List of LDAP User Accounts
While working on servers that reference user account information from a OpenLDAP server, I encountered the need to query for the list of user accounts. This is quick and easy with a GUI LDAP tool like Apache Directory Studio. However, I needed the information as part of a package of administration shell scripts. My solution is in two parts: run the query using ldapsearch, parse the data with gawk. Here's the command line for part one:
ldapsearch -LLL -x -W -D cn=admin,dc=company,dc=com \
-b ou=users,dc=company,dc=com \
-s children uidNumber uid \
| gawk -f parse.awk \
| sort -n</code>
<p>
The <span class="code">gawk</span> program is simple enough.
</p>
<code>BEGIN {
RS = ""
FS = "\n"
}
{
# The ldapsearch output fields are not in a consistent order
# Each field must be evaluated for its attribute name
for (i = 1; i <=3; i++) {
if ($i ~ /uidNumber: /) uidNumber = gensub(/uidNumber: /, "", "g", $i)
if ($i ~ /uid: /) uid = gensub(/uid: /, "", "g", $i)
}
# Only print user accounts
if (uidNumber >= 5000 && uidNumber < 6000)
print uidNumber, uid
}
The next enhancement would be to add a filter to show which accounts are active. The sort could be done internally and the next available uidNumber could be the single result of the script.
