Description
The ccollab admin group sync
command synchronizes the server's group configuration with the configuration in the supplied XML.
See Synchronize Groups and Members section for details.
Command Line Syntax
ccollab [global-options] admin group sync [--create-users] [--delete-groups] <syncfile>
Command Options
Option |
Required? |
Description |
---|---|---|
No |
Whether to create users in the syncdata that do not already exist; if not specified, nonexistent users will be ignored |
|
No |
Whether to delete groups not in the syncdata; if not specified, groups are disabled instead |
|
Yes |
Filename of the input XML syncdata, or - for stdin |
Remarks
- You must be an Administrator to execute this command.
- The format of XML syncdata file should comply with the following full XML Schema (CTRL + click, or CMD + click to open in new window).
- This command does not affect the groups that were created manually, using the
ccollab admin group create
command.
Examples
ccollab admin group sync /tmp/input --delete-groups
cat /tmp/input | ccollab admin group sync - --create-users
Example XML input
<groups>
<group guid="groupa" title="Group A" description="The A Group concerned with initials">
<group-admin login="alice" />
<member-user login="alice" />
<member-user login="adama" />
</group>
<group guid="groupb" title="Group B" description="The B Group that includes those in Group A">
<group-admin login="brian" />
<member-user login="bob" />
<member-user login="betty" />
<member-group guid="groupa" />
</group>
<group guid="groupc" title="Group C" description="The C Group that is everyone."
includes-all-users="true" allow-associate-with-reviews="no" >
<member-group guid="groupb" />
</group>
</groups>
Example script to synchronize LDAP groups with a Collaborator groups
The following VBScript retrieves LDAP group and their members and saves them to the groupsync.xml file in a format compatible with the ccollab admin group sync
command:
' Create a file system object. We will write to this file, and then pass it to
' "ccollab admin group sync" later, outside of this script
set objFSO=CreateObject("Scripting.FileSystemObject")
set objFile = objFSO.CreateTextFile("groupsync.xml",True)
' Get an LDAP connection object
set conn = createobject("ADODB.Connection")
' Get the Root DSE, which means use our local domain and local DC
set iAdRootDSE = GetObject("LDAP://RootDSE")
' Get the default naming context for the local domain, e.g. DC=smartbear, DC=local
strDefaultNamingContext = iAdRootDSE.Get("defaultNamingContext")
' Set a filter to only display groups that are within a specific Outlook.Application
ouFilter = "OU=Test OU,"
' Open the connection to the directory server
Conn.Provider = "ADsDSOObject"
Conn.Open "ADs Provider"
' Build the query string
strQueryDL = "<LDAP://" & ouFilter & strDefaultNamingContext & ">;(&(objectCategory=group)(objectClass=group));distinguishedName,member,adspath;subtree"
' Build a command object
set objCmd = createobject("ADODB.Command")
objCmd.ActiveConnection = Conn
' We want to search everything
objCmd.Properties("SearchScope") = 2
' Set the command text to our search string from above
objCmd.CommandText = strQueryDL
' Send the quest, store the results
Set objRs = objCmd.Execute
' Echo out the opening <groups> XML tag
objFile.Write "<groups>" & vbCrLf
' Iterate through the results
While Not objRS.eof
printGroup (objRS.Fields("distinguishedName"))
objRS.MoveNext
Wend
' Echo out the closing </groups> XML tag
objFile.Write "</groups>" & vbCrLf
' Close the groupsync.xml file
objFile.Close
' ---------------------- Begin Utility Methods ------------------------
function printGroup (groupDN)
Set group = GetObject("LDAP://" & groupDN)
' Echo out the opening <group> XML tag
' Set the groups guid to the distinguished name, the title to the common name, and copy the description field from LDAP to Collab
objFile.Write "<group guid=""" & group.distinguishedName & """ title=""" & group.CN & """ description=""" & group.description & """>" & vbCrLf
For Each memberDN In group.member
printGroupMember(memberDN)
Next
' Echo out the closing </group> XML tag
objFile.Write "</group>" & vbCrLf
end function
Sub printGroupMember (memberDN)
' Get the LDAP object passed as memberDN
Set member = GetObject("LDAP://" & memberDN)
' Figure out if this is an actual user, or a sub group
For Each objClass In member.objectClass
If objClass = "group" Then
' If we get here, this is a group, not a user!
' Echo out the <member-group> XML tag. A groups GUID is it's distinguished name
objFile.Write "<member-group guid=""" & member.distinguishedName & """ />" & vbCrLf
' and then exit this sub routine
Exit Sub
End If
Next
' If we got here, then this is a regular user object, print it out
' Echo out the <member-user> XML tag. A user's sAMAccountName should be their Collab login
objFile.Write "<member-user login=""" & member.sAMAccountName & """ />" & vbCrLf
End Sub
Note: Modify the ouFilter to point to an Active Directory OU that contains the security groups that you want to mirror in Collaborator. This is currently set to Test OU.
Save this as groupsync.vbs and run it.
cscript groupsync.vbs
It will generate the groupsync.xml output file that should be passed to the ccollab admin group sync
command:
ccollab admin group sync --create-users --delete-groups groupsync.xml
Now you will see the members of those security groups created in the same group in Collaborator.