Hi, Thanks for the tip and explanation. I did some change in the delete.sh script using the sed command to replace or add some values while the script is running. Below is my example if someone else also need something similar. For some additional confirmation can I just ask if it's safe enough to do such changes using the sed command regarding the LDIF format which is output from the LSC tool?
My example of the delete.sh script: #!/bin/bash line="" read line text="$line" replace="replace: useraccountcontrol" status="useraccountcontrol: 514" while test "$line" != "" do read line text="$text $line" done echo "Deleting account $1" #echo "$text" | ldapmodify -x -D "$LDAP_BIND_DN" -w "$LDAP_BIND_PW" -H "$LDAP_URL" echo "$text" | sed 's/delete/modify/g' | sed "/modify/a $replace" | sed "/useraccountcontrol/a $status" | ldapmodify -x -D "$LDAP_BIND_DN" -w "$LDAP_BIND_PW" -h "10.0.0.30" exit $? Regards, Matjaž V V sre., 12. jun. 2019 ob 15:16 je oseba Soisik Froger < [email protected]> napisala: > On 12/06/2019 13:56, Matjaz Premerl wrote: > > I've managed to call external script, thanks a lot. > > Below is part of output, what could be send further to some command > ldapmodify. > > But as I see for the changetype there is "delete". I know that this is a > delete operation, but in my case I want to achieve just "disable" the user, > even if it's deleted in the source database. > > Can you please help with some idea, how to change the changetype for my > case. > > > > Jun 12 13:47:14 - INFO - # Removing object CN=Milica > Petek,OU=Uporabniki,DC=idp,DC=local for ADUserDeactivate > > # Wed Jun 12 13:47:14 CEST 2019 > > dn: CN=Milica Petek,OU=Uporabniki,DC=idp,DC=local > > changetype: delete > > > > Regards, > > Matjaž > > Hi, > > You need to write a script that extract DN and CN from input, and send > some other LDIF commands to your AD to perform what you want. > > - to disable the account, first get the current attribute > useraccountcontrol for this dn in AD (with ldapsearch), then add 2, and > finally set the result back using ldapmodify > > dn: CN=Milica Petek,OU=Uporabniki,DC=idp,DC=local > changetype: modify > replace: useraccountcontrol > useraccountcontrol: $useraccountcontrol > > - to move the account, using ldapmodify : > > dn: CN=Milica Petek,OU=Uporabniki,DC=idp,DC=local > changetype: modrdn > newRDN: cn=$cn > deleteOldRDN: 1 > newsuperior: ou=new,dc=example,dc=com > > Regards > -- > Soisik Froger | Software Architect > > [email protected] > Worteks | https://www.worteks.com > _______________________________________________________________ > Ldap Synchronization Connector (LSC) - http://lsc-project.org > > lsc-users mailing list > [email protected] > https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
_______________________________________________________________ Ldap Synchronization Connector (LSC) - http://lsc-project.org lsc-users mailing list [email protected] https://lists.lsc-project.org/cgi-bin/mailman/listinfo/lsc-users
