port="-p ${3}"
fi
if [ ! -z "${4}" ]; then
query="-t ${4}"
user_field="${4}"
fi
search="ldapsearch ${host} ${port} -x ${search_dn} ${query}"
grep="grep ^${user_field}:[[:space:]]"
sed="sed -e s/^${user_field}:[[:space:]][[:space:]]*//"
out="$(${search} | ${grep} | ${sed})"
if [ $? -ne 0 ]; then
return 1
fi
echo ${out}
return 0
}
# Read the shell attribute for the specified user from LDAP and return
# the value as a string
get_user_shell() {
user="${1}"
host="-h ${2}"
search_dn="-b ${3}"
port=""
query="-t uid"
user_field="uid"
shell_field="loginShell"
if [ ! -z "${4}" ]; then
port="-p ${4}"
fi
if [ ! -z "${5}" ]; then
user_field="${5}"
fi
if [ ! -z "${6}" ]; then
shell_field=${6}
fi
if [ ! -z "${5}" ]; then
passwd="-w ${5} -x"
fi
if [ ! -z "${6}" ]; then
port="-p ${6}"
fi
query="-t ${user_field}=${user} ${shell_field}"
search="ldapsearch ${host} ${port} -x ${search_dn} ${query}"
grep="grep ^${shell_field}:[[:space:]]"
sed="sed -e s/${shell_field}:[[:space:]][[:space:]]*//"
if ! out="$(${search} | ${grep} | ${sed})"; then
return 1
fi
echo ${out}
return 0
}
usage() {
error="${1}"
(
if [ ! -z ${error} ]; then
echo "${error}"
fi
echo "usage: import_users_from_openldap.sh -b search_dn -h host [-p port]"
echo " [-u field-name] [-s field-name] [-r] [-n]"
echo ""
echo "Where:"
echo ""
echo " -h host"
echo " Specifies the host name / IP address of the LDAP server from which"
echo " to import users."
echo " -r"
echo " Instead of adding users from the source, remove them."
echo " -p port"
echo " Specifies the port number on which the LDAP server is listening for"
echo " queries. Default is 389."
echo " -b search_dn"
echo " Specifies the DN in which to search for users. The default is"
echo " 'ou=users,<base_dn>' where <base_dn> is the argument to the -D"
echo " option above."
Security
S3016
210
