On Thu, 11 May 2006 20:35:53 +0000, Jamie Bullock wrote:
> Does anyone have a script or any advice for exporting Zope users and groups 
> to an LDIF file?

I have built such a script for a client, though the 'users' and 'groups'
that the script works on are workflowable content objects in Plone
(similar to the approach used CMFMember). It is then fairly easy to find
users and groups in the portal catalog and map then to appropriate LDAP
attributes. Writing LDIF to update an existing LDAP repository (rather
than just rebuilding it completely) took me quite a while to get right.
The script is about 700 LOC (including blank lines & comments) - it is not
trivial, unless you are just going to rebuild your LDAP each time.

If not using Plone, CMFMemmber, etc. then imagine you could extract users
and groups directly out of Zope and use member properties etc to find the
LDAP attributes that you need.

Let me know if you want me to ask my client to open source a version of
the script. They are generally agreeable with that sort of thing. At some
stage we may open source the whole project.

PS: The aim of my client's project is to have a central staff directory
with all staff usernames and passwords, and group/role based authorization
info controlled though a single Plone Web interface. For example, I have
set up to be qmailGroup objects in LDAP so that mailing lists can be
controlled through the web UI when using mail servers that understand the
qmail schema. I am also using PAM LDAP to control access to apache 2 and
subversion, and using LDAP to control authentication and authorization on
other remote Zope servers.

Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to