Jim,
Do you know perl? I would try open(LDAPADD,"|$ldapadd") || die "Didn't work: $!"; then you can print to LDAPADD.
Otherwise, I don't know what to do.
Sorry I can't be more helpful.
-Aaron
--- Jim C <jcllings@tsunamicomm.net> wrote:
I've already given this a try. Either the bash
"here" document isn't working as described or I've got the syntax wrong
(always a possibility) or ldapadd is not set up for it... Something makes
me think that ldapadd might just be a wrapper for ldapmodify. If this
were true then perhaps the correct route might be to go straight to
ldapmodify and not use ldapadd at all. This also might help explain why
previous attempts to write bash scripts for this purpose have not gone so
well.
Another idea might be that we can create (or
borrow?) a file descriptor (without createing a file?) and thus fake the
existance of a file. If we can do this and then store the ldif portion of
the script in it, we might then be able to pass it to ldapadd. This is
essentially what the here document does but I am implying that there
might be another way to do it, i.e. that the here documents functionality
might be composed of other functionalities that exist outside of the here
document.
Yet another idea is to create the ldif file in
memory instead of on disk, if that were possible.
Lastly, I would like to mention that the script
below could be re-enginered as an addendum to the /etc/init.d/ldap
startup script such that the value of the next available user id could
be maintained in a shell variable. Something to think about, although
I am not sure how desireable it would be. There might be security
issues (i.e. Do users have write access to root's shell varialbes?) or
perhaps locking issues if things get dicey.
Jim C.
Aaron wrote:
It reads from standart input. Try: ldapadd -x -D $binddn -w $pw4binddn << EOF #stuff you want to do here EOF
-Aaron
Try --- Jim C <jcllings@tsunamicomm.net> wrote:
OK, I've gotten this far on the bash script I was writing to add a machine. It searches the base for uidNumbers, it sorts the numbers from largest to smallest, takes the first one and adds one to it. No sweat right?
Here is the kicker,how do you get the data to
ldapadd without creating
an ldif file? I've tried an assortment of
redirection techniques and I've also tried the bash "here" document. In
theory, this should be possible but I am having a really tough time
figureing out the syntax.
#!/bin/bash
binddn="cn=root,dc=microverse,dc=net" pw4binddn="passwordgoeshere" ldaphost="ldap://localhost"; base="ou=Computers,dc=microverse,dc=net" minimumUID=500 groupnum=421
store=`ldapsearch -LLL -D $binddn -H $ldaphost
-b$base -x "(cn=*)"
uidNumber | \
grep uidNumber | \
sed -e 's/^uidNumber:
//' | sort -nr | head -n 1`
#It is best not to start at 0 or 1 as these could
be
privledged.
if [ "$store" = "" ] then store=$minimumUID else store=`expr $store + 1` fi
#ldapadd -x -D $binddn -w $pw4binddn line1="dn: uid=$1,ou=Computers,dc=microverse,dc=net\n"; line2="objectClass: top\n" line3="objectClass: account\n" line4="objectClass: posixAccount\n" line5="uidNumber: $store\n" line6="uid: $1\n" line7="cn: $1\n" line8="gidNumber: $groupnum\n" line9="homeDirectory: /dev/null\n" line10="loginShell: /bin/false\n" line11="gecos: Machine Account\n" line12="description: Machine Account\n"
cat $line1 $line2 $line3 $line4 $line5 $line6
$line7
$line8 $line9 $line10 $line11 $line12 > ldapadd -x -D $binddn -w $pw4binddn
echo -e
$line1$line2$line3$line4$line5$line6$line7$line8$line9$line10$line11$line12
__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up
now.
http://mailplus.yahoo.com
__________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com