LDAP is powerful database to store User’s information in DIT db as Globally LDIF format.
Get below knowledge of Linux Open LDAP, That how to disable one or bulk users in LDAP.
I have create three scripts for LDAP db updation, scripts one will get DN Data from LDAP backup file
LDAP Backup command:
/usr/local/openldap/bin/ldapsearch -x -h 192.168.1.1 -D "dc=knowledge,dc=com" -w "password123" -b "ou=QMAIL-LDAP" > dump.ldif
Scripts::1 create two file first “/tmp/disable_account.txt” and second file should backup file “dump.ldif1”
#!/bin/bash while read qmailid do dndata=$(cat /dump.ldif1| grep uid=$qmailid) cat /dump.ldif1| grep uid=$qmailid if [ $? -eq 0 ];then echo "$dndata" >>/tmp/disable_account_dn.txt else echo "$qmailid dn not found.......";fi done</tmp/disable_account.txt
Now above scripts send output in “/tmp/disable_account_dn.txt” file, now you have All DN of given mail-ID or Accounts.
Scripts::2 Above scripts such as convertor from “CN” to Complete “DN”. now use DN output file in below scripts as input file, and create multiple files based on lines in input file in specify location “path”.
#1/bin/bash path=/disabled_ldap_accounts_status/10july15 while read dndata do mailid=$(echo $dndata | cut -d "=" -f2|cut -d "," -f1) touch $path/Disabled_Account_"$mailid".ldif echo "dn: $dndata" > $path/Disabled_Account_"$mailid".ldif echo "changetype: modify" >>$path/Disabled_Account_"$mailid".ldif echo "replace: accountStatus" >>$path/Disabled_Account_"$mailid".ldif echo "accountStatus: disabled" >>$path/Disabled_Account_"$mailid".ldif done</tmp/disable_account_dn.txt
Scripts::3 Now all .ldif file will be save in given path “/disabled_ldap_accounts_status/10july15”. process all files with below scripts to update account status in LDAP.
#!bin/bash path=/disabled_ldap_accounts_status/10july15 ls -1 $path >/tmp/ldap_account_disable_file_name.txt while read line do /usr/local/openldap/bin/ldapmodify -h 192.168.200.67 -D "dc=knowledge,dc=com" -w "password123" -f $path/$line done</tmp/ldap_account_disable_file_name.txt
Now verify some random account with below command.
/usr/local/openldap/bin/ldapsearch -x -h 192.168.200.67 -D "dc=knowledge,dc=com" -w "pasword123" -b "cn=vikas,ou=it,dc=knowledge,dc=com"