[CentOS] ldapsearch -f file doesn't work

Wed Dec 2 13:06:37 UTC 2009
Craig White <craigwhite at azapple.com>

On Wed, 2009-12-02 at 10:48 -0200, Sergio Belkin wrote:
> 2009/12/2 Sergio Belkin <sebelk at gmail.com>:
> > Hi,
> >
> > Firstly, system info:
> >
> > Linux mysystem 2.6.18-53.1.4.el5 #1 SMP Fri Nov 30 00:45:55 EST 2007
> > x86_64 x86_64 x86_64 GNU/Linux
> >
> >
> > I am running ldap on Centos with packages openldap-2.3.27-8.el5_2.4 y
> > openldap-2.3.27-8.el5_2.4
> > I'd want to perform a query that return one attribute. So I did
> > something as follows:
> >
> >
> > ldapsearch -W  -f qbis.ldif -D "cn=Manager,dc=palermo,dc=edu" -b
> > "ou=people,dc=mydomain,dc=edu" -x  legajo
> >
> > (Where legajo is the filter)
> >
> > There is no problem with filter but wih the file "qbis.ldif" which contains:
> >
> >
> > dn: uid=jdoe,ou=people,dc=mydomain,dc=edu
> >
> >
> > Of course I could perform that query with no need of one file, but I
> > need to get "legajo" from around 800 users so it would be nice to be
> > able to use "-f file". I cannot do something like a "loop for" because
> > it would ask me every time the Manager password.
> >
> > Am I doing something wrong or is a ldap bug?
> >
> > Thanks in advance!
> > --
> 
> Ouch, I forget to comment what is the problem, well the problem is
> that query returns all database entries (onlt it works the filter) but
> doesn't honor "-f file" at all. So that was my question, what's wrong
> with that option?
----
I don't know because I haven't figured out how the 'f' option would be
useful to me but I think the way you are trying to do it is clunky...

#!/bin/sh
#
# usage - myldap-search user
#
LDAP_PASSWD="whatever"
BINDDN="cn=Manager,dc=palermo,dc=edu"
BASEDN="ou=people,dc=mydomain,dc=edu"
for i in `cat users.txt` do;
USER_PASSWD = ldapsearch -x\
   -w $LDAP_PASSWORD \
   -D $BINDDN \
   -b uid=$0","$BASEDN \
   legajo
done

or to do a whole shot of users

#!/bin/sh
#
# input file of users = users.txt
#
LDAP_PASSWD="whatever"
BINDDN="cn=Manager,dc=palermo,dc=edu"
BASEDN="ou=people,dc=mydomain,dc=edu"
for i in `cat users.txt` do;
 USER_PASSWD = ldapsearch -x\
   -w $LDAP_PASSWORD \
   -D $BINDDN \
   -b $BASEDN \
   legajo
  echo $i \t $USER_PASSWD >> /tmp/ldap-output.txt
done

Something like that should do it - untested

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.