Tryag File Manager
Home
-
Turbo Force
Current Path :
/
proc
/
self
/
root
/
usr
/
share
/
doc
/
perl-LDAP-0.33
/
contrib
/
Upload File :
New :
File
Dir
//proc/self/root/usr/share/doc/perl-LDAP-0.33/contrib/printMembers.pl
#!/usr/bin/perl #printMembers.pl #given the name of a group (assume object class is groupOfUniqueNames) will #display the members of the group including members of any groups that may be a member #of the original group #*Now Handles Netscape Dynamic Groups* # #By default it will display the DN of the member entries, you can specify a particular #attribute you wish to display instead (e.g. mail attribute) #example: printMembers.pl -n "Accounting Managers" #optionally you can also specify the host, port, binded search and search base. #Mark Wilcox mark@mjwilcox.com # #first version: August 8, 1999 #second version: August 15, 1999 use strict; use Carp; use Net::LDAP; use URI; use vars qw($opt_h $opt_p $opt_D $opt_w $opt_b $opt_n $opt_a ); use Getopt::Std; my $usage = "usage: $0 [-hpDwba] -n group_name"; die $usage unless @ARGV; getopts('h:p:D:w:b:n:a:'); die $usage unless ($opt_n); my $DEBUG = 0; #DEBUG 1 if you want debugging info #get configuration setup $opt_h = "airwolf" unless $opt_h; $opt_p = 389 unless $opt_p; $opt_b = "o=airius.com" unless $opt_b; my $isGroup = 0; #checks for group or not my $ldap = new Net::LDAP ($opt_h, port=> $opt_p); #will bind as specific user if specified else will be binded anonymously $ldap->bind($opt_D, password=> $opt_p) || die "failed to bind as $opt_D"; #get the group DN my @attrs = ['dn']; eval { my $mesg = $ldap->search( base => $opt_b, filter => "(&(cn=$opt_n)(objectclass=groupOfUniqueNames))", attrs => @attrs ); die $mesg->error if $mesg->code; my $entry = $mesg->pop_entry(); my $groupDN = $entry->dn(); &printMembers($groupDN,$opt_a); $isGroup = 1; }; print "$opt_n is not a group" unless ($isGroup); $ldap->unbind(); sub printMembers { my ($dn,$attr) = @_; my @attrs = ["uniquemember","memberurl"]; my $mesg = $ldap->search( base => $dn, scope => 'base', filter => "objectclass=*", attrs => @attrs ); die $mesg->error if $mesg->code; #eval protects us if nothing is returned in the search eval { #should only be 1 entry my $entry = $mesg->pop_entry(); print "\nMembers of group: $dn\n"; #returns an array reference my $values = $entry->get_value("uniquemember", asref => 1); foreach my $val (@{$values}) { my $isGroup = 0; #lets us know if the entry is also a group, default no #change val variable to attribute #now get entry of each member #is a bit more efficient since we use the DN of the member #as our search base, greatly reducing the number of entries we #must search through for a match to 1 :) my @entryAttrs = ["objectclass","memberurl",$attr]; $mesg = $ldap->search( base => $val, scope => 'base', filter => "objectclass=*", attrs => @entryAttrs ); die $mesg->error if $mesg->code; eval { my $entry = $mesg->pop_entry(); if ($attr) { my $values = $entry->get_value($attr, asref => 1); foreach my $vals (@{$values}) { print $vals,"\n"; } } else { print "$val\n"; } my $values = $entry->get_value("objectclass", asref => 1); # This value is also a group, print the members of it as well &printMembers($entry->dn(),$attr) if (grep /groupOfUniqueNames/i, @{$values}); }; } my $urls = $entry->get_value("memberurl", asref => 1); &printDynamicMembers($entry->dn(),$urls,$attr) if ($urls); }; return 0; } #prints out a search results #for members of dynamic group (as supported by the Netscape Directory Server) #*Note this may or may not return all of the resulting members and their attribute values #depending on how the LDAP connection is binded. Normally users who are not binded as the Directory Manager #are restricted to 2000 or less total search results. #In theory a dynamic group could have a million or more entries sub printDynamicMembers { my ($entryDN,$urls,$attr) = @_; print "\nMembers of dynamic group: $entryDN\n"; foreach my $url (@{$urls}) { print "url is $url\n" if $DEBUG; my $uri; eval { $uri = URI->new($url); } ; print "ref ",ref($uri),"\n" if $DEBUG; my $base = $uri->dn(); print "base is $base\n" if $DEBUG; my $scope = $uri->scope(); my $filter = $uri->filter(); my @attrs = [$attr]; my $mesg = $ldap->search( base => $base, scope => $scope, filter => $filter, attrs => @attrs ); #print results my $entry; while ($entry = $mesg->pop_entry()) { if ($attr) { my $values = $entry->get_value($attr, asref => 1); foreach my $vals (@{$values}) { print $vals,"\n"; } } else { print $entry->dn(),"\n"; } } } return 0; } =head1 NAME printMembers.pl =head1 DESCRIPTION Prints out the members of a given group, including members of groups that are also members of the given group. Defaults to printing out members by DN, but you can specify other attributes for display =head1 USAGE perl printMembers.pl -n "Accounting Managers" Members of group: cn=Accounting Managers,ou=groups,o=airius.com uid=scarter, ou=People, o=airius.com uid=tmorris, ou=People, o=airius.com cn=HR Managers,ou=groups,o=airius.com Members of group: cn=HR Managers,ou=groups,o=airius.com uid=kvaughan, ou=People, o=airius.com uid=cschmith, ou=People, o=airius.com cn=PD Managers,ou=groups,o=airius.com Members of group: cn=PD Managers,ou=groups,o=airius.com uid=kwinters, ou=People, o=airius.com uid=trigden, ou=People, o=airius.com Here's an example of the same group but instead print the cn attribute of each entry: Members of group: cn=Accounting Managers,ou=groups,o=airius.com Sam Carter Ted Morris HR Managers Members of group: cn=HR Managers,ou=groups,o=airius.com Kirsten Vaughan Chris Schmith PD Managers Members of group: cn=PD Managers,ou=groups,o=airius.com Kelly Winters Torrey Rigden And same group but with the mail attribute: Members of group: cn=Accounting Managers,ou=groups,o=airius.com scarter@airius.com tmorris@airius.com Members of group: cn=HR Managers,ou=groups,o=airius.com kvaughan@airius.com cschmith@airius.com Members of group: cn=PD Managers,ou=groups,o=airius.com kwinters@airius.com trigden@airius.com =cut