Skip to content

Instantly share code, notes, and snippets.

@johnfedoruk

johnfedoruk/ldap.sh

Last active August 28, 2020 11:52
Show Gist options
  • Save johnfedoruk/b6dc7fb6539eb57fc89c96867f6796fb to your computer and use it in GitHub Desktop.
Save johnfedoruk/b6dc7fb6539eb57fc89c96867f6796fb to your computer and use it in GitHub Desktop.
Download ZIP
LDAP Search Tool
Raw
ldap.sh
#!/bin/bash
export DN=""
export HOST=""
export SEARCH_BASE=""
usage () {
>&2 echo "LDAP Search Tool"
>&2 echo ""
>&2 echo "Searches LDAP for accounts specified in a given input file. To match, the accoun"
>&2 echo "t's sAMAccountName must match the ID specified in the file line. The match the "
>&2 echo "renders a CSV of specified target information."
>&2 echo ""
>&2 echo " Usage:"
echo " $(basename "$0") [-acgimst] [-p <password>] [-f <file>] [-d <dn>] [-l <host>] [-b base]" | fold -w 80 1>&2
>&2 echo ""
>&2 echo " Options:"
>&2 echo " ---- Print Options -----"
>&2 echo " -c) Print the CSV header"
>&2 echo " -m) Print the mail address (mail)"
>&2 echo " -s) Print the surname (sa)"
>&2 echo " -g) Print the given name (givenName)"
>&2 echo " -i) Print the id (sAMAccountName)"
>&2 echo " -t) Print the job title (title)"
>&2 echo " -a) Print all values"
>&2 echo " ---- LDAP Options -----"
>&2 echo " -p) Password"
>&2 echo " - can also use the prompt"
>&2 echo " - eg: -p <password>"
>&2 echo " -d) DN"
>&2 echo " - can also set in script file"
>&2 echo " - eg: -d <dn>"
>&2 echo " -l) LDAP Host"
>&2 echo " - can also set in script file"
>&2 echo " - eg: -h <host>"
>&2 echo " -b) Search base"
>&2 echo " - can also set in script file"
>&2 echo " - eg: -b <base>"
>&2 echo " ---- Input Options -----"
>&2 echo " -f) File to open"
>&2 echo " - can also use the prompt"
>&2 echo " - eg: -f <file>"
>&2 echo " ---- Help -----"
>&2 echo " -h) Help"
}
if [ "$#" -lt 1 ]; then
>&2 echo "ERROR - Illegal number of parameters"
>&2 echo
usage;
exit 2;
fi
export PRINT_OPTIONS=0
while test $# != 0
do
export match
case "$1" in
# help
-*h*)
usage;
exit 0;
;;
# input options
-f)
shift
export file=$1
;;
# ldap options
-p)
shift
export password=$1
;;
-d)
shift
export DN=$1
;;
-l)
shift
export HOST=$1
;;
-b)
shift
export SEARCH_BASE=$1
;;
# print options
-*)
if [[ $(echo -n "$1" | sed s/[--cmsgita\ ]//g | wc -c ) -gt 0 ]] ; then
unknown=true
fi
;;&
-*c*)
export PRINT_HEADER=true
match=true
PRINT_OPTIONS=$((PRINT_OPTIONS + 1))
;;&
-*m*)
export PRINT_MAIL=true
match=true
PRINT_OPTIONS=$((PRINT_OPTIONS + 1))
;;&
-*s*)
export PRINT_SN=TRUE
match=true
;;&
-*g*)
export PRINT_GIVEN=TRUE
match=true
PRINT_OPTIONS=$((PRINT_OPTIONS + 1))
;;&
-*i*)
export PRINT_ID=TRUE
match=true
PRINT_OPTIONS=$((PRINT_OPTIONS + 1))
;;&
-*t*)
export PRINT_TITLE=TRUE
match=true
PRINT_OPTIONS=$((PRINT_OPTIONS + 1))
;;&
-*a*)
export PRINT_MAIL=true;
export PRINT_SN=true;
export PRINT_GIVEN=true;
export PRINT_ID=true;
export PRINT_TITLE=true;
match=true
PRINT_OPTIONS=$((PRINT_OPTIONS + 1))
;;
*)
if [ ! $match ] ; then
unknown=true
fi
;;
esac
if [ $unknown ] ; then
>&2 echo "ERROR - Unknown command flag '$1'"
>&2 echo
usage;
exit 3;
fi
shift
unset match
done
if [ "$PRINT_OPTIONS" -lt 1 ]; then
>&2 echo "ERROR - No print options specified"
>&2 echo
usage;
exit 2;
fi
if [ -z "$DN" ]; then
>&2 echo "ERROR - You must assign the DN variable in '$0', or using flag options, in order to use this program"
>&2 echo
usage;
exit 1
fi
if [ -z "$HOST" ]; then
>&2 echo "ERROR - You must assign the HOST variable in '$0', or using flag options, in order to use this program"
>&2 echo
usage;
exit 1
fi
if [ -z "$SEARCH_BASE" ]; then
>&2 echo "ERROR - You must assign the SEARCH_BASE variable in '$0', or using flag options, in order to use this program"
>&2 echo
usage;
exit 1
fi
if [ -z "$password" ]; then
>&2 echo -n "Enter password: "
read -s password
>&2 echo
fi
ldapwhoami -h "$HOST" -D "$DN" -x -w "$password" > /dev/null 2>&1
if [ $? -ne 0 ]; then
>&2 echo "ERROR - Invalid password"
exit 4
fi
if [ ! -f "$file" ]; then
>&2 echo -n "Enter id file: "
read -e file
if [ ! -f "$file" ]; then
>&2 echo "ERROR - File not found!"
exit 5
fi
fi
if [ $PRINT_HEADER ]; then
export line
if [ $PRINT_ID ]; then
line="$line,sAMAccountName"
fi;
if [ $PRINT_GIVEN ]; then
line="$line,givenName"
fi;
if [ $PRINT_SN ]; then
line="$line,sn"
fi;
if [ $PRINT_MAIL ]; then
line="$line,mail"
fi;
if [ $PRINT_TITLE ]; then
line="$line,title"
fi;
echo $line | sed s/\,//
unset line
fi
while read -r id;
do
export notfound=$(ldapsearch -h "$HOST" -D "$DN" -w "$password" -b "$SEARCH_BASE" "(sAMAccountName=$id)" 2>/dev/null | grep "dn: ")
if [ -z "$notfound" ]; then
>&2 echo "WARNING - No record for '$id' found "
continue;
fi
export line
if [ $PRINT_ID ]; then
line="$line,$id"
fi;
if [ $PRINT_GIVEN ]; then
export givenName=$(ldapsearch -h "$HOST" -D "$DN" -w "$password" -b "$SEARCH_BASE" "(sAMAccountName=$id)" | grep givenName\:\ | sed s/givenName\:\ // | sed s/\,//g)
line="$line,$givenName"
fi;
if [ $PRINT_SN ]; then
export sn=$(ldapsearch -h "$HOST" -D "$DN" -w "$password" -b "$SEARCH_BASE" "(sAMAccountName=$id)" | grep sn\:\ | sed s/sn\:\ // | sed s/\,//g)
line="$line,$sn"
fi;
if [ $PRINT_MAIL ]; then
export mail=$(ldapsearch -h "$HOST" -D "$DN" -w "$password" -b "$SEARCH_BASE" "(sAMAccountName=$id)" | grep mail\:\ | sed s/mail\:\ // | sed s/\,//g)
line="$line,$mail"
fi;
if [ $PRINT_TITLE ]; then
export title=$(ldapsearch -h "$HOST" -D "$DN" -w "$password" -b "$SEARCH_BASE" "(sAMAccountName=$id)" | grep title\:\ | sed s/title\:\ // | sed s/\,//g)
line="$line,$title"
fi;
echo $line | sed s/\,//
unset notfound
unset id
unset mail
unset sn
unset givenName
unset title
unset line
done < "$file"
exit 0;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment