From bf4d3df154fd24091aeeb217da49d73a5b9d962b Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Wed, 8 May 2019 11:55:35 +0200 Subject: [PATCH] Adding bin/get-ldap-dn --- bin/get-ldap-dn | 182 ++++++++++++++++++++++++++++++++++++++++++++++ lib/functions.rc | 184 +++++++++++++++++++++++++++++++++++------------ 2 files changed, 321 insertions(+), 45 deletions(-) create mode 100755 bin/get-ldap-dn diff --git a/bin/get-ldap-dn b/bin/get-ldap-dn new file mode 100755 index 0000000..a95432b --- /dev/null +++ b/bin/get-ldap-dn @@ -0,0 +1,182 @@ +#!/bin/bash + +set -e +set -u + +BASE_NAME="$( basename ${0} )" +MY_REAL_NAME=$( readlink -f $0 ) +BIN_DIR=$( dirname "${MY_REAL_NAME}" ) +BASE_DIR=$( dirname "${BIN_DIR}" ) +LIB_DIR="${BASE_DIR}/lib" +CONF_DIR="${BASE_DIR}/etc" + +if [[ -f "${LIB_DIR}/functions.rc" ]] ; then + . "${LIB_DIR}/functions.rc" +else + echo "Bash resource file '${LIB_DIR}/functions.rc' not found" >&2 + exit 5 +fi + +declare -a TOKENS=() + +detect_color + +DESCRIPTION=$( cat <<-EOF + Get LDAP distinguished names (DN) either by a given UID or Mail address. + + EOF +) + +#------------------------------------------------------------------------------ +usage() { + cat <<-EOF + Usage: ${BASE_NAME} [Common Options] [LDAP Options] [ ...] + ${BASE_NAME} [-h|--help] + ${BASE_NAME} [-V|--version] + + Mandatory Parameter(s): + UID|EMAIL: Either the Uid of the requested User + (Posix name, mostly in the form 'first_name.last_name'), or + the E-Mail address of the account or group to search. + + LDAP Options: + EOF + + echo "${LDAP_USAGE_MSG}" + echo + echo " Common Options:" + echo "${STD_USAGE_MSG}" + +} + +#------------------------------------------------------------------------------ +get_options() { + + local tmp= + local base_dir= + + set +e + tmp=$( getopt -o ${LDAP_STD_OPTS_SHORT}${STD_SHORT_OPTIONS} \ + --long ${LDAP_STD_OPTS_LONG},${STD_LONG_OPTIONS} \ + -n "${BASE_NAME}" -- "$@" ) + if [[ $? != 0 ]] ; then + echo "" >&2 + usage >&2 + exit 1 + fi + set -e + + # Note the quotes around `$TEMP': they are essential! + eval set -- "${tmp}" + eval_common_options "$@" + if [[ "${DEBUG}" == 'y' ]] ; then + declare -p REMAINING_OPTS + declare -p REMAINING_ARGS + fi + +# local -a rest_args_common=() +# for tmp in "${REMAINING_ARGS[@]}" ; do +# rest_args_common+=(${tmp}) +# done + + eval_ldap_options "${REMAINING_OPTS[@]}" "${REMAINING_ARGS[@]}" + + if [[ "${DEBUG}" == 'y' ]] ; then + declare -p REMAINING_OPTS + declare -p REMAINING_ARGS + fi + + if [[ "${#REMAINING_OPTS[@]}" -gt 0 ]] ; then + error "Unknown options: ${REMAINING_OPTS[*]}" + echo >&2 + usage >&2 + exit 2 + fi + + if [[ "${#REMAINING_ARGS[@]}" == "0" ]] ; then + error "No Uids or E-Mail addresses given to retrieve." + echo >&2 + usage >&2 + exit 2 + fi + + local i=0 + local token= + for token in "${REMAINING_ARGS[@]}" ; do + if [[ "$i" == 0 ]]; then + i=1 + continue + fi + TOKENS+=(${token}) + i=$(( $i + 1 )) + done + + if [[ "${DEBUG}" == 'y' ]] ; then + declare -p TOKENS + fi + +} + +#------------------------------------------------------------------------------ +main() { + + get_options "$@" + + local oifs="${IFS}" + IFS=" +" + + local token= + local cmd= + local filter= + + local cmd_base="ldapsearch -LLL -o ldif-wrap=no " + cmd_base+="-h \"${LDAP_HOST}\" -p ${LDAP_PORT} -b \"${LDAP_BASE}\"" + cmd_base+=" -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\" " + + for token in "${TOKENS[@]}" ; do + + echo >&2 + info "Getting DN of LDAP-Object with token '${GREEN}${token}${NORMAL}' ..." >&2 + + filter="(|(uid=${token})(mail=${token})(mailAlternateAddress=${token})(mailEquivalentAddress=${token}))" + cmd="${cmd_base} \"${filter}\" dn" + debug "Executing: ${cmd}" + echo >&2 + eval ${cmd} + + done + +} + +main "$@" + +exit 0 + + + +main_old() { + + local oifs="${IFS}" + IFS=" +" + + for dn in "$@" ; do + + echo >&2 + echo "Getting LDAP-Object with DN '${dn}' ..." >&2 + echo >&2 + + cmd="ldapsearch -x -LLL -o ldif-wrap=no -h ldap.pixelpark.com -p 389" + cmd+=" -b \"${dn}\" -v -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\" " + cmd+=" -s base \"objectclass=*\" 2>/dev/null | sort -i" + echo "${cmd}" >&2 + eval ${cmd} + + done + +} + +main "$@" + +# vim: et list diff --git a/lib/functions.rc b/lib/functions.rc index 9d8ea38..ed02392 100644 --- a/lib/functions.rc +++ b/lib/functions.rc @@ -15,7 +15,7 @@ VERSION="0.2.0" STD_SHORT_OPTIONS="sdvhV" STD_LONG_OPTIONS="simulate,debug,verbose,nocolor,help,version" STD_USAGE_MSG=$( cat <<-EOF - -s|--simulate Simulation mode - dont apply any changes. + -s|--simulate Simulation mode - dont apply any changes. -d|--debug Debug output (bash -x). -v|--verbose Set verbosity on. --nocolor Dont use colors on display. @@ -31,11 +31,38 @@ DO_ASK="n" SIMULATE="n" declare -a REMAINING_ARGS=() +declare -a REMAINING_OPTS=() NFS_HOMEDIR_PARENT='/mnt/nfs/home' DESCRIPTION="${DESCRIPTION:-Failing script description}" +# LDAP Defaults +LDAP_USR="cn=admin" +LDAP_PWD_FILE="${HOME}/.private/ldap-admin-wonl.txt" +LDAP_BASE="o=isp" +LDAP_HOST="ldap.pixelpark.com" +LDAP_PORT=389 + +LDAP_STD_OPTS_SHORT="D:y:H:P:b:" +LDAP_STD_OPTS_LONG="bind-dn:,password-file:,ldap-host:,ldap-port:,base-dn:" + +LDAP_USAGE_MSG=$( cat <<-EOF + -D|--bind-dn DN + Use this Distinguished Name DN to bind to the LDAP directory. + (Default: '${LDAP_USR}'). + -y|--password-file FILE + Use complete contents of PASSWD_FILE as the password for simple authentication + (Default: '${LDAP_PWD_FILE}'). + -H|--ldap-host HOSTNAME + The hostname or IP address of the LDAP-Server (Default: '${LDAP_HOST}'). + -P|--ldap-port PORT + The port number of the LDAP-Server (Default: ${LDAP_PORT}). + -b|--base-dn SEARCH_BASE + The starting point for the LDAP search (Default: '${LDAP_BASE}') + EOF + ) + #------------------------------------------------------------------- detect_color() { @@ -86,55 +113,58 @@ description() { eval_common_options() { REMAINING_ARGS=() - - while true ; do - case "$1" in - -s|--simulate) - SIMULATE="y" - shift - ;; - -d|--debug) - DEBUG="y" - shift - ;; - -v|--verbose) - VERBOSE="y" - shift - ;; - --nocolor) - RED="" - YELLOW="" - GREEN="" - BLUE="" - CYAN="" - NORMAL="" - shift - ;; - -h|--help) - description - echo - usage - exit 0 - ;; - -V|--version) - echo "${BASE_NAME} version: ${VERSION}" - exit 0 - ;; - --) shift - break - ;; - *) REMAINING_ARGS+=($1) - shift - ;; - esac - done + REMAINING_OPTS=() + + if [[ "$#" -gt 0 ]] ; then + while true ; do + case "$1" in + -s|--simulate) + SIMULATE="y" + shift + ;; + -d|--debug) + DEBUG="y" + shift + ;; + -v|--verbose) + VERBOSE="y" + shift + ;; + --nocolor) + RED="" + YELLOW="" + GREEN="" + BLUE="" + CYAN="" + NORMAL="" + shift + ;; + -h|--help) + description + echo + usage + exit 0 + ;; + -V|--version) + echo "${BASE_NAME} version: ${VERSION}" + exit 0 + ;; + --) shift + break + ;; + *) REMAINING_OPTS+=($1) + shift + ;; + esac + done + fi if [[ "${DEBUG}" = "y" ]] ; then set -x fi if [[ "$#" -gt "0" ]] ; then - REMAINING_ARGS+="--" + REMAINING_ARGS=("--") while [[ "$#" -gt "0" ]] ; do REMAINING_ARGS+=($1) shift @@ -150,6 +180,70 @@ eval_common_options() { } +#------------------------------------------------------------------------------ +eval_ldap_options() { + + REMAINING_ARGS=() + REMAINING_OPTS=() + + if [[ "$#" -gt 0 ]] ; then + while true ; do + case "$1" in + -D|--bind-dn) + LDAP_USR="$2" + shift + shift + ;; + -y|--password-file) + LDAP_PWD_FILE="$2" + shift + shift + ;; + -H|--ldap-host) + LDAP_HOST="$2" + shift + shift + ;; + -P|--ldap-port) + LDAP_PORT="$2" + shift + shift + ;; + -b|--base-dn) + LDAP_BASE="$2" + shift + shift + ;; + --) shift + break + ;; + *) REMAINING_OPTS+=($1) + shift + ;; + esac + done + fi + + if [[ "$#" -gt "0" ]] ; then + REMAINING_ARGS=("--") + while [[ "$#" -gt "0" ]] ; do + REMAINING_ARGS+=($1) + shift + done + fi + + if [[ ! -f "${LDAP_PWD_FILE}" ]] ; then + error "Password file '${RED}${LDAP_PWD_FILE}'${NORMAL} not found." + exit 3 + fi + + if [[ ! -r "${LDAP_PWD_FILE}" ]] ; then + error "Password file '${RED}${LDAP_PWD_FILE}${NORMAL}' not readable." + exit 3 + fi + +} + #------------------------------------------------------------------------------ my_date() { date +'%F %T.%N %:::z' @@ -232,4 +326,4 @@ set_locale() { } -# vim: filetype=sh ts=4 et +# vim: filetype=sh ts=4 et list -- 2.39.5