Assuming you are using posixGroup objectclass and memberUid attribute to
store your membership information, you may find my shell script useful
and handy.
It works on Solaris LDAP Client with "ldapaddent" and "ldaplist"
commands, and works against FDS, SUN DS or OpenLDAP.
#! /bin/sh
#
# get_ldap_memberUids.sh
#
# Gary Tay, 08-Sep-2005, written
#
if [ $# -le 0 ]
then
echo ""
echo "Usage:"
echo "$0 [SHOW_UID_ONLY||SHOW_DN|SHOW_UIDNUMBER|SHOW__NAME"
echo ""
echo "Purpose: get a list of memberships for LDAP posixGroups"
echo "Examples: "
echo "1) $0 SHOW_UID_ONLY"
echo "2) $0 SHOW_DN"
echo "3) $0 SHOW_UIDNUMBER"
echo "4) $0 SHOW_NAME"
echo ""
exit
fi
OPTION=$1
ldapaddent -d group | cut -d: -f1,3 >groups.txt
for i in `cat groups.txt | cut -d: -f2 | sort -n`
do
GIDN=$i; GNAME=`grep $GIDN groups.txt | cut -d: -f1`
echo memberUids for Group $GNAME, gidNumber=$GIDN
ldapaddent -d passwd | sort -n -t: +3 -4 | cut -d: -f1,3,4 >users.txt
cat users.txt | grep $GIDN | cut -d: -f1 >uids.txt
case "$OPTION" in
"SHOW_UID_ONLY") cat uids.txt;;
"SHOW_DN") for j in `cat uids.txt`
do
ldaplist passwd $j
done;;
"SHOW_UIDNUMBER") for j in `cat uids.txt`
do
UIDN=`ldaplist -l passwd $j | grep -i 'uidNumber:' | cut -d:
-f2`
echo $j,$UIDN
done;;
"SHOW_NAME") for j in `cat uids.txt`
do
NAME=`ldaplist -l passwd $j | grep -i 'cn:' | cut -d: -f2`
echo $j,$NAME
done;;
*) echo "$1 is an invalid option."; exit 1
esac
echo ""
done
Hope this helps.
Gary
