Bulk Authorisation - LDAP or MySQL

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Bulk Authorisation - LDAP or MySQL

Tushar Jain
Hi,

I have more than a million users in LDAP to whom i have to give access to the same set of connections/connection groups. What would be the easiest and the fastest way to do so.

Will writing a small program to upload directly from Excel to Guacamole Mysql be a good idea?

Thanks,
Tushar Jain

Disclaimer: This message and any attachment may contain confidential, proprietary information and is intended only for the individual named. If you are not the original intended recipient and have erroneously received this message, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. Hitachi MGRM Net E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Hitachi MGRM Net therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required, please request a hard-copy version. Hitachi MGRM Net Ltd, C - 6/5, Safdarjung Development Area, New Delhi - 110016, India

'Please consider the environment before printing this e-mail'.
Reply | Threaded
Open this post in threaded view
|

Re: Bulk Authorisation - LDAP or MySQL

vnick
On Wed, Nov 27, 2019 at 10:37 AM Tushar Jain <[hidden email]> wrote:
Hi,

I have more than a million users in LDAP to whom i have to give access to the same set of connections/connection groups. What would be the easiest and the fastest way to do so.

Will writing a small program to upload directly from Excel to Guacamole Mysql be a good idea?

I wouldn't go to Excel - I'd write a program in one of any number of languages that queries LDAP for the user and/or group accounts, and inserts them into the database.  Bindings for both LDAP and MySQL (or PostgreSQL or SQL Server) are readily available for all sorts of languages - C, C++, C#, Java, Python - so writing something to do this translation ought to be reasonably easy.  You can also just do a shell script of some sort - for example, in bash, use "ldapsearch" to query ldap for the required information, parse it out into some intermediate format (CSV, for example), and then use the mysql command line to read the data from stdin and insert it into the database.

Plenty of options :-).

-Nick
Reply | Threaded
Open this post in threaded view
|

Re: Bulk Authorisation - LDAP or MySQL

Tushar Jain
Thanks Nick. Just a small extension question - For the production environment, is it better to store connection details of a user in MySQL or LDAP?

Thanks 
Tushar Jain

On Fri, Nov 29, 2019 at 10:56 PM Nick Couchman <[hidden email]> wrote:
On Wed, Nov 27, 2019 at 10:37 AM Tushar Jain <[hidden email]> wrote:
Hi,

I have more than a million users in LDAP to whom i have to give access to the same set of connections/connection groups. What would be the easiest and the fastest way to do so.

Will writing a small program to upload directly from Excel to Guacamole Mysql be a good idea?

I wouldn't go to Excel - I'd write a program in one of any number of languages that queries LDAP for the user and/or group accounts, and inserts them into the database.  Bindings for both LDAP and MySQL (or PostgreSQL or SQL Server) are readily available for all sorts of languages - C, C++, C#, Java, Python - so writing something to do this translation ought to be reasonably easy.  You can also just do a shell script of some sort - for example, in bash, use "ldapsearch" to query ldap for the required information, parse it out into some intermediate format (CSV, for example), and then use the mysql command line to read the data from stdin and insert it into the database.

Plenty of options :-).

-Nick

Disclaimer: This message and any attachment may contain confidential, proprietary information and is intended only for the individual named. If you are not the original intended recipient and have erroneously received this message, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. Hitachi MGRM Net E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Hitachi MGRM Net therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required, please request a hard-copy version. Hitachi MGRM Net Ltd, C - 6/5, Safdarjung Development Area, New Delhi - 110016, India

'Please consider the environment before printing this e-mail'.
xia
Reply | Threaded
Open this post in threaded view
|

Re: Bulk Authorisation - LDAP or MySQL

xia
Tushar,

If you decide to go the MySQL route it.  Might be worth mentioning that
‘lad-search’ has the option to directly output in csv format  (—outputFormat
csv)  and MySQL has the ability to load csv (LOAD DATA LOCAL INFILE...) with
no other tools needed.

While I can’t tell you what’s “right” for your installation or “better” from
the Guacamole point of view, from my point of view I prefer to maintain a
single set of user credentials (i.e. leave things in LDAP).  My experience
is that the greater number of records in more places, the greater the
potential for synchronization headaches.

—Stew



--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

xia
Reply | Threaded
Open this post in threaded view
|

Re: Bulk Authorisation - LDAP or MySQL

xia
Ugh...spellchecked....”ldapsearch”...sorry...



--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Bulk Authorisation - LDAP or MySQL

Nick Couchman
In reply to this post by Tushar Jain
On Fri, Nov 29, 2019 at 11:54 PM Tushar Jain <[hidden email]> wrote:
Thanks Nick. Just a small extension question - For the production environment, is it better to store connection details of a user in MySQL or LDAP?


I think only you can answer that question.  Most of the time the reason that people use LDAP for user authentication in one place (like Guacamole) is because they're already using it another place (Active Directory, for instance), and they like to avoid duplicating effort maintaining usernames and passwords, and don't like to have users worrying about it.  So, it's really up to you.

-Nick