LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Programming (http://www.linuxquestions.org/questions/programming-9/)
-   -   Find a user exists in Windows Active Directory or LDAP using a shell script (http://www.linuxquestions.org/questions/programming-9/find-a-user-exists-in-windows-active-directory-or-ldap-using-a-shell-script-4175428260/)

sangal_ak04 09-20-2012 02:30 PM

Find a user exists in Windows Active Directory or LDAP using a shell script
 
Hi

I'm trying to see what command / script can I use to find out a user "c123456" or "e123456" or "u123344" exists in Windows Active Directory or LDAP from a Linux machine.

I know ldapsearch command will be used but not recalling what all options I can use to test this.

The script will echo if user exists or not.

Lets say my LDAP url is:
"ldap://10.111.262.12:389/OU=TSH,DC=tsh,DC=company,DC=com?sAMAccountName"


Need help. Thanks.

hean01 09-20-2012 03:16 PM

Something like this ? (be aware of non tested script...)

/Henrik

Code:

#!/bin/bash
URI=ldap://10.111.262.12:389
BASE="OU=TSH,DC=tsh,DC=company,DC=com"
FILTER="(sAMAccountName=$1)"

ldapsearch -x -H$URI -b$BASE $FILTER | grep numEntries > /dev/null
if [ $? -eq 0 ]; then
  echo User $1 found.
fi


sangal_ak04 09-20-2012 06:04 PM

Getting this error:

# search result
search: 2
result: 1 Operations error
text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform this ope
ration a successful bind must be completed on the connection., data 0, vece



(when running with sh -x option):
...
+ grep numEntries
+ '[' 1 -eq 0 ']'
...




Quote:

#!/bin/bash
URI="ldap://10.111.262.12:389"
BASE="OU=TSH,DC=tsh,DC=company,DC=com";
userid="$1";
if [[ "${userid}" == "" ]]; then echo -ne "\n\nPlease enter the user id (Windows Active Directory): "; read userid; fi
echo -e "\n\nUser id provided is: ${userid}\n\n";

FILTER="(sAMAccountName=${userid})";

ldapsearch -x -H $URI -b $BASE $FILTER | grep numEntries > /dev/null
if [ $? -eq 0 ]; then
echo User $userid - Found.
else
echo User $userid - NOT FOUND;
fi

sangal_ak04 09-20-2012 07:15 PM

OK solved.

Changed the command in the script to:
========

Quote:

ldapsearch -H ldap://10.111.262.12:389 -b "OU=TSH,DC=tsh,DC=company,DC=com" -D "cn=a_valid_cn_id,OU=Services,OU=Users,OU=Infrastructure,OU=DEN,OU=TSH,DC=tsh,DC=company,DC=com" -w "password_of_cn_id_for_basedn_authentication" '(sAMAccountName=c123456)' -LLL mail | grep "mail:" >/dev/null

worked, fine.


NOTE:
you can use:
Quote:

ldapsearch -H ldap://10.111.262.12:389 -b "OU=TSH,DC=tsh,DC=company,DC=com" -D "cn=a_valid_cn_id,OU=Services,OU=Users,OU=Infrastructure,OU=DEN,OU=TSH,DC=tsh,DC=company,DC=com" -w "password_of_cn_id_for_basedn_authentication" '(sAMAccountName=c123456)' -LLL
command to see more fields about the user c123456.


For ex: after -LLL in the command, if you those fields as per the command below, for ex:

Quote:

ldapsearch -H ldap://10.111.262.12:389 -b "OU=TSH,DC=tsh,DC=company,DC=com" -D "cn=a_valid_cn_id,OU=Services,OU=Users,OU=Infrastructure,OU=DEN,OU=TSH,DC=tsh,DC=company,DC=com" -w "password_of_cn_id_for_basedn_authentication" '(sAMAccountName=c123456)' -LLL cn sAMAccountName name company l sn givenName
it will list cn, sAMAccountName name company (of the user), sn surname of the user, etc.. whatever field you'll give.


Just wondering how to run this command with -w <password> thing.

etc etc...

sangal_ak04 09-20-2012 07:37 PM

Final script:

Quote:

#!/bin/bash
URI="ldap://10.111.262.12:389"
BASE="OU=TSH,DC=tsh,DC=company,DC=com";
BIND="cn=a_valid_cn_id,OU=Services,OU=Users,OU=Infrastructure,OU=DEN,OU=TSH,DC=tsh,DC=company,DC=com ";

userid="$1";
if [[ "${userid}" == "" ]]; then echo -ne "\n\nPlease enter the user id (Windows Active Directory): "; read userid; fi
FILTER="(sAMAccountName=${userid})";

ldapsearch -x -H "$URI" -b "$BASE" -D "${BIND}" $FILTER -w "password_of_cn_id_for_bind_basedn_authentication" -LLL mail | grep "mail:" > /dev/null
if [ $? -eq 0 ]; then
echo -e "\n\nUser ${userid} - Found.\n\n";
else
echo -e "\n\nUser ${userid} - NOT FOUND.\n\n";
fi


All times are GMT -5. The time now is 04:19 PM.