查询用户aeon4ever的最后修改时间
./ldapsearch -h 172.21.34.68 -p 13389 -D "cn=Directory Manager" -w 12345678 -b "ou=ins,o=cup.com" "(uid=aeon4ever)" "lastModifiedTime"
导出所有系统权限的脚本语句
./ldapsearch -h 172.21.34.68 -p 5389 -D "cn=Directory Manager" -w 12345678 -b "ou=functiontype,o=cup.com" "objectClass=*" "objectClass" "cn" "name" "description" >test1.ldif
./ldapsearch -h 172.21.34.68 -p 5389 -D "cn=Directory Manager" -w 12345678 -b "ou=function,o=cup.com" "objectClass=*" "objectClass" "cn" "name" "description" "functioncatalog" >test2.ldif
./ldapsearch -h 172.21.34.68 -p 5389 -D "cn=Directory Manager" -w 12345678 -b "ou=role,o=cup.com" "objectClass=*" "objectClass" "cn" "name" "description" "privilege" >test3.ldif
./ldapsearch -h 172.21.34.68 -p 5389 -D "cn=Directory Manager" -w 12345678 -b "ou=rolegroup,o=cup.com" "objectClass=*" "objectClass" "cn" "name" "description" "privilege" >test4.ldif
cat test1.ldif test2.ldif test3.ldif test4.ldif > merge.ldif
批量修改用户某属性
./ldapsearch -h 172.17.140.7 -p 13389 -D "cn=Directory Manager" -w 12345678 -b "ou=institute,o=cup.com" "(&(uid=*)(privilege=sysid=002,rolegroup=*))" "uid" >result002.txt
./ldapsearch -h 172.17.140.7 -p 13389 -D "cn=Directory Manager" -w 12345678 -b "ou=institute,o=cup.com" "(&(uid=*)(privilege=sysid=009,rolegroup=009111*,seeAlso))" "uid" >result111.txt
sed 's/^seeAlso/seeAlso aeon4ever/'
./ldapmodify -h 172.17.140.7 -p 13389 -D "cn=Directory Manager" -w 12345678 -f changeTest.ldif
sed '/^seeAlso/ c/seeAlso aeon4ever' test
dn: uid=pwsheng,ou=0800005210,ou=institute,o=cup.com
changetype: modify
replace: seeAlso
seeAlso: aeon4evertest
dn: uid=00000007,ou=0800010000,ou=institute,o=cup.com
uid: 00000007
seeAlso: 042@712370754@common$ABCD$0000000000@00000004
(&(uid=*)(privilege=sysid=002,rolegroup=*)(!(seeAlso=null)))
./ldapsearch -h 172.17.140.7 -p 13389 -D "cn=Directory Manager" -w 12345678 -b "ou=institute,o=cup.com" "(&(uid=*)(privilege=sysid=002,rolegroup=*)(!(seeAlso=null)))" "uid" "seeAlso" > seeAlsoResult.ldif
思维过程,目前卡在搜索条件上(&(uid=*)(privilege=sysid=002,rolegroup=*)(!(seeAlso=null))) 其中(!(seeAlso=null))) seeAlso有没有值,查询出的结果都不影响
更新:换了个思路 将filter中
!seeAlso=null 改为 seeAlso=*
,过滤出了含有seeAlso属性的用户,而且不用考虑
bash ! event not found 的报错
再次更新:
查询结果数据样例:
dn: uid=00000007,ou=0800010000,ou=institute,o=cup.com
uid: 00000007
seeAlso: 0123@721231234@common$AAAA$0000000000@00000004
目标数据样例:
dn: uid=pwsheng,ou=0012305210,ou=institute,o=cup.com
changetype: modify
replace: seeAlso
seeAlso: aeon4evertest
脚本如下
./ldapsearch -h .*..* -p 端口 -D "cn=Directory Manager" -w 密码 -b "ou=institute,o=cup.com" "(&(uid=*)(privilege=sysid=002,rolegroup=*)(seeAlso=*))" "seeAlso" | sed '/^seeAlso/ c seeAlso: 证书编号' | sed '/^seeAlso/i\changetype: modify\nreplace: seeAlso' > modifyCert.ldif
./ldapmodify -h .*..* -p 端口 -D "cn=Directory Manager" -w 密码 -f modifyCert.ldif