Department of Information and Computing Sciences

Departement Informatica contact intern
people education research library calendar archive services jobs

LDAP.UU.NL updates

This page is intended for UU.NL sys admins only.

intro

Utrecht University uses an LDAP server to implement directory services, among others Solis Ugids.

You can update the LDAP database with standard tools. This is subject to rules and regulations.
A short description is available. Please contact Kees van Eijden (ICT-UU) for permission and details.

General points :

Comments, updates and additions (in HTML) are most welcome.

Perl interface

References : ldap.perl.org    Net::LDAP

Here is how we do it in Perl:

  # use the standard Perl LDAP module

  use Net::LDAP ;

  # use an admin solis_id and password to update stuff

  my $admin_id = '........' ;
  my $admin_pw = '........' ;
  my $admin_dn = "uid=$admin_id\@soliscom.uu.nl,ou=Administrators,o=uu" ;

  # prepare to bind to the LDAP server

  my $ldap = Net::LDAP -> new ( "ldap.uu.nl" ) or die "$@";

  # bind to the server

  my $mesg = $ldap -> bind ( $admin_dn, password => $admin_pw ) ;

  if ( $mesg -> code )
    { die "Failed to bind: " . $mesg->error ; }

  my $attrs =
    [ qw( cn initials uuPrefix sn personalTitle mail telephoneNumber
          roomNumber buildingName labeledUri postalAddress uuEmployer
          uid employeeType uuAccessControl uid ObjectClass userClass
          physicalDeliveryOfficeName facsimileTelephoneNumber
          uuOtherTelephoneNumber jpegPhoto
        )
    ] ;

  # assume we have the solis_id of the record we want to update

  my $solis_id = '......' ;
  my $dn = "uid=$solis_id\@soliscom.uu.nl" ;

  # get the record and check results

  $mesg = $ldap -> search
    ( base   => 'ou=medewerkers,o=uu'
    , scope  => 'one'
    , filter => "($dn)"
    , attrs  => $attrs
    ) ;

  if ( $mesg -> code )
    { die "Search failed: " . $mesg -> error ; }

  die "nothing found for $dn" unless $mesg -> count ;
  die "multiples found for $dn" if $mesg -> count > 1 ;

  # found one record ; copy

  my $record = $mesg -> entry ( 0 ) ;

  # horse around with the record

  my $value -> $record -> get_value ( $key ) ;

  # add new attributes

  $record -> add ( $key, $new_val ) ;

  # more often you will insert/update attributes

  $record -> replace ( $key, $new_val ) ;

  # when finished, update the record and check results

  my $res = $record -> update ( $ldap ) ;
  die $res -> error () if $res -> code () ;

  # when done with LDAP, unbind

  $ldap -> unbind ;

notes

  1. The jpegPhoto attribute contains just the raw bits.
        my $JPG = '/path/to/user.jpg' ;
    
        # get the bits
    
        open JPG, $JPG or die "can't read $JPG ($!)" ;
        my $jpg = join '', <JPG> ;
        close JPG ;
    
        # store
    
        $record -> replace ( 'jpegPhoto', $jpg ) ; }
      

  2. Records for new employees of our institute have no uuEmployer attribute.
    To make someone a department member, we have to do this :
         my $key = 'uuEmployer' ;
         my $DN_ICS = 'ou=Instituut voor Informatica en Informatiekunde,'
           . 'ou=Faculteit Wiskunde en Informatica,ou=Faculteiten,o=uu' ;
    
         # add unless already there
    
         $record -> add ( $key, $DN_ICS )
           unless grep $_ eq $DN_ICS, $record -> get_value ( $key ) ;
      
    Note that you want add instead of replace here, because uuEmployer is a multi-valued attribute.

    The added uuEmployer should be immediately visible in a person's solis Ugids page. Currently the uuEmployer updates are not immediately reflected in the corresponding solis Ugids medewerkers-lijst. These lists are updated only once a day.