stoney core: OpenLDAP ldapseach and replace
Jump to navigation
Jump to search
Overview
This page collects some typical ldapsearch an replace use cases in the OpenLDAP directory.
Search an replace
Search an replace - Replace the content of an attribute
Search an replace - Replace the content of an attribute - Variable definitions
# Set the following bash variables
ldap_attribute="sstMailFrom" # The attribute we're interested in. For example: sstMailFrom
ldap_attribute_old="Support stepping stone GmbH <support@stepping-stone.ch>" # Original (old) value of the attribute.
ldap_attribute_new="Support stepping stone AG <support@stepping-stone.ch>" # The new value, that the original (old) value of the attribute is to be replaced with.
ldap_bind_password='' # The password of "cn=Manager,o=stepping-stone,c=ch"
# Don't change these bash variables
ldap_server="ldaps://ldapm.stepping-stone.ch:636"
ldap_base="ou=services,o=stepping-stone,c=ch"
ldap_bind_account="cn=Manager,o=stepping-stone,c=ch"
Search an replace - Replace the content of an attribute - Step by step
Execute the search to retrieve all occurrences of the given search filter (ldap attribute and attribute value):
ldapsearch -LLL -x -s children \
-H "$ldap_server" \
-b "$ldap_base" \
-D "$ldap_bind_account" \
-w "$ldap_bind_password" \
"(${ldap_attribute}=${ldap_attribute_old})"
The result will contain something like:
dn: ou=unsuccessful,ou=templates,uid=5000000,ou=reseller,ou=configuration,ou=b
ackup,ou=services,o=stepping-stone,c=ch
description: This leaf contains the quota templates for the (online) backupser
vice.
objectClass: top
objectClass: organizationalUnit
objectClass: sstTemplateSetup
ou: unsuccessful
sstMailFrom: Support stepping stone GmbH <support@stepping-stone.ch>
sstMailTemplate: file:///var/www/selfcare/htdocs/themes/selfcare-int.stepping-
stone.ch/templates/services/backup/unsuccessful/unsuccessful_mail
sstMailTemplateFormatSource: txt
sstMailTemplateFormatTarget: txt
sstMailTemplateReseller: file:///var/www/selfcare/htdocs/themes/selfcare-int.s
tepping-stone.ch/templates/services/backup/unsuccessful/unsuccessful_mail_res
eller
sstMailTemplateResellerFormatSource: txt
sstMailTemplateResellerFormatTarget: txtAs we are only interested in the dn, we add the following two lines to the search above:
| awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \
| awk '/^dn: / { print $2 }'
The final search returns a list of distinguished names, one per line (without the ldif 80 characters per line restriction):
ldapsearch -LLL -x -s children \
-H "$ldap_server" \
-b "$ldap_base" \
-D "$ldap_bind_account" \
-w "$ldap_bind_password" \
"(${ldap_attribute}=${ldap_attribute_old})" \
| awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \
| awk '/^dn: / { print $2 }'
We need to create an array of the distinguished names:
children=$(ldapsearch -LLL -x -s children \
-H "$ldap_server" \
-b "$ldap_base" \
-D "$ldap_bind_account" \
-w "$ldap_bind_password" \
"(${ldap_attribute}=${ldap_attribute_old})" \
| awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \
| awk '/^dn: / { print $2 }'
)
Finally, we need ti loop over all the distinguished names and replace the original (old) content to the attribute with the new content:
for dn in $children
do
cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \
-H "$ldap_server" \
-D "$ldap_bind_account" \
-w "$ldap_bind_password"
dn: ${dn}
changetype: modify
replace: ${ldap_attribute}
${ldap_attribute}: ${ldap_attribute_new}
EOF
done
Search an replace - Replace the content of an attribute - Putting it all together (copy and paste version)
children=$(ldapsearch -LLL -x -s children \
-H "$ldap_server" \
-b "$ldap_base" \
-D "$ldap_bind_account" \
-w "$ldap_bind_password" \
"(${ldap_attribute}=${ldap_attribute_old})" \
| awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \
| awk '/^dn: / { print $2 }'
)
for dn in $children
do
cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \
-H "$ldap_server" \
-D "$ldap_bind_account" \
-w "$ldap_bind_password"
dn: ${dn}
changetype: modify
replace: ${ldap_attribute}
${ldap_attribute}: ${ldap_attribute_new}
EOF
done
Search an replace - Replace a section (part) of an attribute
Search an replace - Replace a section (part) of an attribute - Variable definitions
# Set the following bash variables
ldap_attribute="description" # The attribute we're interested in. For example: description
ldap_attribute_old="stepping stone GmbH" # Original (old) value of the attribute.
ldap_attribute_new="stepping stone AG" # The new value, that the original (old) value of the attribute is to be replaced with.
ldap_bind_password='' # The password of "cn=Manager,o=stepping-stone,c=ch"
# Don't change these bash variables
ldap_server="ldaps://ldapm.stepping-stone.ch:636"
ldap_base="ou=services,o=stepping-stone,c=ch"
ldap_bind_account="cn=Manager,o=stepping-stone,c=ch"
Search an replace - Replace a section (part) of an attribute - Step by step
Execute the search to retrieve all occurrences of the given search filter (ldap attribute and attribute value):
ldapsearch -LLL -x -s children \
-H "$ldap_server" \
-b "$ldap_base" \
-D "$ldap_bind_account" \
-w "$ldap_bind_password" \
"(${ldap_attribute}=${ldap_attribute_old})"
The result will contain something like:
dn: ou=unsuccessful,ou=templates,uid=5000000,ou=reseller,ou=configuration,ou=b
ackup,ou=services,o=stepping-stone,c=ch
description: This leaf contains the quota templates for the (online) backupser
vice.
objectClass: top
objectClass: organizationalUnit
objectClass: sstTemplateSetup
ou: unsuccessful
sstMailFrom: Support stepping stone GmbH <support@stepping-stone.ch>
sstMailTemplate: file:///var/www/selfcare/htdocs/themes/selfcare-int.stepping-
stone.ch/templates/services/backup/unsuccessful/unsuccessful_mail
sstMailTemplateFormatSource: txt
sstMailTemplateFormatTarget: txt
sstMailTemplateReseller: file:///var/www/selfcare/htdocs/themes/selfcare-int.s
tepping-stone.ch/templates/services/backup/unsuccessful/unsuccessful_mail_res
eller
sstMailTemplateResellerFormatSource: txt
sstMailTemplateResellerFormatTarget: txtAs we are only interested in the dn, we add the following two lines to the search above:
| awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \
| awk '/^dn: / { print $2 }'
The final search returns a list of distinguished names, one per line (without the ldif 80 characters per line restriction):
ldapsearch -LLL -x -s children \
-H "$ldap_server" \
-b "$ldap_base" \
-D "$ldap_bind_account" \
-w "$ldap_bind_password" \
"(${ldap_attribute}=${ldap_attribute_old})" \
| awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \
| awk '/^dn: / { print $2 }'
We need to create an array of the distinguished names:
children=$(ldapsearch -LLL -x -s children \
-H "$ldap_server" \
-b "$ldap_base" \
-D "$ldap_bind_account" \
-w "$ldap_bind_password" \
"(${ldap_attribute}=${ldap_attribute_old})" \
| awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \
| awk '/^dn: / { print $2 }'
)
Finally, we need ti loop over all the distinguished names and replace the original (old) content to the attribute with the new content:
for dn in $children
do
cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \
-H "$ldap_server" \
-D "$ldap_bind_account" \
-w "$ldap_bind_password"
dn: ${dn}
changetype: modify
replace: ${ldap_attribute}
${ldap_attribute}: ${ldap_attribute_new}
EOF
done
Search an replace - Replace a section (part) of an attribute - Putting it all together (copy and paste version)
children=$(ldapsearch -LLL -x -s children \
-H "$ldap_server" \
-b "$ldap_base" \
-D "$ldap_bind_account" \
-w "$ldap_bind_password" \
"(${ldap_attribute}=${ldap_attribute_old})" \
| awk '{ if (/^ /) { sub(/^ /, ""); } else printf "\n"; printf "%s", $0 }' \
| awk '/^dn: / { print $2 }'
)
for dn in $children
do
cat <<EOF | sed 's/^ \{4\}//' | ldapmodify -x \
-H "$ldap_server" \
-D "$ldap_bind_account" \
-w "$ldap_bind_password"
dn: ${dn}
changetype: modify
replace: ${ldap_attribute}
${ldap_attribute}: ${ldap_attribute_new}
EOF
done