ccollab admin group sync

Applies to Collaborator 11.5, last modified on December 21, 2021

Description

The ccollab admin group member sync command synchronizes the server's group configuration with the configuration in the supplied XML.

See Synchronize Groups and Members section for details.

Command Line Syntax

ccollab [global-options] admin group sync [--create-users] [--delete-groups] <syncfile>

Command Options

Option

Required?

Description

--create-users

No

Whether to create users in the syncdata that do not already exist; if not specified, nonexistent users will be ignored

--delete-groups

No

Whether to delete groups not in the syncdata; if not specified, groups are disabled instead

<syncfile>

Yes

Filename of the input XML syncdata, or - for stdin

Remarks

  • You must be an Administrator to execute this command.
  • The format of XML syncdata file should comply with the following full XML Schema (CTRL + click, or CMD + click to open in new window).
  • This command does not affect the groups that were created manually, using the ccollab admin group create command.

Examples

ccollab admin group sync /tmp/input --delete-groups

cat /tmp/input | ccollab admin group sync - --create-users

Example XML input

<groups>

    <group guid="groupa" title="Group A" description="The A Group concerned with initials">

        <group-admin login="alice" />

        <member-user login="alice" />

        <member-user login="adama" />

    </group>

    <group guid="groupb" title="Group B" description="The B Group that includes those in Group A">

        <group-admin login="brian" />

        <member-user login="bob" />

        <member-user login="betty" />

        <member-group guid="groupa" />

    </group>

    <group guid="groupc" title="Group C" description="The C Group that is everyone."

        includes-all-users="true" allow-associate-with-reviews="no" >

        <member-group guid="groupb" />

    </group>

</groups>

Example script to synchronize LDAP groups with a Collaborator groups

The following VBScript retrieves LDAP group and their members and saves them to the groupsync.xml file in a format compatible with the ccollab admin group sync command:

' Create a file system object. We will write to this file, and then pass it to

' "ccollab admin group sync" later, outside of this script

set objFSO=CreateObject("Scripting.FileSystemObject")

set objFile = objFSO.CreateTextFile("groupsync.xml",True)

' Get an LDAP connection object

set conn = createobject("ADODB.Connection")

' Get the Root DSE, which means use our local domain and local DC

set iAdRootDSE = GetObject("LDAP://RootDSE")

' Get the default naming context for the local domain, e.g. DC=smartbear, DC=local

strDefaultNamingContext = iAdRootDSE.Get("defaultNamingContext")

' Set a filter to only display groups that are within a specific Outlook.Application

ouFilter = "OU=Test OU,"

' Open the connection to the directory server

Conn.Provider = "ADsDSOObject"

Conn.Open "ADs Provider"

' Build the query string

strQueryDL = "<LDAP://" & ouFilter & strDefaultNamingContext & ">;(&(objectCategory=group)(objectClass=group));distinguishedName,member,adspath;subtree"

' Build a command object

set objCmd = createobject("ADODB.Command")

objCmd.ActiveConnection = Conn

' We want to search everything

objCmd.Properties("SearchScope") = 2

' Set the command text to our search string from above

objCmd.CommandText = strQueryDL

' Send the quest, store the results

Set objRs = objCmd.Execute

' Echo out the opening <groups> XML tag

objFile.Write "<groups>" & vbCrLf

' Iterate through the results

While Not objRS.eof

        printGroup (objRS.Fields("distinguishedName"))

    objRS.MoveNext

Wend

' Echo out the closing </groups> XML tag

objFile.Write "</groups>" & vbCrLf

' Close the groupsync.xml file

objFile.Close

' ---------------------- Begin Utility Methods ------------------------

function printGroup (groupDN)

    Set group = GetObject("LDAP://" & groupDN)

    ' Echo out the opening <group> XML tag

    ' Set the groups guid to the distinguished name, the title to the common name, and copy the description field from LDAP to Collab

    objFile.Write "<group guid=""" & group.distinguishedName & """ title=""" & group.CN & """ description=""" & group.description & """>" & vbCrLf

    For Each memberDN In group.member

        printGroupMember(memberDN)

    Next

    ' Echo out the closing </group> XML tag

    objFile.Write "</group>" & vbCrLf

end function

Sub printGroupMember (memberDN)

    ' Get the LDAP object passed as memberDN

    Set member = GetObject("LDAP://" & memberDN)

    ' Figure out if this is an actual user, or a sub group

    For Each objClass In member.objectClass

        If objClass = "group" Then

            ' If we get here, this is a group, not a user!

            ' Echo out the <member-group> XML tag. A groups GUID is it's distinguished name

            objFile.Write "<member-group guid=""" & member.distinguishedName & """ />" & vbCrLf

            ' and then exit this sub routine

            Exit Sub

        End If

    Next

    ' If we got here, then this is a regular user object, print it out    

    ' Echo out the <member-user> XML tag. A user's sAMAccountName should be their Collab login

    objFile.Write "<member-user login=""" & member.sAMAccountName & """ />" & vbCrLf

End Sub

Note: Modify the ouFilter to point to an Active Directory OU that contains the security groups that you want to mirror in Collaborator. This is currently set to Test OU.

Save this as groupsync.vbs and run it.

cscript groupsync.vbs

It will generate the groupsync.xml output file that should be passed to the ccollab admin group sync command:

ccollab admin group sync --create-users --delete-groups groupsync.xml

Now you will see the members of those security groups created in the same group in Collaborator.

See Also

ccollab admin group
Synchronize Groups and Members

Highlight search results