Business
CourseCatalog
DairyBase
eCatalog
FarmBase
Form Server
Furlough Request
IntraOffice
PDF Merge
SalvageMan
Recycler Inventory Record
Recycler Tow Log
SkillTrak
TaskTrak
TimeTrak
Vehicle Dismantle Request
Vehicle Title and Registration
Web@assessor
Service Apps
MailIn
MailOut
Medical
BloodWorks
Patient Outcomes
Med Credentials
Miscellaneous
MovieListings
SyncMovie
DailyScores
DailyQuotes
Utilities
dbGeocode
LdapClimb
LogImport
LogFilter
RunUrl
Sync2Ldap
SyncTable
WebStats
Project: LdapClimb
Client: Avaya, Inc
Keywords: LDAP Directory Traversal; LDAP Export; Java

Project Summary
The LdapClimb project consists of two programs that can be used to traverse a company reporting structure stored in a LDAP directory and export the results to a text file.

LdapClimbDown is used to traverse down the company hierarchy starting with a top level manager and working its way down to lowest level employee. For exmaple, LdapClimbDown can be used to generate a list of all employees that are under the reporting structure of a particular VP or manager.

LdapClimbUp is used to traverse up the company hierarchy starting a with a specific employee and working its way up to a particular level manager. For exmaple, LdapClimbUp can be used to generate a list of all managers, and managers' manager that are above the reporting structure of a particular employee.

Client Problem
Avaya needed to determine which employees in specific organizations had not entered or updated their profiles in a particular service application. The company employee directory and reporting structure is stored in a LDAP directory.

Solution
To accomplish this, the LdapClimb tools were used to list of all employees that were underneath the reporting structure of the organization heads to compare against the service application database. The results were easily compared with the service application database using a simple SQL query. Additionally, the LdapClimbUp tool was utilized to discover gaps in the reporting structure.

Requirements

  • Java 2 runtime environment (J2SE)

Command Line
C:\MicroWeb\LdapClimb>java -jar LdapClimbDown.jar <config_file> [<start=value>]

	-- or --

C:\MicroWeb\LdapClimb>java -jar LdapClimbUp.jar <config_file> [<start=value>]

<config_file> The name of the configuration file

Tip: On windows machines use the forward slash character '/' to deliminate folder names if your configuration file is not in the same folder as the program.
root="value" [optional] This option is used to specify the starting point of the directory traversal on the command line overriding the value in the configuration file.

Sample Configuration File

[Application Settings]
app.debug=true

[Synchronization Settings]
sync.keyname=hrid
sync.keymap=employeenumber
sync.keyparent=supervisorid
sync.start=012345678

#Ldap fields to export
sync.field.0.name=Fname
sync.field.0.map=givenname
sync.field.1.name=Lname
sync.field.1.map=sn
sync.field.2.name=Handle
sync.field.2.map=uid
sync.field.3.name=SuperHrid
sync.field.3.map=supervisorid
sync.field.4.name=SuperName
sync.field.4.map=managername
sync.field.5.name=Phone
sync.field.5.map=telephonenumber
sync.field.6.name=Email
sync.field.6.map=mail

[Ldap Settings]
ldap.host=ldap.company.com
ldap.base=ou=people,o=company.com
ldap.user=
ldap.pwd=

Configuration File Parameters
app.debug [yes|no] : turns debug messages on/off
ldap.host The name or IP address of the LDAP directory server.
Example:
ldap.host=ldap.mydomain.com
ldap.base The search base of where to search the LDAP directory server.
Example:
ldap.base=ou=people,o=mydomain.com
ldap.user The user name required to search the LDAP directory server. If this is blank, an anonymous search will be performed.
ldap.pwd The password required to search the LDAP directory server.
sync.keyfield The name of the LDAP directory field used to identify an employee record.
Example using employee number: sync.keyfield=employeenumber
sync.keyname The display name you want used for the sync.keyfield output column
Example: sync.keyname=hrid
sync.keyparent The name of the LDAP directory field indicating a parent-to-child relationship to traverse the directory.
Example using employee supervisor: sync.keyparent=supervisorid
sync.start The value of the sync.keyfield in the LDAP directory at which to start a search.
Example with employee number 012345678: sync.start=012345678
sync.field.N.name LdapClimb can export up to 100 ldap field values. N is a number from 0 to 99 that indicates the display label of the field exported.
sync.field.0.name=FirstName
sync.field.1.name=LastName
sync.field.2.name=Handle
sync.field.3.name=SuperHrid
sync.field.4.name=SuperName
sync.field.5.name=Phone
sync.field.6.name=Email
:
:
sync.field.99.name=


Note: The numbers do not need to be in order. For example, to skip the Handle field above, remove the text after the = character as shown below.
sync.field.2.name=
sync.field.N.map LdapClimb can export up to 100 ldap field values. N is a number from 0 to 99 that indicates the name of the ldap field to export.
sync.field.0.map=givenname
sync.field.1.map=sn
sync.field.2.map=uid
sync.field.3.map=supervisorid
sync.field.4.map=supervisorname
sync.field.5.map=telephonenumber
sync.field.6.map=mail
:
:
sync.field.99.map=

 

Copyright (c) 2019 by MicroWeb. All Rights Reserved
www.microwww.com