openldap和钉钉用户同步-CFANZ编程社区

获取ldap用户列表

/opt/OpenLDAP/User_List/Get_Ldap_Values.sh

#!/bin/bash
cd /opt/OpenLDAP/User_List/
ldapsearch  -D "cn=admin,dc=xxxxxx,dc=com" -w 'xxxxxx'  -b "ou=People,dc=xxxxxx,dc=com"|grep  'mail'|grep xxxxxx.com.cn|awk -F: '{print $2}'|awk -F@ '{print $1}'|sort -u > /opt/OpenLDAP/User_List/Ldap_User_List

获取钉钉用户列表

/opt/OpenLDAP/User_List/Get_Ding_Values.sh

#!/bin/bash
cd /opt/OpenLDAP/User_List/
curl -s --connect-timeout 60 -X POST  http://172.16.61.101:8999/company/addressBookList |sed 's/,/
/g'|grep xxxxx.com.cn > /opt/OpenLDAP/User_List/Ding_User_All_List
curl -s --connect-timeout 60 -X POST  http://172.16.61.101:8999/company/addressBookList |sed 's/,/
/g'|grep xxxxxxx.com.cn|awk -F_ '{print $NF}'|awk -F@ '{print $1}'|sort -u > /opt/OpenLDAP/User_List/Ding_User_List

执行比对删除的动作

/opt/OpenLDAP/User_List/Get_Values_Action.sh

#!/bin/bash
if [ ! -f "/opt/OpenLDAP/User_List/Lock.txt" ];then
	touch /opt/OpenLDAP/User_List/Lock.txt
	User_Passwd=`/usr/bin/openssl rand   -base64 16|sed --expression='s///#/g'`
	cd /opt/OpenLDAP/User_List/
	sh /opt/OpenLDAP/User_List/Get_Ding_Values.sh
	sh /opt/OpenLDAP/User_List/Get_Ldap_Values.sh
	cp -r /opt/OpenLDAP/User_List/Ding_User_List  /opt/OpenLDAP/User_List/Ruzhi_List
	cp -r /opt/OpenLDAP/User_List/Ldap_User_List  /opt/OpenLDAP/User_List/Lizhi_List
	###入职
	for j in `cat /opt/OpenLDAP/User_List/Ldap_User_List`;do  sed  -i  "/$j/d" /opt/OpenLDAP/User_List/Ruzhi_List;  done
	for n in `cat /opt/OpenLDAP/User_List/Ruzhi_List`;
	do
	        User_Name=`grep  $n@xxxxx.com.cn  /opt/OpenLDAP/User_List/Ding_User_All_List|awk -F_ '{print $1}'`;
	        User_Email=`grep  $n@xxxxx.com.cn /opt/OpenLDAP/User_List/Ding_User_All_List|awk -F_ '{print $2}'`;
	        User_Id=`echo $User_Email|awk -F@ '{print $1}'`
	        echo $UserID ;
	        sh /opt/OpenLDAP/User_Manager/AddUser.sh    $User_Id  $User_Name  $User_Email $User_Passwd
	        echo "新入职员工账号创建成功,用户ID: $User_Id  用户密码: $User_Passwd ,更新密码地址 https://password.xxxxxx.com/,内网导航请访问 https://it.xxxxx.com/navigation ,confluence和jira平台是账号同步延迟2分钟左右请耐心等待" | mailx -s "OpenLdap域账号管理" $User_Email 2>/dev/null
	done
	###离职
	for i in `cat /opt/OpenLDAP/User_List/Ding_User_List`;do  sed  -i  "/$i/d" /opt/OpenLDAP/User_List/Lizhi_List;  done
	sed -i --expression='/liaotingfeng/d'  /opt/OpenLDAP/User_List/Lizhi_List
        Ding_User_List_Num=`wc -l /opt/OpenLDAP/User_List/Ding_User_List|awk '{print  $1}'`
        Ldap_User_List_Num=`wc -l /opt/OpenLDAP/User_List/Ldap_User_List|awk '{print  $1}'`
	Half_Ldap_User_List_Num=`echo $Ldap_User_List_Num/2|bc`
	if [  -s "/opt/OpenLDAP/User_List/Ding_User_List" ] && [ $Ding_User_List_Num -lt $Half_Ldap_User_List_Num ];then
		for m in `cat /opt/OpenLDAP/User_List/Lizhi_List`;do sh  /opt/OpenLDAP/User_Manager/DelUser.sh $m;  done
	fi

	cd  /opt/OpenLDAP/User_List/
	rm -rf Ding_User_All_List  Ding_User_List  Ldap_User_List  Lizhi_List  Ruzhi_List Lock.txt
else
	exit;
fi

相关脚本

/opt/OpenLDAP/User_Manager/AddUser.sh

#!/bin/bash
cd  /opt/OpenLDAP/User_Manager/
UserID=$1
UserName=$2
Email=$3
Password=$4
if [ "$UserID" == "" ] || [ "$UserName" == "" ] || [ "$Email" == "" ] || [ "$Password" == "" ];then
	echo "==以下都是必须输入的信息"
	echo "==$1 请输入用户ID";
        echo "==$2 中文用户名";
        echo "==$3 公司企业邮箱地址";
        echo "==$4 密码信息";
else
	sed --expression="s/wanyan/$UserID/g"  --expression="s/完颜/$UserName/g"  --expression="s/17299565@qq.com/$Email/g" --expression="s/123456/$Password/g"   /opt/OpenLDAP/User_Manager/Modules.ldif >/opt/OpenLDAP/User_Manager/tmp.ldif
	ldapadd -x -D 'cn=admin,dc=xxxxxxx,dc=com' -f /opt/OpenLDAP/User_Manager/tmp.ldif  -H ldap://172.16.61.197:389 -w   xxxxxxxxxx
	rm -rf  /opt/OpenLDAP/User_Manager/tmp.ldif
fi

/opt/OpenLDAP/User_Manager/DelUser.sh

#!/bin/bash
UserID=$1
if [ "$UserID" != "" ];then
	ldapdelete -x -h 172.16.61.197  -D "cn=admin,dc=xxxxxxx,dc=com" -w xxxxxxx   "cn=$UserID,ou=People,dc=xxxxxxx,dc=com"
else
	echo "请输入需要被删除的用户ID";
fi

/opt/OpenLDAP/User_Manager/SearchUser.sh

#!/bin/bash
ldapsearch  -D "cn=admin,dc=xxxxxxx,dc=com" -w 'xxxxxxx'  -b "ou=People,dc=xxxxxxx,dc=com"|grep uid|awk -F: '{print $NF}'