Tay, Gary
2005-Sep-08 04:50 UTC
[Fedora-directory-users] Useful script to extract LDAP based user posixGroup memberships information
Assuming you are using posixGroup objectclass and memberUid attribute to
store your membership information, you may find my shell script useful
and handy.
It works on Solaris LDAP Client with "ldapaddent" and
"ldaplist"
commands, and works against FDS, SUN DS or OpenLDAP.
#! /bin/sh
#
# get_ldap_memberUids.sh
#
# Gary Tay, 08-Sep-2005, written
#
if [ $# -le 0 ]
then
echo ""
echo "Usage:"
echo "$0 [SHOW_UID_ONLY||SHOW_DN|SHOW_UIDNUMBER|SHOW__NAME"
echo ""
echo "Purpose: get a list of memberships for LDAP posixGroups"
echo "Examples: "
echo "1) $0 SHOW_UID_ONLY"
echo "2) $0 SHOW_DN"
echo "3) $0 SHOW_UIDNUMBER"
echo "4) $0 SHOW_NAME"
echo ""
exit
fi
OPTION=$1
ldapaddent -d group | cut -d: -f1,3 >groups.txt
for i in `cat groups.txt | cut -d: -f2 | sort -n`
do
GIDN=$i; GNAME=`grep $GIDN groups.txt | cut -d: -f1`
echo memberUids for Group $GNAME, gidNumber=$GIDN
ldapaddent -d passwd | sort -n -t: +3 -4 | cut -d: -f1,3,4 >users.txt
cat users.txt | grep $GIDN | cut -d: -f1 >uids.txt
case "$OPTION" in
"SHOW_UID_ONLY") cat uids.txt;;
"SHOW_DN") for j in `cat uids.txt`
do
ldaplist passwd $j
done;;
"SHOW_UIDNUMBER") for j in `cat uids.txt`
do
UIDN=`ldaplist -l passwd $j | grep -i ''uidNumber:''
| cut -d:
-f2`
echo $j,$UIDN
done;;
"SHOW_NAME") for j in `cat uids.txt`
do
NAME=`ldaplist -l passwd $j | grep -i ''cn:'' | cut
-d: -f2`
echo $j,$NAME
done;;
*) echo "$1 is an invalid option."; exit 1
esac
echo ""
done
Hope this helps.
Gary
Rich Megginson
2005-Sep-08 13:36 UTC
Re: [Fedora-directory-users] Useful script to extract LDAP based user posixGroup memberships information
Thanks Gary! Tay, Gary wrote:>Assuming you are using posixGroup objectclass and memberUid attribute to >store your membership information, you may find my shell script useful >and handy. > >It works on Solaris LDAP Client with "ldapaddent" and "ldaplist" >commands, and works against FDS, SUN DS or OpenLDAP. > >#! /bin/sh ># ># get_ldap_memberUids.sh ># ># Gary Tay, 08-Sep-2005, written ># >if [ $# -le 0 ] >then > echo "" > echo "Usage:" > echo "$0 [SHOW_UID_ONLY||SHOW_DN|SHOW_UIDNUMBER|SHOW__NAME" > echo "" > echo "Purpose: get a list of memberships for LDAP posixGroups" > echo "Examples: " > echo "1) $0 SHOW_UID_ONLY" > echo "2) $0 SHOW_DN" > echo "3) $0 SHOW_UIDNUMBER" > echo "4) $0 SHOW_NAME" > echo "" > exit >fi >OPTION=$1 >ldapaddent -d group | cut -d: -f1,3 >groups.txt >for i in `cat groups.txt | cut -d: -f2 | sort -n` >do > GIDN=$i; GNAME=`grep $GIDN groups.txt | cut -d: -f1` > echo memberUids for Group $GNAME, gidNumber=$GIDN > ldapaddent -d passwd | sort -n -t: +3 -4 | cut -d: -f1,3,4 >users.txt > cat users.txt | grep $GIDN | cut -d: -f1 >uids.txt > case "$OPTION" in > "SHOW_UID_ONLY") cat uids.txt;; > "SHOW_DN") for j in `cat uids.txt` > do > ldaplist passwd $j > done;; > "SHOW_UIDNUMBER") for j in `cat uids.txt` > do > UIDN=`ldaplist -l passwd $j | grep -i ''uidNumber:'' | cut -d: >-f2` > echo $j,$UIDN > done;; > "SHOW_NAME") for j in `cat uids.txt` > do > NAME=`ldaplist -l passwd $j | grep -i ''cn:'' | cut -d: -f2` > echo $j,$NAME > done;; > *) echo "$1 is an invalid option."; exit 1 > esac > echo "" >done > >Hope this helps. > >Gary > >-- >Fedora-directory-users mailing list >Fedora-directory-users@redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > >