- #!/bin/bash
- LDAP_SERVER="ldap.example.com"
- IFS=$'\n'
- ldapsearch -LLL -h "$LDAP_SERVER" -x -D uid=diradmin,cn=users,dc=example,dc=com -w password -b cn=groups,dc=example,dc=com '(&(objectClass=posixGroup)(!(cn=Domain*))(!(cn=com.apple.*))(!(cn=admin))(!(cn=staff)))' description apple-group-realname memberUid |
- sed 's/^apple-group-realname:/name:/g' |
- sed 's/cn=groups,dc=example,dc=com/ou=ImportedUsers,dc=ad,dc=example,dc=com/g' |
- while read line ; do
- if [ "$line" != "${line/dn://}" ] ; then
- declare MY_UID="$(echo "$line" | awk -F'[=,]' '/^dn:/{print $2}' )"
- declare MY_CN="$(ldapsearch -LLL -h "$LDAP_SERVER" -x -D uid=diradmin,cn=users,dc=example,dc=com -w password -b cn=groups,dc=example,dc=com "(&(objectClass=posixGroup)(&(cn=$MY_UID)))" apple-group-realname |
- awk /^apple-group-realname:/ |
- sed 's/^apple-group-realname: //g')"
- declare MY_NEWLINE="$(echo "$line" | sed "s/$MY_UID/$MY_CN/g" )"
- echo "$MY_NEWLINE"
- echo "changetype: add"
- echo "objectClass: top"
- echo "objectClass: group"
- echo "objectClass: apple-group"
- echo "groupType: -2147483646"
- echo "cn: $MY_CN"
- echo "sAMAccountName: $MY_UID"
- continue
- fi
- if [ "$line" != "${line/memberUid://}" ] ; then
- declare MY_UID="$(echo $line | awk '/^memberUid:/{print $2}' )"
- if [ "$MY_UID" == root ] ; then
- continue
- fi
- if [ "$MY_UID" == diradmin ] ; then
- continue
- fi
- declare MY_CN="$(ldapsearch -LLL -h "$LDAP_SERVER" -x -D uid=diradmin,cn=users,dc=example,dc=com -w password -b cn=users,dc=example,dc=com "(&(objectClass=posixAccount)(&(uid=$MY_UID)))" cn |
- awk /^cn:/ |
- sed 's/^cn: //g')"
- echo "member: CN=$MY_CN,OU=ImportedUsers,DC=ad,dc=example,dc=com"
- else
- echo "$line"
- fi
- done
Don't like ads? PRO users don't see any ads ;-)
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
create a new version of this paste
RAW Paste Data