#use wmi::stunnel area=examples page=ldap-to-xml
#depends 'snb'



Date: Fri, 14 Feb 2003 13:47:54 -0700
From: "Jeremy Jones" <jeremy@samnjack.com>
Subject: howto: ldaps, dsmltools, stunnel

<protect>

Hey all,

Here's a little document I wrote for my boss to get xml dumps of our ldap
directory using dmsltools and stunnel from  a winders box.  A little exotic,
perhaps, but maybe a useful doc for the "examples" page...

The Quick and Dirty HowTo for Dumping your SSL-Enabled LDAP Directory to an
XML File From a Winders Box

Written 2/14/03 by Jeremy Jones

Steal this document

*******************************************


1. Install the j2sdk 1.3 or higher (you probably already have this)

2. Download unix2dos:

	ftp://ftp.gammon.com.au/pennmush/unix2dos.zip

extract to %SYSTEMROOT%\system32

3. Download stunnel binaries:

	http://www.stunnel.org/download/stunnel/win32/stunnel-4.04.exe

Rename it stunnel.exe and place it in %SYSTEMROOT%\system32

4. Download openssl zip file:

	http://www.stunnel.org/download/stunnel/win32/openssl-0.9.7/openssl.zip

and unzip to %SYSTEMROOT%\system32

5. Download dsmltools:

	http://www.dsmltools.org/binaries/dsmltools-bin-1.1.zip

extract to c:\

6. Edit (or create) your CLASSPATH variable:

	-right click "My Computer" and select Properties
	-select Advanced tab
	-click Environmental variables button
	-edit (or add) the user variable CLASSPATH
	-insert the following string:


c:\Binary\DSMLTools\dsmltools.jar;c:\Binary\DSMLTools\ldapjdk.jar;c:\Binary\
DSMLTools\xercesImpl.jar;c:Binary\DSMLTools\xmlParserAPIs.jar

That's all one line...

7. Create a text file called stunnel.conf in %SYSTEMROOT%\system32\ with the
following contents:

client = yes
verify = 0
[ldaps]
accept = 127.0.0.1:389
connect = &lt;your_ldap_server&gt;636

8.  Create a batch file called get-people.bat in %SYSTEMROOT%\system32\ with
the following contents:

rem BEGIN XML DUMP OF PEOPLE
stunnel.exe
java org.dsmltools.LDAP2DSML c:\people.xml -h 127.0.0.1 -u
cn=&lt;your_username&gt;ou=&lt;your_unit&gt;o=&lt;your_org&gt; -w &lt;your_password&gt; -f

"(objectclass=person)" -a cn,mail,fullName,title,telephoneNumber -q
unix2dos c:\people.xml
rem END XML DUMP OF PEOPLE

Replace the string following "-u" in the LDAP2DSML line above with whatever
the standard is at your organization.  And the
password, too...

NOTE:  If you're viewing this with notepad, or anything else that wraps
lines, unwrap them!  The line beginning "java org..."
should end with "-q", and the next line begins "unix2dos..."

9. Run from a command line:  "get-people.bat"

***********************************************

This will give you an xml file in your c:\ drive called people.xml.  There
are lots of different options to filter on
(the -f switch with the LDAP2DSML filters entries which match a given ldap
attribute) and that can be returned as output in
the xml file (the -a switch defines what attiributes are dumped to the
file).  Other possibly useful attributes might be:

givenName (first name)
sn (last name)
ou (organizational unit)
facsimileTelephoneNumber (well...)
etc.

You can use an ldap browser to look at available attributes.

The command "java org.dsmltools.DSML2LDAP" will do the same stuff in the
other direction -- i.e. take the input from your xml
file and update the ldap directory.  Be careful.  You've been warned.

And, of course, you can actually put the files referenced in this document
wherever you like, as long as you remember how to
get to them, and your system knows as well.

</protect>