LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices

Reply
 
Search this Thread
Old 09-20-2012, 01:30 PM   #1
sangal_ak04
LQ Newbie
 
Registered: Sep 2008
Posts: 27

Rep: Reputation: 0
Unhappy Find a user exists in Windows Active Directory or LDAP using a shell script


Hi

I'm trying to see what command / script can I use to find out a user "c123456" or "e123456" or "u123344" exists in Windows Active Directory or LDAP from a Linux machine.

I know ldapsearch command will be used but not recalling what all options I can use to test this.

The script will echo if user exists or not.

Lets say my LDAP url is:
"ldap://10.111.262.12:389/OU=TSH,DC=tsh,DC=company,DC=com?sAMAccountName"


Need help. Thanks.
 
Old 09-20-2012, 02:16 PM   #2
hean01
LQ Newbie
 
Registered: Aug 2012
Location: Norrkoping, Sweden
Distribution: Fedora, Ubuntu, CentOS, RHEL
Posts: 23

Rep: Reputation: Disabled
Something like this ? (be aware of non tested script...)

/Henrik

Code:
#!/bin/bash
URI=ldap://10.111.262.12:389
BASE="OU=TSH,DC=tsh,DC=company,DC=com"
FILTER="(sAMAccountName=$1)"

ldapsearch -x -H$URI -b$BASE $FILTER | grep numEntries > /dev/null
if [ $? -eq 0 ]; then
  echo User $1 found.
fi
 
Old 09-20-2012, 05:04 PM   #3
sangal_ak04
LQ Newbie
 
Registered: Sep 2008
Posts: 27

Original Poster
Rep: Reputation: 0
Getting this error:

# search result
search: 2
result: 1 Operations error
text: 00000000: LdapErr: DSID-0C090627, comment: In order to perform this ope
ration a successful bind must be completed on the connection., data 0, vece



(when running with sh -x option):
...
+ grep numEntries
+ '[' 1 -eq 0 ']'
...




Quote:
#!/bin/bash
URI="ldap://10.111.262.12:389"
BASE="OU=TSH,DC=tsh,DC=company,DC=com";
userid="$1";
if [[ "${userid}" == "" ]]; then echo -ne "\n\nPlease enter the user id (Windows Active Directory): "; read userid; fi
echo -e "\n\nUser id provided is: ${userid}\n\n";

FILTER="(sAMAccountName=${userid})";

ldapsearch -x -H $URI -b $BASE $FILTER | grep numEntries > /dev/null
if [ $? -eq 0 ]; then
echo User $userid - Found.
else
echo User $userid - NOT FOUND;
fi

Last edited by sangal_ak04; 09-20-2012 at 06:30 PM.
 
Old 09-20-2012, 06:15 PM   #4
sangal_ak04
LQ Newbie
 
Registered: Sep 2008
Posts: 27

Original Poster
Rep: Reputation: 0
OK solved.

Changed the command in the script to:
========

Quote:
ldapsearch -H ldap://10.111.262.12:389 -b "OU=TSH,DC=tsh,DC=company,DC=com" -D "cn=a_valid_cn_id,OU=Services,OU=Users,OU=Infrastructure,OU=DEN,OU=TSH,DC=tsh,DC=company,DC=com" -w "password_of_cn_id_for_basedn_authentication" '(sAMAccountName=c123456)' -LLL mail | grep "mail:" >/dev/null

worked, fine.


NOTE:
you can use:
Quote:
ldapsearch -H ldap://10.111.262.12:389 -b "OU=TSH,DC=tsh,DC=company,DC=com" -D "cn=a_valid_cn_id,OU=Services,OU=Users,OU=Infrastructure,OU=DEN,OU=TSH,DC=tsh,DC=company,DC=com" -w "password_of_cn_id_for_basedn_authentication" '(sAMAccountName=c123456)' -LLL
command to see more fields about the user c123456.


For ex: after -LLL in the command, if you those fields as per the command below, for ex:

Quote:
ldapsearch -H ldap://10.111.262.12:389 -b "OU=TSH,DC=tsh,DC=company,DC=com" -D "cn=a_valid_cn_id,OU=Services,OU=Users,OU=Infrastructure,OU=DEN,OU=TSH,DC=tsh,DC=company,DC=com" -w "password_of_cn_id_for_basedn_authentication" '(sAMAccountName=c123456)' -LLL cn sAMAccountName name company l sn givenName
it will list cn, sAMAccountName name company (of the user), sn surname of the user, etc.. whatever field you'll give.


Just wondering how to run this command with -w <password> thing.

etc etc...

Last edited by sangal_ak04; 09-20-2012 at 06:25 PM.
 
Old 09-20-2012, 06:37 PM   #5
sangal_ak04
LQ Newbie
 
Registered: Sep 2008
Posts: 27

Original Poster
Rep: Reputation: 0
Final script:

Quote:
#!/bin/bash
URI="ldap://10.111.262.12:389"
BASE="OU=TSH,DC=tsh,DC=company,DC=com";
BIND="cn=a_valid_cn_id,OU=Services,OU=Users,OU=Infrastructure,OU=DEN,OU=TSH,DC=tsh,DC=company,DC=com ";

userid="$1";
if [[ "${userid}" == "" ]]; then echo -ne "\n\nPlease enter the user id (Windows Active Directory): "; read userid; fi
FILTER="(sAMAccountName=${userid})";

ldapsearch -x -H "$URI" -b "$BASE" -D "${BIND}" $FILTER -w "password_of_cn_id_for_bind_basedn_authentication" -LLL mail | grep "mail:" > /dev/null
if [ $? -eq 0 ]; then
echo -e "\n\nUser ${userid} - Found.\n\n";
else
echo -e "\n\nUser ${userid} - NOT FOUND.\n\n";
fi
 
  


Reply

Tags
active directory, ldap, ldapsearch, shell script, user


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Kerberos/LDAP against Windows Server 2008 Active Directory - requires local user jrella Linux - Enterprise 6 09-05-2012 03:58 PM
Shell script to check whether directory exists on remote server sudhirav Programming 10 01-18-2011 05:39 PM
integrate Windows Active Directory with LDAP yasir.iqbal Linux - Server 1 05-14-2010 06:28 AM
check if directory exists using shell script v333k Programming 9 04-23-2009 09:29 AM
Find if a directory exists in a gawk script duparcmeur Linux - Newbie 2 04-02-2008 01:57 PM


All times are GMT -5. The time now is 07:42 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration