Difference between revisions of "stoney core: OpenLDAP ldapseach and replace"
[checked revision] | [checked revision] |
(→Search an replace) |
(→Search an replace - Replace the content of an attribute - Putting it all together (copy and paste version)) |
||
Line 99: | Line 99: | ||
=== Search an replace - Replace the content of an attribute - Putting it all together (copy and paste version) === | === Search an replace - Replace the content of an attribute - Putting it all together (copy and paste version) === | ||
+ | <source lang='bash'> | ||
+ | children=$(ldapsearch -LLL -x -s children \ | ||
+ | -H "$ldap_server" \ | ||
+ | -b "$ldap_base" \ | ||
+ | -D "$ldap_bind_account" \ | ||
+ | -w "$ldap_bind_password" \ | ||
+ | "(${ldap_attribute}=${ldap_attribute_old})" \ | ||
+ | | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \ | ||
+ | | awk '/^dn: / { print $2 }' | ||
+ | ) | ||
+ | for dn in $children | ||
+ | do | ||
+ | cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \ | ||
+ | -H "$ldap_server" \ | ||
+ | -D "$ldap_bind_account" \ | ||
+ | -w "$ldap_bind_password" | ||
+ | dn: ${dn} | ||
+ | changetype: modify | ||
+ | replace: ${ldap_attribute} | ||
+ | ${ldap_attribute}: ${ldap_attribute_new} | ||
+ | EOF | ||
+ | done | ||
+ | </source> | ||
+ | |||
+ | == Search an replace - Replace a section (part) of an attribute == | ||
+ | === Search an replace - Replace a section (part) of an attribute - Variable definitions === | ||
+ | <source lang='bash'> | ||
+ | # Set the following bash variables | ||
+ | ldap_attribute="sstMailFrom" # The attribute we're interested in. For example: sstMailFrom | ||
+ | ldap_attribute_old="Support stepping stone GmbH <support@stepping-stone.ch>" # Original (old) value of the attribute. | ||
+ | ldap_attribute_new="Support stepping stone AG <support@stepping-stone.ch>" # The new value, that the original (old) value of the attribute is to be replaced with. | ||
+ | ldap_bind_password='' # The password of "cn=Manager,o=stepping-stone,c=ch" | ||
+ | |||
+ | # Don't change these bash variables | ||
+ | ldap_server="ldaps://ldapm.stepping-stone.ch:636" | ||
+ | ldap_base="ou=services,o=stepping-stone,c=ch" | ||
+ | ldap_bind_account="cn=Manager,o=stepping-stone,c=ch" | ||
+ | </source> | ||
+ | |||
+ | === Search an replace - Replace a section (part) of an attribute - Step by step === | ||
+ | Execute the search to retrieve all occurrences of the given search filter (ldap attribute and attribute value): | ||
+ | <source lang='bash'> | ||
+ | ldapsearch -LLL -x -s children \ | ||
+ | -H "$ldap_server" \ | ||
+ | -b "$ldap_base" \ | ||
+ | -D "$ldap_bind_account" \ | ||
+ | -w "$ldap_bind_password" \ | ||
+ | "(${ldap_attribute}=${ldap_attribute_old})" | ||
+ | </source> | ||
+ | |||
+ | The result will contain something like: | ||
+ | <source lang='ldif'> | ||
+ | dn: ou=unsuccessful,ou=templates,uid=5000000,ou=reseller,ou=configuration,ou=b | ||
+ | ackup,ou=services,o=stepping-stone,c=ch | ||
+ | description: This leaf contains the quota templates for the (online) backupser | ||
+ | vice. | ||
+ | objectClass: top | ||
+ | objectClass: organizationalUnit | ||
+ | objectClass: sstTemplateSetup | ||
+ | ou: unsuccessful | ||
+ | sstMailFrom: Support stepping stone GmbH <support@stepping-stone.ch> | ||
+ | sstMailTemplate: file:///var/www/selfcare/htdocs/themes/selfcare-int.stepping- | ||
+ | stone.ch/templates/services/backup/unsuccessful/unsuccessful_mail | ||
+ | sstMailTemplateFormatSource: txt | ||
+ | sstMailTemplateFormatTarget: txt | ||
+ | sstMailTemplateReseller: file:///var/www/selfcare/htdocs/themes/selfcare-int.s | ||
+ | tepping-stone.ch/templates/services/backup/unsuccessful/unsuccessful_mail_res | ||
+ | eller | ||
+ | sstMailTemplateResellerFormatSource: txt | ||
+ | sstMailTemplateResellerFormatTarget: txt | ||
+ | </source> | ||
+ | |||
+ | As we are only interested in the dn, we add the following two lines to the search above: | ||
+ | <source lang='bash'> | ||
+ | | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \ | ||
+ | | awk '/^dn: / { print $2 }' | ||
+ | </source> | ||
+ | |||
+ | The final search returns a list of distinguished names, one per line (without the ldif 80 characters per line restriction): | ||
+ | <source lang='bash'> | ||
+ | ldapsearch -LLL -x -s children \ | ||
+ | -H "$ldap_server" \ | ||
+ | -b "$ldap_base" \ | ||
+ | -D "$ldap_bind_account" \ | ||
+ | -w "$ldap_bind_password" \ | ||
+ | "(${ldap_attribute}=${ldap_attribute_old})" \ | ||
+ | | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \ | ||
+ | | awk '/^dn: / { print $2 }' | ||
+ | </source> | ||
+ | |||
+ | We need to create an array of the distinguished names: | ||
+ | <source lang='bash'> | ||
+ | children=$(ldapsearch -LLL -x -s children \ | ||
+ | -H "$ldap_server" \ | ||
+ | -b "$ldap_base" \ | ||
+ | -D "$ldap_bind_account" \ | ||
+ | -w "$ldap_bind_password" \ | ||
+ | "(${ldap_attribute}=${ldap_attribute_old})" \ | ||
+ | | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \ | ||
+ | | awk '/^dn: / { print $2 }' | ||
+ | ) | ||
+ | </source> | ||
+ | |||
+ | Finally, we need ti loop over all the distinguished names and replace the original (old) content to the attribute with the new content: | ||
+ | <source lang='bash'> | ||
+ | for dn in $children | ||
+ | do | ||
+ | cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \ | ||
+ | -H "$ldap_server" \ | ||
+ | -D "$ldap_bind_account" \ | ||
+ | -w "$ldap_bind_password" | ||
+ | dn: ${dn} | ||
+ | changetype: modify | ||
+ | replace: ${ldap_attribute} | ||
+ | ${ldap_attribute}: ${ldap_attribute_new} | ||
+ | EOF | ||
+ | done | ||
+ | </source> | ||
+ | |||
+ | === Search an replace - Replace a section (part) of an attribute - Putting it all together (copy and paste version) === | ||
<source lang='bash'> | <source lang='bash'> | ||
children=$(ldapsearch -LLL -x -s children \ | children=$(ldapsearch -LLL -x -s children \ |
Revision as of 14:09, 14 December 2020
Contents
Overview
This page collects some typical ldapsearch an replace use cases in the OpenLDAP directory.
Search an replace
Search an replace - Replace the content of an attribute
Search an replace - Replace the content of an attribute - Variable definitions
# Set the following bash variables ldap_attribute="sstMailFrom" # The attribute we're interested in. For example: sstMailFrom ldap_attribute_old="Support stepping stone GmbH <support@stepping-stone.ch>" # Original (old) value of the attribute. ldap_attribute_new="Support stepping stone AG <support@stepping-stone.ch>" # The new value, that the original (old) value of the attribute is to be replaced with. ldap_bind_password='' # The password of "cn=Manager,o=stepping-stone,c=ch" # Don't change these bash variables ldap_server="ldaps://ldapm.stepping-stone.ch:636" ldap_base="ou=services,o=stepping-stone,c=ch" ldap_bind_account="cn=Manager,o=stepping-stone,c=ch"
Search an replace - Replace the content of an attribute - Step by step
Execute the search to retrieve all occurrences of the given search filter (ldap attribute and attribute value):
ldapsearch -LLL -x -s children \ -H "$ldap_server" \ -b "$ldap_base" \ -D "$ldap_bind_account" \ -w "$ldap_bind_password" \ "(${ldap_attribute}=${ldap_attribute_old})"
The result will contain something like:
dn: ou=unsuccessful,ou=templates,uid=5000000,ou=reseller,ou=configuration,ou=b ackup,ou=services,o=stepping-stone,c=ch description: This leaf contains the quota templates for the (online) backupser vice. objectClass: top objectClass: organizationalUnit objectClass: sstTemplateSetup ou: unsuccessful sstMailFrom: Support stepping stone GmbH <support@stepping-stone.ch> sstMailTemplate: file:///var/www/selfcare/htdocs/themes/selfcare-int.stepping- stone.ch/templates/services/backup/unsuccessful/unsuccessful_mail sstMailTemplateFormatSource: txt sstMailTemplateFormatTarget: txt sstMailTemplateReseller: file:///var/www/selfcare/htdocs/themes/selfcare-int.s tepping-stone.ch/templates/services/backup/unsuccessful/unsuccessful_mail_res eller sstMailTemplateResellerFormatSource: txt sstMailTemplateResellerFormatTarget: txt
As we are only interested in the dn, we add the following two lines to the search above:
| awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \ | awk '/^dn: / { print $2 }'
The final search returns a list of distinguished names, one per line (without the ldif 80 characters per line restriction):
ldapsearch -LLL -x -s children \ -H "$ldap_server" \ -b "$ldap_base" \ -D "$ldap_bind_account" \ -w "$ldap_bind_password" \ "(${ldap_attribute}=${ldap_attribute_old})" \ | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \ | awk '/^dn: / { print $2 }'
We need to create an array of the distinguished names:
children=$(ldapsearch -LLL -x -s children \ -H "$ldap_server" \ -b "$ldap_base" \ -D "$ldap_bind_account" \ -w "$ldap_bind_password" \ "(${ldap_attribute}=${ldap_attribute_old})" \ | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \ | awk '/^dn: / { print $2 }' )
Finally, we need ti loop over all the distinguished names and replace the original (old) content to the attribute with the new content:
for dn in $children do cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \ -H "$ldap_server" \ -D "$ldap_bind_account" \ -w "$ldap_bind_password" dn: ${dn} changetype: modify replace: ${ldap_attribute} ${ldap_attribute}: ${ldap_attribute_new} EOF done
Search an replace - Replace the content of an attribute - Putting it all together (copy and paste version)
children=$(ldapsearch -LLL -x -s children \ -H "$ldap_server" \ -b "$ldap_base" \ -D "$ldap_bind_account" \ -w "$ldap_bind_password" \ "(${ldap_attribute}=${ldap_attribute_old})" \ | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \ | awk '/^dn: / { print $2 }' ) for dn in $children do cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \ -H "$ldap_server" \ -D "$ldap_bind_account" \ -w "$ldap_bind_password" dn: ${dn} changetype: modify replace: ${ldap_attribute} ${ldap_attribute}: ${ldap_attribute_new} EOF done
Search an replace - Replace a section (part) of an attribute
Search an replace - Replace a section (part) of an attribute - Variable definitions
# Set the following bash variables ldap_attribute="sstMailFrom" # The attribute we're interested in. For example: sstMailFrom ldap_attribute_old="Support stepping stone GmbH <support@stepping-stone.ch>" # Original (old) value of the attribute. ldap_attribute_new="Support stepping stone AG <support@stepping-stone.ch>" # The new value, that the original (old) value of the attribute is to be replaced with. ldap_bind_password='' # The password of "cn=Manager,o=stepping-stone,c=ch" # Don't change these bash variables ldap_server="ldaps://ldapm.stepping-stone.ch:636" ldap_base="ou=services,o=stepping-stone,c=ch" ldap_bind_account="cn=Manager,o=stepping-stone,c=ch"
Search an replace - Replace a section (part) of an attribute - Step by step
Execute the search to retrieve all occurrences of the given search filter (ldap attribute and attribute value):
ldapsearch -LLL -x -s children \ -H "$ldap_server" \ -b "$ldap_base" \ -D "$ldap_bind_account" \ -w "$ldap_bind_password" \ "(${ldap_attribute}=${ldap_attribute_old})"
The result will contain something like:
dn: ou=unsuccessful,ou=templates,uid=5000000,ou=reseller,ou=configuration,ou=b ackup,ou=services,o=stepping-stone,c=ch description: This leaf contains the quota templates for the (online) backupser vice. objectClass: top objectClass: organizationalUnit objectClass: sstTemplateSetup ou: unsuccessful sstMailFrom: Support stepping stone GmbH <support@stepping-stone.ch> sstMailTemplate: file:///var/www/selfcare/htdocs/themes/selfcare-int.stepping- stone.ch/templates/services/backup/unsuccessful/unsuccessful_mail sstMailTemplateFormatSource: txt sstMailTemplateFormatTarget: txt sstMailTemplateReseller: file:///var/www/selfcare/htdocs/themes/selfcare-int.s tepping-stone.ch/templates/services/backup/unsuccessful/unsuccessful_mail_res eller sstMailTemplateResellerFormatSource: txt sstMailTemplateResellerFormatTarget: txt
As we are only interested in the dn, we add the following two lines to the search above:
| awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \ | awk '/^dn: / { print $2 }'
The final search returns a list of distinguished names, one per line (without the ldif 80 characters per line restriction):
ldapsearch -LLL -x -s children \ -H "$ldap_server" \ -b "$ldap_base" \ -D "$ldap_bind_account" \ -w "$ldap_bind_password" \ "(${ldap_attribute}=${ldap_attribute_old})" \ | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \ | awk '/^dn: / { print $2 }'
We need to create an array of the distinguished names:
children=$(ldapsearch -LLL -x -s children \ -H "$ldap_server" \ -b "$ldap_base" \ -D "$ldap_bind_account" \ -w "$ldap_bind_password" \ "(${ldap_attribute}=${ldap_attribute_old})" \ | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \ | awk '/^dn: / { print $2 }' )
Finally, we need ti loop over all the distinguished names and replace the original (old) content to the attribute with the new content:
for dn in $children do cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \ -H "$ldap_server" \ -D "$ldap_bind_account" \ -w "$ldap_bind_password" dn: ${dn} changetype: modify replace: ${ldap_attribute} ${ldap_attribute}: ${ldap_attribute_new} EOF done
Search an replace - Replace a section (part) of an attribute - Putting it all together (copy and paste version)
children=$(ldapsearch -LLL -x -s children \ -H "$ldap_server" \ -b "$ldap_base" \ -D "$ldap_bind_account" \ -w "$ldap_bind_password" \ "(${ldap_attribute}=${ldap_attribute_old})" \ | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \ | awk '/^dn: / { print $2 }' ) for dn in $children do cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \ -H "$ldap_server" \ -D "$ldap_bind_account" \ -w "$ldap_bind_password" dn: ${dn} changetype: modify replace: ${ldap_attribute} ${ldap_attribute}: ${ldap_attribute_new} EOF done