User Syncronization Script

Version 3

    The attached script will allow for the synchronization of users from arbitrary sources to BSA RBAC.


    Usage: usage -d <level> --P <blProfile> -R <blRole>

    -d    <debug level>        Debug Log output, level 0-5.  Should be first option (int)

    -R    <blRole>            BladeLogic RBAC Role to authenticate as

    -P    <blProfile>            BladeLogic Authentication profile to authenticate as

    -X    <jvm opts>            Options for the blcli jvm

    -n     <dryRun>            Dry run

    -r     <pruneRoles>        Delete BSA roles w/ Sync Property if not in query file

    -u    <pruneUsers>        Disable or delete BSA users w/ Sync Property if not sync'd

    -m     <pruneRoleMembers>    Remove users from role if not on source side

    -e     <disableUsers>        Disable pruned users instead of delete

    -a    <userAuthTypes>        Comma separated list of auth types to use - Srp,SecureId,Ldap,Pki,Adk

    -q    <queryHost>            Host to run queries against/from

    -o    <executionRole>        Role to run the user adds with, default to RBACAdmins

    -f     <rolesFile>            File with role queries in it

    -k     <krb5Config>        Concatonation of /path/to/kinit,/path/to/krb5.conf,/path/to/keytab,spn if Kerberos is needed for the query