-
Notifications
You must be signed in to change notification settings - Fork 1
/
ldapgroupmod.sh
186 lines (171 loc) · 4.84 KB
/
ldapgroupmod.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
#!/bin/bash
printhelp()
{
echo "Usage: $0 [options] GROUP
Options:
-g, --gid GID change the group ID to GID
-M, --members USERS new list of supplementary USERS
-a, --append append the USERS to this group
mentioned by the -M option without removing
other users
-r, --remove remove the USERS to this group
mentioned by the -M option without appending
other users
-h, --help display this help message and exit
-n, --new-name NEW_GROUP change the name to NEW_GROUP
-f, --bindfile set url,binddn,bindpasswd with file
-H, --url URL LDAP Uniform Resource Identifier(s)
-D, --binddn DN bind DN
-w, --bindpasswd PASSWORD bind password"
exit 0
}
argnum=$#
if [ $argnum -eq 0 ]
then
printhelp
exit 0
fi
groupname=""
newgroupname=""
gid=""
members=""
usersmode="replace"
url=""
binddn=""
bindpasswd=""
for a in $(seq 1 1 $argnum)
do
nowarg=$1
case "$nowarg" in
-g|--gid)
shift
gid=$1
;;
-h|--help)
printhelp
;;
-M|--members)
shift
members=" $(echo $1 | sed "s/,/ /g") "
;;
-a|--append)
usersmode="add"
;;
-r|--remove)
usersmode="delete"
;;
-n|--new-name)
shift
newgroupname=$1
;;
-f|--bindfile)
shift
url=$(yq e '.url' $1)
if [ "$url" == "null" ]
then
url=""
fi
binddn=$(yq e '.binddn' $1)
if [ "$binddn" == "null" ]
then
binddn=""
fi
bindpasswd=$(yq e '.bindpasswd' $1)
if [ "$bindpasswd" == "null" ]
then
bindpasswd=""
fi
;;
-H|--url)
shift
url=$1
;;
-D|--binddn)
shift
binddn=$1
;;
-w|--bindpasswd)
shift
bindpasswd=$1
;;
*)
if [ "$nowarg" = "" ]
then
break
fi
groupname=$1
;;
esac
shift
done
if [ "$groupname" = "" ] || [ "$binddn" = "" ]
then
echo "Please add your groupname and ldapbinddn."
printhelp
fi
if [ "$bindpasswd" = "" ]
then
read -p "Enter LDAP Password: " -s bindpasswd
fi
if [ "$url" != "" ]
then
ldapurl="-H $url"
fi
gid=$(echo $gid | sed "s/[^0-9]//g")
basedn=$(echo $(for a in $(echo "$binddn" | sed "s/,/ /g"); do printf "%s," $(echo $a | grep dc=); done) | sed "s/^,//g" | sed "s/,$//g")
oldgid=$(ldapsearch -x $ldapurl -D "$binddn" -w "$bindpasswd" -b "$basedn" "(&(objectClass=posixGroup)(cn=$groupname))" -LLL | grep -P "^gidNumber:" | awk '{print $2}' | sed "s/[^0-9]//g")
if [ "$gid" != "" ]
then
for a in $(ldapsearch -x $ldapurl -D "$binddn" -w "$bindpasswd" -b "$basedn" "(&(objectClass=person)(gidNumber=$oldgid))" -LLL | grep -P "^dn:" | awk '{print $2}')
do
echo "dn: $a
changetype: modify
replace: gidNumber
gidNumber: $gid" | ldapmodify -x $ldapurl -D "$binddn" -w "$bindpasswd"
done
echo "dn: cn=$groupname,ou=groups,$basedn
changetype: modify
replace: gidNumber
gidNumber: $gid" | ldapmodify -x $ldapurl -D "$binddn" -w "$bindpasswd"
oldgid=$gid
fi
if [ "$members" != "" ]
then
if [ "$usersmode" == "replace" ]
then
members=$members" "$(ldapsearch -x $ldapurl -D "$binddn" -w "$bindpasswd" -b "$basedn" "(&(objectClass=person)(gidNumber=$oldgid))" -LLL | grep -P "^cn:" | awk '{print $2}')
else
for a in $(ldapsearch -x $ldapurl -D "$binddn" -w "$bindpasswd" -b "$basedn" "(&(objectClass=person)(gidNumber=$oldgid))" -LLL | grep -P "^cn:" | awk '{print $2}')
do
members=$(echo "$members" | sed "s/ $a / /g")
done
fi
modifybase="dn: cn=$groupname,ou=groups,$basedn
changetype: modify
${usersmode}: memberUid"
for a in $members
do
modifybase=$modifybase"
memberUid: $a"
done
modifybase=$modifybase"
-
${usersmode}: member"
for a in $members
do
modifybase=$modifybase"
member: cn=$a,ou=people,$basedn"
done
echo "$modifybase" | ldapmodify -x $ldapurl -D "$binddn" -w "$bindpasswd"
fi
if [ "$newgroupname" != "" ]
then
echo "dn: cn=$groupname,ou=groups,$basedn
changetype: moddn
newrdn: cn=$newgroupname
deleteoldrdn: 1
dn: cn=$newgroupname,ou=groups,$basedn
changetype: modify
replace: cn
cn: $newgroupname" | ldapmodify -x $ldapurl -D "$binddn" -w "$bindpasswd"
fi