPDATE users SET externid=" . $dbh->quote($names{$name}->{"objectsid"}) . " WHERE id=" . $names{$name}->{"userid"} . ";\n";
+
-
 
+
-
</pre>
+

Latest revision as of 07:48, 24 December 2012

The following scripts allows you to convert the mailboxes from a local Zarafa DB plugin to an Active Directory environment.

File:Db-to-ldap.zip

Requirements:

  • Make sure all local Zarafa users are also available in the Active Directory or OpenLDAP directory. The usernames used with the DB plugin, should be the same as the username in AD/LDAP.
  • Install the perl module MIME::Base64 and DBI
  • Make sure you have a successful backup of the Zarafa database

Execution:

  • Shutdown Zarafa (which is configured for DB plugin)
  • Set the user_plugin option in the server.cfg to ldap
  • Enable the safe mode by setting the option user_safe_mode = yes
  • Run the db-to-ldap-plugin.pl script
  • Configure Zarafa for the LDAP plugin
  • Start Zarafa (with new LDAP plugin)
  • When this script is successfully executed, run the db-upgrade-addressbook-entryids.pl to fix all entries of all email items
  • Test if you can still reply internal emails from before the migration
  • Test if access to shared mailboxes is still working
  • Disable the safe_mode and reload the zarafa-server to activate the change


NOTE: This is not officially supported. Zarafa Professional Services can help you with these upgrade processes. The order of execution is very important, the key is to have Zarafa not noticing that the "externid" of the "users" table have changed.


NOTE: If you want to try this yourself, please try it first in a test environment if you don't then you might end up with all the mailstores unhooked on your production environment.

Personal tools