How to Disabled LDAP Accounts Status


LDAP is powerful database to store User’s information in DIT db as Globally LDIF format.

Get below knowledge of Linux Open LDAP, That how to disable one or bulk users in LDAP.

I have create three scripts for LDAP db updation, scripts one will get DN Data from LDAP backup file

LDAP Backup command:
/usr/local/openldap/bin/ldapsearch -x -h -D "dc=knowledge,dc=com" -w "password123" -b "ou=QMAIL-LDAP" > dump.ldif

Scripts::1 create two file first “/tmp/disable_account.txt” and second file should backup file “dump.ldif1”

while read qmailid
dndata=$(cat /dump.ldif1| grep uid=$qmailid)
cat /dump.ldif1| grep uid=$qmailid
if [ $? -eq 0 ];then
echo  "$dndata" >>/tmp/disable_account_dn.txt
else echo "$qmailid dn not found.......";fi

Now above scripts send output in “/tmp/disable_account_dn.txt” file, now you have All DN of given mail-ID or Accounts.

Scripts::2  Above scripts such as convertor from “CN” to Complete “DN”. now use DN output file in below scripts as input file, and create multiple files based on lines in input file in specify location “path”.

while read dndata
mailid=$(echo $dndata | cut -d "=" -f2|cut -d "," -f1)
touch $path/Disabled_Account_"$mailid".ldif
echo "dn: $dndata" > $path/Disabled_Account_"$mailid".ldif
echo  "changetype: modify" >>$path/Disabled_Account_"$mailid".ldif
echo "replace: accountStatus" >>$path/Disabled_Account_"$mailid".ldif
echo "accountStatus: disabled" >>$path/Disabled_Account_"$mailid".ldif

Scripts::3 Now all .ldif file will be save in given path “/disabled_ldap_accounts_status/10july15”. process all files with below scripts to update account status in LDAP.

ls -1 $path >/tmp/ldap_account_disable_file_name.txt
while read line
/usr/local/openldap/bin/ldapmodify -h -D "dc=knowledge,dc=com" -w "password123" -f $path/$line

Now verify some random account with below command.

/usr/local/openldap/bin/ldapsearch -x -h -D "dc=knowledge,dc=com" -w "pasword123" -b "cn=vikas,ou=it,dc=knowledge,dc=com"