openldap 操作实战(修改用户属性)
批量修改用户的家目录:
编辑批量用户名,及要修改的属性
执行功能:
查找包含字符串fuckyou 或者 zhangsan的行
[root@jumpserver tmp]# ldapsearch -x -b "dc=alon,dc=com" | grep -i "fuckyou\|zhangsan"
sudoUser: zhangsan
# zhangsan, People, alon.com
dn: uid=zhangsan,ou=People,dc=alon,dc=com
uid: zhangsan
cn: zhangsan
homeDirectory: /mnt/home/zhangsan
# zhangsan, Group, alon.com
dn: cn=zhangsan,ou=Group,dc=alon,dc=com
cn: zhangsan
# fuckyou, People, alon.com
dn: uid=fuckyou,ou=People,dc=alon,dc=com
uid: fuckyou
cn: fuckyou
homeDirectory: /mnt/home/fuckyou
# fuckyou, Group, alon.com
dn: cn=fuckyou,ou=Group,dc=alon,dc=com
cn: fuckyou
修改密码:
[root@jumpserver tmp]# cat zhangsan.ldif
dn: uid=zhangsan,ou=People,dc=alon,dc=com
changetype:modify
replace:userPassword
userPassword: 123456
openldap 添加组:
[root@al-bj-op-jumpserver ~]# cat group2.ldif
dn: cn=yygrp,ou=Group,dc=alon,dc=com
objectClass: posixGroup
objectClass: top
gidNumber: 1008
ldapadd -x -W -D "cn=admin,dc=alon,dc=com" -f group2.ldif
查找用户名:
ldapsearch -x -b "dc=alon,dc=com" '(uid=zhangsan)’
配置要修改:
[root@al-bj-op-jumpserver ~]# cat file1.ldif
dn: cn=yygrp,ou=Group,dc=alon,dc=com
changetype: modify
add: memberuid
memberuid: zhangsan
gidNumber: 1008
修改用户名,添加到组:
ldapmodify -x -W -D "cn=admin,dc=alon,dc=com" -f file1.ldif
在客户端执行id zhangsan
[root@al-bj-yunying-dev01 ~]# id zhangsan
uid=5071(zhangsan) gid=5071(zhangsan) groups=5071(zhangsan),1008(yygrp)
利用脚本生成模版:
[root@al-bj-op-jumpserver ~]# cat group.sh
#!/bin/bash
username=$1
if [ $# -lt 1 ];then
echo "Usage: `basename $0` username"
exit 1
fi
case $username in
[a-zA-Z]*)
cat >> grp.ldif <
dn: cn=yygrp,ou=Group,dc=alon,dc=com
changetype: modify
add: memberuid
memberuid: $username
EOF
;;
[0-9]*)
echo "Plz input the username"
;;
*)
echo "Usage: `basename $0` username"
;;
esac
exit 0
利用python调用shell脚本实现模版的快速创建:
#!/usr/bin/python
import os
import subprocess
userlist = ['zhenyujian','zhangbing','yanlingling','xiabaiyang','wengshengli','wangzhigang','taoyaping','peilonghui','liuxiaopeng','lixuan','lixiaobin','lijianxiang','hanrui','fubaokui','fanyixin','chenxiaoming','chenlong','baiyue']
for user in userlist:
subprocess.Popen(["bash", "/root/group.sh", user])
python add.py
生成的grp.ldif文件:
1 dn: cn=yygrp,ou=Group,dc=alon,dc=com
2 changetype: modify
3 add: memberuid
4 memberuid: zhenyujian
5
6 dn: cn=yygrp,ou=Group,dc=alon,dc=com
7 changetype: modify
8 add: memberuid
9 memberuid: zhangbing
10
11 dn: cn=yygrp,ou=Group,dc=alon,dc=com
12 changetype: modify
13 add: memberuid
14 memberuid: yanlingling
15
16 dn: cn=yygrp,ou=Group,dc=alon,dc=com
17 changetype: modify
18 add: memberuid
19 memberuid: xiabaiyang
20
21 dn: cn=yygrp,ou=Group,dc=alon,dc=com
22 changetype: modify
23 add: memberuid
24 memberuid: wengshengli
25
26 dn: cn=yygrp,ou=Group,dc=alon,dc=com
27 changetype: modify
28 add: memberuid
29 memberuid: wangzhigang
30
31 dn: cn=yygrp,ou=Group,dc=alon,dc=com
32 changetype: modify
33 add: memberuid
34 memberuid: taoyaping
35
36 dn: cn=yygrp,ou=Group,dc=alon,dc=com
37 changetype: modify
38 add: memberuid
39 memberuid: liuxiaopeng
40
41 dn: cn=yygrp,ou=Group,dc=alon,dc=com
42 changetype: modify
43 add: memberuid
44 memberuid: peilonghui
45
46 dn: cn=yygrp,ou=Group,dc=alon,dc=com
47 changetype: modify
48 add: memberuid
49 memberuid: lixuan
50
51 dn: cn=yygrp,ou=Group,dc=alon,dc=com
52 changetype: modify
53 add: memberuid
54 memberuid: lixiaobin
55
56 dn: cn=yygrp,ou=Group,dc=alon,dc=com
57 changetype: modify
58 add: memberuid
59 memberuid: lijianxiang
60
61 dn: cn=yygrp,ou=Group,dc=alon,dc=com
62 changetype: modify
63 add: memberuid
64 memberuid: hanrui
65
66 dn: cn=yygrp,ou=Group,dc=alon,dc=com
67 changetype: modify
68 add: memberuid
69 memberuid: fubaokui
70
71 dn: cn=yygrp,ou=Group,dc=alon,dc=com
72 changetype: modify
73 add: memberuid
74 memberuid: fanyixin
75
76 dn: cn=yygrp,ou=Group,dc=alon,dc=com
77 changetype: modify
78 add: memberuid
79 memberuid: chenxiaoming
80
81 dn: cn=yygrp,ou=Group,dc=alon,dc=com
82 changetype: modify
83 add: memberuid
84 memberuid: chenlong
85
86 dn: cn=yygrp,ou=Group,dc=alon,dc=com
87 changetype: modify
88 add: memberuid
89 memberuid: baiyue
执行批量修改用户到指定组:
ldapmodify -x -D cn=admin,dc=alon,dc=com -W -f grp.ldif
修改目标机器具有sudo su - root的权限