Curiosity is insubordination in its purest form. -Vladimir Nabokov

viernes, 15 de junio de 2012

OpenLDAP script to initialize created LDAP attribute

Hola,

Aqui un script tonto que acabo de hacer.

Inicializa para todos los usuarios del directorio un atributo LDAP previamente creado en el esquema de OpenLDAP.

#!/bin/bash
#v0.1 ~ vlan7 ~ 15-VI-2012

#Load single value on some LDAP attribute for all LDAP users

#Usage: /root/vlan7/carga_masiva.sh <LDAP attribute name> <value>
#Output: TMPF=$RANDOM.$$  #LDIF filename

#Must be root!
[ $UID -eq 0 ] || { echo "Bad luck, only root can run this code" 1>&2 ; exit 7; }

#Get script dir. Will work with any combination of aliases, source, bash -c, symlinks, etc.
SOURCE="${BASH_SOURCE[0]}"
DIR="$(dirname "$SOURCE")"
while [ -h "$SOURCE" ]
do
  SOURCE="$(readlink "$SOURCE")"
  [[ $SOURCE != /* ]] && SOURCE="$DIR/$SOURCE"
  DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)"
done
DIR="$(cd -P "$(dirname "$SOURCE")" && pwd)"

die () {
  echo >&2 "$@"
  exit 7
}

#User input is evil. Never trust a user
[ "$#" -eq 2 ] || die "ERROR! 2 arguments required, $# provided. Usage: $SOURCE <LDAP attribute name> <value>"

#Let's prepare to load some data on LDAP!
echo -e "\nEnter whatever you want or just press ENTER"
TMPF=$RANDOM.$$
while read LINE
do
  if [ ! -z "$LINE" ]
  then
    echo "dn: $LINE, ou=Users, dc=el_dc" >>$DIR/$TMPF
    echo "changetype: modify" >>$DIR/$TMPF
    echo "add: $1" >>$DIR/$TMPF
    echo "$1: $2" >>$DIR/$TMPF
    echo "" >>$DIR/$TMPF
  fi
done < <(ldapsearch -Wx -b "ou=Users,dc=el_dc" "objectclass=la_que_sea" uid |grep ^uid: |sed 's/uid: /uid=/g')  #Get LDAP uid's

echo "###"
echo LDIF generated!
echo "###"
echo "Ready to load some data on LDAP so check $DIR/$TMPF and launch this command _ONLY_ on LDAP provider"
echo "###"
echo "   ldapmodify -Wx -D "cn=admin,dc=el_dc" -f $DIR/$TMPF"
exit 0
Logicamente yo implementaria TLS/SSL, pero a veces no depende de uno. Si se usa algun tipo de cifrado habria que quitar el flag -x de ldapsearch/ldapmodify

Si el atributo ya tiene algun valor puede ser necesario sustituir la linea
echo "add: $1" >>$DIR/$TMPF
por
echo "replace: $1" >>$DIR/$TMPF

Quizas le sirva a alguien...

3. Lo aburrido y rutinario es malo. Entonces nacieron los scripts.

Related Posts by Categories



0 comentarios :