Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 293 lines (203 sloc) 6.638 kb
b3408ec @gbarr Moved files back
gbarr authored
1 #!/usr/local/bin/perl
2
3 #printMembers.pl
4 #given the name of a group (assume object class is groupOfUniqueNames) will
5 #display the members of the group including members of any groups that may be a member
6 #of the original group
7
8 #*Now Handles Netscape Dynamic Groups*
9 #
10 #By default it will display the DN of the member entries, you can specify a particular
11 #attribute you wish to display instead (e.g. mail attribute)
12
13 #example: printMembers.pl -n "Accounting Managers"
14
15
16 #optionally you can also specify the host, port, binded search and search base.
17
18 #Mark Wilcox mark@mjwilcox.com
19 #
20 #first version: August 8, 1999
21 #second version: August 15, 1999
22
23 use strict;
24 use Carp;
25 use Net::LDAP;
26 use URI;
27 use vars qw($opt_h $opt_p $opt_D $opt_w $opt_b $opt_n $opt_a );
28 use Getopt::Std;
29
30 my $usage = "usage: $0 [-hpDwba] -n group_name";
31
32 die $usage unless @ARGV;
33
34 getopts('h:p:D:w:b:n:a:');
35
36 die $usage unless ($opt_n);
37
38
39 my $DEBUG = 0; #DEBUG 1 if you want debugging info
40 #get configuration setup
41 $opt_h = "airwolf" unless $opt_h;
42 $opt_p = 389 unless $opt_p;
43 $opt_b = "o=airius.com" unless $opt_b;
44
45
46 my $isGroup = 0; #checks for group or not
47
48 my $ldap = new Net::LDAP ($opt_h, port=> $opt_p);
49
50 #will bind as specific user if specified else will be binded anonymously
96e9bb2 @marschap use current methods and parameters
marschap authored
51 $ldap->bind($opt_D, password=> $opt_p) || die "failed to bind as $opt_D";
b3408ec @gbarr Moved files back
gbarr authored
52
53
54 #get the group DN
55 my @attrs = ['dn'];
56 eval
57 {
58 my $mesg = $ldap->search(
59 base => $opt_b,
60 filter => "(&(cn=$opt_n)(objectclass=groupOfUniqueNames))",
61 attrs => @attrs
62 );
63
64 die $mesg->error if $mesg->code;
65
66 my $entry = $mesg->pop_entry();
67
68 my $groupDN = $entry->dn();
69
70 &printMembers($groupDN,$opt_a);
71 $isGroup = 1;
72 };
73
74 print "$opt_n is not a group" unless ($isGroup);
75
76 $ldap->unbind();
77
78
79 sub printMembers
80 {
81 my ($dn,$attr) = @_;
82
83 my @attrs = ["uniquemember","memberurl"];
84
85 my $mesg = $ldap->search(
86 base => $dn,
87 scope => 'base',
88 filter => "objectclass=*",
89 attrs => @attrs
90 );
91
92 die $mesg->error if $mesg->code;
93
94 #eval protects us if nothing is returned in the search
95
96 eval
97 {
98
99 #should only be 1 entry
100 my $entry = $mesg->pop_entry();
101
102 print "\nMembers of group: $dn\n";
103
104 #returns an array reference
96e9bb2 @marschap use current methods and parameters
marschap authored
105 my $values = $entry->get_value("uniquemember", asref => 1);
b3408ec @gbarr Moved files back
gbarr authored
106
107 foreach my $val (@{$values})
108 {
109 my $isGroup = 0; #lets us know if the entry is also a group, default no
110
111 #change val variable to attribute
112
113 #now get entry of each member
114 #is a bit more efficient since we use the DN of the member
115 #as our search base, greatly reducing the number of entries we
116 #must search through for a match to 1 :)
117
118 my @entryAttrs = ["objectclass","memberurl",$attr];
119
120 $mesg = $ldap->search(
121 base => $val,
122 scope => 'base',
123 filter => "objectclass=*",
124 attrs => @entryAttrs
125 );
126
127 die $mesg->error if $mesg->code;
128
129 eval
130 {
131 my $entry = $mesg->pop_entry();
132
133
134 if ($attr)
135 {
96e9bb2 @marschap use current methods and parameters
marschap authored
136 my $values = $entry->get_value($attr, asref => 1);
b3408ec @gbarr Moved files back
gbarr authored
137
138 foreach my $vals (@{$values})
139 {
140 print $vals,"\n";
141 }
142 }
143 else
144 {
145 print "$val\n";
146 }
147
96e9bb2 @marschap use current methods and parameters
marschap authored
148 my $values = $entry->get_value("objectclass", asref => 1);
b3408ec @gbarr Moved files back
gbarr authored
149
150 # This value is also a group, print the members of it as well
151
152
153 &printMembers($entry->dn(),$attr) if (grep /groupOfUniqueNames/i, @{$values});
154 };
155 }
96e9bb2 @marschap use current methods and parameters
marschap authored
156 my $urls = $entry->get_value("memberurl", asref => 1);
b3408ec @gbarr Moved files back
gbarr authored
157 &printDynamicMembers($entry->dn(),$urls,$attr) if ($urls);
158 };
159 return 0;
160 }
161
162
163
164 #prints out a search results
165 #for members of dynamic group (as supported by the Netscape Directory Server)
166
167 #*Note this may or may not return all of the resulting members and their attribute values
168 #depending on how the LDAP connection is binded. Normally users who are not binded as the Directory Manager
169 #are restricted to 2000 or less total search results.
170
171 #In theory a dynamic group could have a million or more entries
172 sub printDynamicMembers
173 {
174 my ($entryDN,$urls,$attr) = @_;
175
176 print "\nMembers of dynamic group: $entryDN\n";
177
178
179 foreach my $url (@{$urls})
180 {
181 print "url is $url\n" if $DEBUG;
182 my $uri;
183 eval
184 {
185 $uri = URI->new($url);
186 } ;
187
188 print "ref ",ref($uri),"\n" if $DEBUG;
189
190 my $base = $uri->dn();
191
192 print "base is $base\n" if $DEBUG;
193 my $scope = $uri->scope();
194
195 my $filter = $uri->filter();
196
197 my @attrs = [$attr];
198
199 my $mesg = $ldap->search(
200 base => $base,
201 scope => $scope,
202 filter => $filter,
203 attrs => @attrs
204 );
205
206 #print results
207
208 my $entry;
209 while ($entry = $mesg->pop_entry())
210 {
211
212 if ($attr)
213 {
96e9bb2 @marschap use current methods and parameters
marschap authored
214 my $values = $entry->get_value($attr, asref => 1);
b3408ec @gbarr Moved files back
gbarr authored
215
216 foreach my $vals (@{$values})
217 {
218 print $vals,"\n";
219 }
220 }
221 else
222 {
223 print $entry->dn(),"\n";
224 }
225 }
226
227 }
228 return 0;
229 }
230
231
232
233 =head1 NAME
234
235 printMembers.pl
236
237 =head1 DESCRIPTION
238
239 Prints out the members of a given group, including members of groups that are also members of the given group.
240
241 Defaults to printing out members by DN, but you can specify other attributes for display
242
243 =head1 USAGE
244
245 perl printMembers.pl -n "Accounting Managers"
246
247 Members of group: cn=Accounting Managers,ou=groups,o=airius.com
248 uid=scarter, ou=People, o=airius.com
249 uid=tmorris, ou=People, o=airius.com
250 cn=HR Managers,ou=groups,o=airius.com
251
252 Members of group: cn=HR Managers,ou=groups,o=airius.com
253 uid=kvaughan, ou=People, o=airius.com
254 uid=cschmith, ou=People, o=airius.com
255 cn=PD Managers,ou=groups,o=airius.com
256
257 Members of group: cn=PD Managers,ou=groups,o=airius.com
258 uid=kwinters, ou=People, o=airius.com
259 uid=trigden, ou=People, o=airius.com
260
261 Here's an example of the same group but instead print the cn attribute
262 of each entry:
263
264 Members of group: cn=Accounting Managers,ou=groups,o=airius.com
265 Sam Carter
266 Ted Morris
267 HR Managers
268
269 Members of group: cn=HR Managers,ou=groups,o=airius.com
270 Kirsten Vaughan
271 Chris Schmith
272 PD Managers
273
274 Members of group: cn=PD Managers,ou=groups,o=airius.com
275 Kelly Winters
276 Torrey Rigden
277
278 And same group but with the mail attribute:
279
280 Members of group: cn=Accounting Managers,ou=groups,o=airius.com
281 scarter@airius.com
282 tmorris@airius.com
283
284 Members of group: cn=HR Managers,ou=groups,o=airius.com
285 kvaughan@airius.com
286 cschmith@airius.com
287
288 Members of group: cn=PD Managers,ou=groups,o=airius.com
289 kwinters@airius.com
290 trigden@airius.com
291
292 =cut
Something went wrong with that request. Please try again.