= Search an replace =
== Search an replace - Replace the content of sstMailFrom an attribute ===== Search an replace - Replace the content of an attribute - Variable definitions ===
<source lang='bash'>
# Set the following bash variables
ldap_attribute="sstMailFrom" # The attribute we're interested in. For example: sstMailFrom
ldap_attribute_old="Support stepping stone GmbH <support@stepping-stone.ch>" # Original (old) value of the attribute.
ldap_attribute_new="Support stepping stone AG <support@stepping-stone.ch>" # The new value, that the original (old) value of the attribute is to be replaced with.
ldap_bind_password='' # The password of "cn=Manager,o=stepping-stone,c=ch"
# Don't change these bash variables
ldap_server="ldaps://ldapm.stepping-stone.ch:636"
ldap_base="ou=services,o=stepping-stone,c=ch"
</source>
=== Search an replace - Replace the content of an attribute - Step by step ===Execute the search to retrieve all occurrences of the given search filter (ldap attribute and attribute value):<source "lang='bash'>ldapsearch -LLL -x -s children \ -H "$ldap_server" \ -b "$ldap_base" \ -D "$ldap_bind_account" \ -w "$ldap_bind_password" \ "(${ldap_attribute}=${ldap_attribute_old})"</source># Get all child entriesThe result will contain something like:<source lang='ldif'>dn: ou=unsuccessful,ou=templates,uid=5000000,ou=reseller,ou=configuration,ou=b ackup,ou=services,o=stepping-stone,c=chdescription: This leaf contains the quota templates for the (online) backupser vice.objectClass: topobjectClass: organizationalUnitobjectClass: sstTemplateSetupou: unsuccessfulsstMailFrom: Support stepping stone GmbH <support@stepping-stone.ch>sstMailTemplate: file:///var/www/selfcare/htdocs/themes/selfcare-int.stepping- stone.ch/templates/services/backup/unsuccessful/unsuccessful_mailsstMailTemplateFormatSource: txtsstMailTemplateFormatTarget: txtsstMailTemplateReseller: file:///var/www/selfcare/htdocs/themes/selfcare-int.s tepping-stone.ch/templates/services/backup/unsuccessful/unsuccessful_mail_res ellersstMailTemplateResellerFormatSource: txtsstMailTemplateResellerFormatTarget: txt</source> As we are only interested in the dn, we add the following two lines to the search above:<source lang='bash'> | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \ | awk '/^dn: / { print $2 }'</source> The final search returns a list of distinguished names, one per line (without the ldif 80 characters per line restriction):<source lang='bash'>ldapsearch -LLL -x -s children \ -H "$ldap_server" \ -b "$ldap_base" \ -D "$ldap_bind_account" \ -w "$ldap_bind_password" \ "(${ldap_attribute}=${ldap_attribute_old})" \ | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \ | awk '/^dn: / { print $2 }'</source> We need to create an array of the distinguished names:<source lang='bash'>
children=$(ldapsearch -LLL -x -s children \
-H "$ldap_server" \
-b "$ldap_base" \
-D "$ldap_bind_account" \
-w "$ldap_bind_password" \
"(${ldap_attribute}=${ldap_attribute_old})" \
| awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \
| awk '/^dn: / { print $2 }'
)
</source>
Finally, we need to loop over all the distinguished names and replace the original (old) content to the attribute with the new content:
<source lang='bash'>
for dn in $children
do
cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \
-H "$ldap_server" \
-D "$ldap_bind_account" \
-w "$ldap_bind_password"
dn: ${dn}
changetype: modify
replace: ${ldap_attribute}
${ldap_attribute}: ${ldap_attribute_new}
EOF
done
</source>
=== Search an replace - Replace the content of an attribute - Putting it all together (copy and paste version) ===
<source lang='bash'>
children=$(ldapsearch -LLL -x -s children \
-H "$ldap_server" \
-b "$ldap_base" \
-D "$ldap_bind_account" \
-w "$ldap_bind_password" \
"(${ldap_attribute}=${ldap_attribute_old})"\ | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \ | awk '/^dn: / { print $2 }')for dn in $childrendo cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \ -H "$ldap_server" \ -D "$ldap_bind_account" \ -w "$ldap_bind_password" dn: ${dn} changetype: modify replace: ${ldap_attribute} ${ldap_attribute}: ${ldap_attribute_new}EOFdone</source>
# The result will contain something like:== Search an replace - Replace a section (part) of an attribute ===== Search an replace - Replace a section (part) of an attribute - Variable definitions ===<source lang='langbash'># Set the following bash variablesldap_attribute=ldif"description" # The attribute we're interested in. For example: descriptionldap_attribute_old="stepping stone GmbH" # Original (old) value of the attribute.ldap_attribute_new="stepping stone AG" # The new value, that the original (old) value of the attribute is to be replaced with.ldap_bind_password='' # The password of "cn=Manager,o=stepping-stone,c=ch" # Don't change these bash variablesldap_server="ldaps://ldapm.stepping-stone.ch:636"ldap_base="ou=services,o=stepping-stone,c=ch"ldap_bind_account="cn=Manager,o=stepping-stone,c=ch"</source> === Search an replace - Replace a section (part) of an attribute - Step by step ===Execute the search to retrieve all occurrences of the given search filter (ldap attribute and attribute value):<source lang='bash'>
ldapsearch -LLL -x -s children \
-H "ldaps://ldapm.stepping-stone.ch:636$ldap_server" \ -b "ou=services,o=stepping-stone,c=ch$ldap_base" \ -D "cn=Manager,o=stepping-stone,c=ch$ldap_bind_account" \ -w "${ldap_bind_password}" \ "(sstMailFrom=Support stepping stone GmbH <support@stepping-stone.ch>)" \ | awk '${ if (/^ /) { sub(/^ /, ""); ldap_attribute} else printf "\n"; printf "%s", =*$0 }' \ | awk '/^dn: / { print $2 ldap_attribute_old}'*)"
</source>
The result will contain something like:
<source lang='ldif'>
dn: sstVirtualMachine=1a08a4b8-8daf-43d7-b7c0-6e92cf7c1db1,ou=virtual machines
,ou=virtualization,ou=services,o=stepping-stone,c=ch
objectClass: sstVirtualizationVirtualMachine
objectClass: sstRelationship
objectClass: sstSpice
objectClass: labeledURIObject
objectClass: top
sstClockOffset: utc
sstDisplayName: kvm-1243: stepping stone GmbH: CentOS 7 (Zabbix Database)
sstMemory: 17179869184
sstNode: vm-node-03.stepping-stone.ch
sstOnCrash: destroy
sstOnPowerOff: destroy
sstOnReboot: restart
sstOSArchitecture: x86_64
sstOSBootDevice: hd
sstOSMachine: pc-i440fx-2.1
sstOSType: hvm
sstStatus: running
sstType: kvm
sstVCPU: 10
sstVirtualMachine: 1a08a4b8-8daf-43d7-b7c0-6e92cf7c1db1
sstVirtualMachinePool: d9c3cc0c-9ae7-40e5-8fb7-ba5297e835aa
description: kvm-1243: stepping stone GmbH: CentOS 7 (Zabbix Database)
sstFeature: acpi
sstFeature: pae
sstVirtualMachineMode: ready for use
sstVirtualMachineType: persistent
sstVirtualMachineSubType: Server
sstNetworkDomainName: stepping-stone.ch
sstNetworkHostname: kvm-1243
uid: 3733401
sstBelongsToCustomerUID: 3723426
sstBelongsToPersonUID: 1000000
sstBelongsToResellerUID: 2000000
sstSpicePort: 5906
sstSpicePassword: HCfNmk6sY9PW
labeledURI: ldap:///sstVirtualMachine=default,ou=default,ou=default,ou=default
,ou=linux,ou=virtual machine profiles,ou=virtualization,ou=services,o=steppin
g-stone,c=ch
member: sstVirtualMachine=default,ou=default,ou=default,ou=default,ou=linux,ou
=virtual machine profiles,ou=virtualization,ou=services,o=stepping-stone,c=ch
</source>
Normalize the output (without the ldif 80 characters per line restriction):
<source lang='bash'>
| awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \
</source>
The final search returns a list of distinguished names, one per line (without the ldif 80 characters per line restriction):
<source lang='bash'>
ldapsearch -LLL -x -s children \
-H "$ldap_server" \
-b "$ldap_base" \
-D "$ldap_bind_account" \
-w "$ldap_bind_password" \
"(${ldap_attribute}=*${ldap_attribute_old}*)" \
| awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }'
</source>
We need to create an array of the the complete result:
<source lang='bash'>
result=$(ldapsearch -LLL -x -s children \
-H "$ldap_server" \
-b "$ldap_base" \
-D "$ldap_bind_account" \
-w "$ldap_bind_password" \
"(${ldap_attribute}=*${ldap_attribute_old}*)" \
| awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }'
)
</source>
Finally, we need to loop over all the lines of the result and replace a section (part) of the original (old) content to the attribute with a new section (part):
<source lang='bash'>
dn="" # Reset the dn to an empty string
content="" # Reset the content to an empty string
while IFS= read -r line; do
if [[ "$line" =~ ^dn.* ]]; then
dn=$line
fi
# Check, if the line starts with the ldap attribute of which we want to replace a part of the content
if [[ "$line" =~ ^${ldap_attribute}.* ]]; then
new_content=${line//${ldap_attribute_old}/${ldap_attribute_new}} # Replace all matches of ${ldap_attribute_old} with ${ldap_attribute_new}.
fi
if [ ${#line} -eq 0 ]; then
cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \
-H "$ldap_server" \
-D "$ldap_bind_account" \
-w "$ldap_bind_password"
${dn}
changetype: modify
replace: ${ldap_attribute}
${new_content}
EOF
fi
done <<< "$result"
if [ ${#dn} -ne 0 ]; then
cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \
-H "$ldap_server" \
-D "$ldap_bind_account" \
-w "$ldap_bind_password"
${dn}
changetype: modify
replace: ${ldap_attribute}
${new_content}
EOF
fi
</source>
=== Search an replace - Replace a section (part) of an attribute - Putting it all together (copy and paste version) ===
<source lang='bash'>
result=$(ldapsearch -LLL -x -s children \
-H "$ldap_server" \
-b "$ldap_base" \
-D "$ldap_bind_account" \
-w "$ldap_bind_password" \
"(${ldap_attribute}=*${ldap_attribute_old}*)" \
| awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }'
)
dn="" # Reset the dn to an empty string
content="" # Reset the content to an empty string
while IFS= read -r line; do
if [[ "$line" =~ ^dn.* ]]; then
dn=$line
fi
# Check, if the line starts with the ldap attribute of which we want to replace a part of the content
if [[ "$line" =~ ^${ldap_attribute}.* ]]; then
new_content=${line//${ldap_attribute_old}/${ldap_attribute_new}} # Replace all matches of ${ldap_attribute_old} with ${ldap_attribute_new}.
fi
if [ ${#line} -eq 0 ]; then
cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \
-H "$ldap_server" \
-D "$ldap_bind_account" \
-w "$ldap_bind_password"
${dn}
changetype: modify
replace: ${ldap_attribute}
${ldap_attribute}: ${new_content}
EOF
fi
done <<< "$result"
if [ ${#dn} -ne 0 ]; then
cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \
-H "$ldap_server" \
-D "$ldap_bind_account" \
-w "$ldap_bind_password"
${dn}
changetype: modify
replace: ${ldap_attribute}
${ldap_attribute}: ${new_content}
EOF
fi
</source>
[[Category: OpenLDAP directory]]