Difference between revisions of "stoney core: OpenLDAP ldapseach and replace"

From stoney cloud
Jump to: navigation, search
[checked revision][checked revision]
(Search an replace)
(Search an replace - Replace the content of an attribute - Putting it all together (copy and paste version))
Line 99: Line 99:
  
 
=== Search an replace - Replace the content of an attribute - Putting it all together (copy and paste version) ===
 
=== Search an replace - Replace the content of an attribute - Putting it all together (copy and paste version) ===
 +
<source lang='bash'>
 +
children=$(ldapsearch -LLL -x -s children \
 +
    -H "$ldap_server" \
 +
    -b "$ldap_base" \
 +
    -D "$ldap_bind_account" \
 +
    -w "$ldap_bind_password" \
 +
    "(${ldap_attribute}=${ldap_attribute_old})" \
 +
    | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \
 +
    | awk '/^dn: / { print $2 }'
 +
)
 +
for dn in $children
 +
do
 +
    cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \
 +
        -H "$ldap_server" \
 +
        -D "$ldap_bind_account" \
 +
        -w "$ldap_bind_password"
 +
    dn: ${dn}
 +
    changetype: modify
 +
    replace: ${ldap_attribute}
 +
    ${ldap_attribute}: ${ldap_attribute_new}
 +
EOF
 +
done
 +
</source>
 +
 +
== Search an replace - Replace a section (part) of an attribute ==
 +
=== Search an replace - Replace a section (part) of an attribute - Variable definitions ===
 +
<source lang='bash'>
 +
# Set the following bash variables
 +
ldap_attribute="sstMailFrom"                                                  # The attribute we're interested in. For example: sstMailFrom
 +
ldap_attribute_old="Support stepping stone GmbH <support@stepping-stone.ch>"  # Original (old) value of the attribute.
 +
ldap_attribute_new="Support stepping stone AG <support@stepping-stone.ch>"    # The new value, that the original (old) value of the attribute is to be replaced with.
 +
ldap_bind_password=''                                                        # The password of "cn=Manager,o=stepping-stone,c=ch"
 +
 +
# Don't change these bash variables
 +
ldap_server="ldaps://ldapm.stepping-stone.ch:636"
 +
ldap_base="ou=services,o=stepping-stone,c=ch"
 +
ldap_bind_account="cn=Manager,o=stepping-stone,c=ch"
 +
</source>
 +
 +
=== Search an replace - Replace a section (part) of an attribute - Step by step ===
 +
Execute the search to retrieve all occurrences of the given search filter (ldap attribute and attribute value):
 +
<source lang='bash'>
 +
ldapsearch -LLL -x -s children \
 +
    -H "$ldap_server" \
 +
    -b "$ldap_base" \
 +
    -D "$ldap_bind_account" \
 +
    -w "$ldap_bind_password" \
 +
    "(${ldap_attribute}=${ldap_attribute_old})"
 +
</source>
 +
 +
The result will contain something like:
 +
<source lang='ldif'>
 +
dn: ou=unsuccessful,ou=templates,uid=5000000,ou=reseller,ou=configuration,ou=b
 +
ackup,ou=services,o=stepping-stone,c=ch
 +
description: This leaf contains the quota templates for the (online) backupser
 +
vice.
 +
objectClass: top
 +
objectClass: organizationalUnit
 +
objectClass: sstTemplateSetup
 +
ou: unsuccessful
 +
sstMailFrom: Support stepping stone GmbH <support@stepping-stone.ch>
 +
sstMailTemplate: file:///var/www/selfcare/htdocs/themes/selfcare-int.stepping-
 +
stone.ch/templates/services/backup/unsuccessful/unsuccessful_mail
 +
sstMailTemplateFormatSource: txt
 +
sstMailTemplateFormatTarget: txt
 +
sstMailTemplateReseller: file:///var/www/selfcare/htdocs/themes/selfcare-int.s
 +
tepping-stone.ch/templates/services/backup/unsuccessful/unsuccessful_mail_res
 +
eller
 +
sstMailTemplateResellerFormatSource: txt
 +
sstMailTemplateResellerFormatTarget: txt
 +
</source>
 +
 +
As we are only interested in the dn, we add the following two lines to the search above:
 +
<source lang='bash'>
 +
    | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \
 +
    | awk '/^dn: / { print $2 }'
 +
</source>
 +
 +
The final search returns a list of distinguished names, one per line (without the ldif 80 characters per line restriction):
 +
<source lang='bash'>
 +
ldapsearch -LLL -x -s children \
 +
    -H "$ldap_server" \
 +
    -b "$ldap_base" \
 +
    -D "$ldap_bind_account" \
 +
    -w "$ldap_bind_password" \
 +
    "(${ldap_attribute}=${ldap_attribute_old})" \
 +
    | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \
 +
    | awk '/^dn: / { print $2 }'
 +
</source>
 +
 +
We need to create an array of the distinguished names:
 +
<source lang='bash'>
 +
children=$(ldapsearch -LLL -x -s children \
 +
    -H "$ldap_server" \
 +
    -b "$ldap_base" \
 +
    -D "$ldap_bind_account" \
 +
    -w "$ldap_bind_password" \
 +
    "(${ldap_attribute}=${ldap_attribute_old})" \
 +
    | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \
 +
    | awk '/^dn: / { print $2 }'
 +
)
 +
</source>
 +
 +
Finally, we need ti loop over all the distinguished names and replace the original (old) content to the attribute with the new content:
 +
<source lang='bash'>
 +
for dn in $children
 +
do
 +
    cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \
 +
        -H "$ldap_server" \
 +
        -D "$ldap_bind_account" \
 +
        -w "$ldap_bind_password"
 +
    dn: ${dn}
 +
    changetype: modify
 +
    replace: ${ldap_attribute}
 +
    ${ldap_attribute}: ${ldap_attribute_new}
 +
EOF
 +
done
 +
</source>
 +
 +
=== Search an replace - Replace a section (part) of an attribute - Putting it all together (copy and paste version) ===
 
<source lang='bash'>
 
<source lang='bash'>
 
children=$(ldapsearch -LLL -x -s children \
 
children=$(ldapsearch -LLL -x -s children \

Revision as of 14:09, 14 December 2020

Overview

This page collects some typical ldapsearch an replace use cases in the OpenLDAP directory.

Search an replace

Search an replace - Replace the content of an attribute

Search an replace - Replace the content of an attribute - Variable definitions

# Set the following bash variables
ldap_attribute="sstMailFrom"                                                  # The attribute we're interested in. For example: sstMailFrom
ldap_attribute_old="Support stepping stone GmbH <support@stepping-stone.ch>"  # Original (old) value of the attribute.
ldap_attribute_new="Support stepping stone AG <support@stepping-stone.ch>"    # The new value, that the original (old) value of the attribute is to be replaced with.
ldap_bind_password=''                                                         # The password of "cn=Manager,o=stepping-stone,c=ch"
 
# Don't change these bash variables
ldap_server="ldaps://ldapm.stepping-stone.ch:636"
ldap_base="ou=services,o=stepping-stone,c=ch"
ldap_bind_account="cn=Manager,o=stepping-stone,c=ch"

Search an replace - Replace the content of an attribute - Step by step

Execute the search to retrieve all occurrences of the given search filter (ldap attribute and attribute value): 

ldapsearch -LLL -x -s children \
    -H "$ldap_server" \
    -b "$ldap_base" \
    -D "$ldap_bind_account" \
    -w "$ldap_bind_password" \
    "(${ldap_attribute}=${ldap_attribute_old})"

The result will contain something like: 

dn: ou=unsuccessful,ou=templates,uid=5000000,ou=reseller,ou=configuration,ou=b
 ackup,ou=services,o=stepping-stone,c=ch
description: This leaf contains the quota templates for the (online) backupser
 vice.
objectClass: top
objectClass: organizationalUnit
objectClass: sstTemplateSetup
ou: unsuccessful
sstMailFrom: Support stepping stone GmbH <support@stepping-stone.ch>
sstMailTemplate: file:///var/www/selfcare/htdocs/themes/selfcare-int.stepping-
 stone.ch/templates/services/backup/unsuccessful/unsuccessful_mail
sstMailTemplateFormatSource: txt
sstMailTemplateFormatTarget: txt
sstMailTemplateReseller: file:///var/www/selfcare/htdocs/themes/selfcare-int.s
 tepping-stone.ch/templates/services/backup/unsuccessful/unsuccessful_mail_res
 eller
sstMailTemplateResellerFormatSource: txt
sstMailTemplateResellerFormatTarget: txt

As we are only interested in the dn, we add the following two lines to the search above: 

    | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \
    | awk '/^dn: / { print $2 }'

The final search returns a list of distinguished names, one per line (without the ldif 80 characters per line restriction): 

ldapsearch -LLL -x -s children \
    -H "$ldap_server" \
    -b "$ldap_base" \
    -D "$ldap_bind_account" \
    -w "$ldap_bind_password" \
    "(${ldap_attribute}=${ldap_attribute_old})" \
    | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \
    | awk '/^dn: / { print $2 }'

We need to create an array of the distinguished names: 

children=$(ldapsearch -LLL -x -s children \
    -H "$ldap_server" \
    -b "$ldap_base" \
    -D "$ldap_bind_account" \
    -w "$ldap_bind_password" \
    "(${ldap_attribute}=${ldap_attribute_old})" \
    | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \
    | awk '/^dn: / { print $2 }'
)

Finally, we need ti loop over all the distinguished names and replace the original (old) content to the attribute with the new content: 

for dn in $children
do
    cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \
        -H "$ldap_server" \
        -D "$ldap_bind_account" \
        -w "$ldap_bind_password" 
    dn: ${dn}
    changetype: modify
    replace: ${ldap_attribute}
    ${ldap_attribute}: ${ldap_attribute_new}
EOF
done

Search an replace - Replace the content of an attribute - Putting it all together (copy and paste version)

children=$(ldapsearch -LLL -x -s children \
    -H "$ldap_server" \
    -b "$ldap_base" \
    -D "$ldap_bind_account" \
    -w "$ldap_bind_password" \
    "(${ldap_attribute}=${ldap_attribute_old})" \
    | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \
    | awk '/^dn: / { print $2 }'
)
for dn in $children
do
    cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \
        -H "$ldap_server" \
        -D "$ldap_bind_account" \
        -w "$ldap_bind_password" 
    dn: ${dn}
    changetype: modify
    replace: ${ldap_attribute}
    ${ldap_attribute}: ${ldap_attribute_new}
EOF
done

Search an replace - Replace a section (part) of an attribute

Search an replace - Replace a section (part) of an attribute - Variable definitions

# Set the following bash variables
ldap_attribute="sstMailFrom"                                                  # The attribute we're interested in. For example: sstMailFrom
ldap_attribute_old="Support stepping stone GmbH <support@stepping-stone.ch>"  # Original (old) value of the attribute.
ldap_attribute_new="Support stepping stone AG <support@stepping-stone.ch>"    # The new value, that the original (old) value of the attribute is to be replaced with.
ldap_bind_password=''                                                         # The password of "cn=Manager,o=stepping-stone,c=ch"
 
# Don't change these bash variables
ldap_server="ldaps://ldapm.stepping-stone.ch:636"
ldap_base="ou=services,o=stepping-stone,c=ch"
ldap_bind_account="cn=Manager,o=stepping-stone,c=ch"

Search an replace - Replace a section (part) of an attribute - Step by step

Execute the search to retrieve all occurrences of the given search filter (ldap attribute and attribute value): 

ldapsearch -LLL -x -s children \
    -H "$ldap_server" \
    -b "$ldap_base" \
    -D "$ldap_bind_account" \
    -w "$ldap_bind_password" \
    "(${ldap_attribute}=${ldap_attribute_old})"

The result will contain something like: 

dn: ou=unsuccessful,ou=templates,uid=5000000,ou=reseller,ou=configuration,ou=b
 ackup,ou=services,o=stepping-stone,c=ch
description: This leaf contains the quota templates for the (online) backupser
 vice.
objectClass: top
objectClass: organizationalUnit
objectClass: sstTemplateSetup
ou: unsuccessful
sstMailFrom: Support stepping stone GmbH <support@stepping-stone.ch>
sstMailTemplate: file:///var/www/selfcare/htdocs/themes/selfcare-int.stepping-
 stone.ch/templates/services/backup/unsuccessful/unsuccessful_mail
sstMailTemplateFormatSource: txt
sstMailTemplateFormatTarget: txt
sstMailTemplateReseller: file:///var/www/selfcare/htdocs/themes/selfcare-int.s
 tepping-stone.ch/templates/services/backup/unsuccessful/unsuccessful_mail_res
 eller
sstMailTemplateResellerFormatSource: txt
sstMailTemplateResellerFormatTarget: txt

As we are only interested in the dn, we add the following two lines to the search above: 

    | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \
    | awk '/^dn: / { print $2 }'

The final search returns a list of distinguished names, one per line (without the ldif 80 characters per line restriction): 

ldapsearch -LLL -x -s children \
    -H "$ldap_server" \
    -b "$ldap_base" \
    -D "$ldap_bind_account" \
    -w "$ldap_bind_password" \
    "(${ldap_attribute}=${ldap_attribute_old})" \
    | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \
    | awk '/^dn: / { print $2 }'

We need to create an array of the distinguished names: 

children=$(ldapsearch -LLL -x -s children \
    -H "$ldap_server" \
    -b "$ldap_base" \
    -D "$ldap_bind_account" \
    -w "$ldap_bind_password" \
    "(${ldap_attribute}=${ldap_attribute_old})" \
    | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \
    | awk '/^dn: / { print $2 }'
)

Finally, we need ti loop over all the distinguished names and replace the original (old) content to the attribute with the new content: 

for dn in $children
do
    cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \
        -H "$ldap_server" \
        -D "$ldap_bind_account" \
        -w "$ldap_bind_password" 
    dn: ${dn}
    changetype: modify
    replace: ${ldap_attribute}
    ${ldap_attribute}: ${ldap_attribute_new}
EOF
done

Search an replace - Replace a section (part) of an attribute - Putting it all together (copy and paste version)

children=$(ldapsearch -LLL -x -s children \
    -H "$ldap_server" \
    -b "$ldap_base" \
    -D "$ldap_bind_account" \
    -w "$ldap_bind_password" \
    "(${ldap_attribute}=${ldap_attribute_old})" \
    | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \
    | awk '/^dn: / { print $2 }'
)
for dn in $children
do
    cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \
        -H "$ldap_server" \
        -D "$ldap_bind_account" \
        -w "$ldap_bind_password" 
    dn: ${dn}
    changetype: modify
    replace: ${ldap_attribute}
    ${ldap_attribute}: ${ldap_attribute_new}
EOF
done
Retrieved from "http://wiki.stoney-cloud.org/mediawiki/index.php?title=stoney_core:_OpenLDAP_ldapseach_and_replace&oldid=5098"