Last active
June 9, 2018 22:35
-
-
Save cabal95/a9211c89361ddbb2bd95 to your computer and use it in GitHub Desktop.
Give Apple Open Directory the member and memberOf attributes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # | |
| LDAPURI="ldapi://%2Fvar%2Frun%2Fldapi" | |
| BASEDN="dc=hdcnet,dc=org" | |
| GROUPDN="cn=groups,$BASEDN" | |
| USERDN="cn=users,$BASEDN" | |
| # | |
| # Check each defined group | |
| # | |
| groups=`ldapsearch -x -H "$LDAPURI" -b "$GROUPDN" objectClass=posixGroup dn | grep "^dn:"` | |
| while read -r gline; do | |
| gdn=`echo $gline | cut -c4-` | |
| # | |
| # Process member values that need to be added. | |
| # | |
| members=`ldapsearch -x -H "$LDAPURI" -b "$gdn" memberUid | grep "^memberUid:"` | |
| while read -r mline; do | |
| if [ -z "$mline" ]; then continue; fi | |
| member=`echo $mline | cut -c12-` | |
| exists=`ldapsearch -x -H "$LDAPURI" -b "$gdn" member="uid=$member,$USERDN" dn | grep "^dn:"` | |
| # | |
| # If the user does not exist, add them. | |
| # | |
| if [ -z "$exists" ]; then | |
| ldapmodify -x -H "$LDAPURI" >/dev/null <<__END__ | |
| dn: $gdn | |
| changetype: modify | |
| add: member | |
| member: uid=$member,$USERDN | |
| __END__ | |
| fi | |
| done <<< "$members" | |
| # | |
| # Process member values that need to be removed. | |
| # | |
| members=`ldapsearch -x -H "$LDAPURI" -b "$gdn" member | grep "^member:"` | |
| while read -r mline; do | |
| if [ -z "$mline" ]; then continue; fi | |
| member=`echo $mline | cut -c9- | cut -f2 -d= | cut -f1 -d,` | |
| exists=`ldapsearch -x -H "$LDAPURI" -b "$gdn" memberUid="$member" dn | grep "^dn:"` | |
| # | |
| # If the memberUid record does not exist, remove the member record. | |
| # | |
| if [ -z "$exists" ]; then | |
| ldapmodify -x -H "$LDAPURI" >/dev/null <<__END__ | |
| dn: $gdn | |
| changetype: modify | |
| delete: member | |
| member: uid=$member,$USERDN | |
| __END__ | |
| fi | |
| done <<< "$members" | |
| done <<< "$groups" | |
| # | |
| # Check each defined user | |
| # | |
| users=`ldapsearch -x -H "$LDAPURI" -b "$USERDN" objectClass=posixAccount dn | grep "^dn:"` | |
| while read -r uline; do | |
| udn=`echo $uline | cut -c5-` | |
| # | |
| # Process memberOf values that need to be removed. | |
| # | |
| memberOfs=`ldapsearch -x -H "$LDAPURI" -b "$udn" memberOf | grep "^memberOf:"` | |
| while read -r mline; do | |
| if [ -z "$mline" ]; then continue; fi | |
| gdn=`echo $mline | cut -c11-` | |
| exists=`ldapsearch -x -H "$LDAPURI" -b "$gdn" member="$udn" dn | grep "^dn:"` | |
| # | |
| # If the member attribute does not exist, delete the memberOf. | |
| # | |
| if [ -z "$exists" ]; then | |
| ldapmodify -x -H "$LDAPURI" >/dev/null <<__END__ | |
| dn: $udn | |
| changetype: modify | |
| delete: memberOf | |
| memberOf: $gdn | |
| __END__ | |
| fi | |
| done <<< "$memberOfs" | |
| # | |
| # Process memberOf values that need to be added. | |
| # | |
| groups=`ldapsearch -x -H "$LDAPURI" -b "$GROUPDN" "(&(objectClass=posixGroup)(member=$udn))" dn | grep "^dn:"` | |
| while read -r gline; do | |
| if [ -z "$gline" ]; then continue; fi | |
| gdn=`echo $gline | cut -c4-` | |
| exists=`ldapsearch -x -H "$LDAPURI" -b "$udn" memberOf="$gdn" dn | grep "^dn:"` | |
| # | |
| # If the record does not exist, add the memberOf record. | |
| # | |
| if [ -z "$exists" ]; then | |
| ldapmodify -x -H "$LDAPURI" >/dev/null <<__END__ | |
| dn: $udn | |
| changetype: modify | |
| add: memberOf | |
| memberOf: $gdn | |
| __END__ | |
| fi | |
| done <<< "$groups" | |
| done <<< "$users" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This 50% works for me so happier than I was this morning :) thanks
.... I"m Running OSX 10.10.3 and sever 4.1
This script creates and populates the 'member' attributes within the LDAP 'groups' records perfectly, but the user records remain unaltered by the script.
Initial I got an error "member attribute unknown" so I swapped the running order to add member attributes first. The script now runs without errors but still does not update the user records with the memberOf values. Anyone have any ideas?