#! /usr/bin/perl use Net::LDAP; use Term::ANSIColor; # define some values # Index for LDAP Host configurations # 0 = IP-Address # 1 = Proxy User with supervisory rights to the synctest object # 2 = Password of this proxy user # 3 = DN of synctest user (FDN: cn=test,ou=test,o=test) # # eDirectory/LDAP Host 1 # @host1 = ("10.1.1.2","cn=proxyuser,o=novell","password","cn=synctest,ou=test1,o=novell"); # eDirectory/LDAP Host 2 @host2 = ("10.1.1.1","cn=proxyuser,ou=check,o=novell","password","cn=synctest,ou=test2,o=novell"); # Set time limit in seconds $maxTime = 1200; # Check synchronization bi-directional (two-way) # 1 = two way check is done (host1 -> host2 and host2 -> host1) # 0 = no two way check (host1 -> host2 only) $twoWay = 1; # Pause the read checks in the destination LDAP Directory. So we do not flood the server with requests. # In high-performance environments this value can be '0'. Default is 1. $readPause = 1; # ---------------- here the real work starts ---------------------- # no screen buffer $|=1; # cleanup the screen and print the header... system ("clear"); print color 'bold'; print "+-----------------------------------------------------------------------------+\n"; print "| | IDM eDirectory/LDAP Synchronization Checker | V.1.0 |\n"; print "+-----------------------------------------------------------------------------+\n"; print color 'reset'; # do the check checkit(\@host1,\@host2); if ($twoWay) { checkit(\@host2,\@host1); } # reusable subroutine sub checkit { my ($h1, $h2) = @_; # General Options (do not change these) @attnames1 = ("cn","mobile","facsimiletelephonenumber"); $refCN = substr $h2->[3],0,$pos = index $h2->[3],","; $port = 389; $refVal = time(); # connect to LDAP Host 1 until($ldap1 = Net::LDAP->new($h1->[0], port => 389)) { die "Can not connect to ldap://$h1->[0]:389/" if ++$count > 10; sleep 1; } # connect to LDAP Host 2 until($ldap2 = Net::LDAP->new($h2->[0], port => 389)) { die "Can not connect to ldap://$h2->[0]:389/" if ++$count > 10; sleep 1; } # bind as checktest user on source system $r1 = $ldap1->bind( $h1->[1], password => $h1->[2], version => 3); die $r1->error if $r1->code; # modify reference object $ldap1->modify($h1->[3],add=>{'userpassword'=>$refVal}); $ldap1->modify($h1->[3],replace=>{'facsimiletelephonenumber'=>$refVal}); $ldap1->modify($h1->[3],replace=>{'mobile'=>$refVal}); # bind as checktest user on destination system $r2 = $ldap2->bind( $h2->[1], password => $h2->[2], version=>3 ); die $r2->error if $r2->code; print color 'bold'; print " eDirectory/LDAP Host1: ",$h1->[0]," | eDirectory/LDAP Host2: ", $h2->[0],"\n"; print "+-----------------------------------------------------------------------------+\n"; print color 'reset'; print ; print " Sync-Test : $refVal "; do { # sleep if we have to... sleep($readPause); print "-"; $r2 = $ldap2->search(base => $h2->[3], scope => 'base', attrs => @attnames1, filter => $refCN); my @entries2 = $r2->entries; my $entr2; foreach $entr2 (@entries2) { $chkVal = $entr2->get_value(mobile); } $timer = time(); die "> timelimit reached. Set to: $maxTime\n\n" if $timer eq $refVal+$maxTime; } until $chkVal eq $refVal; $result = $timer - $refVal; print "> $chkVal"; print "\n"; print color 'bold'; print "+-----------------------------------------------------------------------------+\n"; print color 'reset'; print " Time: $result\n"; print color 'bold'; print "+-----------------------------------------------------------------------------+\n"; print color 'reset'; print " Bind-Test : "; $r3 = $ldap2->bind ( $h2->[3], password => $refVal, version => 3 ); if ($r3->code eq "0") { print color 'bold green'; print " Bind successful.\n"; print color 'reset'; } else { print color 'bold red'; print " Error: ",$r3->error,"\n"; print color 'reset'; } print color 'bold'; print "+-----------------------------------------------------------------------------+\n"; print color 'reset'; $ldap1->unbind; $ldap2->unbind; }