eDirectory Mass Change Scripts

Sorry its been so long, but its been quite busy of late.   However, recently I was tasked with the disablement of accounts in eDirectory.   I wrote a Perl Script that accomplished that goal.   Considering it was my first Perl Script, it went quite well.   You must use a Linux Box to do this.   Make sure you get the right certificate from the CA.    You need both the Public\Private key not the self signed certificate from the CA

Here it is:

#!/usr/bin/perl -w

$server = "192.168.1.100";
$port = "389";
$admin = "cn=admin,o=montefiore";
$pw = "password";

use Net::LDAP;
use Net::LDAPS;
use Net::LDAP::Entry;
use Net::LDAP::Util qw(ldap_error_name ldap_error_text);

$a = $server.$port; $a = $a;

$ldap = Net::LDAP->new('192.168.1.100', version => 3);

if (defined($ldap))
{
 print "ldap OK\n";
}
else
{
 die "Could not get ldap:$!\n";
}

$mesg = $ldap->start_tls(
   verify => 'require',
   cafile => 'monteca.pem',
#   clientcert => 'servercert.pem',
#   clientkey  => 'serverkey.pem',
#   keydecrypt => sub { 'simple';},
   capath => '/home/lturkin/scripts'
     );

if (defined($mesg))
{
 
 my $mcode = $mesg->code();
 if ($mcode)
 {
  my $merr = ldap_error_name($mcode);
  my $txtmsg = ldap_error_name($mcode) .":".ldap_error_text($mcode);
  die "Error with start_tls:$txtmsg\n";
 }
 else
 {
  print "start_tls seems OK\n";
 }
}
else
{
 print "mesg not defined\n";
}

print "Subject DN: " . $ldap->certificate->subject_name ."\n";

$mesg = $ldap->bind($admin, password => $pw);

if (defined($mesg))
{
 
 my $mcode = $mesg->code();
 if ($mcode)
 {
  my $merr = ldap_error_name($mcode);
  my $txtmsg = ldap_error_name($mcode) .":".ldap_error_text($mcode);
  die "Error with bind:$txtmsg\n";
 }
 else
 {
  print "bind seems OK\n";
 }
}
else
{
 print "mesg not defined after bind\n";
}

open (DATA, "attributes.txt") or die "an error occured: $!";

while (defined($line = <DATA>)
{
 chop $line;
 ($field1,$field2,$field3,$field4) = split'#', $line;
 print "$field1,$field2,$field3,$field4\n";
 $mesg = $ldap->modify("$field1",
   add => [
    "loginExpirationTime" => "$field2",
    "Description" => "$field4"]);

}
close (DATA);
          

if (defined($mesg))
{
 
 my $mcode = $mesg->code();
 if ($mcode)
 {
  my $merr = ldap_error_name($mcode);
  my $txtmsg = ldap_error_name($mcode) .":".ldap_error_text($mcode);
  die "Error with Modification:$txtmsg\n";
 }
 else
 {
  print "Modification seems OK\n";
 }
}
else
{
 print "mesg not defined after modification\n";
}

$mesg = $ldap->unbind;

Posted by Larry Turkin at 5/22/2009 7:06 AM
Categories: uncategorized
 

What did you think of this article?




Trackbacks
Trackback specific URL for this entry
  • No trackbacks exist for this entry.
Comments
  • No comments exist for this entry.
Leave a comment

Submitted comments will be subject to moderation before being displayed.

 Enter the above security code (required)

 Name

 Email (will not be published)

 Website

Your comment is 0 characters limited to 3000 characters.