TabSync is a bi-directional replication tool between Tableau Server 9.0+ and any LDAP server. It synchronizes LDAP groups with Tableau groups.
- Synchronizes multiple ldap groups with multiple tableau groups on multiple sites
- Adds all users to tableau site who are defined in ldap but not existing in tableau
- Synchronizes each ldap group with the corresponding tableau group (adds, deletes users according to actual ldap memberships)
- Sets domain to users to be able to use Active Directory authentication after synchronization (optional)
It can be deployed as single standalone JAR file without any interpreter dependency (with lein uberjar
).
-
Download the certificate of your Tableau Server (optional, in case of https)
-
Make sure you have Java 1.8 (or higher) installed on your system, as it is a pre-requisite to import certificates. Older java version might throw SSL exceptions for some SSL certificates (optional, in case of https)
-
Import the certificate:
$ cd C:\Program Files\Java\jdk<version>\jre\lib\security
$ ..\..\bin\keytool -import -alias mycertificate -file c:\Users\JohnDoe\Downloads\mycertificate_company_com.crt -keystore cacerts
- LDAP Configuration Changes:
The bind-dn format listed in the config file is specific to our environment and is recommended to be modified to your format. We also suggest modifying the functions 'tabsync.ldap/get-user-info' and 'tabsync.ldap/get-users-from-group'. The former for parsing a full name & email map, and the latter for parsing the user list based on group id(s).
- Create an uberjar from source:
$ git clone https://github.com/starschema/tabsync.git
$ cd tabsync
$ lein uberjar
- Create a directory called 'config' in the root of your newly created jar executable, and make sure to place a file called 'groups.yml' under the same directory. Make sure to follow the formatting pattern:
ldap:
host: ldap.domain.com:389
username: "cn=administrator,ou=Sample,dc=AD,dc=company,dc=com"
password: administrator
ad:
domain: local
email:
from: [email protected]
to: [email protected]
subject: Tableau Sync Script Report
tableau:
url: "http://127.0.0.1:8000/"
version: 9
username: tableauadmin
password: password
sites:
- name: Site1
group_mapping:
- ldap: grp12345
tableau: LDAP Group 1
- name: Site2
group_mapping:
- ldap: grp54321
tableau: LDAP Group 2
- Make sure that you are pointing to the right Java installation:
$ java -version
java version "1.8.0_31"
Java(TM) SE Runtime Environment (build 1.8.0_31-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.31-b07, mixed mode)
If it is not pointing to Java version 1.8 then you need to set it:
$ SET JAVA_HOME = c:\Program Files\Java_1.8
$ SET PATH = %PATH%;%JAVA_HOME%\bin
$ export JAVA_HOME=/usr/bin/java
$ export PATH=$PATH:$JAVA_HOME/bin
And finally simply execute the uberjar you created earlier:
$ java -jar tabsync-0.1.0-standalone.jar [args]
You should modify two functions in order to use your own LDAP schema for getting users from a group and their user info.
Example 1: Get detailed user info. Use employeNumber
ldap attribute as username, displayName
as full name, email
as email.
(defn get-user-info
"Gets the user's SSO & email address"
[sso]
(let
[user-info (ldap/get ldap-server (str "CN=" sso ",ou=All Businesses,dc=CDIAD,dc=corporate,dc=com"))]
(log/debug user-info)
{:sso (get user-info :employeeNumber) :name (beautify-display-name (get user-info :displayName)) :mail (get user-info :mail)}))
Example 2: Get users from group. First search for group in OU=Groups
as CN=group-id
, then take the first nine letters from the returned CNs.
(defn get-users-from-group
"Gets the list of users associated to each LDAP group"
[group-id]
(log/info "Getting users for ldap group " group-id)
(let
[group-info (ldap/get ldap-server (str "CN=" group-id ",OU=Groups,DC=CDIAD,dc=corporate,dc=com"))]
(->>
(get group-info :member)
(list)
(flatten)
(map #(second (re-find #"CN=([a-zA-Z0-9]+{9})" %)))
(map (fn [cn]
(if (= (get cn 0) \g)
(get-users-from-group cn)
cn )))
(flatten)
(distinct))))
Feel free to change these parts according to your LDAP scheme.
Copyright © 2015 FIXME
Distributed under the Eclipse Public License either version 1.0 or (at your option) any later version.