I have a question. How can you make querys to LDAP server to get the users that hav access on a names server.I'll explain:
I have a lot of servers, and I use LDAP for user authentication. What I want is to make a script that will give me on the server that I want the people who are allowed to access. So for this I should query the LDAP server. But how can I do this precise query ?
Forgot to mentions that I want this script to work on RedHat ans Solaris to
Thank you for your help.
Last edited by theboogymaster; 10-15-2010 at 04:08 AM..
I guess the access is being granted by having the user(s) added into LDAP group(s). You should know or ask someone who set up the permissions and then you should be able to check with an ldapsearch, who is a member of that group(s).
You might also check your /etc/ldap.conf (or wherever your openldap(?) configuration files are located), which group(s) is configured there, especially the parameter pam_groupdn could be a helpful.
Yes the access is granted by group. But what I whant is for example to type : scriptname hostname and have all the users allowed to access that host name. Is that possible with the ldapsearch command ? cause I can't see this option to show the hosts ?!
You might need to write filters in your ldapsearch to
a) find the group associated to the host or vice versa
b) search for all members of that group
The syntax for ldapsearch can be looked up on it's man page or typing
Depending if you use SSL etc. there is some different switches that may apply or not. Try to get a plain ldapsearch working befor you go for the filter part maybe.
For writing filters there are several tutorials/examples for that on the web (just google for "ldapsearch filter"). The filter is part of the ldapsearch.
The rest is a little bit of shell script around this which is very easy.
I am not firm in those filters myself so maybe if you get familiar with them, you can maybe search for the host, group and member criteria in one line of ldapsearch.
Last edited by zaxxon; 10-15-2010 at 05:46 AM..
Reason: added info
I have very limited knowledge on LDAP configuration and have been trying fix one issue, but unsuccessful.
The server, I am working on, is Solaris-10 zone. sudoers is configured on LDAP (its not on local server). I have access to login directly on server with root, but somehow sudo is not working... (9 Replies)
Hello Experts,
I have this specific requirment where i need to download/extract from AD (Firstname, LastName, etc) and upload the same to Ldap used by Zimbra mail server running on Suse Linux.
I know how to manually do that, but that is the not the solution. I am not yet sure on how to start... (3 Replies)
Hi All,
Please help me and guide me to write a bash/shell script on Linux box to delete parent entry with all their child entries.
example:
Parent is :
----------
dn: email=yogesh.kumar@wipro.com, o=wipro, o=in
child is:
----------
dn: cn: yogesh kumar, email=yogesh.kumar@wipro.com,... (1 Reply)
Hi
I am searching a tool like "LDAP Administrator 2011.1"/ "LDAP-SQL" but for the CLI.
Wish to use LDAP-SQL in scripts (non Windows GUI environment)
http://ldapadministrator.com/resources/english/2011.1/images/sqlquery_large.png
Softerra LDAP Administrator 2011.1 - What's New
OS is... (2 Replies)
Hi,
I have been asked to create a ksh script that will search against an LDAP directory from various HP-UX, SUSE, and AIX 5.3 and 6.1 machines. The objective is to verify the boxes are successfully authenticating users from the LDAP store. This is something I've never done, and I could use... (0 Replies)
I am converting all users on all AIX systems to LDAP users. As such, I must delete the local user, and recreate the user via LDAP. When I delete the local user, all files and directories owned by the local user will revert to the UID. I need a script to find all files and directories belonging... (1 Reply)
We use sun ldap. I have a branch with 2500 users and 20 groups (group1, group2, group3 .. etc). I need to run a script that i can run from my solaris box that will delete all users EXCEPT the users that are members of group1. Is this possible?
Thank you in advance! (0 Replies)
Hey all,
I'm looking for a script to auto-generate a password for users that forget their password.
Currently, we are using a perl script (with cgi-bin) where users update their password, but would like to add to this and make it so that the users can also request a password reset and a... (1 Reply)
Hi,
i'm trying to import LDAP database to a new system and i need help with that. I've got a LDAP schema and a ldif file with all data, so how should i proceed with creating new schema and how to import data.
tnx in advance :) (5 Replies)