Procedure: Batch importing LDAP users into EPrints3

1 About this document

This procedure demonstrates how to import an entire LDAP branch into EPrints3. This prevents you from having to enter each user manually in the browser. This is designed for LDAP systems that use non-anonymous binding
This procedure is written for Linux System Administrators or EPrints Administrators with a background in Linux System Administration.
ssh access to EPrints server (eprints user and root)
base dn from LDAP
distinguished dn and password from LDAP
EPrints Institutional Repository Software
This version date
02/17/09 02:09:32 PM

2 Getting the code

  1. Log into the EPrints server as the EPrints user
  2. Go to the EPrints bin directory
    cd /opt/eprints3/bin
  3. Check out the code
  4. Make the file executable
    chmod u+x update_users

3 Configuration

  1. Open update_users for editing
    vi update_users
  2. Insert your base dn on line 39
    my $base = "ou=branch1,dc=uni,dc=edu,dc=au";
  3. Enter your ldap host name on line 19
    my $ldap = Net::LDAP->new( "ldaps://123.456.78.9", version => 3 );
  4. Insert your distinguished dn and password on line 29 (for binding purposes only)
    my $dn = "cn=user,ou=branch2,dc=uni,dc=edu,dc=au";
    my $pword = "password";
  5. Comment out the following line (approx line 28)
    my $mesg = $ldap->bind;
  6. Uncomment the following line (approx line 31)
    #my $mesg = $ldap->bind( $dn, password=>$pword );
  7. Replace line 3 with the following
    use EPrints::DataObj::User; #use EPrints::User;
  8. Replace line 77 with the following
    $user = EPrints::DataObj::User::create($session,"ldapuser"); #$user = EPrints::User::create_user( $session, "ldapuser" );
  9. Set the value of forreal to 1 on line 13
    my $forreal = 1;
  10. Replace line 1 with the following (changing the eprints2 to eprints3)
    #!/usr/bin/perl -w -I/opt/eprints3/perl_lib

4 Running the command

  1. Find the qualified name of your eprints repository
    ls /opt/eprints3/archive
  2. Run the command with the repository as an argument
    ./update_users yourRepos

5 Error Sizelimit Exceeded

If you get an error Sizelimit Exceeded I have a solution. I have created a master script that iterates over the letters of the alphabet (each time calling the update_users script)

Only thing is that I had to modify the original script to accommodate for the arguments. My script is below. Make sure that you fill out the value for $theRepository (that will be the same as the argument you gave manually when you ran the update users script) Then make some minor changes to the original script (also out lined below)

  1. New Script
     #!/usr/bin/perl -w -I/opt/eprints3/perl_lib
    @theLetters = ('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x',' y', 'z' );
    my $theRepository = 'yourRepos';
    foreach (@theLetters){
            system("/usr/bin/perl update_users $theRepository $_");
            print "Fetching the users starting with " .  $_ . ". \n";
  1. Original script

As far as the original script goes just add the lines that are in bold below.

# search the field that the server uses to store usernames
# this may be 'samaccountname', or 'cn', or something else!

filter => '(&(samaccountname=' . $letterForLDAPFilter . '))',

my $session = EPrints::Session->new( 1 , $ARGV[0] );

my $letterForLDAPFilter = $ARGV[1];

exit unless( defined $session );

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s