[Fedora-directory-users] Useful script to extract LDAP based user posixGroup memberships information
Tay, Gary
Gary_Tay at platts.com
Thu Sep 8 04:50:45 UTC 2005
Assuming you are using posixGroup objectclass and memberUid attribute to
store your membership information, you may find my shell script useful
and handy.
It works on Solaris LDAP Client with "ldapaddent" and "ldaplist"
commands, and works against FDS, SUN DS or OpenLDAP.
#! /bin/sh
#
# get_ldap_memberUids.sh
#
# Gary Tay, 08-Sep-2005, written
#
if [ $# -le 0 ]
then
echo ""
echo "Usage:"
echo "$0 [SHOW_UID_ONLY||SHOW_DN|SHOW_UIDNUMBER|SHOW__NAME"
echo ""
echo "Purpose: get a list of memberships for LDAP posixGroups"
echo "Examples: "
echo "1) $0 SHOW_UID_ONLY"
echo "2) $0 SHOW_DN"
echo "3) $0 SHOW_UIDNUMBER"
echo "4) $0 SHOW_NAME"
echo ""
exit
fi
OPTION=$1
ldapaddent -d group | cut -d: -f1,3 >groups.txt
for i in `cat groups.txt | cut -d: -f2 | sort -n`
do
GIDN=$i; GNAME=`grep $GIDN groups.txt | cut -d: -f1`
echo memberUids for Group $GNAME, gidNumber=$GIDN
ldapaddent -d passwd | sort -n -t: +3 -4 | cut -d: -f1,3,4 >users.txt
cat users.txt | grep $GIDN | cut -d: -f1 >uids.txt
case "$OPTION" in
"SHOW_UID_ONLY") cat uids.txt;;
"SHOW_DN") for j in `cat uids.txt`
do
ldaplist passwd $j
done;;
"SHOW_UIDNUMBER") for j in `cat uids.txt`
do
UIDN=`ldaplist -l passwd $j | grep -i 'uidNumber:' | cut -d:
-f2`
echo $j,$UIDN
done;;
"SHOW_NAME") for j in `cat uids.txt`
do
NAME=`ldaplist -l passwd $j | grep -i 'cn:' | cut -d: -f2`
echo $j,$NAME
done;;
*) echo "$1 is an invalid option."; exit 1
esac
echo ""
done
Hope this helps.
Gary
More information about the Fedora-directory-users
mailing list