Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: ldap-sync command example
Markdown
If you use a configuration file, you can specify the options for the console command directly.
You can then save these newly created files under /i-doit/src/handler/config/ for example.

This saves you from typing the password in plain text. into the console.
The [Console Command][1] uses .ini files.
The [Controller Command][6] uses .inc.php files. However, this method is outdated and should not be used.

The configuration file is used with `--config /path/to/config.ini` or with `-c /path/to/config.ini`

## The structure of the .ini

```ini
[commandArguments]
```
Currently none available.

```ini
[commandOptions]
user=admin
password=pass
tenantId=1
```  

Here you can add the options of the Console Command. These options must be written in the "long form".
For more options see [Optionen und Parameter der Console][1].

```ini
[additional]
```

Special parameters are entered below.
At the moment these are available for the [ldapServerId][4] and for [import-syslog][7].




## Example for the command [search-index][2]

First the .ini file has to be created.
We use here additionally [update][2] to overwrite and create the search index.
Additionally we use [quiet][2] to shorten the output and save some memory, which can be used for indexing.

```ini
[commandArguments]
[commandOptions]
user=admin
password=pass
tenantId=1
update
quiet
[additional]
```

To use the configuration we execute the console command and specify the path to the configuration file with `--config` or `-c`.
  
```bash
sudo -u www-data php console.php search-index -c /var/www/html/i-doit/src/handler/config/examples/search-index.ini
```

## Example for the command [notifications-send][3]

There are no further options for this command so we only need the following options [user][3], [password][3] and [tenantId][3].

```ini
[commandArguments]
[commandOptions]
user=admin
password=pass
tenantId=1
[additional]
```

To use the configuration file we execute the console command and specify the path to the configuration file with `--config` or short with `-c.

```bash
sudo -u www-data php console.php notifications-send -c /var/www/html/i-doit/src/handler/config/examples/notifications-send.ini
```  

## Example for the command [ldap-sync][4]

This command offers the following additional options: [ldapServerId][4] and [dumpConfig][4].
The [ldapServerId][4] option specifies the ldap server to use. Here the ID of the entry must be specified.
With [dumpConfig][4] no synchronization is executed! Only the configuration is output. Should therefore only be used for debugging.


```ini
[commandArguments]
[commandOptions]
user=admin
password=pass
tenantId=1
[additional]
import_rooms=false
defaultCompany=``
deletedUsersBehaviour=disable_login
disabledUsersBehaviour=disable_login
; LDAP Attributes are individual. This default configuration is prepared for Active Directory:
attributes[department]=department
attributes[phone_company]=telephoneNumber
attributes[phone_home]=homephone
attributes[phone_mobile]=mobile
attributes[fax]=facsimileTelephoneNumber
attributes[description]=info
attributes[personnel_number]=initials
attributes[organization]=company
attributes[location]=physicalDeliveryOfficeName
attributes[salutation]=title
attributes[street]=streetAddress
attributes[city]=l
attributes[zip_code]=postalCode
attributes[function]=title
attributes[service_designation]=title
attributes[pager]=pager
;Kategorieerweiterung Personen
attributes[custom_1]=objectSid
attributes[custom_2]=sn
attributes[custom_3]=homePhone
attributes[custom_4]=mobile
attributes[custom_5]=info
attributes[custom_6]=manager
attributes[custom_7]=company
attributes[custom_8]=department
autoReactivateUsers=false
ignoreUsersWithAttributes[]="sn"
ignoreUsersWithAttributes[]="givenName"
ignoreFunction=empty
```

To use the configuration file we execute the console command and specify the path to the configuration file with `--config` or short with `-c.

```bash
sudo -u www-data php console.php ldap-sync -c /var/www/html/i-doit/src/handler/config/examples/ldap-sync.ini
```

List of command options and a short explanation


| Key 	| Value 	| Description 	|
|----------------------------	|-------------------------------------	|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------	|
| import_rooms= 	| true or false 	| Imports the LDAP attribute physicalDeliveryOfficeName and creates it as room, without location, if not available 	|
| defaultCompany=`` 	| `Name of Organisation` 	| Default Organization to be entered, leave empty if nothing should be changed 	|
| deletedUsersBehaviour= 	| archive, delete or disable_login 	| Behavior for deleted LDAP users. Should these be archived, deleted or the login deactivated 	|
| disabledUsersBehaviour= 	| archive, delete or disable_login 	| Behavior for disabled LDAP users. Should these be archived, deleted or the login deactivated 	|
| rooms\[\]="" 	| \["Room 01"\]="userPrincipalName" 	| Here your room is statically assigned to an LDAP user 	|
| attributes\[\]= 	| attributes\[i-doit field\]=AD Attribute 	| Possible i-doit fields: academic_degree, function, service_designation, street, city, zip_code, phone_company, phone_home, phone_mobile, fax, pager, personnel_number, department, company, office, ldap_id, ldap_dn, description. If user-defined information is to be stored here, the [Category extension][5] can be activated. Then the fields: custom_1 - custom_8 are available 	|
| autoReactivateUsers= 	| true or false 	| All users are automatically set to normal status before they are synced. This function is only necessary for OpenLDAP and NDS, because it is always enabled in the Active Directory 	|
| ignoreUsersWithAttributes\[\]= 	| ignoreUsersWithAttributes\[\]="sn" 	| Disables the synchronization of users where e.g. the `sn`(Last Name) in AD is empty. Several AD attributes can be used here, see example 	|
| ignoreFunction= 	| empty*, !empty, isset*, !isset 	| The check function for "ignoreUsersWithAttributes". If the value is set to "empty", the function checks if the specified "ignoreUsersWithAttributes" value is empty. If this is the case the user will not be synchronized.	|

*empty - Checks if a variable contains a value
*isset - Checks if a variable exists and if it is not NULL

[1]: https://kb.i-doit.com/display/en/Options+and+Parameters+for+the+Console
[2]: https://kb.i-doit.com/display/en/Options+and+Parameters+for+the+Console#OptionsandParametersfortheConsole-search-index
[3]: https://kb.i-doit.com/display/en/Options+and+Parameters+for+the+Console#OptionsandParametersfortheConsole-notifications-send
[4]: https://kb.i-doit.com/display/en/Options+and+Parameters+for+the+Console#OptionsandParametersfortheConsole-ldap-sync
[5]: https://kb.i-doit.com/display/en/CMDB+Settings#CMDBSettings-CategoryExtension
[6]: https://kb.i-doit.com/display/en/Console
[7]: https://kb.i-doit.com/display/en/Options+and+Parameters+for+the+Console#OptionsandParametersfortheConsole-import-ocs