imldifsync

The imldifsync command synchronizes LDAP directory entries with data in passwd format and data in aliases format. It is used to generate and update directory entries for users and for groups in LDAP Directory Interchange Format (LDIF). The LDIF file format is described in ldif(4) and slapd.replog. Entries created from the content of the LDIF file can be added to an LDAP directory using ldapadd or ldapmodify.

The imldifsync command runs in two modes that are mutually exclusive: user mode (option -u) to create user entries, and group mode (option -g) to create group entries. When you create or update your directory database, you need to run imldifsync twice: first in user mode, then in group mode. It is important to generate users first and apply the changes to the directory database before generating groups.

To generate user entries and email addresses, the imldifsync command uses the password file and alias file. The common name of each user entry is generated from the gecos field (the fifth field in the password file) by a conversion script. You can specify your own conversion script using the -G option if the default conversion does not meet your requirements. For details, see "gecos2cn_script".

To generate group entries, the imldifsync command uses primarily the alias file. Information about the members of a group is taken from the directory database, from the previously generated user entries.

Each entry must have a unique name. If two entries have the same name, the second entry is written to a temporary file in /tmp and a warning message is generated. Entries for which a proper common name cannot be created are ignored, and an error is generated.

When the program exits (or is terminated by CTRL-C), it prints some statistics to stderr indicating how many DNs were added, modified, or found to be duplicates. In the case of duplicates, it indicates the name of the temporary file to which they were written.

Syntax

You can specify the options for imldifsync directly on the command line, or within a configuration file, or a combination of both methods. Each command line option has a corresponding keyword in the configuration file. The format of the configuration file is described in "configfile."

When options are specified on the command line, the syntax for imldifsync is as follows:

imldifsync [-a addvalsfile] [ -A aliasesfile [ -A aliasesfile ... ] ] [ -B grpbasedn ]\ [ -c configfile ] [ -d debuglevel ] [ -G gecos2cn_script ] [ -h ldaphost] [ -H mailserver ]\ -i [ -m maildomain ] [ -M mailsuperdomain ]\ [-O generate={ SIMSmail | IMCalendar}] [ -p ldapport] }\ [ -P passwdfile ] [ -r ] [ -S shadowfile ] [ -v SIMSversion ] [ -x excludeattrfile ] \ [ -X excludeDNfile ] [ -b basedn ] [ -D binddn ] -u | -g [ -w passwd ]

When options are specified in a configuration file, the syntax for imldifsync is as follows:

imldifsync [ -c configfile ] [-b basedn] [-D binddn] [ -u | -g ] [-w passwd ]

When options are specified both on the command line and in the configuration file, the command line options override the configuration file options. The exceptions to this rule are:

Option -A (alias file)-Where the files specified in configfile are added to the list of alias files

Options -u and -g-Where you must specify the mode in configfile or on the command line, but not both

The keywords to use to specify options in the configuration file are listed in the table in the following section "configfile."

The parameters for this command are:

[ -a addvalsfile ]	Specifies that the LDIF information contained in addvalsfile must be appended to every entry generated by imldifsync. Refer to "addvalsfile" for details. You can specify an addvalsfile, in the configfile specified using option -c, as follows: add-vals-file = "addvalsfile" Values placed in the addvalsfile may only be chosen from the SIMS schema; user generated object classes and/or attributes are not supported in the addvalsfile.
[ -A aliasesfile ]	Specifies an aliasesfile that contains data in aliases(4) format. The default for aliasesfile is /etc/mail/aliases. The information in aliasesfile is used to generate group entries and mailbox entries for users. An alias for which there is an owner-alias is treated as a group. An alias for which there is no owner-alias is treated as a mailbox for an individual user. (This behavior can be modified with the -i option). When generating user entries, imldifsync searches aliasesfile for aliases for a username. The set of aliases defined for a username becomes the set of rfc822Mailbox values for that user's directory entry. Of these rfc822Mailbox values, one is the preferredRfc822Originator and one (possibly a different one) is the preferredRfc822Recipient. When generating group entries, the aliasname and the address fields are used to generate values for the common name, member and owner attributes. The name of the alias is used to create the RDN of the directory entry. The names of aliases in the aliasesfile must be unique. In sendmail, an alias cannot contain more than about 1000 characters. imldifsync does not have such a limit. A mail alias file can include other alias files specified using :include: lines, as described in aliases(4). Multiple alias files can be specified by repeating the -A option. This is useful if your sendmail.cf file specifies several alias files. Alternatively, you can specify a list of alias files in the configfile specified using option -c, as follows: alias-file = "filename" alias-file = { "filename" , "filename" ... }
[ -b basedn ]	Specifies the Distinguished Name (DN) of a base entry in the directory. New user entries are named relative to this base entry. basedn must be a string-represented DN. If the basedn specified does not exist, the LDIF information necessary to create it is generated automatically. The -b option is required in user mode and in group mode. You can specify a basedn in the configfile specified using option -c, as follows: base = "basedn"
-B grpbasedn	Specifies the Distinguished Name (DN) of a base entry when imldifsync is used in group mode. New group entries are named relative to this base entry. grpbasedn must be a string-represented DN. If you do not specify a grpbasedn, the basedn specified using the -b option is used. The -B option is useful if you want to store group and user entries in different parts of the directory tree. For example, to store user entries under ou=people, ou=sales, o=XYZ, c=US and group entries under ou=groups, ou=sales, o=XYZ, c=US, you would run imldifsync in group mode (-g), with the following options: -b ou=people,ou=sales,o=XYZ,c=US -B ou=groups,ou=sales,o=XYZ,c=US You can specify a grpbasedn in the configfile specified using option -c, as follows: group-base = "grpbasedn"
-c configfile	Specifies the name of a configuration file that can contain values for all the other options of the imldifsync command. For details on the format of configfile, refer to "configfile."
-d debuglevel	Displays debugging information on standard error. debuglevel is a number from 0 to 3. You can specify a debuglevel in the configfile specified using option -c, as follows: debug = debuglevel
-G gecos2cn_script	Specifies the name of the program or script to use to convert information in the gecos field of the password file to a common name for an entry. The -G option can only be used when running imldifsync in user mode (-u option). Use -G if the gecos field (the fifth field) in your password file is not formatted in a way that is suitable for use with the default gecos conversion function. The gecos2cn_script program is started by imldifsync and is used many times when user information is being generated. Your gecos2cn_script runs with the same userid as imldifsync. If you run imldifsync in the crontab, both programs run as root. "gecos2cn_script" provides details of how to create a gecos2cn_script program, and explains how the default conversion program works. You can specify a gecos2cn_script in the configfile specified using option -c, as follows: imgecos2cn-prog = "gecos2cn_script"
-h ldaphost	Specifies the host on which the slapd server daemon is running. The default is localhost. You can specify an ldaphost in the configfile specified using option -c, as follows: ldap-host = "ldaphost"
-H mailserver	Specifies the mailserver for all users. By default, when creating a directory entry for a user, if that user has a mail alias containing an @ sign, the hostname on the right hand side of the @ is used as the mailserver. If no user alias contains the mailserver, and no value is specified using -H, the hostname which is aliased to mailhost in the hosts database is used as the mailserver. You can specify a mailserver in the configfile specified using option -c, as follows: mail-server = "mailserver"
-i	The -i option is required when using imldifsync. Used in conjunction with -g (group mode), the -i option indicates to imldifsync that it should generate a group entry for every mail alias in the aliases file. The default is to generate a group entry only for an alias that has an owner defined in the mail aliases file. If you specify the -i option, for an alias that does not have an owner, the postmaster's distinguished name is used. If no distinguished name is defined for the postmaster, the DN for root is used and a warning message is displayed, since root does not necessarily have an entry in the directory. Used in conjunction with -u (user mode), the -i option indicates to imldifsync to generate user entries for all users. The default is to generate entries only for users that have an alias defined in an alias file. You can specify this behavior in the configfile specified using option -c, as follows: include-all = true
-m maildomain	Specifies the mail domain for all users. If specified, this string is appended to any hostname that does not contain a dot or to hosts that are in the local domain (that is, hostnames for which gethostbyname() does not fail). This field is appended to hostnames such as users' mail server. If neither the -m option, nor the -M option is specified, the default maildomain is the domain name of the host from the "service ready" message on the SMTP port of the mailserver (see -H option to set the mailserver). You can specify a maildomain in the configfile specified using option -c, as follows: mail-domain = "maildomain"
-M mailsuperdomain	Specifies the superdomain of the network. This string specifies the domain that is appended to domain names. It is appended to domain names to fully qualify the hostname. For example, if a user is listed in a group as joe@ireland and ireland is not a host (that is, gethostbyname( ) for ireland fails), ireland is assumed to be a domain and mailsuperdomain is appended to it. If neither the -m nor the -M option is specified, the default for mailsuperdomain is the superdomain of the maildomain (see the -m option). That is, everything after the first dot. For example, if the maildomain is Boston.XYZ.COM, the default superdomain is XYZ.COM. If you do not want superdomains appended to domains, specify -M "". This is useful in an internal network where the superdomain is never appended to hostnames. You can specify a mailsuperdomain in the configfile specified using option -c, as follows: super-domain = "mailsuperdomain"
-O generate=SIMSmail -O generate=IMCalendar	For the user phase only, specify whether Directory objects for SIMS email user or the calendaring part of WebAccess should be generated. The generate=option_name syntax may be a concatenated, comma-separated argument to -O, or you may have multiple -O arguments on the command line. SIMSmail specifies that the objects for SIMS email support are generated. IMCalendar specifies that calendar objects for the WebAccess calendar client is created. If none of these are specified, SIMSmail is assumed You may specify generate directive in the configfile specified using the -c option, as follows: option={"generate=SIMSmail", "generate=IMCalendar"}
-p ldapport	Specifies an alternate TCP port where the slapd server is listening. The default port is 389. You can specify an ldapport in the configfile specified using option -c, as follows: ldap-port = "ldapport"
-P passwdfile	Specifies a file that contains data in passwd(4) format. By default, the passwd entry from /etc/nsswitch.conf is used. If your /etc/nsswitch.conf is set up to read from more than one source, it is possible that both sources could have different information for the same entry, causing the output from imldifsync to be inconsistent. In this case, use a utility like ypcat or niscat to create a file that you can specify, using the -P option. If a password file is not specified, imldifsync uses getpwent(3C) and getspent(3C), which get the user information from the location specified in /etc/nsswitch.conf. You can specify a passwdfile in the configfile specified using option -c, as follows: passwd-file = "passwdfile"
-r	This option controls whether an entry for a user or group that is not found in the input files is to be deleted from the directory. If you supply this option, when a user or a group no longer exists, imldifsync generates delete operations to remove the old entries from the directory database. You can specify this behavior in the configfile specified using option -c, as follows: remove-unfound-entries = true
-S shadowfile	If a passwdfile is specified using -P, a separate shadow file can be specified using -S. If neither the -P option nor the -S option is specified, imldifsync uses getpwent(3C) and getspent(3C), which get the user information from the location specified in /etc/nsswitch.conf. You can specify a shadowfile in the configfile specified using option -c, as follows: shadow-file = "shadowfile"
-v SIMSversion	The -v option specifies the version of Sun Internet Mail Server(SIMS). Indicates to imldifsync to generate LDIF appropriate for a particular version of SIMS. Currently, the only version supported is 3.5. Version 3.5 is the default if this option is not specified. You can specify the SIMSversion in the configfile specified using option -c, as follows: version= "SIMSversion"
-x excludeattrfile	The attributes names contained in excludeattrfile are ignored when reading and updating entries in the directory. Place each attribute on a separate line with no leading or trailing white space. This is useful if you add attributes to each entry by hand and you don't want imldifsync to modify or delete these attributes subsequently. Protecting an attribute in this way does not prevent an entire entry that includes that attribute from being deleted. You can indicate to imldifsync both to ignore an attribute (with the -x option) and to update it by adding it to each entry (in the addvals file with the -a option or in the gecos2cn_script). In this case, the value is added to new entries but not modified in existing entries. You can specify an excludeattrfile, in the configfile specified using option -c, as follows: add-vals-file = "excludeattrfile" You can also specify attributes to be ignored by putting them directly into the configfile. A single attribute can be specified as follows: ignore-attr = "attr-to-ignore" You can specify a list of attributes to be ignored as follows: ignore-attrs = { "attr-to-ignore", "attr-to-ignore", ...} You can specify any number of ignore-attr and ignore-attrs lines in configfile.
-X excludeDNfile	The DNs contained in excludeDNfile specify directory entries that are excluded from processing. The DN must match exactly the DN in the directory database. If an entry's DN changes to a DN that is in the exclude file, that entry is not modified; it is excluded from further processing, and a warning message is generated. You can specify an excludeDNfile, in the configfile specified using option -c, as follows: add-vals-file = "excludeDNfile" You can also specify the DN of an entry to be excluded by putting it directly in the configfile. A single entry can be specified as follows: excludeDN = "dn-to-exclude" Multiple entries can be specified as follows: excludeDNs = { "dn-to-exclude", "dn-to-exclude", ... } You can specify any number of dn-to-exclude lines in the configfile.
-D binddn	Use the distinguished name binddn to bind to the slapd server. You can specify a binddn in the configfile specified using option -c, as follows: rootdn= "binddn"
-u	Generates user directory entries from the password file. You must specify either the -u option or the -g option. An entry is created for every user in the password file who also has an alias in the mail aliases file. This prevents user entries from being created for noninteractive users such as nobody or lp. The attributes and values created by imldifsync for each entry are described in "Output-User Mode." Other attributes can be added by returning them in a user defined gecos2cn_script (-G option) or by putting them in an addvals file (-a option). You can specify the behavior of imldifsync in the configfile specified using option -c, as follows: mode = users
-g	Generate group directory entries from the mail aliases file. You must specify either the -g option or the -u option. For an alias in the mail aliases file to be considered a group, an owner alias must also be defined in the aliases file (unless the -i option is specified). Within the owner alias, there must be at least one user with an entry in the directory. If there is no owner who has a directory entry, the DN for postmaster is used. If there is no directory entry for postmaster, the DN for root is used and a warning message is displayed, since root does not necessarily have an entry in the directory. The attributes and values created by imldifsync for each entry are described in "Output Format." Other attributes can be added by returning them in a user-defined gecos2cn_script (-G option) or by putting them in an addvals file (-a option). imldifsync requires directory information about users when creating the group definitions. You must create or update the users with the -u option, before you create or update the groups. You can specify the behavior of imldifsync in the configfile specified using option -c, as follows: mode = groups
-w passwd	Use passwd as the password to bind to the slapd server. You can specify a passwd in the configfile specified using option -c, as follows: ldap-passwd= "passwd"

Format of Input Files

This section describes the format of files that can be specified as input to the imldifsync command:

addvalsfile

configfile

gecos2cn

addvalsfile

To replace values, lines in addvalsfile must be in the format:

attrname: attrvalue

To add values, lines in addvalsfile must be in the format:

attrname+ attrvalue

Specify each attribute/value pair on a separate line. addvalsfile is read and the attributes in each entry are compared with each attribute specified. Any entry that contains this attribute is updated. Existing values for the named attribute are replaced with the values specified with a colon (:), and values specified with a plus sign (+) are added to the attribute. All the attributes and values in addvalsfile are added to new entries.

You can also specify additional values to be added by putting them directly into the configfile specified using the -c option. A single value can be specified by adding the line:

addval = "attrname: attrvalue"

or

addval = "attrname+ attrvalue"

Multiple attributes can be specified as follows:

addvals = { "attrname: attrvalue", "attrname+ attrvalue", ... }

Multiple instances of each form can be used, with a mixture of : and + terms. Values placed in the addval directive may only be chosen from the SIMS schema; user generated objectclasses and/or attributes are not supported in the addvalsfile or the addval directive in the configfile.

configfile

When you specify options in the configfile, they must have the general form:

option = value

If value is a string, the string must be in double quotes. If value is a switch, it can be enabled with the word TRUE or 1 and disabled with the word FALSE or 0 (without quotes). If value is a number, the number is specified without quotes. If value is a list, it is specified as {comma separated list}. Keywords such as TRUE, FALSE, users, and groups are specified without quotes.

If options are also set on the command line, they override the options in configfile. The exceptions to this rule are:

Option -A (alias file), where the files specified in configfile are added to the list of alias files

Options -u and -g, where you must specify the mode in configfile or on the command line, but not both.

The following table gives the syntax for specifying imldifsync options in the configfile.

Option	Keyword
-a addvalsfile	add-vals-file = "addvalsfile" add-val = "attrname: attrvalue" add-val = "attrname+ attrvalue" add-val = { "attrname: attrvalue","attrname+ attrvalue", ... }
-A aliasesfile	aliases-file = "filename" aliases-file = { "filename" , "filename" ... }
-b basedn	base = "basedn"
-c configfile	config-file = "configfile"
-B grpbasedn	group-base = "grpbasedn"
-d debuglevel	debug = debuglevel
-G gecos2cn_script	gecos2cn-prog = "gecos2cn_script"
-h ldaphost	ldap-host = "ldaphost"
-H mailserver	mail-server = "mailserver"
-i	include-all = TRUE
-m maildomain	mail-domain = "maildomain"
-M mailsuperdomain	super-domain = "mailsuperdomain"
-O	generate = SIMSmail, IMCalendar
-p ldapport	ldap-port = "ldapport"
-P passwdfile	passwd-file = "passwdfile"
-r	remove-unfound-entries = TRUE
-S shadowfile	shadow-file = "shadowfile"
-v SIMSversion	version= "SIMSversion"
-x excludeattrfile	ignore-attr-file = "excludeattrfile" ignore-attr = "attr-to-ignore" ignore-attr = { "attr-to-ignore", "attr-to-ignore", ...}
-X excludeDNfile	exclude-dn-file = "excludeDNfile" exclude-dn = "dn-to-exclude" exclude-dn = { "dn-to-exclude", "dn-to-exclude", ... }
-D binddn	bind-dn= "binddn"
-u	mode = users
-g	mode = groups
-w passwd	ldap-passwd = "passwd"
-t ldap-timeout	ldap-timeout = seconds

The file /etc/opt/SUNWmail/dir_svc/imldifsync.conf is a sample configfile.

gecos2cn_script

gecos2cn_script is the conversion program that imldifsync uses to generate user entries in LDIF format from the information found in the passwd file. The following information is extracted from the passwd file and is input to the conversion program:

username gecos-field

The username is the first word on each line; the gecos-field is all the remaining words on the line.

Default Conversion

If you do not specify your own conversion program with the option -G, imldifsync expects the gecos field to be in the following format:

given-names surname, generation qualifier - comment

imldifsync interprets the gecos field according to this pattern, and applies the following rules:

Given names, surname, and generation qualifier must start with an alphabetic character, can contain alphabetic characters, dashes (-), and single quotes (`), and must end with an alphabetic character or a period. For example, "Joe," "John-Paul," "O'Connor," or "Jr." are permitted, but not "John+" or "-Sam."

The generation qualifier is optional, but, if present, must not be blank. For example, you cannot have a gecos field such as "Joe Cool, - expert" because of the blank space after the comma. If there is only one word in the gecos field, it is assumed to be the surname. If there is none, the username is assumed to be the surname.

If the preceding format for the gecos field is not observed, LDIF directory entries are still generated, and warning messages are displayed. imldifsync creates the following attributes for each directory entry:

cn (common name)

givenName

initials

sn (surname)

generationQualifier

For example, if the username is "john" and the gecos field in the passwd file is:

John-Pierre Humphrey (Buster) Smith, Jr. - Technical Support

By default, imldifsync creates the CN and other attributes as follows:

cn:"John-Pierre H. Smith, Jr. (john)"   cn:"John-Pierre H. Smith, Jr."   cn:"John-Pierre Humphrey (Buster) Smith, Jr. - Technical Support"   givenName:John-Pierre   initials:JPHS   sn:Smith   generationQualifier:Jr.

Custom Conversion Program

If the format of the gecos field in your passwd file does not follow the format outlined in "Default Conversion" imldifsync is unlikely to produce usable results. If this is the case, you can specify your own conversion program using the option -G. Your program must adhere to the following rules.

Your program must return a set of attribute-value pairs for each user entry, with one attribute-value pair per line, and a blank line between each set. The format for specifying an attribute-value pair is:

attributename:value

or

attributename+value

Your program can return a value for any attribute defined in the schema. It must return at least one value for the cn (common name) attribute and one value for the sn (surname) attribute. The first value returned for cn is used as the RDN of the entry.

Your program can return several values for an attribute that the schema defines to be multivalued, using : notation for values that replace existing values and + notation for values to be added. Do not use the + notation for the attributes cn, sn, initials, givenName, or generationQualifier. Return each value on a separate line with the same attributename. Multivalued attributes must be grouped together on consecutive lines.

If an error occurs when you are parsing the gecos field, your program must return FAIL= followed by an error message. No space before or after the = is expected. The FAIL= line ends the entry. Do not supply a blank line after a FAIL= line. If parsing of the gecos field fails, the error message after the FAIL= is printed by imldifsync and the processing stops for that entry.

The following sample shows the information communicated between imldifsync and a gecos2cn_script The lines beginning with "-->" show information sent to the script and the lines beginning with "<--" show information received from the script. (The "-->" and "<--" characters are not part of the output.)

--> jp John-Paul Humphrey (Buster) Smith, Jr. - Technical Support   <-- cn:SMITH, John-Paul Humphrey (Buster), Jr.   <-- sn:SMITH   <-- givenName=John-Paul Humphrey (Buster)   <-- initials:JHS   <-- generationQualifier:Jr.   <--   --> bad @#$!@#$@#$ %$# this is a bad gecos field   <-- FAIL= error parsing gecos field   --> sue Susan Jones   <-- cn:JONES, Susan   <-- sn:JONES   <-- givenName:Susan   <-- initials:SJ   <--

In the preceding example, the script is given an entry for jp. It returns five lines for his entry. Then the script is given the entry for bad, and responds with an error. Then the script is given the entry for sue and returns four lines of output for her entry.

A sample script is provided in /opt/SUNWmail/dir_svc/samples/imgecos2cn.sh. This script is similar, but not identical, to the default conversion function of imldifsync.

Output-User Mode

Used in user mode with the -u option, the imldifsync command creates entries with the following attributes and values:

cn, sn, initials, givenName, and generationalQualifier	These fields are created either by the built-in conversion function or by the gecos2cn program specified with the -G option. See the -G option for details on both.
mailDeliveryOption	This is a multivalued attribute describing how mail addressed to this user is delivered: mailbox: The message is delivered to message store for this user. native: The message is appended to /var/mail/userid. program: The message is delivered to every program named in the mailProgramDeliveryInfo attribute. forward: The message is delivered to every user listed in the mailForwardingAddress attribute. file: The message is appended to every file named in the mailDeliveryFile attribute.
rfc822Mailbox	The values of this attribute are generated by searching for mail aliases that map exactly to this user, that is, aliases with only one name on the right side. This set of attribute values is a list of all the user's possible addresses, not a list of the mail aliases to which the user belongs.
preferredRfc822Originator	The value of this attribute is the return address specified for the user on outgoing mail. It is the fully qualified alias name of the first alias in the set of values specified for the rfc822Mailbox attribute that contains an @ in the name on the right side of the alias. For example, if the mail alias is defined as Mary.Smith: msmith@mailserver, the value of preferredRfc822Originator is Mary.Smith@mailserver.XYZ.com.
preferredRfc822Recipient	This field is where the mailer routes the user's incoming mail. It is the first alias on the user's chain of aliases that contains an @ in the name on the right side of the alias, for example, the right side of an alias like Mary.Smith: Mary.Smith@mailserver.XYZ.com. It is one of the mailboxes listed in the rfc822Mailbox attribute
mailDeliveryFile	If the user has a file as an alias, instead of the name appearing in rfc822Mailbox, the name of the file appears here.
mailHost	Contains the hostname on the right side of the @ sign of the preferredRfc822Recipient attribute value.
mailProgramDeliveryInfo	If the user has a command as an alias, the command is a value of this attribute.
userPassword	This field is the user's password from the password file. If the password is encrypted, the password is prefixed with "{crypt}."
uid	The value of this attribute is the user's UNIX system username.
homeDirectory	The value of this attribute is the user's home directory.
dataSource	This attribute identifies the version of imldifsync that was used to create the entry. It is used to signal to imldifsync which entries it created.
objectClass	For users, the values of this attribute are top, inetOrgPerson, organizationalPerson, emailPerson, and person.
mailFolderMap	Preferred mail access mechanism. Two values are defined: UNIX V7 (corresponds to a /var/mail message store) Sun-MS (corresponds to a SIMS message store)

When using the generate=IMCalendar directive during the user mode, the following additional attributes and object classes are generated and then set:

objectClass	For users, the value IMCalendarUser will be added to those generated for other generate options.
IMcalendarHost	This attribute represents the Fully Qualified Name of the host machine which has this user's calendar server running on it. imldifsync initializes this value to be the same as the user's mailHost attribute.
IMcalendarName	This attribute will be the name of the user's calendar on IMcalendarHost. imldifsync initializes this to be a default value equal to the user's login name, as represented by the attribute userid.

Group Mode

Used in group mode with the -g option, the imldifsync command creates entries with the following attributes and values:

cn	The commonName is the name of the mail alias.
mailDeliveryOption	This is a multivalued attribute describing how a message sent to the mail aliases is delivered. Permitted values are: mailbox: The message is delivered to every recipient named in the member attribute and to every recipient named in the rfc822MailMember attribute. program: The message delivered to every program named in the mailProgramDeliveryInfo attribute. file: The message is appended to every file named in the mailDeliveryFile attribute.
member	Each value of the member attribute is the distinguished name of a member of the mail alias who has an entry in the directory. A member of the mail alias who does not have an entry in the directory is listed in the rfc822MailMember attribute.
rfc822MailMember	Each value of the rfc822MailMember attribute is the rfc822 email address of a member of the mail alias who does not have an entry in the directory.
mailProgramDeliveryInfo	Each value of the mailProgram DeliveryInfo attribute is a command that is a member of the mail alias.
mailDeliveryFile	Each value of the mailDeliveryFile attribute is a file that is a member of the mail alias.
mailFolderMap	Specifies the message store for a user. Two values are defined: UNIX V7 (corresponds to a /var/mail message store) Sun-MS (corresponds to a SIMS message store)
ownerDeliveryOption	This is a multivalued attribute describing how a message sent to the owner of the mail alias is delivered. Permitted values are: mailbox: The message is delivered to every owner named in the owner attribute and to every recipient named in the rfc822Owner attribute. program: The message is delivered to every program named in the ownerProgramDeliveryInfo attribute. file: The message is appended to every file named in the ownerDeliveryFile attribute.
owner	Each value of the owner attribute is the distinguished name of an owner of the mail alias who has a directory entry.
rfc822Owner	Each value of the rfc822Owner attribute is the rfc822 email address of an owner of the mail alias who does not have a directory entry.
ownerProgramDeliveryInfo	Each value of the ownerProgramDeliveryInfo attribute is a command that is an owner of the mail alias.
ownerDeliveryFile	Each value of the ownerDeliveryFile attribute is a file that owns the mail alias.
requestsToDeliveryOption	This is a multivalued attribute describing how a message sent to the "requests-to" alias of the mail alias is delivered. Permitted values are: mailbox: The message is delivered to every recipient named in the requestsTo attribute and to every recipient named in the rfc822RequestsTo attribute. program : The message is delivered to every program named in the requestsToProgramDeliveryInfo attribute. file: The message is appended to every file named in the requestsToDeliveryFile attribute.
requestsTo	Each value of the requestsTo attribute is the distinguished name of a member of the requestsTo alias for whom the mail alias has a directory entry.
rfc822requestsTo	Each value of the rfc822requestsTo attribute is the rfc822 email address of a member of the requestsTo alias for whom the mail alias does not have a directory entry.
requestsToProgramDeliveryInfo	Each value of the requestsToProgramDeliveryInfo attribute is a command that is a member of the requestsTo alias for the mail alias.
requestsToDeliveryFile	Each value of the requestsTo DeliveryFile attribute is a file that is a member of the requestsTo alias for the mail alias.
dataSource	This field identifies the version of imldifsync that was used to create the entry. It is used to signal to imldifsync which entries it created.
objectClass	For groups, this entry contains the values top, groupOfNames, rfc822MailGroup, and emailGroup.

Examples

The four examples in this section show how information in the password file and the mail aliases file is synchronized with the directory entries. For simplicity, access controls are ignored and the -D and -w options are not included in the imldifsync and ldapmodify commands in any of the examples.

# ypcat aliases | sed 's/ /: /' > aliases.nis

This command produces a file that is in the same format as /etc/mail/aliases but is from the NIS table. If you are running imldifsync on the machine that is your NIS server, you do not need to do this, since imldifsync by default reads from the local file.

Parses the files passwd.nis and /etc/aliases

Consults the LDAP server on the localhost

Appends the attributes in the file named extra to each entry

Writes the generated LDIF to standard output

# imldifsync -u -b ou=people,o=XYZ,c=US -a extra -A aliases.nis \

-P passwd.nis -H mailserver -M XYZ.COM \

-D cn=administrator,o=XYZ,c=US -w secret

The file passwd.nis has the following content:

bill:7DNMzGXuqpBeU:100:10:William Smith:/home/bill:/bin/sh   bob:MRIbV9Hm6z7Wg:200:10:Robert A. Smith:/home/bob:/bin/sh

The file aliases.nis has the following content:

bill: william.smith   william.smith: bill@mailserver   bob: robert.smith   robert.smith: bob@mailserver

The file extra has the following content:

associatedDomain: XYZ.COM   channelName: smtp   messageStore: messagestore   objectClass: domainRelatedObject

The following LDIF is generated:

dn: ou=people,o=XYZ,c=US   changetype: add   cn: ou=people,o=XYZ,c=US   objectClass: top   objectClass: organizationalUnit   dn: cn="William Smith <bill>",ou=people,o=XYZ,c=US   changetype: add   cn: William Smith <bill>   cn: William Smith   sn: Smith   initials: WS   givenName: William   preferredRfc822Originator: william.smith@XYZ.COM   preferredRfc822Recipient: bill@mailserver.XYZ.COM   rfc822Mailbox: william.smith@mailserver.XYZ.COM   rfc822Mailbox: bill@mailserver.XYZ.COM   rfc822Mailbox: staff-interest-request@mailserver.XYZ.COM   rfc822Mailbox: owner-staff-interest@mailserver.XYZ.COM   rfc822Mailbox: william.smith@XYZ.COM   mailDeliveryOption: mailbox   mailHost: mailserver.XYZ.COM   userPassword: {crypt}7DNMzGXuqpBeU   uid: bill   homeDirectory: /home/bill   dataSource: imldifsync 0.10   objectClass: top   objectClass: inetOrgPerson   objectClass: organizationalPerson   objectClass: emailPerson   objectClass: person   objectClass: domainRelatedObject   associatedDomain: XYZ.COM   channelName: smtp   messageStore: casino   dn: cn="Robert A. Smith <bob>",ou=people,o=XYZ,c=US   changetype: add   cn: Robert A. Smith <bob>   cn: Robert A. Smith   sn: Smith   initials: RAS   givenName: Robert A.   (Cont'd)

preferredRfc822Originator: robert.smith@XYZ.COM   preferredRfc822Recipient: bob@mailserver.XYZ.COM   rfc822Mailbox: robert.smith@mailserver.XYZ.COM   rfc822Mailbox: bob@mailserver.XYZ.COM   rfc822Mailbox: robert.smith@XYZ.COM   mailDeliveryOption: mailbox   mailHost: mailserver.XYZ.COM   userPassword: {crypt}MRIbV9Hm6z7Wg   uid: bob   homeDirectory: /home/bob   dataSource: imldifsync 0.10   objectClass: top   objectClass: inetOrgPerson   objectClass: organizationalPerson   objectClass: emailPerson   objectClass: person   objectClass: domainRelatedObject   associatedDomain: XYZ.COM   channelName: smtp   messageStore: casino

---

Note - The XYZ.COM, in the preferredRfc822Originator and preferredRfc822recipient fields, was specified with the -M option, and was not in the associatedDomain added to the "extra" file.

---

Parses the files /etc/mail/aliases (the default for the -A option) and passwd.nis

Consults the LDAP server on the host mars

Writes the generated LDIF to standard output

# imldifsync -g -b ou=groups,o=XYZ,c=US -B ou=groups,o=XYZ,c=US \

-h mars -H mailserver -M XYZ.COM \

-D cn=administrator,o=XYZ,c=US -w secret

The file passwd.nis has the content specified above, and the file /etc/mail/aliases has the following content:

staff-interest: william.smith, robert.smith, joe@faraway.net   staff-interest-request: william.smith   owner-staff-interest: william.smith

The following LDIF is generated:

dn: ou=groups,o=XYZ,c=US   changetype: add   cn: ou=groups,o=XYZ,c=US   objectClass: top   objectClass: organizationalUnit   dn: cn="staff-interest",ou=groups,o=XYZ,c=US   changetype: add   cn: staff-interest   member: cn=William Smith <bill>,ou=people,o=XYZ,c=US   member: cn=Robert A. Smith <bob>,ou=people,o=XYZ,c=US   rfc822mailbox: joe@faraway.net   mailDeliveryFile: /space/staff-interest-log   mailDeliveryOption: mailbox   mailDeliveryOption: file   mailHost: faraway.net   owner: cn=William Smith,ou=people,o=XYZ,c=US   ownerDeliveryOption: mailbox   requestsTo: cn=William Smith,ou=people,o=XYZ,c=US   requestsToDeliveryOption: mailbox   dataSource: imldifsync 0.10   objectClass: top   objectClass: groupOfNames   objectClass: rfc822MailGroup   objectClass: emailGroup

# imldifsync -u -b ou=people,o=XYZ,c=US -a extras -H mailserver \

-M XYZ.COM -D cn=administrator,o=XYZ,c=US -w secret | ldapmodify \

-D cn=administrator,o=XYZ,c=US -w secret

Only the password in the following line has changed:

bill:aINMzmXuQp4e1:100:10:William Smith:/home/bill:/bin/sh

The following LDIF is generated to modify the directory:

dn: cn=William Smith,ou=people,o=XYZ,c=US   changetype: modify   replace: userPassword   userPassword: {crypt}aINMzmXuQp4e1   -

The following example generates user directory entries:

% imldifsync -u ... -O generate=IMCalendar

The flags are not shown but would be present, in addition to the -O option (used to generate IMCalendarUser objects for the WebAccess suite). The example above shows generation of only IMCalendar objects, not including the SIMS email objects shown previously.

The following LDIF is generated:

dn: cn="William Smith <bill>",ou=people,o=XYZ,c=US   changetype: add   cn: Robert A. Smith <bob>   cn: Robert A. Smith   sn: Smith   initials: RAS   givenName: Robert A.   IMcalendarHost: faraway.Eng.Sun.COM   userPassword: {crypt}7DNMzGXuqpBeU   uid: bill   dataSource: imldifsync 1.0   IMCalendarName: bill   objectClass: top   objectClass: inetOrgPerson   objectClass: organizationalPerson   objectClass: person   objectClass: IMCalendarUser