Hi, I am fairly new to the Linux world and am trying to get my Active Directory to sync with Google Apps. I have used Google Apps Directory Sync tool to set this up, but I only want the sync to run when someone changes their password. So that I don't run the sync every five minutes unnecessarily.
To achieve this, I am trying to write a bash script that will use ldapsearch to query AD for all users and sort by the division attribute. Since that is where the hash password is being stored using the sha1hexfltr (http://code.google.com/p/sha1hexfltr/
I then want this to be exported into a file and have the script always comparing the new exported file to the old one. Then if the script is different (having a different value in the division attribute, signifying a changed password), then it will run the sync.
I am planning on scheduling this as a chron job about every five minutes, and then the goal will be that it kicks off the ad -> google sync only when a password has changed.
The first part of this I am working on is the ldapsearch.
This is what I have so far...
ldapsearch -x -LLL -h "220.127.116.11" -p 389 -D "CN=John Smith,OU=admin,OU=example,DC=ldap,DC=acme,DC=com" -b "DC=ldap,DC=acme,DC=com" -w "password" -S division
This works with a "-W" and prompts for a password, but when I try to do a "-w", it gives an error that says
"bash: password: event not found"
Since I am trying to include this in a bash script, my goal is to not have to be prompted for a password. I also tried setting up SASSL, but was unsuccessful with this method as well. Any help would be greatly appreciated.
Please let me know if this all makes sense or if I need to include additional information with this.