This program was written to help administrators of Novell Identity Manager solutions perform a health-check on the CN and UID attributes within a given eDirectory tree. Many implementations of IDM drivers rely on the CN and UID attribute being correct and unique.
This program Identifies the following:-
| User objects with multiple CNs
User objects with multiple UIDs
User objects where the CN does not match RDN
User objects where the UID does not match RDN
non-unique CNs (derived from the RDN) within a tree
non-unique UIDs within a tree
|Output File = MultiCN.csv
Output File = MultiUID.csv
Output File = BadCN.csv
Output File = BadUID.csv
Output File = DuplicateCN.csv
Output File = DuplicateUID.csv
File containing input objects with reversed RDN for sorting also created = ldapoutput.csv
File containing object counts is also created = Results.txt
Expected input CSV format: “oid”,cn,uid
The oid (RDN) MUST be enclosed in double quotes.
The oid can be separated by commas “,” or periods “.” (specify at run time).
The cn and uid can be enclosed in quotes or not enclosed in quotes.
Recommend using LDAP Exporter http://www.novell.com/coolsolutions/tools/14287.html for MS Windows
to extract attributes from eDirectory as this provides output in CSV format and will put square
brackets around multiple attribute values, which this program requires in order to identify multiple
If you are not familiar with LDAP Exporter please look at the jpeg files included which show how to create a server entry and profile to extract the CN and UID attributes from eDirectory.
Objects with multiple CNs or UIDs are not checked beyond being output to the MultiCN / MultiUID files.
Recommended clean-up process once results are obtained:-
The program has been tested on SUSE Linux 10 on x86 using Perl v5.8.8 and on MS Windows 2000 SP4 using ActivePerl v5.8.8. It should run on most Linux/Unix/Windows platforms with Perl v5.6 and above.
This program may work with data extracted from other X500 compliant databases but only eDirectory extracted data has been tested.
Each program run will over-write any previous output files.
LDIF formatted data is not supported at this time.
Example Program Run:-
Name of input file [Default=ldapinput.csv]: Start lines to ignore (Headings etc.) [Default=0]: 1 Is The RDN Separator a ',' or a '.' [Default=',']: Processing ! Processed: 1000 Processed: 2000 Processed: 3000 Processed: 4000 Processed: 5000 Processed: 6000 Processed: 7000 Processed: 8000 Processed: 9000 Processed: 10000 Processed: 11000 Processed a total of 11662 records. Number of objects with Multiple CNs = 75 Number of objects with Multiple UIDs = 73 Number of objects with Bad CN = 2 Number of objects with Bad UID = 315 Number of objects with Duplicate CN = 230 Number of objects with Duplicate UID = 48
Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment. It just worked for at least one person, and perhaps it will be useful for you too. Be sure to test in a non-production environment.