51 lines
1.6 KiB
Bash
Executable file
51 lines
1.6 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
LDAPSEARCH=/usr/bin/ldapsearch
|
|
SSSD_CONFIG=/etc/sssd/sssd.conf
|
|
SEARCHBASE="dc=schuerz,dc=at"
|
|
BindDN=$(sed -n -e '/^ldap_default_bind_dn/s/^ldap_default_bind_dn[ ]*=[ ]*//p' $SSSD_CONFIG)
|
|
BindPW=$(sed -n -e '/^ldap_default_authtok/s/^ldap_default_authtok[ ]*=[ ]*//p' $SSSD_CONFIG)
|
|
LDAPHost="ldap://ldap.schuerz.at"
|
|
HostDN=""
|
|
|
|
function join_by { local d=$1; shift; echo -n "$1"; shift; printf "%s" "${@/#/$d}"; }
|
|
|
|
#echo BindDN: $BindDN
|
|
#echo BindPW: $BindPW
|
|
#echo HostDN: $HostDN
|
|
|
|
regex='([^,]+),([^,]+),([^,]+),([^,]+),([^,]+),([^,]+)'
|
|
#regex='(([^,]+),)+[^,]+'
|
|
if [[ $BindDN =~ $regex ]]; then
|
|
i=2
|
|
n=${#BASH_REMATCH[*]}
|
|
#echo BR ${BASH_REMATCH[*]}
|
|
# delete=( ${BASH_REMATCH[1]} )
|
|
# echo delete ${delete[*]}
|
|
# echo deleted ${BASH_REMATCH[*]/$delete}
|
|
# HostDN=("${BASH_REMATCH[@]/$delete}")
|
|
while [[ $i -lt $n ]]
|
|
do
|
|
#echo " capture[$i]: ${BASH_REMATCH[$i]}"
|
|
if [[ -z "$HostDN" ]]; then
|
|
HostDN="${BASH_REMATCH[$i]}"
|
|
#echo $HostDN
|
|
else
|
|
HostDN="${HostDN},${BASH_REMATCH[$i]}"
|
|
#echo $HostDN
|
|
fi
|
|
let i++
|
|
done
|
|
|
|
else
|
|
echo BindDN does not match regex
|
|
echo $BindDN
|
|
echo $regex
|
|
|
|
fi
|
|
|
|
#echo "HostDN: $HostDN"
|
|
SEARCHFILTER="(&(dcAccountStatus=active)(|(memberof=cn=perm-sys_local_admins,${HostDN}) (memberof=cn=perm-sys_local_users,${HostDN}) ( memberof=cn=perm-sys_admins,ou=all_hosts,ou=posix,ou=groups,dc=schuerz,dc=at) (memberof=cn=perm-sys_users,ou=all_hosts,ou=posix,ou=groups,dc=schuerz,dc=at)))"
|
|
#echo "SEARCHFILTER: $SEARCHFILTER"
|
|
|
|
ldapsearch -LLL -Z -w $BindPW -D $BindDN "${SEARCHFILTER}" uid|awk 'BEGIN{ORS=" "}$1=="uid:" {print $2}'
|