Skip to content

Simple shellscripts to make interaction with LDAP/AD/ldapsearch easier

License

Notifications You must be signed in to change notification settings

DKFZ-ODCF/ldap-summary

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

49 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

LDAP-summary

This repository contains useful shell scripts to make interacting with LDAP/AD from the command line more pleasant.

The shell scripts provide easy access to the most common types of information that we've needed on users/groups at the DKFZ. They are made available here in the spirit of making every admin's life easier. The scripts are wrappers around ldapsearch by the OpenLDAP project.

Configuration

The scripts load their LDAP configuration from a separate config file: ldap-summary.conf, located in $XDG_CONFIG_HOME (by default: $HOME/.config/). An example config file is provided as ldap-summary.conf.template, which contains dummy values for all required settings.

Examples

Basic LDAP info on a ...

.. user

# ./ldap CN=jdoe
cn: jdoe
displayName: Doe, Jessie
dn: CN=jdoe,OU=Department,OU=Unit,DC=ad,DC=example,DC=com
mail: [email protected]
memberOf: CN=Powerusers               OU=Department      full DN: CN=Powerusers,OU=Department,OU=Unit,DC=ad,DC=example,DC=com
memberOf: CN=SomeProject              OU=Department      full DN: CN=SomeProject,OU=Department,OU=Unit,DC=ad,DC=example,DC=com
memberOf: CN=TTP_project              OU=Department      full DN: CN=TTP_project,OU=Department,OU=Unit,DC=ad,DC=example,DC=com
memberOf: CN=SCP_project              OU=Department      full DN: CN=SCP_project,OU=Department,OU=Unit,DC=ad,DC=example,DC=com
...
memberOf: CN=storage-access           OU=Department      full DN: CN=storage-access,OU=Department,OU=Unit,DC=ad,DC=example,DC=com
memberOf: CN=UserWithParking          OU=Company         full DN: CN=UserWithParking,OU=Company,DC=ad,DC=example,DC=com
ufn: jessiedoe, Department, Unit, Company, ad.example.com

.. group

# ./ldap cn=SOME-GROUP
cn: SOME-GROUP
description: AD and NIS Group to control access to controlled data for SOME-PROJECT
dn: CN=SOME-GROUP,OU=Department,OU=Unit,DC=ad,DC=example,DC=com
member: CN=ADMIN-GROUP              OU=Department      full DN: CN=ADMIN-GROUP,OU=Department,OU=Unit,DC=ad,DC=example,DC=com
member: CN=janedoe                  OU=DefenseWeekly   full DN: CN=janedoe,OU=DefenseWeekly,OU=DefenseUnit,OU=Company,DC=ad,DC=example,DC=com
member: CN=broadwell                OU=GeorgiaState    full DN: CN=broadwell,OU=GeorgiaState,OU=Literature,OU=EduUnit,DC=ad,DC=example,DC=com
....
member: CN=aladin                   OU=Lamp            full DN: CN=aladin,OU=lamp,OU=Unit,DC=ad,DC=example,DC=com
ufn: SOME-GROUP, Department, Unit, Company, ad.example.com

analyse groups

Analyse a group or groups: who is in it, whose account has expired, how much overlap?

# group-matrix group1 group2 group3...
USERS  FULL_NAME         STATUS  group1  group2  group3
user1  Randomuser, Sam   active          Y
user2  Randomuser, Jay   EXPIRED Y       Y       Y
user3  Randomuser, Beau  active  Y
user4  Randomuser, Alex  active  Y       Y

recursively find ALL groups of a user

This finds all groups of a user, including those that they are only indirectly a member of.

# ./groupsof <username>
# ./groupsof johndoe
 CN=Team                     OU=Department      dn: CN=Team,OU=Department,OU=Unit,DC=ad,DC=example,DC=com
 CN=CITRIX FileZilla         OU=Citrix Server   dn: CN=CITRIX FileZilla,OU=Citrix Server,OU=Terminal Server,DC=ad,DC=example,DC=com
 CN=CITRIX putty             OU=Citrix Server   dn: CN=CITRIX putty,OU=Citrix Server,OU=Terminal Server,DC=ad,DC=example,DC=com
 CN=CITRIX WinSCP3           OU=Citrix Server   dn: CN=CITRIX WinSCP3,OU=Citrix Server,OU=Terminal Server,DC=ad,DC=example,DC=com
 CN=Terminal Server Users    OU=Citrix Server   dn: CN=Terminal Server Users,OU=Citrix Server,OU=Terminal Server,DC=ad,DC=example,DC=com
 CN=CITRIX Browser           OU=Citrix Server   dn: CN=CITRIX Browser,OU=Citrix Server,OU=Terminal Server,DC=ad,DC=example,DC=com
 CN=WLAN                     OU=RADIUS          dn: CN=WLAN,OU=RADIUS,DC=ad,DC=example,DC=com
 CN=UserWithParking          OU=Company         dn: CN=UserWithParking,OU=Company,DC=ad,DC=example,DC=com
 CN=Team-Data                OU=Department      dn: CN=Team-Data,OU=Department,OU=Unit,DC=ad,DC=example,DC=com
... <MANY groups omitted>
 CN=Team-Data-SecretProject  OU=Department      dn: CN=Team-Data-SecretProject,OU=Department,OU=Unit,DC=ad,DC=example,DC=com
 CN=Team-viztools            OU=Teams           dn: CN=Team-viztools,OU=Teams,OU=Unit,DC=ad,DC=example,DC=com

License and contribution

The scripts and example code in this project are licensed under the MIT license. Any contributions intentionally submitted to this project will be governed by that same license.

About

Simple shellscripts to make interaction with LDAP/AD/ldapsearch easier

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages