How to Disabled LDAP Accounts Status

LDAP

LDAP is powerful database to store User’s information in DIT db as Globally LDIF format.

Get below knowledge of Linux Open LDAP, That how to disable one or bulk users in LDAP.

I have create three scripts for LDAP db updation, scripts one will get DN Data from LDAP backup file

LDAP Backup command:
/usr/local/openldap/bin/ldapsearch -x -h 192.168.1.1 -D "dc=knowledge,dc=com" -w "password123" -b "ou=QMAIL-LDAP" > dump.ldif

Scripts::1 create two file first “/tmp/disable_account.txt” and second file should backup file “dump.ldif1”

#!/bin/bash
while read qmailid
do
dndata=$(cat /dump.ldif1| grep uid=$qmailid)
cat /dump.ldif1| grep uid=$qmailid
if [ $? -eq 0 ];then
echo  "$dndata" >>/tmp/disable_account_dn.txt
else echo "$qmailid dn not found.......";fi
done</tmp/disable_account.txt

Now above scripts send output in “/tmp/disable_account_dn.txt” file, now you have All DN of given mail-ID or Accounts.

Scripts::2  Above scripts such as convertor from “CN” to Complete “DN”. now use DN output file in below scripts as input file, and create multiple files based on lines in input file in specify location “path”.

#1/bin/bash
path=/disabled_ldap_accounts_status/10july15
while read dndata
do
mailid=$(echo $dndata | cut -d "=" -f2|cut -d "," -f1)
touch $path/Disabled_Account_"$mailid".ldif
echo "dn: $dndata" > $path/Disabled_Account_"$mailid".ldif
echo  "changetype: modify" >>$path/Disabled_Account_"$mailid".ldif
echo "replace: accountStatus" >>$path/Disabled_Account_"$mailid".ldif
echo "accountStatus: disabled" >>$path/Disabled_Account_"$mailid".ldif
done</tmp/disable_account_dn.txt

Scripts::3 Now all .ldif file will be save in given path “/disabled_ldap_accounts_status/10july15”. process all files with below scripts to update account status in LDAP.

#!bin/bash
path=/disabled_ldap_accounts_status/10july15
ls -1 $path >/tmp/ldap_account_disable_file_name.txt
while read line
do
/usr/local/openldap/bin/ldapmodify -h 192.168.200.67 -D "dc=knowledge,dc=com" -w "password123" -f $path/$line
done</tmp/ldap_account_disable_file_name.txt

Now verify some random account with below command.

/usr/local/openldap/bin/ldapsearch -x -h 192.168.200.67 -D "dc=knowledge,dc=com" -w "pasword123" -b "cn=vikas,ou=it,dc=knowledge,dc=com"
Tagged with