-1

I'd like to list the contents of domain group containing users & computers, then resolve the computer names from dns and prepare list for squid.

What is the best way to do it? I was thinking about connect to ldap using bash or perl, but maybe there is better method.

ekad
  • 13,718
  • 26
  • 42
  • 44
Sigi
  • 43
  • 5
  • 2
    Welcome to SO, please show your coding efforts, SO is not a code writing service. – Cyrus Dec 31 '15 at 17:14
  • It is not a matter of language, I can code it by myself, more likely i'm looking advice about principle, or the best way how to do it. When finished i'll post whole script here. – Sigi Dec 31 '15 at 17:57
  • Agree, it would be helpful to show what you've tried or researched. If you want a nudge in the right direction, here's a working example of a command to query AD: `ldapsearch -w Password12 -h Xdc.mydomain.com -p 636 -K /usr/ldap/etc/key.kdb -P CfGldap -b "ou=user s,dc=mydomain,dc=com" -D "uid=service-account,ou=people,ou=users,dc=mydomain,dc=com" uid=$user cn` as well as this SO question http://stackoverflow.com/questions/22224465/querying-windows-active-directory-server-using-ldapsearch-from-command-line – Ian McGowan Dec 31 '15 at 18:01

1 Answers1

2

thanks for help. I created this script, it seems it is working. 

#!/bin/bash

oIFS=$IFS
IFS=$'\n'

# list group members
members=( $(ldapsearch -h server -D 'user' -w 'passw' -x -b "DC=domain,DC=net" "(cn=Groupname)" | grep member | awk -F '[=,]' '{print $2}') )

for (( i=0; i<${#members[@]}; i++ ));
do
        member=( $(echo "${members[$i]}") )
        AccountType=$(ldapsearch -h server -D 'user' -w 'passw' -x -b "DC=domain,DC=net" "(cn=$member)" | grep sAMAccountType | awk '{print $2}')
        if [ "$AccountType" == "805306369" ]
        then
                # this member is PC, let's resolve its IP
                host=$(host $member.domain.net)
                if [ $? -eq 0 ]; then
                        ip=$(echo $host| awk '{print $4}')
                        echo "$member has ip $ip"
                else
                        echo "WARNING: $member not found!"
                fi
        elif [ "$AccountType" == "805306368" ]
        then
                echo "$member is User"
        else echo "$member is neither PC, nor User"
        fi
done

IFS=$oIFS
Sigi
  • 43
  • 5