Difference between revisions of "stoney core: OpenLDAP ldapseach and replace"
[checked revision] | [checked revision] |
(→Search an replace - Replace a section (part) of an attribute - Step by step) |
m (Michael moved page stoney core - OpenLDAP: ldapseach and replace to stoney core: OpenLDAP ldapseach and replace) |
||
(4 intermediate revisions by the same user not shown) | |||
Line 223: | Line 223: | ||
</source> | </source> | ||
− | Finally, we need to loop over all the | + | Finally, we need to loop over all the lines of the result and replace a section (part) of the original (old) content to the attribute with a new section (part): |
<source lang='bash'> | <source lang='bash'> | ||
− | dn="" | + | dn="" # Reset the dn to an empty string |
+ | content="" # Reset the content to an empty string | ||
while IFS= read -r line; do | while IFS= read -r line; do | ||
+ | if [[ "$line" =~ ^dn.* ]]; then | ||
+ | dn=$line | ||
+ | fi | ||
# Check, if the line starts with the ldap attribute of which we want to replace a part of the content | # Check, if the line starts with the ldap attribute of which we want to replace a part of the content | ||
if [[ "$line" =~ ^${ldap_attribute}.* ]]; then | if [[ "$line" =~ ^${ldap_attribute}.* ]]; then | ||
− | + | new_content=${line//${ldap_attribute_old}/${ldap_attribute_new}} # Replace all matches of ${ldap_attribute_old} with ${ldap_attribute_new}. | |
− | + | fi | |
+ | if [ ${#line} -eq 0 ]; then | ||
+ | cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \ | ||
+ | -H "$ldap_server" \ | ||
+ | -D "$ldap_bind_account" \ | ||
+ | -w "$ldap_bind_password" | ||
+ | ${dn} | ||
+ | changetype: modify | ||
+ | replace: ${ldap_attribute} | ||
+ | ${new_content} | ||
+ | EOF | ||
fi | fi | ||
done <<< "$result" | done <<< "$result" | ||
+ | if [ ${#dn} -ne 0 ]; then | ||
+ | cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \ | ||
+ | -H "$ldap_server" \ | ||
+ | -D "$ldap_bind_account" \ | ||
+ | -w "$ldap_bind_password" | ||
+ | ${dn} | ||
+ | changetype: modify | ||
+ | replace: ${ldap_attribute} | ||
+ | ${new_content} | ||
+ | EOF | ||
+ | fi | ||
</source> | </source> | ||
=== Search an replace - Replace a section (part) of an attribute - Putting it all together (copy and paste version) === | === Search an replace - Replace a section (part) of an attribute - Putting it all together (copy and paste version) === | ||
<source lang='bash'> | <source lang='bash'> | ||
− | + | result=$(ldapsearch -LLL -x -s children \ | |
-H "$ldap_server" \ | -H "$ldap_server" \ | ||
-b "$ldap_base" \ | -b "$ldap_base" \ | ||
-D "$ldap_bind_account" \ | -D "$ldap_bind_account" \ | ||
-w "$ldap_bind_password" \ | -w "$ldap_bind_password" \ | ||
− | "(${ldap_attribute}=${ldap_attribute_old})" \ | + | "(${ldap_attribute}=*${ldap_attribute_old}*)" \ |
− | | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 | + | | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' |
− | + | ||
) | ) | ||
− | + | dn="" # Reset the dn to an empty string | |
− | do | + | content="" # Reset the content to an empty string |
+ | while IFS= read -r line; do | ||
+ | if [[ "$line" =~ ^dn.* ]]; then | ||
+ | dn=$line | ||
+ | fi | ||
+ | # Check, if the line starts with the ldap attribute of which we want to replace a part of the content | ||
+ | if [[ "$line" =~ ^${ldap_attribute}.* ]]; then | ||
+ | new_content=${line//${ldap_attribute_old}/${ldap_attribute_new}} # Replace all matches of ${ldap_attribute_old} with ${ldap_attribute_new}. | ||
+ | fi | ||
+ | if [ ${#line} -eq 0 ]; then | ||
+ | cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \ | ||
+ | -H "$ldap_server" \ | ||
+ | -D "$ldap_bind_account" \ | ||
+ | -w "$ldap_bind_password" | ||
+ | ${dn} | ||
+ | changetype: modify | ||
+ | replace: ${ldap_attribute} | ||
+ | ${ldap_attribute}: ${new_content} | ||
+ | EOF | ||
+ | fi | ||
+ | done <<< "$result" | ||
+ | if [ ${#dn} -ne 0 ]; then | ||
cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \ | cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \ | ||
-H "$ldap_server" \ | -H "$ldap_server" \ | ||
-D "$ldap_bind_account" \ | -D "$ldap_bind_account" \ | ||
-w "$ldap_bind_password" | -w "$ldap_bind_password" | ||
− | + | ${dn} | |
changetype: modify | changetype: modify | ||
replace: ${ldap_attribute} | replace: ${ldap_attribute} | ||
− | ${ldap_attribute}: ${ | + | ${ldap_attribute}: ${new_content} |
EOF | EOF | ||
− | + | fi | |
</source> | </source> | ||
[[Category: OpenLDAP directory]] | [[Category: OpenLDAP directory]] |
Latest revision as of 17:13, 14 December 2020
Contents
Overview
This page collects some typical ldapsearch an replace use cases in the OpenLDAP directory.
Search an replace
Search an replace - Replace the content of an attribute
Search an replace - Replace the content of an attribute - Variable definitions
# Set the following bash variables ldap_attribute="sstMailFrom" # The attribute we're interested in. For example: sstMailFrom ldap_attribute_old="Support stepping stone GmbH <support@stepping-stone.ch>" # Original (old) value of the attribute. ldap_attribute_new="Support stepping stone AG <support@stepping-stone.ch>" # The new value, that the original (old) value of the attribute is to be replaced with. ldap_bind_password='' # The password of "cn=Manager,o=stepping-stone,c=ch" # Don't change these bash variables ldap_server="ldaps://ldapm.stepping-stone.ch:636" ldap_base="ou=services,o=stepping-stone,c=ch" ldap_bind_account="cn=Manager,o=stepping-stone,c=ch"
Search an replace - Replace the content of an attribute - Step by step
Execute the search to retrieve all occurrences of the given search filter (ldap attribute and attribute value):
ldapsearch -LLL -x -s children \ -H "$ldap_server" \ -b "$ldap_base" \ -D "$ldap_bind_account" \ -w "$ldap_bind_password" \ "(${ldap_attribute}=${ldap_attribute_old})"
The result will contain something like:
dn: ou=unsuccessful,ou=templates,uid=5000000,ou=reseller,ou=configuration,ou=b ackup,ou=services,o=stepping-stone,c=ch description: This leaf contains the quota templates for the (online) backupser vice. objectClass: top objectClass: organizationalUnit objectClass: sstTemplateSetup ou: unsuccessful sstMailFrom: Support stepping stone GmbH <support@stepping-stone.ch> sstMailTemplate: file:///var/www/selfcare/htdocs/themes/selfcare-int.stepping- stone.ch/templates/services/backup/unsuccessful/unsuccessful_mail sstMailTemplateFormatSource: txt sstMailTemplateFormatTarget: txt sstMailTemplateReseller: file:///var/www/selfcare/htdocs/themes/selfcare-int.s tepping-stone.ch/templates/services/backup/unsuccessful/unsuccessful_mail_res eller sstMailTemplateResellerFormatSource: txt sstMailTemplateResellerFormatTarget: txt
As we are only interested in the dn, we add the following two lines to the search above:
| awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \ | awk '/^dn: / { print $2 }'
The final search returns a list of distinguished names, one per line (without the ldif 80 characters per line restriction):
ldapsearch -LLL -x -s children \ -H "$ldap_server" \ -b "$ldap_base" \ -D "$ldap_bind_account" \ -w "$ldap_bind_password" \ "(${ldap_attribute}=${ldap_attribute_old})" \ | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \ | awk '/^dn: / { print $2 }'
We need to create an array of the distinguished names:
children=$(ldapsearch -LLL -x -s children \ -H "$ldap_server" \ -b "$ldap_base" \ -D "$ldap_bind_account" \ -w "$ldap_bind_password" \ "(${ldap_attribute}=${ldap_attribute_old})" \ | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \ | awk '/^dn: / { print $2 }' )
Finally, we need to loop over all the distinguished names and replace the original (old) content to the attribute with the new content:
for dn in $children do cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \ -H "$ldap_server" \ -D "$ldap_bind_account" \ -w "$ldap_bind_password" dn: ${dn} changetype: modify replace: ${ldap_attribute} ${ldap_attribute}: ${ldap_attribute_new} EOF done
Search an replace - Replace the content of an attribute - Putting it all together (copy and paste version)
children=$(ldapsearch -LLL -x -s children \ -H "$ldap_server" \ -b "$ldap_base" \ -D "$ldap_bind_account" \ -w "$ldap_bind_password" \ "(${ldap_attribute}=${ldap_attribute_old})" \ | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \ | awk '/^dn: / { print $2 }' ) for dn in $children do cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \ -H "$ldap_server" \ -D "$ldap_bind_account" \ -w "$ldap_bind_password" dn: ${dn} changetype: modify replace: ${ldap_attribute} ${ldap_attribute}: ${ldap_attribute_new} EOF done
Search an replace - Replace a section (part) of an attribute
Search an replace - Replace a section (part) of an attribute - Variable definitions
# Set the following bash variables ldap_attribute="description" # The attribute we're interested in. For example: description ldap_attribute_old="stepping stone GmbH" # Original (old) value of the attribute. ldap_attribute_new="stepping stone AG" # The new value, that the original (old) value of the attribute is to be replaced with. ldap_bind_password='' # The password of "cn=Manager,o=stepping-stone,c=ch" # Don't change these bash variables ldap_server="ldaps://ldapm.stepping-stone.ch:636" ldap_base="ou=services,o=stepping-stone,c=ch" ldap_bind_account="cn=Manager,o=stepping-stone,c=ch"
Search an replace - Replace a section (part) of an attribute - Step by step
Execute the search to retrieve all occurrences of the given search filter (ldap attribute and attribute value):
ldapsearch -LLL -x -s children \ -H "$ldap_server" \ -b "$ldap_base" \ -D "$ldap_bind_account" \ -w "$ldap_bind_password" \ "(${ldap_attribute}=*${ldap_attribute_old}*)"
The result will contain something like:
dn: sstVirtualMachine=1a08a4b8-8daf-43d7-b7c0-6e92cf7c1db1,ou=virtual machines ,ou=virtualization,ou=services,o=stepping-stone,c=ch objectClass: sstVirtualizationVirtualMachine objectClass: sstRelationship objectClass: sstSpice objectClass: labeledURIObject objectClass: top sstClockOffset: utc sstDisplayName: kvm-1243: stepping stone GmbH: CentOS 7 (Zabbix Database) sstMemory: 17179869184 sstNode: vm-node-03.stepping-stone.ch sstOnCrash: destroy sstOnPowerOff: destroy sstOnReboot: restart sstOSArchitecture: x86_64 sstOSBootDevice: hd sstOSMachine: pc-i440fx-2.1 sstOSType: hvm sstStatus: running sstType: kvm sstVCPU: 10 sstVirtualMachine: 1a08a4b8-8daf-43d7-b7c0-6e92cf7c1db1 sstVirtualMachinePool: d9c3cc0c-9ae7-40e5-8fb7-ba5297e835aa description: kvm-1243: stepping stone GmbH: CentOS 7 (Zabbix Database) sstFeature: acpi sstFeature: pae sstVirtualMachineMode: ready for use sstVirtualMachineType: persistent sstVirtualMachineSubType: Server sstNetworkDomainName: stepping-stone.ch sstNetworkHostname: kvm-1243 uid: 3733401 sstBelongsToCustomerUID: 3723426 sstBelongsToPersonUID: 1000000 sstBelongsToResellerUID: 2000000 sstSpicePort: 5906 sstSpicePassword: HCfNmk6sY9PW labeledURI: ldap:///sstVirtualMachine=default,ou=default,ou=default,ou=default ,ou=linux,ou=virtual machine profiles,ou=virtualization,ou=services,o=steppin g-stone,c=ch member: sstVirtualMachine=default,ou=default,ou=default,ou=default,ou=linux,ou =virtual machine profiles,ou=virtualization,ou=services,o=stepping-stone,c=ch
Normalize the output (without the ldif 80 characters per line restriction):
| awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \
The final search returns a list of distinguished names, one per line (without the ldif 80 characters per line restriction):
ldapsearch -LLL -x -s children \ -H "$ldap_server" \ -b "$ldap_base" \ -D "$ldap_bind_account" \ -w "$ldap_bind_password" \ "(${ldap_attribute}=*${ldap_attribute_old}*)" \ | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }'
We need to create an array of the the complete result:
result=$(ldapsearch -LLL -x -s children \ -H "$ldap_server" \ -b "$ldap_base" \ -D "$ldap_bind_account" \ -w "$ldap_bind_password" \ "(${ldap_attribute}=*${ldap_attribute_old}*)" \ | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' )
Finally, we need to loop over all the lines of the result and replace a section (part) of the original (old) content to the attribute with a new section (part):
dn="" # Reset the dn to an empty string content="" # Reset the content to an empty string while IFS= read -r line; do if [[ "$line" =~ ^dn.* ]]; then dn=$line fi # Check, if the line starts with the ldap attribute of which we want to replace a part of the content if [[ "$line" =~ ^${ldap_attribute}.* ]]; then new_content=${line//${ldap_attribute_old}/${ldap_attribute_new}} # Replace all matches of ${ldap_attribute_old} with ${ldap_attribute_new}. fi if [ ${#line} -eq 0 ]; then cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \ -H "$ldap_server" \ -D "$ldap_bind_account" \ -w "$ldap_bind_password" ${dn} changetype: modify replace: ${ldap_attribute} ${new_content} EOF fi done <<< "$result" if [ ${#dn} -ne 0 ]; then cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \ -H "$ldap_server" \ -D "$ldap_bind_account" \ -w "$ldap_bind_password" ${dn} changetype: modify replace: ${ldap_attribute} ${new_content} EOF fi
Search an replace - Replace a section (part) of an attribute - Putting it all together (copy and paste version)
result=$(ldapsearch -LLL -x -s children \ -H "$ldap_server" \ -b "$ldap_base" \ -D "$ldap_bind_account" \ -w "$ldap_bind_password" \ "(${ldap_attribute}=*${ldap_attribute_old}*)" \ | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' ) dn="" # Reset the dn to an empty string content="" # Reset the content to an empty string while IFS= read -r line; do if [[ "$line" =~ ^dn.* ]]; then dn=$line fi # Check, if the line starts with the ldap attribute of which we want to replace a part of the content if [[ "$line" =~ ^${ldap_attribute}.* ]]; then new_content=${line//${ldap_attribute_old}/${ldap_attribute_new}} # Replace all matches of ${ldap_attribute_old} with ${ldap_attribute_new}. fi if [ ${#line} -eq 0 ]; then cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \ -H "$ldap_server" \ -D "$ldap_bind_account" \ -w "$ldap_bind_password" ${dn} changetype: modify replace: ${ldap_attribute} ${ldap_attribute}: ${new_content} EOF fi done <<< "$result" if [ ${#dn} -ne 0 ]; then cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \ -H "$ldap_server" \ -D "$ldap_bind_account" \ -w "$ldap_bind_password" ${dn} changetype: modify replace: ${ldap_attribute} ${ldap_attribute}: ${new_content} EOF fi