Skip to content

OpenLDAP Quick Tips: Interacting with LDAP from shell scripts by Vincent van Gelder

OpenLDAPOpen SourceSuretec Hi All,

Here's the 21st tip in the "OpenLDAP Quick Tips" series kindly contributed by Vincent van Gelder.

"You need to carry out LDAP[?] operations using shell scripts".

The following is an example sent in by Vincent van Gelder (you can e-mail your tip to us too):

------------------------
The following script I use when interacting with ldap[?] from shell scripts:


http://members.tripod.com/vgoenka/unixscripts/unldif.sed.txt


Sample script:

CODE:
###################################### #!/bin/bash PHOTO=/tmp/tux.jpg IFS=$'\n' for dn in $(ldapsearch -ZZ -LLL -A -b 'ou=Users,ou=Intranet,o=Company,c=NL' -s one '(&(!(jpegPhoto=*))(objectClass=inetOrgPerson))' jpegPhoto \  | unldif  | grep '^dn' ) do     echo $dn     echo "changetype: modify"     echo "add: jpegPhoto"     echo "jpegPhoto::$(openssl base64 -in $PHOTO | sed 's/^/ /')"     echo done ######################################


The sample script fetches users from ldap whithout a photo and adds a
default photo. Output is a ldif.

It also demonstrates how to add binary attributes from shell using
openssl tool.

The unldif script makes sure the dn is always just one line.

--
Met vriendelijke groet,

Vincent van Gelder
------------------------


Thanks,

Gavin.

If you have an entry for our "OpenLDAP Quick Tips" series, why not e-mail your tip to us.

P.S. For direct access to this section, you can click OpenLDAP Quick Tips.

Trackbacks

No Trackbacks

Comments

Display comments as Linear | Threaded

JP Mens on :

*Be a bit more effective, and avoid transporting the content of the jpegPhoto attribute type in the ldapsearch -- you're no using it anyway.

Either `ldapsearch ... 1.1' or ask it to retrieve a shorter type.

Gavin Henry on :

*Vincent hasn't responded to let me know he's seen the post, but I'm sure he appreciates the tips!

Cheers,

Gavin.

Vincent on :

*What I did to avoid that is using the -A option in ldapsearch.

From the manpage:
QUOTE:
-A Retrieve attributes only (no values). This is useful when you just want to see if an attribute is present in an entry and are not interested in the specific values.

Bash on :

*The text in the "Quote" sections on this site always looks like gibberish to me:


for dn in $(ldapsearch -ZZ -LLL -A -b 'ou=Users,ou=Intranet,o=Company,c=NL' -s one '(&(!(jpegPhoto=*))(objectClass=inetOrgPerson))' jpegPhoto \  | unldif  | grep '^dn' ) do     echo $dn     echo "changetype: modify"     echo "add: jpegPhoto"     echo "jpegPhoto::$(openssl base64 -in $PHOTO | sed 's/^/ /')"     echo done

Gavin Henry on :

*What browser are you using?

And how are you reading the feed/site?

RSS Reader?

The feeds are via feedburner, all other browsers we know can understand the escape codes:

http://www.theukwebdesigncompany.com/articles/entity-escape-characters.php

steven on :

*I have the same problem with Firefox 3.04 on Ubuntu 8.10 x64 from US. It seemed that all of the Firefox versions that I am running on Linux (Fedora, Ubuntu) can not display this site right.

Thank you.

Gavin Henry on :

*Very strange. I can't see this on any browser.

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
BBCode format allowed
Pavatar, Gravatar, Favatar, MyBlogLog, Pavatar author images supported.
Form options
tweetbackcheck