stoney core: OpenLDAP ldapseach and replace

From stoney-cloud.org
Jump to navigation Jump to search

Overview

This page collects some typical ldapsearch an replace use cases in the OpenLDAP directory.

Search an replace

Search an replace - Replace the content of sstMailFrom attribute

Search an replace - Replace the content of sstMailFrom attribute - Variable definitions

# Set the following bash variables
ldap_attribute="sstMailFrom"                                                  # The attribute we're interested in. For example: sstMailFrom
ldap_attribute_old="Support stepping stone GmbH <support@stepping-stone.ch>"  # Original (old) value of the attribute.
ldap_attribute_new="Support stepping stone AG <support@stepping-stone.ch>"    # The new value, that the original (old) value of the attribute is to be replaced with.
ldap_bind_password=''                                                         # The password of "cn=Manager,o=stepping-stone,c=ch"

# Don't change these bash variables
ldap_server="ldaps://ldapm.stepping-stone.ch:636"
ldap_base="ou=services,o=stepping-stone,c=ch"
ldap_bind_account="cn=Manager,o=stepping-stone,c=ch"

Search an replace - Replace the content of sstMailFrom attribute - Step by step

Execute the search to retrieve all occurrences of the given search filter (ldap attribute and attribute value): 

ldapsearch -LLL -x -s children \
    -H "$ldap_server" \
    -b "$ldap_base" \
    -D "$ldap_bind_account" \
    -w "$ldap_bind_password" \
    "(${ldap_attribute}=${ldap_attribute_old})"

The result will contain something like: 

dn: ou=unsuccessful,ou=templates,uid=5000000,ou=reseller,ou=configuration,ou=b
 ackup,ou=services,o=stepping-stone,c=ch
description: This leaf contains the quota templates for the (online) backupser
 vice.
objectClass: top
objectClass: organizationalUnit
objectClass: sstTemplateSetup
ou: unsuccessful
sstMailFrom: Support stepping stone GmbH <support@stepping-stone.ch>
sstMailTemplate: file:///var/www/selfcare/htdocs/themes/selfcare-int.stepping-
 stone.ch/templates/services/backup/unsuccessful/unsuccessful_mail
sstMailTemplateFormatSource: txt
sstMailTemplateFormatTarget: txt
sstMailTemplateReseller: file:///var/www/selfcare/htdocs/themes/selfcare-int.s
 tepping-stone.ch/templates/services/backup/unsuccessful/unsuccessful_mail_res
 eller
sstMailTemplateResellerFormatSource: txt
sstMailTemplateResellerFormatTarget: txt

As we are only interested in the dn, we add the following two lines to the search above: 

    | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \
    | awk '/^dn: / { print $2 }'

The final search returns a list of distinguished names, one per line (without the ldif 80 characters per line restriction): 

ldapsearch -LLL -x -s children \
    -H "$ldap_server" \
    -b "$ldap_base" \
    -D "$ldap_bind_account" \
    -w "$ldap_bind_password" \
    "(${ldap_attribute}=${ldap_attribute_old})" \
    | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \
    | awk '/^dn: / { print $2 }'

We need to create an array of the distinguished names: 

children=$(ldapsearch -LLL -x -s children \
    -H "$ldap_server" \
    -b "$ldap_base" \
    -D "$ldap_bind_account" \
    -w "$ldap_bind_password" \
    "(${ldap_attribute}=${ldap_attribute_old})" \
    | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \
    | awk '/^dn: / { print $2 }'
)

Finally, we need ti loop over all the distinguished names and replace the original (old) content to the attribute with the new content: 

for dn in $children
do
    cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \
        -H "$ldap_server" \
        -D "$ldap_bind_account" \
        -w "$ldap_bind_password" 
    dn: ${dn}
    changetype: modify
    replace: ${ldap_attribute}
    ${ldap_attribute}: ${ldap_attribute_new}
EOF
done

Search an replace - Replace the content of sstMailFrom attribute - Putting it all together (copy and past version)

children=$(ldapsearch -LLL -x -s children \
    -H "$ldap_server" \
    -b "$ldap_base" \
    -D "$ldap_bind_account" \
    -w "$ldap_bind_password" \
    "(${ldap_attribute}=${ldap_attribute_old})" \
    | awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \
    | awk '/^dn: / { print $2 }'
)
for dn in $children
do
    cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \
        -H "$ldap_server" \
        -D "$ldap_bind_account" \
        -w "$ldap_bind_password" 
    dn: ${dn}
    changetype: modify
    replace: ${ldap_attribute}
    ${ldap_attribute}: ${ldap_attribute_new}
EOF
done
Retrieved from "https://wiki.stoney-cloud.org/w/index.php?title=stoney_core:_OpenLDAP_ldapseach_and_replace&oldid=5096"