Moving RACF users to TBDM
This appendix provides a sample program that can move RACF users into the TDBM space as discussed in “Moving RACF users to the TDBM space” on page 189.
Sample programs to move RACF users to TBDM
There are three pieces that are needed to convert RACF users to TDBM users. They are used in a compound command line that is invoked by issuing the following command:
search1 | xargs -i search2 {} | racf2person > output.ldif
The three pieces that are used in this example are seach1, search2, and racf2person. The search1 command is a ldapsearch command that will return all the RACF distinguished names and is shown in Example C-1.
Example: C-1 search1 command
ldapsearch -h 1.1.ibm.com:389
-D racfid=root,profiletype=user,sysplex=testplex -w XXXXXX
-s one -b profiletype=user,sysplex=testplex "(racfid=A*)"
The search2 piece is a Perl program and will search for the RACF user attributes and is shown in Example C-2.
Example: C-2 search2 Perl program
# do a search
name=$1
 
ldapsearch -h 1.1.ibm.com:389
-D racfid=root,profiletype=user,sysplex=testplex -w XXXXXX
-L -s base -b $name "(objectclass=*)"
 
echo ""
The racf2person piece is also a Perl program that will convert the RACF user information (distinguished name from search1 and user attributes from search2) into the LDIF format. The racf2person program is shown in Example C-3.
Example: C-3 racf2person Perl program
#!/usr/bin/perl
eval "exec perl -S $0 $*"
if $running_under_some_shell;
#
# <COPYRIGHT>
# Copyright (c) 2003, International Business Machines Corporation
# and others. All Rights Reserved.
#
# For the full copyright information for this source code, refer to
# the COPYRIGHT file in the root directory of the source code tree.
# </COPYRIGHT>
#
 
#
# file
#
# version 1.0
#
# This is the Makefile for the src/doc directory.
#
# <PRE>
# Change History
# Date Name Description
# ----------------------------------------------------------------
# 2003/10/09 Tim Hahn Created this file
# </PRE>
#
 
# handle input parms
if ( $#ARGV+1 < 2 ) {
do Usage();
exit(-1);
}
else {
for ($i=0; $i<$#ARGV+1; $i++) {
if ($ARGV[$i] eq "-b") {
$suffixDN = $ARGV[$i+1];
$i++;
}
else {
do Usage();
exit(-1);
}
}
 
@ARGV=(); # clear the input parms
}
 
do ResetParms();
 
while (<>) {
/^dn: .*/ && ($outputReady==1) && do { # signifies the start of another user, print what we have
 
if ($commonName eq "") { # if not set, use the uid value
$commonName = $uid;
$surName = $uid;
}
 
do PrintPerson();
 
do ResetParms();
};
 
/^racfid: .*/ && do { # take the racfid and use it as uid and ibm-nativeID
$uid = $_;
$uid =~ s/ //; # remove the newline
$uid =~ s/^racfid: //;
$nativeID = $uid;
 
$outputReady = 1;
};
 
/^racfprogrammername: .*/ && do { # take the racfprogrammername and use it for cn and sn
$commonName = $_;
$commonName =~ s/ //; # remove the newline
$commonName =~ s/racfprogrammername: //;
 
$surName = $commonName;
$surName =~ s/^[^ ]* //; # remove the first name
};
}
 
if ( $outputReady == 1 ) {
if ($commonName == "") { # if not set, use the uid value
$commonName = $uid;
$surName = $uid;
}
 
do PrintPerson();
}
 
 
sub Usage {
print("Usage: racf2Person < -b <suffixDN> > ");
}
 
sub PrintPerson {
print ("dn: cn=", $commonName, ",", $suffixDN, " ");
print ("objectclass: person ");
print ("objectclass: inetorgPerson ");
print ("objectclass: ibm-nativeAuthentication ");
print ("cn: ", $commonName, " ");
print ("sn: ", $surName, " ");
print ("uid: ", $uid, " ");
print ("ibm-nativeID: ", $nativeID, " ");
print (" ");
}
 
sub ResetParms {
$outputReady=0;
 
$uid="";
$nativeID="";
$commonName="";
$surName="";
}
 
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset