获取ldap用户列表
/opt/OpenLDAP/User_List/Get_Ldap_Values.sh
#!/bin/bash
cd /opt/OpenLDAP/User_List/
ldapsearch -D "cn=admin,dc=xxxxxx,dc=com" -w 'xxxxxx' -b "ou=People,dc=xxxxxx,dc=com"|grep 'mail'|grep xxxxxx.com.cn|awk -F: '{print $2}'|awk -F@ '{print $1}'|sort -u > /opt/OpenLDAP/User_List/Ldap_User_List
获取钉钉用户列表
/opt/OpenLDAP/User_List/Get_Ding_Values.sh
#!/bin/bash
cd /opt/OpenLDAP/User_List/
curl -s --connect-timeout 60 -X POST http://172.16.61.101:8999/company/addressBookList |sed 's/,/
/g'|grep xxxxx.com.cn > /opt/OpenLDAP/User_List/Ding_User_All_List
curl -s --connect-timeout 60 -X POST http://172.16.61.101:8999/company/addressBookList |sed 's/,/
/g'|grep xxxxxxx.com.cn|awk -F_ '{print $NF}'|awk -F@ '{print $1}'|sort -u > /opt/OpenLDAP/User_List/Ding_User_List
执行比对删除的动作
/opt/OpenLDAP/User_List/Get_Values_Action.sh
#!/bin/bash
if [ ! -f "/opt/OpenLDAP/User_List/Lock.txt" ];then
touch /opt/OpenLDAP/User_List/Lock.txt
User_Passwd=`/usr/bin/openssl rand -base64 16|sed --expression='s///#/g'`
cd /opt/OpenLDAP/User_List/
sh /opt/OpenLDAP/User_List/Get_Ding_Values.sh
sh /opt/OpenLDAP/User_List/Get_Ldap_Values.sh
cp -r /opt/OpenLDAP/User_List/Ding_User_List /opt/OpenLDAP/User_List/Ruzhi_List
cp -r /opt/OpenLDAP/User_List/Ldap_User_List /opt/OpenLDAP/User_List/Lizhi_List
###入职
for j in `cat /opt/OpenLDAP/User_List/Ldap_User_List`;do sed -i "/$j/d" /opt/OpenLDAP/User_List/Ruzhi_List; done
for n in `cat /opt/OpenLDAP/User_List/Ruzhi_List`;
do
User_Name=`grep $n@xxxxx.com.cn /opt/OpenLDAP/User_List/Ding_User_All_List|awk -F_ '{print $1}'`;
User_Email=`grep $n@xxxxx.com.cn /opt/OpenLDAP/User_List/Ding_User_All_List|awk -F_ '{print $2}'`;
User_Id=`echo $User_Email|awk -F@ '{print $1}'`
echo $UserID ;
sh /opt/OpenLDAP/User_Manager/AddUser.sh $User_Id $User_Name $User_Email $User_Passwd
echo "新入职员工账号创建成功,用户ID: $User_Id 用户密码: $User_Passwd ,更新密码地址 https://password.xxxxxx.com/,内网导航请访问 https://it.xxxxx.com/navigation ,confluence和jira平台是账号同步延迟2分钟左右请耐心等待" | mailx -s "OpenLdap域账号管理" $User_Email 2>/dev/null
done
###离职
for i in `cat /opt/OpenLDAP/User_List/Ding_User_List`;do sed -i "/$i/d" /opt/OpenLDAP/User_List/Lizhi_List; done
sed -i --expression='/liaotingfeng/d' /opt/OpenLDAP/User_List/Lizhi_List
Ding_User_List_Num=`wc -l /opt/OpenLDAP/User_List/Ding_User_List|awk '{print $1}'`
Ldap_User_List_Num=`wc -l /opt/OpenLDAP/User_List/Ldap_User_List|awk '{print $1}'`
Half_Ldap_User_List_Num=`echo $Ldap_User_List_Num/2|bc`
if [ -s "/opt/OpenLDAP/User_List/Ding_User_List" ] && [ $Ding_User_List_Num -lt $Half_Ldap_User_List_Num ];then
for m in `cat /opt/OpenLDAP/User_List/Lizhi_List`;do sh /opt/OpenLDAP/User_Manager/DelUser.sh $m; done
fi
cd /opt/OpenLDAP/User_List/
rm -rf Ding_User_All_List Ding_User_List Ldap_User_List Lizhi_List Ruzhi_List Lock.txt
else
exit;
fi
相关脚本
/opt/OpenLDAP/User_Manager/AddUser.sh
#!/bin/bash
cd /opt/OpenLDAP/User_Manager/
UserID=$1
UserName=$2
Email=$3
Password=$4
if [ "$UserID" == "" ] || [ "$UserName" == "" ] || [ "$Email" == "" ] || [ "$Password" == "" ];then
echo "==以下都是必须输入的信息"
echo "==$1 请输入用户ID";
echo "==$2 中文用户名";
echo "==$3 公司企业邮箱地址";
echo "==$4 密码信息";
else
sed --expression="s/wanyan/$UserID/g" --expression="s/完颜/$UserName/g" --expression="s/17299565@qq.com/$Email/g" --expression="s/123456/$Password/g" /opt/OpenLDAP/User_Manager/Modules.ldif >/opt/OpenLDAP/User_Manager/tmp.ldif
ldapadd -x -D 'cn=admin,dc=xxxxxxx,dc=com' -f /opt/OpenLDAP/User_Manager/tmp.ldif -H ldap://172.16.61.197:389 -w xxxxxxxxxx
rm -rf /opt/OpenLDAP/User_Manager/tmp.ldif
fi
/opt/OpenLDAP/User_Manager/DelUser.sh
#!/bin/bash
UserID=$1
if [ "$UserID" != "" ];then
ldapdelete -x -h 172.16.61.197 -D "cn=admin,dc=xxxxxxx,dc=com" -w xxxxxxx "cn=$UserID,ou=People,dc=xxxxxxx,dc=com"
else
echo "请输入需要被删除的用户ID";
fi
/opt/OpenLDAP/User_Manager/SearchUser.sh
#!/bin/bash
ldapsearch -D "cn=admin,dc=xxxxxxx,dc=com" -w 'xxxxxxx' -b "ou=People,dc=xxxxxxx,dc=com"|grep uid|awk -F: '{print $NF}'