One of our community members has responded with the following:
1. acronyms:
* ADFS: [Active Directory Federation Services](https://en.wikipedia.org/wiki/Active_Directory_Federation_Services)
* AD: [Active Directory](https://en.wikipedia.org/wiki/Active_Directory)
* LDAP: [Lightweight Directory Access Protocol](https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol)
* JSON: [JavaScript Object Notation](https://en.wikipedia.org/wiki/JSON)
The cited phrase seems to originate from [here (Section "*Migrate to SAML*")](https://docs.mattermost.com/administration/command-line-tools.html). It refers to the third of the three options introduced [here](https://docs.mattermost.com/deployment/sso-saml.html).
I'd appreciate a clarification of the second question. (Pulling from where and for what purpose?)
Aforementioned section suggests that the example file and command have correct syntax, yes.
I appreciate all that, and sorry, was tired and frustrated last night.
Should have said - there’s an example of creating users_file for Okta there’s an example for OneLogin… but when it comes to ADFS there’s nothing but a one line sentence - For ADFS, you can use the AD/LDAP protocol to directly extract the users information and export it to a JSON file.
Some of us that work on MM have to wear so many different hats at work, was hoping just to find a simple how-to answer in the docs rather than researching testing, etc.
Yes, you are right, at the time I wrote that, I though that each ADFS is more unique in terms of how to get the users data, because it depends a lot in the structure. Maybe we can create a basic example for that, similar to the other examples, and trying to have enough “variables” to deal with the most common cases. I’ll try to write something during today, or tomorrow.
Here is a python example that works with openLDAP, I’ll try to test it tomorrow with AD, but I don’t know if I’ll be able to access to one AD to test it properly:
import ldap
import json
import getpass
ldap_host = input('Ldap Host (example ldap://localhost:389): ')
base_dn = input('Base DN (example dc=mm,dc=test,dc=com): ')
bind_dn = input('Bind DN (example cn=admin,dc=mm,dc=test,dc=com): ')
password = getpass.getpass('Password: ')
user_object_class = input('User object class (example iNetOrgPerson): ')
username_field = input('Username field: ')
mail_field = input('Mail field: ')
l = ldap.initialize(ldap_host)
l.simple_bind_s(bind_dn, password)
r = l.search_s(base_dn, ldap.SCOPE_SUBTREE, '(objectClass='+user_object_class+')', [username_field, mail_field])
mapping = {}
for dn, entry in r:
if mail_field in entry and len(entry[mail_field]) >= 1 and username_field in entry and len(entry[username_field]) >= 1:
mapping[entry[mail_field][0].decode('utf-8')] = entry[username_field][0].decode('utf-8')
with open("saml_users.json", "w") as fd:
json.dump(mapping, fd)