I have been asked to create a ksh script that will search against an LDAP directory from various HP-UX, SUSE, and AIX 5.3 and 6.1 machines. The objective is to verify the boxes are successfully authenticating users from the LDAP store. This is something I've never done, and I could use some help. The output of this search is an xml file that lists all the machines that are connected in one list and all the machines that are not connected in another.
So to begin, I need a case statement or something that will check the server type. Then whatever needs to happen after that will go and run. I have to start with an AIX 5.3 machine for testing purposes, though the objective is to run them against a large pool of machines in a datacenter and get results from all regardless of OS.
The command to check the directory with AIX 5.3, my test machine, is:
lsldap –a passwd <ldap_user_ID>
If this user is visible from a particular machine, then we're good. I have a sample script that was used for something similar in the past, but it's not exactly what I need.
Code:
#search=/dev/fs/C/Users/%windows_username%/Desktop/test
#find $search/*/*/domains/* -name config.xml -type f -prune \
# >w_xml_list 2>/dev/null
#
#find /usr/local/*/*/domains/* -name config.xml -type f -prune \
# >w_xml_list 2>/dev/null
echo "Line to catch LDAP member status"
find /usr/local/*/*/domains/* -name config.xml -type f -prune \
>w_xml_list 2>/dev/null
if [ -s w_xml_list ]; then
for config in $(cat w_xml_list)
do
if [ -s $config ]; then
if [[ $(grep -ic 'iam' $config) != 0 ]];then
print "!!!:${HOSTNAME}:$config/hhld"
elif [[ $(grep -ic 'embedded' $config) != 0 ]];then
print "!!!:${HOSTNAME}:$config/embedded"
else
print "!!!:${HOSTNAME}:$config/NoMatch"
fi
else
print "!!!:${HOSTNAME}:$config/XmlNotFound"
fi
done
#cat w_dom_list \
# | sed "s/^/!${HOSTNAME} /"
else
echo "!!!:${HOSTNAME}:NoWLSfound"
fi
rm w_xml_list
Is there anything in here that I can use to get started on AIX 5.3? I know I need to embed the lsldap command in there somewhere, and search for a user that I know exists in that ldap directory, but I don't know much else. Can anyone help me?
Thanks in advance,
D
Moderator's Comments:
Please use next time code tags for your code and data
Last edited by vbe; 01-30-2012 at 12:34 PM..
Reason: code tags
Hello,
I'm currently trying to mix local and LDAP users on an AIX 7.1.
I've triied many things.
My LDAP Server in on a CentOS - OpenLDAP (which works fine with linux).
I'm currently stuck on AIX at how to declare LDAP AND Local users.
Here's what i did :
/usr/sbin/mksecldap -c -h 'ldap03'... (15 Replies)
I have been able to configure on an AIX 5.2 ldap.cfg so service starts correctly.
but when I try to log on with a windows user after entering the password login hangs and get no response.
I have set it up on Aix 5.3 with no problem but in Aix 5.2 I have not been able to log in.
ldap.cfg... (1 Reply)
The KRB5ALDAP compound load module is giving me fits. Everything looks like it should be working, but no.
Goal: Integrate AIX host with Active Directory using a KRB5ALDAP compound load module so that users can be created in AD and used in AIX, with unix attributes (registry values) being... (2 Replies)
If I create a new user id test:
mkuser id=400 test
then I want it to LDAP user:
chuser -R LDAP SYSTEM=LDAP registry=LDAP test
It shows:
3004-687 User "test" does not exist.
How to do? (4 Replies)
Besides doing some shell-script which loops through /etc/passwd, I was wondering if there was some command that would tell me, like an enhanced version of getent.
The Operating system is Solaris 10 (recent-ish revision) using Sun DS for LDAP. (5 Replies)
I am converting all users on all AIX systems to LDAP users. As such, I must delete the local user, and recreate the user via LDAP. When I delete the local user, all files and directories owned by the local user will revert to the UID. I need a script to find all files and directories belonging... (1 Reply)
Hey all,
I'm looking for a script to auto-generate a password for users that forget their password.
Currently, we are using a perl script (with cgi-bin) where users update their password, but would like to add to this and make it so that the users can also request a password reset and a... (1 Reply)
Hi Guys,
I want to create user with a script:
user name, user id, primary group, group set, home directory, initial program, password, user information, another user can SU to user. And all the rest is the default.
Does anyone already have the script for this? Can you please share it... (8 Replies)
Has anyone successfully authenticated unix users via Active Directory using
LDAP client on AIX v5.2 or v5.3?? ldapsearch from our unix box retrieves
info from AD but having trouble authenticating unix id when I logon - get a msg ': 3004-318 Error obtaining the user's password information'. Not... (0 Replies)
01-30-2012
