Download Latest Version ldapdo-1.303.tgz (24.4 kB)
Email in envelope

Get an email when there's a new version of ldapdo

Home
Name Modified Size InfoDownloads / Week
README.txt 2019-09-30 7.5 kB
0
ldapdo-1.303.tgz 2019-09-30 24.4 kB
0
Totals: 2 Items   31.9 kB 0 
. LDAPDO (ldap-do)

	Copyright (c) 2003-2018 Greg Breheny. All rights reserved.
	This program is free software; you can redistribute it and/or
	modify it under the same terms as Perl itself.
	No warranty expressed or implied.

	ldapdo is a command line ldap administration tool
	Works with standard LDAP servers (ie.  AD,eDirectory,openlap)
	Connects using: TLS, SSL, cleartext, kerberos

	ldap administration can be performed from the command line
	using simple filters or from a text file.
	The ldapdo output can also be used as input, this allows the data
	to be filtered/edited independently before adding it back into LDAP,
	reducing the need for ldap queries.
	Standard ldap queries can also be used with ldapdo.

. INSTALL

	. ldapdo can be located in any directory
	  but preferably somewhere in the PATH
	. ldapdo.conf is located in the same directory as ldapdo by default
	  it should not be world readable
	. ldapdo.conf needs to be configured to suit you ldap tree
	  key options to change are: user, password, host, basedn, attrs

	tar xzf ldapdo-1.3.tgz
	cd ldapdo-1.3
	chmod 0755 ldapdo
	chmod 0600 ldapdo.conf
	. set your required ownership on ldapdo-1.3/, and optionally add it to the PATH

	# Optional (additional conf files)
	symlinks to the script can be used to reference different conf files
	ie.
	ln -s ldapdo ldapdo-test
	cp ldapdo.conf ldapdo-test.conf
	vi ldapdo-test.conf
		(make your changes)
	:wq

	ldapdo-test will now reference ldapdo-test.conf without needing to give the '-f' option


	REQUIRED MODULES

		# example installs, this may differ in your environment

		. debian
			apt-get install libnet-ldap-perl
			apt-get install libio-socket-ssl-perl
			apt-get install libnet-ssleay-perl
			apt-get install libauthen-sasl-perl libauthen-sasl-cyrus-perl

		. suse
 			zypper install perl-ldap perl-IO-Socket-SSL perl-Convert-ASN1 perl-Net-SSLeay perl-ldap-ssl perl-Authen-SASL perl-Authen-SASL-Cyrus

		. cpan
			Convert::ASN1
			IO::Socket::SSL
			Net::LDAP
			Net::SSLeay
			Authen::SASL
			Authen::SASL::Cyrus 

			. example perl module install:

				tar xzf IO-Socket-SSL-1.07.tar.gz
				cd IO-Socket-SSL-1.07

				perl Makefile.PL
				make
				make test
				make install

. EXAMPLES

	. usage

		ldapdo --help

	. list objects at the current basedn

		ldapdo -l	# list DN's only
		ldapdo -l -v2	# list attrs specified in ldapdo.conf
		ldapdo -l -v3	# list all attrs found

	. list objects starting with 'f'

		ldapdo -l -v f*

	. list objects using an alternative ldapdo.conf

		ldapdo -f /mypath/myldap.conf -l fred

	. list group members using a standard ldap query

		# use -b to set a basedn different from the conf
		./ldapdo -b 'OU=groups,DC=amce,DC=com' -l -v '(&(objectclass=group)(CN=Exchange Servers*))'

	. set/remove login restrictions for fred

		ldapdo -u fred loginMaximumSimultaneous:3	# restrict to 3 logins
		ldapdo -e fred loginMaximumSimultaneous:0	# remove restriction
		
	. update mail for fred

		ldapdo -u fred mail:fred.scuttle@acme.com
		
		caution!!: using '-u' to update multi-value attrs
		will wipe all but the value updated,
		use the '-a' option as an alternative
		
	. multi-value attributes

		# add mail addresses for fred
	
		ldapdo -a fred mail:f.scuttle@acme.com
		ldapdo -a fred mail:fred.scuttle@acme.com
		
		ie. call ldapdo with -a once for each value
	
	. silently update with no prompting

		ldapdo -u -v0 fred userPassword:mypass
		
	. move/rename objects (requires a datafile)

		# ldapdo.dat
		dn:cn=gomez,ou=services,dc=acme
		newdn:cn=adamsg,ou=accounts,dc=acme
		@
		dn:cn=herman,ou=services,dc=acme
		newdn:cn=munsterh,ou=parts,dc=acme
		@

		ldapdo -M ldapdo.dat

	. list only the objects included in ldapdo.dat

		ldapdo -l -v ldapdo.dat

		# the same but include only the attrs given
		ldapdo -t 'givenName;sn;mail' -l -v ldapdo.dat

	. list/modify/update attributes for users starting with 'f'

		# save objects to a text file
		ldapdo -l -v f* >ldapdo.dat

		# edit text file
		vi ldapdo.dat
			(make your changes)

		# update changes
		ldapdo -u ldapdo.dat
		
			!!caution!! with multi-value attrs:
			'-u' will wipe all but the value updated
			use the '-a' option as an alternative

		# list the objects updated
		ldapdo -l -v ldapdo.dat >ldapdo2.dat
			list only the objects contained in the datafile
			include in the output the 'attrs' specified in the conf file
			(it may be preferred to first set a reduced set of attrs in the conf file)

	. create new accounts

		vi ldapdo.dat
			dn:cn=fred,ou=travel,o=acme
			cn:fred
			sn:scuttle
			fullName:fred scuttle
			mail:fred@acme.com
			uidNumber:0001
			gidNumber:100
			uid:fred
			loginShell:/bin/bash
			homeDirectory:/home/fred
			objectClass:inetOrgPerson
			objectClass:organizationalPerson
			objectClass:person
			objectClass:ndsLoginProperties
			objectClass:top
			objectClass:posixAccount
			@
			dn:cn=george,ou=astro,o=acme
			cn:george
			sn:jetson
			fullName:george jetson
			mail:george@acme.com
			uidNumber:0002
			gidNumber:100
			uid:george
			loginShell:/bin/bash
			homeDirectory:/home/george
			objectClass:inetOrgPerson
			objectClass:organizationalPerson
			objectClass:person
			objectClass:ndsLoginProperties
			objectClass:top
			objectClass:posixAccount
			@

			tips
			. when adding records check that all mandatory fields are included
			. end each record with '@' on a line by itself

		ldapdo -A ldapdo.dat			# add accounts


	. ldapgendo
	
		. script to generate records for ldapdo

			./ldapgendo.pl ldapgen-data.txt >ldapdo.dat

		  see readme-ldapgendo.txt

	. utils/l*2*.pl: scripts to filter/update data from ldapdo

		# these scripts use pipe '|' delimited CSV files

		. To Open a pipe '|' delimited CSV in Excel:
			start Excel
			. file > open > (text files) filename > open > delimited (MS-DOS)
			> (untick) tab, (tick) other: '|' > finish
			OR      
			open CSV in wordpad/notepad
			. copy/paste: from wordpad/notepad into 1st cell of Excel
			. (select first column) > data > text to columns > delimited > next
			> (untick) tab, (tick) other: '|' > finish

			when specifying the pipe '|' delimiter, remember to turn off
			all other delimiters (ie. ',' ';', etc.)

		. use list2ldapdo.pl to generate just one ldapdo record specifying all info from the command line

			# create a dummy CSV with just one record
			# (this info is not used but list2ldapdo.pl requires an input file with at least one record)
			echo -e 'field0\ndummy' >list.txt

			# create one record for ldapdo
			cat list.txt |./list2ldapdo.pl dn:cn=george,ou=parts,ou=astro,dc=acme givenName:George sn:Jetson 'objectClass:top;person;organizationalPerson;inetOrgPerson' >ldapdo.dat

			# add record to ldap with ldapdo
			./ldapdo-acme -A ldapdo.dat

			note: ldapdo-acme is a symlink to ldapdo
			ldapdo-acme.conf is a copy of ldapdo.conf with it's options updated for acme

		. the l*2*.pl scripts are inefficient, but what the heck!

	. errors

		Errors sometimes occur at the line in ldapdo where
		information is sent to the ldap server.
		These errors are often caused by something that
		the ldap server doesn't like about your data.
		Common causes are missing mandatory fields or
		adding an object that already exists.

		Check the ldap SERVER LOGS, they can be helpful in
		determining the cause of errors.

. REVISION HISTORY

. 1.303: update documentation; fix scripts in utils/
. 1.302: update documentation; fix scripts in utils/
. 1.301: update documentation; update usage
. 1.3:   initial realease

. END


Greg Breheny
Source: README.txt, updated 2019-09-30