Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Migrate Splunk users from LDAP to SSO
#!/bin/bash
splunk_home=/opt/splunk/etc
my_users=$splunk_home/apps/my_domain/lookups/my_users.csv
users=$splunk_home/users
authfile=$splunk_home/new-auths.txt
# Clear the auth file
: > $authfile
csvcut -c sAMAccountName,userPrincipalName $my_users | while IFS=, read username mail
do
# lowercase the username
sAMAccountName=${username,,}
# check if user exists
if [[ -d "$users/$sAMAccountName" && $mail != *".local" ]] ; then
# move $sAMAccountName to $mail
echo Moving $users/$sAMAccountName to $users/$mail
mv $users/$sAMAccountName $users/$mail
# Check if the user exists in any meta files
for meta in $(grep -rl $sAMAccountName $splunk_home | egrep '\.meta$') ; do
echo "In $meta, changing owner from $sAMAccountName to $mail"
sed -i "s/$sAMAccountName/$mail/g" $meta
echo "$mail = user" >> $authfile
done
fi
done
cat $authfile | uniq > "uniq-$authfile"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment