List of LDAP User Accounts

While working on servers that reference user account information from a OpenLDAP server, I encountered the need to query for the list of user accounts. This is quick and easy with a GUI LDAP tool like Apache Directory Studio. However, I needed the information as part of a package of administration shell scripts. My solution is in two parts: run the query using ldapsearch, parse the data with gawk. Here's the command line for part one:

ldapsearch -LLL -x -W -D cn=admin,dc=company,dc=com \ -b ou=users,dc=company,dc=com \ -s children uidNumber uid \ | gawk -f parse.awk \ | sort -n</code> <p> The <span class="code">gawk</span> program is simple enough. </p> <code>BEGIN { RS = "" FS = "\n" } { # The ldapsearch output fields are not in a consistent order # Each field must be evaluated for its attribute name for (i = 1; i <=3; i++) { if ($i ~ /uidNumber: /) uidNumber = gensub(/uidNumber: /, "", "g", $i) if ($i ~ /uid: /) uid = gensub(/uid: /, "", "g", $i) } # Only print user accounts if (uidNumber >= 5000 && uidNumber < 6000) print uidNumber, uid }

The next enhancement would be to add a filter to show which accounts are active. The sort could be done internally and the next available uidNumber could be the single result of the script.