LDAPSEARCH

Hi
I have a ldapsearch strings which finds the user accounts which are expired, but i dont know how to ouput the search results to a file and then i want to perform a cron job to delete those dn's which are expired.

 Any Help is greatly appreciated.
Thanks
itsme_asifAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ahoffmannCommented:
ldapsearch ---your options here--- > file

then write a script to extract the DNs from the file and feed it to ldapmodify
after testing the script call it from cron
itsme_asifAuthor Commented:
can you please explain it with an example, especially on how to get the search listing to a file
ahoffmannCommented:
> especially on how to get the search listing to a file

ladpsearch -h your-ldap-server -b your-basedn -s your-scope -D your-binddn -w your-password 'uid=*'
Exploring ASP.NET Core: Fundamentals

Learn to build web apps and services, IoT apps, and mobile backends by covering the fundamentals of ASP.NET Core and  exploring the core foundations for app libraries.

itsme_asifAuthor Commented:
where i do i have to list the file name
ladpsearch -h your-ldap-server -b your-basedn -s your-scope -D your-binddn -w your-password 'uid=*'
ahoffmannCommented:
oops, missed the redirect:

ladpsearch -h your-ldap-server -b your-basedn -s your-scope -D your-binddn -w your-password 'uid=*' > file
itsme_asifAuthor Commented:
Thanks, let me try and get back to u, before that can you please help me out in setting up a shell script which does a search, like the one above.
itsme_asifAuthor Commented:
I got the search results in a file, can you please help me in setting up a shell script?
ahoffmannCommented:
write into a file, let's say myldap:

#! /bin/sh
ladpsearch -h your-ldap-server -b your-basedn -s your-scope -D your-binddn -w your-password 'uid=*' > file


then do:
chmod 555 myldap
./myldap
itsme_asifAuthor Commented:
Thanks so much, i will try it and get back to u
itsme_asifAuthor Commented:
can i do a ldap delete for the dn's in the file using ldapdelete with the file name or do u think i have to parse the file?
ahoffmannCommented:
if you have a ldapdelete command/script then you just need the credentials (binddn) and the cn/dn to be deletet, I only know ldapmodify which is a bit tricky to use ...
itsme_asifAuthor Commented:
i have the following file named ldapsearch


****************************

#!usr/bin/bash
PATH=/usr/local/bin:/sbin:/usr/sbin:/usr/bin:/usr/ccs/bin:/usr/ucb:/usr/dt/bin:/usr/openwin/bin:/usr/local/sbin:/usr/platform/sun4u/sbin

export PATH

ldapsearch -D "cn=Directory Manager" -h some.tld -p 389 -w **secret**
-b "ou=External,dc=portal,dc=sss,dc=net" -u  smapsNextAction=99999* >ldapsearch_output.ldif

*********************************

But when i execute ./ldapsearch
i get
 ksh  ./ldapsearch : not found

I also made sure the Bash path is rite, but it doesnot seem to work, please help
ahoffmannCommented:
sound like you have SunONE Directory Server or older iPlanet/Netscape.
They usually install in their private directory. Add the proper path to ldapserach ro your PATH variable in the script

Also:
you have a hashbang line /usr/bin/bash
but you get an error
>  ksh  ./ldapsearch : not found
either you called the wrong script or it is not executable
itsme_asifAuthor Commented:
i got the script to work , i must have made a mistake, anyways can you please work me how to set up a cron job for the script which does an ldapsearch ouputs the search results to a file and do a ldapdelete on the entries in the file.
ahoffmannCommented:
man crontab
man 5 crontab

then either write call

  crontab -e

and type in something like:

42 01 * * * /full/path/to/your/ldapsearch-script

After you save the file (exit crontab -e) cron automatically start at the time you specified
itsme_asifAuthor Commented:
can you please, verify my ldapdelete command, it is not working

 ldapdelete -D "cn=Directroy Manager ,ou=External,dc=portal,dc=sss,dc=net" -h some.tld -p 55389 -w *secret*  -f testsearch.ldif
ahoffmannCommented:
your ldap sounds good if testsearch.ldif only contains a valid dn
What error do you get?
itsme_asifAuthor Commented:
i have the following ldapdelete command where in the i want to delete the entry uid=hyundai,

ldapdelete -h oh18ux26.ss.net -p 55389 -D "cn=Directroy Manager ,ou=External,dc=portal,dc=ss,dc=net" -w secret -c "uid=hyundai,ou=External,dc=portal,dc=ss,dc=net"

but then i get the following errors
ldap_simple_bind: No such object
ldap_simple_bind: matched: ou=external,dc=portal,dc=ss,dc=net

sorry for posting the password
please help


ahoffmannCommented:
your binddn is wrong, probably it's only "cn=Directroy Manager", while "ou=External,dc=portal,dc=ss,dc=net"  is your basedn
itsme_asifAuthor Commented:
yeah it was my ldapdelete is now working for a single user dn, however when i try to delete the entries in the file it is not working my file is something like this
dn: uid=testprod,ou=people,ou=0007688640,ou=Customer,ou=External,dc=portal,dc=
 ss,dc=net
ufn: testprod,people,0007688640,Customer,External,portal,reyrey,net
smapsNextAction: 99999999999999Z CYCLE COMPLETE
smapsTotalLogins: 2

and the delete command is going thro line by line and throws the following errors
deleting entry dn: uid=testprod,ou=people,ou=0007688640,ou=Customer,ou=External,dc=portal,dc=s
ldap_delete_s: No such object

deleting entry  s,dc=net
ldap_delete_s: No such object

Is there any way where i can filter the search so that it outputs only the dn's one per line or do i parse the output, please suggest a way
itsme_asifAuthor Commented:
I made it work, i just filtered the ldapsearch for dn and the ldapdelete worked perfect but then i still be needing help on the cron job,
do i have to create a cron file just like shell script say if i have a shell script which does ldapsearch and ldapdelete can you please tell me what are all the steps to do to set up a cron job (please in detail), i am new to cron
ahoffmannCommented:
you have complete LDAP entries in your file
restrict the attributes of your (ldap)search to just output the dn
ahoffmannCommented:
assuming you have a script named ldapsearchg-script which contains your ldapsearch and ldapdelete call, then write your crontab entrie as follows:

42 01 * * * /full/path/to/your/ldapsearch-script
itsme_asifAuthor Commented:
does it have to a file, sorry to ask dumb questions, but where do u configure this command
42 01 * * * /full/path/to/your/ldapsearch-script

a)is that something that will work in command line
b)you had said about 'exit crontab -e', can you explain me that please
ahoffmannCommented:
> but where do u configure this command
http:#16430173

a) no
b) cannot be explained *before* you get used to crontab, please read man pages

3 days of try&error can save 5 minutes reading
itsme_asifAuthor Commented:
I have set up the cronjob and i am waiting for it to work

30 10  * * * /export/home/user/testdev_delete > /dev/null 2>&1
will let you know the status
ahoffmannCommented:
>  ... > /dev/null 2>&1
you better omit this while testing
itsme_asifAuthor Commented:
when i do cron job for the sript which has the ldapsearch which ouputs to a file and ldapdelete command which deletes the dn's from the file. when i do just my ldapsearch and ldapdelete in a script i get a output file but when i do it through a cronjob i dont get a file however the entries are deleted?
can you please explain me on that/
ahoffmannCommented:
> .. but when i do it through a cronjob i dont get a file however the entries are deleted
are you telling me that it working without being working?

In your script use full path to all programs and scripts.
Also redirect anything to a logfile.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
itsme_asifAuthor Commented:
when i do my ldapsearch as normal user the dn's are listed in a single line and there is no problem using ldapdelete, however if i use the same ldapsearch as a root the dn's are broken in to two lines and the ldapdelete could not delete those entries, can you please help, how can i go about and make the dn to be listed in one single line
ahoffmannCommented:
ldap always breaks lines, nevertheless which user you are
probably you bind as another user which has other properties. Use the same binddn.
Also if you feed the output.ldif to ldapdelete it should take care of broken lines 'cause continue lines start with a space.
itsme_asifAuthor Commented:
i am using exaclty the the binddn and the ldapdelete command is not working fine if the dn is of two lines, why does the output is the way i expected as one user and different when i log in as a root.
itsme_asifAuthor Commented:
Hi,
can i make these two lines in to one single line using 'sed'
uid=idmtest,ou=people,ou=0007XXXXX,ou=Customer,ou=External,dc=portal,dc=asd
as,dc=net

can you please help me how to do it?
Artysystem administratorCommented:
You need concatenate lines which are started with ' ' space with previous line?

That's easy in awk, not in sed:
awk -s '/^ /{s=s substr($0,2)};/^[^ ]/||/^$/{if (NR!=1) print s; s=$0};END{print s}' file.txt

where file.txt - what you need to convert
ahoffmannCommented:
Nopius, up to know the ldif file is not processed by shell, it's just feed into another ldap* command, which should take care about the concatenation syntax.
Or did I miss some steps, stsme_asif?
Artysystem administratorCommented:
ahoffmann, you are right. You are always right :-)  And you have a devil patience for such long thread...

OK, I aggree with ahoffman, if the output just is feed to another ldap* program, no modification of ldif is needed.

itsme_asifAuthor Commented:
actually ahoffmann ur right, the shell script has two commands

a ldapsearch (ouputs the search results to a file) and ldapdelete (deletes the dn's one line at a time from the file) command.
But since the dn's are broken into two lines the ldapdelete tries to delete the broken lines and the result is "ldap delete could not be completed"

can you experts please help me on a solution
itsme_asifAuthor Commented:
This is the output for yours reference

This is the output
**********************************************************
version: 1
dn: uid=BGILBERT,ou=people,ou=000XXXXX,ou=Customer,ou=External,dc=portal,dc=
 ssss,dc=net
ufn: BGILBERT,people,000XXXXX,Customer,External,portal,ssss,net

dn: uid=mickeymouse,ou=people,ou=000XXXXX,ou=Customer,ou=External,dc=portal,
 dc=ssss,dc=net
ufn: mickeymouse,people,000XXXXX,Customer,External,portal,ssss,net

dn: uid=asif_test,ou=people,ou=000XXXXX,ou=Customer,ou=External,dc=portal,dc
 =ssss,dc=net
ufn: asif_test,people,000XXXXX,Customer,External,portal,ssss,net

dn: uid=chtest,ou=people,ou=000XXXXX,ou=Customer,ou=External,dc=portal,dc=ss
 ss,dc=net
ufn: chtest,people,000XXXXX,Customer,External,portal,ssss,net

dn: uid=acmtest,ou=people,ou=000XXXXX,ou=Customer,ou=External,dc=portal,dc=s
 sss,dc=net
ufn: acmtest,people,000XXXXX,Customer,External,portal,ssss,net

dn: uid=idmtest,ou=people,ou=000XXXXX,ou=Customer,ou=External,dc=portal,dc=s
 sss,dc=net
ufn: idmtest,people,000XXXXX,Customer,External,portal,ssss,net
***********************************************************************

If you could see the dn's are broken into two lines, i want the dn in one single line , something like the following

dn: uid=idmtest,ou=people,ou=000XXXXX,ou=Customer,ou=External,dc=portal,dc=ssss,dc=net
Artysystem administratorCommented:
both records are the same (are they broken or not), as ahoffman said before.
Utilities, supporting LDIF format, interpret these both representations as having equal meaning. If you are hesitating, read http://www.faqs.org/rfcs/rfc2849.html . But I aggree with ahoffman, broken lines are OK.

Your problem not in broken lines, but in deletion itself.
What are you trying do delete? Single attribute of the entry or entry itself? If the entry itself, does it have children?

1) ldapdelete is used only when you are deleting entire entry.
2) ldapmodify is used for deletion of a single attribute.

Anyway your LDIF format is incorrect (read that RFC, there are examples there).
1) For deletion of the entry, don't provide any attribute information to ldapdelete (as ufn:)
2) For deletion of the single attribute use something like this (as input to ldapmodify):
-------
dn: uid=acmtest,ou=people,ou=000XXXXX,ou=Customer,ou=External,dc=portal,dc=s
 sss,dc=net
changetype: modify
delete: ufn

-------
this deletes one ufn attribute.
ahoffmannCommented:
watch out the leading spces in Nopius' previous example!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
System Programming

From novice to tech pro — start learning today.