-
Notifications
You must be signed in to change notification settings - Fork 47
/
Copy pathkdb-uidextract.8
60 lines (60 loc) · 2.43 KB
/
kdb-uidextract.8
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
.\" SPDX-License-Identifier: CC-BY-SA-4.0 or-later
.\" SPDX-FileCopyrightText: 2022 grommunio GmbH
.TH kdb\-uidextract 8 "" "Gromox" "Gromox admin reference"
.SH Name
\fBkdb\-uidextract\fP \(em Helper for creating a gromox\-kdb2mt ACL map
.SH Synopsis
\fBpython /usr/libexec/gromox/kdb\-uidextract\fP
.SH Description
kdb\-uidextract is a Python script utilizing python-kopano bindings to read
user object descriptions off a Kopano installation and produce a user listing
suitable for consumption by the gromox\-kdb2mt \-\-user\-map option.
.PP
This script is meant to be executed on a live Kopano system and does not rely
on Gromox components at all.
.PP
kdb\-uidextract first queries the server on the current machine for all
participating Kopano servers in the cluster. This requires that all Kopano
servers accept TLS connections (/etc/kopano/server.cfg:server_ssl_port,
server_ssl_key_file, sslkeys_path) and have authentication keys set up for the
SYSTEM account (in the directory specified by sslkeys_path).
.PP
The resulting map for kdb2mt is printed to stdout.
.SH Options
This program offers no command-line options.
.SH Files
By way of the \fIkopano\fP Python module, /etc/kopano/admin.cfg is sourced for
TLS certificate parameters. Confer with the kopano-admin.cfg(5) manpage.
.SH Format
The output is a JSON file containing an array of user objects. Each user object
is a dictionary with zero or more attributes; these can be:
.IP \(bu 4
"na": username
.IP \(bu 4
"sv": server GUID, represented as 16 ASCII characters, case-insensitive
.IP \(bu 4
"st": store GUID, represented as 16 ASCII characters, case-insensitive
.IP \(bu 4
"id": per-database(!) numeric user ID
.IP \(bu 4
"em": e-mail address associated with the Kopano account
.IP \(bu 4
"to": e-mail address that gromox\-kdb2mt(8) should map the Kopano user to
.PP
null values and empty strings are allowed. Take note that in multi-server
Kopano installations, every LDAP user will appear in \fBall\fP the
kopano-server databases, and with generally \fBdifferent\fP user IDs.
.RS 4
.nf
[
{"em": "[email protected]", "na": "boss", "sv":
"0123456789abcdef0123456789abcdef", "st": "0123456789abcdef0123456789abcdef",
"to": "[email protected]", "id": 3},
{"em": "[email protected]", "na": "boss", "sv":
"123456789abcdef0123456789abcdef0", "st": "0123456789abcdef0123456789abcdef",
"to": "[email protected]", "id": 91}
]
.fi
.RE
.SH See also
\fPgromox\fP(7), \fBgromox\-kdb2mt\fP(8), \fBkdb\-uidextract\-limited\fP(8)