最近处理的几个关于Ldap的后台操作及脚本

最新推荐文章于 2021-05-05 13:41:21 发布

aeon4ever

最新推荐文章于 2021-05-05 13:41:21 发布

阅读量286

点赞数

文章标签： OpenLdap

本文链接：https://blog.csdn.net/u012063556/article/details/79322385

版权

查询用户aeon4ever的最后修改时间

./ldapsearch -h 172.21.34.68 -p 13389 -D "cn=Directory Manager" -w 12345678 -b "ou=ins,o=cup.com" "(uid=aeon4ever)" "lastModifiedTime"

导出所有系统权限的脚本语句

./ldapsearch -h 172.21.34.68 -p 5389 -D "cn=Directory Manager" -w 12345678 -b "ou=functiontype,o=cup.com" "objectClass=*" "objectClass" "cn" "name" "description" >test1.ldif


./ldapsearch -h 172.21.34.68 -p 5389 -D "cn=Directory Manager" -w 12345678 -b "ou=function,o=cup.com" "objectClass=*" "objectClass" "cn" "name" "description" "functioncatalog" >test2.ldif


./ldapsearch -h 172.21.34.68 -p 5389 -D "cn=Directory Manager" -w 12345678 -b "ou=role,o=cup.com" "objectClass=*" "objectClass" "cn" "name" "description" "privilege" >test3.ldif


./ldapsearch -h 172.21.34.68 -p 5389 -D "cn=Directory Manager" -w 12345678 -b "ou=rolegroup,o=cup.com" "objectClass=*" "objectClass" "cn" "name" "description" "privilege" >test4.ldif


cat test1.ldif test2.ldif test3.ldif test4.ldif > merge.ldif

批量修改用户某属性

./ldapsearch -h 172.17.140.7 -p 13389 -D "cn=Directory Manager" -w 12345678 -b "ou=institute,o=cup.com" "(&(uid=*)(privilege=sysid=002,rolegroup=*))" "uid" >result002.txt


./ldapsearch -h 172.17.140.7 -p 13389 -D "cn=Directory Manager" -w 12345678 -b "ou=institute,o=cup.com" "(&(uid=*)(privilege=sysid=009,rolegroup=009111*,seeAlso))" "uid" >result111.txt


sed 's/^seeAlso/seeAlso aeon4ever/'


./ldapmodify -h 172.17.140.7 -p 13389 -D "cn=Directory Manager" -w 12345678 -f changeTest.ldif


sed '/^seeAlso/ c/seeAlso aeon4ever' test


dn: uid=pwsheng,ou=0800005210,ou=institute,o=cup.com
changetype: modify
replace: seeAlso
seeAlso: aeon4evertest


dn: uid=00000007,ou=0800010000,ou=institute,o=cup.com
uid: 00000007
seeAlso: 042@712370754@common$ABCD$0000000000@00000004


(&(uid=*)(privilege=sysid=002,rolegroup=*)(!(seeAlso=null)))


./ldapsearch -h 172.17.140.7 -p 13389 -D "cn=Directory Manager" -w 12345678 -b "ou=institute,o=cup.com" "(&(uid=*)(privilege=sysid=002,rolegroup=*)(!(seeAlso=null)))" "uid" "seeAlso" > seeAlsoResult.ldif

思维过程，目前卡在搜索条件上(&(uid=*)(privilege=sysid=002,rolegroup=*)(!(seeAlso=null))) 其中(!(seeAlso=null))) seeAlso有没有值，查询出的结果都不影响

更新：换了个思路将filter中
!seeAlso=null 改为 seeAlso=*
，过滤出了含有seeAlso属性的用户，而且不用考虑
bash ! event not found 的报错

再次更新：
查询结果数据样例：
dn: uid=00000007,ou=0800010000,ou=institute,o=cup.com
uid: 00000007
seeAlso: 0123@721231234@common$AAAA$0000000000@00000004

目标数据样例：
dn: uid=pwsheng,ou=0012305210,ou=institute,o=cup.com
changetype: modify
replace: seeAlso
seeAlso: aeon4evertest

脚本如下

./ldapsearch -h .*..* -p 端口 -D "cn=Directory Manager" -w 密码 -b "ou=institute,o=cup.com" "(&(uid=*)(privilege=sysid=002,rolegroup=*)(seeAlso=*))" "seeAlso" | sed '/^seeAlso/ c seeAlso: 证书编号' | sed '/^seeAlso/i\changetype: modify\nreplace: seeAlso' > modifyCert.ldif 
./ldapmodify -h .*..* -p 端口 -D "cn=Directory Manager" -w 密码 -f modifyCert.ldif

aeon4ever

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
最近处理的几个关于Ldap的后台操作及脚本

查询用户aeon4ever的最后修改时间./ldapsearch -h 172.21.34.68 -p 13389 -D "cn=Directory Manager" -w 12345678 -b "ou=ins,o=cup.com" "(uid=aeon4ever)" "lastModifiedTime"导出所有系统权限的脚本语句./ldapsearch -h 172.21.34.68 -p 5...
复制链接

扫一扫