BASH脚本 - OpenLDAP导入AD组织结构

用途：将AD的组织结构导入OpenLDAP，一般用于OpenLDAP刚刚搭建完毕，第一次向OpenLDAP同步AD的用户

#!/bin/bash
# 预定义参数
AD_DOMAIN=""
AD_ADMIN_DN="CN=,OU=XXX,OU=XXX,DC=XXX,DC=XXX,DC=XXX"
AD_ADMIN_PWD=""
AD_BASE_DN="DC=XXX,DC=XXX,DC=XXX"
LDAP_DOMAIN=""
LDAP_ADMIN_DN="cn=Manager,dc=XXX,dc=XXX,dc=XXX"
LDAP_ADMIN_PWD=""

# 先从AD上获取OU组织信息，并保存成ldif文件
/usr/bin/ldapsearch -x -H ldaps://${AD_DOMAIN}:636 "(&(objectClass=top)(objectClass=organizationalUnit))" dn objectClass ou -D "${AD_ADMIN_DN}" -w "${AD_ADMIN_PWD}" -b "${AD_BASE_DN}" -L > /root/OpenLdapShell/Tmp_ldapgroup.ldif

# 导入AD的组织结构
/usr/bin/ldapadd -x -c -w "${LDAP_ADMIN_PWD}" -D "${LDAP_ADMIN_DN}" -f /root/OpenLdapShell/Tmp_ldapgroup.ldif  > /dev/null 2>&1

# 把所有的OU都查出来，为一会导入用户做准备，因为现在AD的人数太多了，所以只能按OU分别导入/更新
/usr/bin/ldapsearch -x -H ldaps://${AD_DOMAIN}:636 "(&(objectClass=top)(objectClass=organizationalUnit))" dn -D "${AD_ADMIN_DN}" -w "${AD_ADMIN_PWD}" -b "${AD_BASE_DN}" -L |php /root/OpenLdapShell/utf8ldif.php > /root/OpenLdapShell/Tmp_ldapgroup_utf8.ldif

# 整理一下LDAP OU的文件，把version，注释之类的都去掉，只留OU的dn信息
/usr/bin/sed -i "/^#/d" /root/OpenLdapShell/Tmp_ldapgroup_utf8.ldif
/usr/bin/sed -i "/^version/d" /root/OpenLdapShell/Tmp_ldapgroup_utf8.ldif
/usr/bin/sed -i "/^[[:space:]]*$/d" /root/OpenLdapShell/Tmp_ldapgroup_utf8.ldif
/usr/bin/sed -i "s/^dn: //g" /root/OpenLdapShell/Tmp_ldapgroup_utf8.ldif

# 开始循环读取OU，一行就是一个OU
while read LINE
do
    # 获取这个OU下的所有用户，并保存成ldif文件
    /usr/bin/ldapsearch -x -H ldaps://${AD_DOMAIN}:636 "(&(objectClass=organizationalPerson)(!(objectClass=computer)))" dn objectClass cn description sAMAccountName uSNCreated -D "${AD_ADMIN_DN}" -w "${AD_ADMIN_PWD}" -b "${LINE}" -L > /root/OpenLdapShell/Tmp_ldapuser.ldif

    # 整理一下ldif的文件，使其适应openldap的导入格式
    /usr/bin/sed -i "/^sAMAccountName: /H;s/^sAMAccountName: /userPassword: {SASL}/;x"  /root/OpenLdapShell/Tmp_ldapuser.ldif
    /usr/bin/sed -i "/^objectClass: user/d" /root/OpenLdapShell/Tmp_ldapuser.ldif
    /usr/bin/sed -i "/^cn:/H;s/^cn:/sn:/;x"  /root/OpenLdapShell/Tmp_ldapuser.ldif
    /usr/bin/sed -i "s/^sAMAccountName:/uid:/g" /root/OpenLdapShell/Tmp_ldapuser.ldif
    /usr/bin/sed -i "/^objectClass: organizationalPerson/H;s/^objectClass: organizationalPerson/objectClass: inetOrgPerson/;x"  /root/OpenLdapShell/Tmp_ldapuser.ldif
    /usr/bin/sed -i "s/^uSNCreated:/employeeNumber:/g" /root/OpenLdapShell/Tmp_ldapuser.ldif

    # 导入用户
    /usr/bin/ldapadd -c -x -w "${LDAP_ADMIN_PWD}" -D "${LDAP_ADMIN_DN}" -f /root/OpenLdapShell/Tmp_ldapuser.ldif > /dev/null 2>&1
done</root/OpenLdapShell/Tmp_ldapgroup_utf8.ldif

# 删除临时文件
/usr/bin/rm -rf /root/OpenLdapShell/Tmp*