How to run OX LDAP Sync

With oxldapsync you can sync user and group objects from a ldap compatible 
directory with Open Xchange. When you modify or add an user to your 
ldap directory oxldapsync will also modify or add the user to Open Xchange.

1. prerequisites
	1. An LDAP-server (currently openldap and ADS are supported)
	2. You need one user distinguished name who at least can search and
	   read user objects. If you decide to synchronize groups, the ldap
	   user needs to search and read these objects, too.
	3. If you want to synchronize groups you need to know if the 
	   membership to the group is defined by the userid or by the 
	   complete distinguished name of the user.
	4. User attributes you want to sync with Open Xchange
	   
2. configuring OX LDAP Sync

	After installing OXSync you will find the configuration files under 
	/opt/oxldapsync/etc. You can use the example configuration files 
	ldapsync.conf (openldap) and ldapsyn-ads.conf (Active Directory) as
	starting point.

2.1	Openldap
	Open ldapsync in your favourite text editor change following options
	to your needs:
	
		ldapuri                     with dns-name or ip of your 
		                            LDAP-Server

		userbasedn                  distinguished name under which the
                                            script will find user objects

		groupbasedn                 distinguished name under which the 
		                            script will find group objects
									
		ldaptype      	            type of ldap in this case openldap
		
		ldapuserdn                  distinguished name of the user 
		                            which will be used to query the 
                                            directory
									
		ldapuserpassword            password for the ldapuser
		
		mappingfile                 absolute path to your ldap 
		                            attribute -> ox attribute mapping
									
		updategroups                "yes" if you want to also sync 
		                            groups with ox
									
		updateAliases               shall mail aliases of a user get 
		                            updated with the one from the ldap. 
                                            In case you can name only one 
                                            mailaddress on your directory, say 
                                            no here and you can manually add 
                                            further mailaddresses in ox. They 
                                            will not get deleted by the 
                                            synctool.
									
		usemodifytimestamp          set to yes, to update only users 
		                            since last run
									
		userfilter                  searchfilter to find user objects, 
		                            internal default 
		                            "(objectClass=inetOrgPerson)"
									
		groupfilter                 searchfilter to find group objects, 
		                            internal default 
                                            "(objectClass=posixGroup)"
									
		deleteusers                 Say yes if you want to delete users
                                            in ox which are not in your 
                                            directory and are not named by the 
                                            "dontModifyUids" option
									
		deletegroups                say yes to delete empty and non 
		                            existing groups in ldap in ox
									
		dontModifyUids              list of comma separeted uid's which 
		                            shall not be modified by the sync 
                                            script. You should note at least 
                                            the contextadmin
									
		groupMemberAttribute        name of attribute which holds the 
		                            members in a group object
									
		memberAttributeIsDN         say yes if groupMemberAttribute is 
		                            a distinguished name
									
		groupDisplayNameAttribute   displayname attribute for group
		
		groupNumberAttribute        unique number attribute for group
		
		userPrimaryGroupAttribute   attribute name where a users primary 
		                            is stored
	
	
    In the mapping file you will find ox options to create or modify 
	users. The name on the left side of the equal sign is the name for
	the ox options. On the right side you name the ldap attribute name 
	for this option. You can also give static values by enclosing them 
	with qoutes.
		
2.2	Active Directory
	For active directory synchronization just modify at least ldapuri, 
	userbasedn, groupbasedn, ldapuserdn and ldapuserpassword.
	
3.	To run the script 
	To run the script type 
	/opt/oxldapsync/sbin/oxldapsync.pl -f <CONFIG FILENAME> \
                                   -A <CONTEXT ADMIN USERNAME> \
                                   -P <CONTEXT ADMIN PASSWORD> \
                                   -c <CONTEXTID>
		
	Additional parameters are:
			-h       help message
			-n       don't save last user search time
			-v       Verbose mode
			-s       print messages to stdout
			
	To run this program regularly just create a cronjob

