58247 – Add a script to create an anonymized copy of LDAP database

Bug 58247 - Add a script to create an anonymized copy of LDAP database

Summary: Add a script to create an anonymized copy of LDAP database

Status:	CLOSED FIXED

Alias:	None

Product:	UCS
Classification:	Unclassified
Component:	univention-debug
Version:	UCS 5.2
Hardware:	Other Linux

Importance:	P5 normal
Target Milestone:	UCS 5.2-1-errata
Assignee:	Dirk Wiesenthal
QA Contact:	Iván.Delgado

URL:	https://git.knut.univention.de/univen...
Keywords:

Depends on:
Blocks:

Reported:	2025-05-05 15:46 CEST by Dirk Wiesenthal
Modified:	2025-06-13 09:38 CEST (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Development Internal
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Customer ID:
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dirk Wiesenthal

2025-05-05 15:46:31 CEST

`univention-export-anonymized-ldap` should create an offline copy of the LDAP server. It will then anonymize the data with regards to user data like names, mail addresses, passwords, ... Use case is a file that could be used in test environments to analyze e.g. performance.

Comment 1 Dirk Wiesenthal

2025-05-05 15:50:25 CEST

Added with version 7.0.0-2

YAML added in 00bf762023ef264b9d2cf32c268cd13703ee6d4e

Comment 2 Iván.Delgado

2025-05-07 11:02:46 CEST

QA:
 OK: code review
 OK: no user data in the output file
 OK: Script work

Comment 3 Iván.Delgado

2025-05-07 13:53:44 CEST

<https://errata.software-univention.de/#/?erratum=5.2x76>

Comment 4 Florian Best

2025-06-13 09:38:02 CEST

The code is not in the UCS repository but in univention-system-info.

usage:

# univention-export-anonymized-ldap --help
usage: univention-export-anonymized-ldap --i-understand

univention-export-anonymized-ldap creates an offline copy of your LDAP server. It will then anonymize the data with regards to user data like names, mail addresses, passwords, ... Use case is a file that could be used in test
environments to analyze e.g. performance.

options:
-h, --help show this help message and exit
--i-understand This will create an (anonymized) copy of the complete LDAP database. I understand that this may take a while and that some data may not be completely anonymized based on my own layout (maybe I stored the name of a
user in an extended attribute). I will have the chance to examine the file afterwards, though.
-o OUTPUT, --output OUTPUT
Output file name. If not set, a temporary file will be created.

Example:
# univention-export-anonymized-ldap --i-understand
Exporting LDAP database...
... saved online data at /tmp/tmp361fegmn.ldif
... writing anonymized data to /tmp/tmpcpxtjbna.ldif
We anonymized or removed what we considered worthy. Usernames, birthdays, mail adresses, etc. Please note that there may be remnants of technical data, e.g. server names, DNS data, etc. Also, maybe some user data that needed protection was saved in attributes we did not consider or we did not know of (objects can be extended by Apps, ...). Please check the file before sending somewhere: /tmp/tmpcpxtjbna.ldif
... and removed online data again /tmp/tmp361fegmn.ldif

You have to use the anonymized file, the other one is removed.