1998-07-30 10:49:03 +04:00
|
|
|
#!/usr/bin/perl5
|
|
|
|
#############################################################################
|
1998-08-14 03:34:50 +04:00
|
|
|
# $Id: modattr.pl,v 1.7 1998-08-13 23:32:28 leif Exp $
|
1998-07-30 10:49:03 +04:00
|
|
|
#
|
|
|
|
# The contents of this file are subject to the Mozilla Public License
|
|
|
|
# Version 1.0 (the "License"); you may not use this file except in
|
|
|
|
# compliance with the License. You may obtain a copy of the License at
|
|
|
|
# http://www.mozilla.org/MPL/
|
|
|
|
#
|
|
|
|
# Software distributed under the License is distributed on an "AS IS"
|
|
|
|
# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
|
|
|
|
# License for the specific language governing rights and limitations
|
|
|
|
# under the License.
|
|
|
|
#
|
1998-08-13 13:15:00 +04:00
|
|
|
# The Original Code is PerLDAP. The Initial Developer of the Original
|
1998-07-30 10:49:03 +04:00
|
|
|
# Code is Netscape Communications Corp. and Clayton Donley. Portions
|
|
|
|
# created by Netscape are Copyright (C) Netscape Communications
|
|
|
|
# Corp., portions created by Clayton Donley are Copyright (C) Clayton
|
|
|
|
# Donley. All Rights Reserved.
|
|
|
|
#
|
|
|
|
# Contributor(s):
|
|
|
|
#
|
|
|
|
# DESCRIPTION
|
|
|
|
# This script can be used to do a number of different modification
|
|
|
|
# operations on a script. Like adding/deleting values, or entire
|
|
|
|
# attributes.
|
|
|
|
#
|
|
|
|
#############################################################################
|
|
|
|
|
|
|
|
use Getopt::Std; # To parse command line arguments.
|
|
|
|
use Mozilla::LDAP::Conn; # Main "OO" layer for LDAP
|
|
|
|
use Mozilla::LDAP::Utils; # LULU, utilities.
|
|
|
|
|
|
|
|
|
|
|
|
#############################################################################
|
|
|
|
# Constants, shouldn't have to edit these...
|
|
|
|
#
|
|
|
|
$APPNAM = "modattr";
|
|
|
|
$USAGE = "$APPNAM [-dnvW] -b base -h host -D bind -w pswd -P cert attr=value filter";
|
|
|
|
|
|
|
|
|
|
|
|
#############################################################################
|
|
|
|
# Check arguments, and configure some parameters accordingly..
|
|
|
|
#
|
|
|
|
if (!getopts('adnvWb:h:D:p:s:w:P:'))
|
|
|
|
{
|
|
|
|
print "usage: $APPNAM $USAGE\n";
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
%ld = Mozilla::LDAP::Utils::ldapArgs();
|
1998-07-30 13:52:33 +04:00
|
|
|
Mozilla::LDAP::Utils::userCredentials(\%ld) unless $opt_n;
|
1998-07-30 10:49:03 +04:00
|
|
|
|
|
|
|
|
|
|
|
#############################################################################
|
1998-07-30 13:52:33 +04:00
|
|
|
# Let's process the changes requested, and commit them unless the "-n"
|
|
|
|
# option was given.
|
1998-07-30 10:49:03 +04:00
|
|
|
#
|
|
|
|
$conn = new Mozilla::LDAP::Conn(\%ld);
|
|
|
|
die "Could't connect to LDAP server $ld{host}" unless $conn;
|
|
|
|
|
|
|
|
#$conn->setDefaultRebindProc($ld{bind}, $ld{pswd}, 128);
|
|
|
|
#$conn->setRebindProc(\&LdapUtils::rebindProc);
|
|
|
|
|
|
|
|
($change, $search) = @ARGV;
|
|
|
|
if (($change eq "") || ($search eq ""))
|
|
|
|
{
|
|
|
|
print "usage: $APPNAM $USAGE\n";
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
($attr, $value) = split(/=/, $change, 2);
|
|
|
|
|
|
|
|
$entry = $conn->search($ld{root}, $ld{scope}, $search);
|
|
|
|
while ($entry)
|
|
|
|
{
|
|
|
|
$changed = 0;
|
|
|
|
|
|
|
|
if ($opt_d && defined $entry->{$attr})
|
|
|
|
{
|
|
|
|
if ($value)
|
|
|
|
{
|
|
|
|
$changed = $entry->removeValue($attr, $value);
|
|
|
|
if ($changed && $opt_v)
|
|
|
|
{
|
|
|
|
print "Removed value from ", $entry->getDN(), "\n" if $opt_v;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
delete $entry->{$attr};
|
|
|
|
print "Deleted attribute $attr for ", $entry->getDN(), "\n" if $opt_v;
|
|
|
|
$changed = 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
if ($opt_a)
|
|
|
|
{
|
|
|
|
$changed = $entry->addValue($attr, $value);
|
|
|
|
if ($changed && $opt_v)
|
|
|
|
{
|
|
|
|
print "Added attribute to ", $entry->getDN(), "\n" if $opt_v;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
if ($entry->{$attr}[0] ne $value)
|
|
|
|
{
|
|
|
|
$entry->{$attr} = [$value];
|
|
|
|
$changed = 1;
|
|
|
|
print "Set attribute for ", $entry->getDN(), "\n" if $opt_v;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if ($changed && ! $opt_n)
|
|
|
|
{
|
|
|
|
$conn->update($entry);
|
1998-08-03 08:26:32 +04:00
|
|
|
$conn->printError() if $conn->getErrorCode();
|
1998-07-30 10:49:03 +04:00
|
|
|
}
|
|
|
|
|
1998-07-30 13:55:12 +04:00
|
|
|
$entry = $conn->nextEntry();
|
1998-07-30 10:49:03 +04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
#############################################################################
|
|
|
|
# Close the connection.
|
|
|
|
#
|
|
|
|
$conn->close if $conn;
|
|
|
|
|
|
|
|
|
|
|
|
#############################################################################
|
|
|
|
# POD documentation...
|
|
|
|
#
|
|
|
|
__END__
|
|
|
|
|
|
|
|
=head1 NAME
|
|
|
|
|
|
|
|
modattr - Modify an attribute for one or more LDAP entries
|
|
|
|
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
|
|
|
modattr [-adnvW] -b base -h host -D bind DN -w pwd -P cert attr=value filter
|
|
|
|
|
|
|
|
=head1 ABSTRACT
|
|
|
|
|
|
|
|
This command line utility can be used to modify one attribute for one or
|
|
|
|
more LDAP entries. As simple as this sounds, this turns out to be a very
|
|
|
|
common operation. For instance, let's say you want to change "mailHost"
|
|
|
|
for all users on a machine named I<dredd>, to be I<judge>. With this
|
|
|
|
script all you have to do is
|
|
|
|
|
|
|
|
modattr mailHost=judge '(mailHost=dredd)'
|
|
|
|
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
|
|
|
There are four primary operations that can be made with this utility:
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
=item *
|
|
|
|
|
|
|
|
Set an attribute to a (single) specified value.
|
|
|
|
|
|
|
|
=item *
|
|
|
|
|
|
|
|
Add a value to an attribute (for multi-value attributes).
|
|
|
|
|
|
|
|
=item *
|
|
|
|
|
|
|
|
Delete a value from an attribute. If it's the last value (or if it's a
|
|
|
|
single value), this will remove the entire attribute.
|
|
|
|
|
|
|
|
=item *
|
|
|
|
|
|
|
|
Delete an entire attribute, even if it has multiple values.
|
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
|
|
The first three requires an option of the form B<attr=value>, while the
|
|
|
|
last one only takes the name of the attribute as the option. The last
|
|
|
|
argument is always an LDAP search filter, specifying which entries the
|
|
|
|
operation should be applied to.
|
|
|
|
|
|
|
|
=head1 OPTIONS
|
|
|
|
|
|
|
|
All but the first two command line options for this tool are standard LDAP
|
|
|
|
options, to set parameters for the LDAP connection. The two new options
|
|
|
|
are I<-a> and I<-d> to add and remove attribute values.
|
|
|
|
|
|
|
|
Without either of these two options specified (they are both optional),
|
|
|
|
the default action is to set the attribute to the specified value. That
|
|
|
|
will effectively remove any existing values for this attribute.
|
|
|
|
|
|
|
|
=over 12
|
|
|
|
|
|
|
|
=item -a
|
|
|
|
|
|
|
|
Specify that the operation is an I<add>, to add a value to the
|
|
|
|
attribute. If there is no existing value for this attribute, we'll create
|
|
|
|
a new attribute, otherwise we add the new value if it's not already there.
|
|
|
|
|
|
|
|
=item -d
|
|
|
|
|
|
|
|
Delete the attribute value, or the entire attribute if there's no value
|
|
|
|
specified. As you can see this option has two forms, and it's function
|
|
|
|
depends on the last arguments. Be careful here, if you forget to specify
|
|
|
|
the value to delete, you will remove all of them.
|
|
|
|
|
|
|
|
=item -h <host>
|
|
|
|
|
|
|
|
Name of the LDAP server to connect to.
|
|
|
|
|
|
|
|
=item -p <port>
|
|
|
|
|
|
|
|
TCP port for the LDAP connection.
|
|
|
|
|
|
|
|
=item -b <DN>
|
|
|
|
|
|
|
|
Base DN for the search
|
|
|
|
|
|
|
|
=item -D <bind>
|
|
|
|
|
|
|
|
User (DN) to bind as. We support a few convenience shortcuts here, like
|
|
|
|
I<root>, I<user> and I<repl>.
|
|
|
|
|
|
|
|
=item -w <passwd>
|
|
|
|
|
|
|
|
This specifies the password to use when connecting to the LDAP
|
|
|
|
server. This is strongly discouraged, and without this option the script
|
|
|
|
will ask for the password interactively.
|
|
|
|
|
|
|
|
=item -s <scope>
|
|
|
|
|
|
|
|
Search scope, default is I<sub>, the other possible values are I<base> and
|
|
|
|
I<one>. You can also specify the numeric scopes, I<0>, I<1> or I<2>.
|
|
|
|
|
|
|
|
=item -P
|
|
|
|
|
|
|
|
Use SSL for the LDAP connection, using the specified cert.db file for
|
|
|
|
certificate information.
|
|
|
|
|
|
|
|
=item -n
|
|
|
|
|
|
|
|
Don't do anything, only show the changes that would have been made. This
|
|
|
|
is very convenient, and can save you from embarrassing mistakes.
|
|
|
|
|
|
|
|
=item -v
|
|
|
|
|
|
|
|
Verbose output.
|
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
|
|
The last two arguments are special for this script. The first
|
|
|
|
argument specifies the attribute (and possibly the value) to operate on,
|
|
|
|
and the last argument is a properly formed LDAP search filter.
|
|
|
|
|
|
|
|
=head1 EXAMPLES
|
|
|
|
|
|
|
|
We'll give one example for each of the four operations this script can
|
|
|
|
currently handle. Since the script itself is quite flexible, you'll
|
|
|
|
probably find you can use this script for a lot of other applications, or
|
|
|
|
call it from other scripts. Note that we don't specify any LDAP specific
|
|
|
|
options here, we assume you have configured your defaults properly.
|
|
|
|
|
|
|
|
To set the I<description> attribute for user "leif", you would do
|
|
|
|
|
|
|
|
modattr 'description=Company Swede' '(uid=leif)'
|
|
|
|
|
|
|
|
The examples shows how to use this command without either of the I<-a> or
|
|
|
|
the I<-d> argument. To add an e-mail alias (alternate address) to the same
|
|
|
|
user, you would do
|
|
|
|
|
|
|
|
modattr -a 'mailAlternateAddress=theSwede@netscape.com' '(uid=leif)'
|
|
|
|
|
|
|
|
To remove an object class from all entries which uses it, you could do
|
|
|
|
|
|
|
|
modattr -d 'objectclass=dummyClass' '(objectclass=dummyClass)'
|
|
|
|
|
|
|
|
This example is not great, since unless you've assured that no entries
|
|
|
|
uses any of the attributes in this class, you'll get schema
|
|
|
|
violations. But don't despair, you can use this tool to clean up all
|
|
|
|
entries first! To completely remove all usage of an attribute named
|
|
|
|
I<dummyAttr>, you'd simply do
|
|
|
|
|
|
|
|
modattr -d dummyAttr '(dummyAttr=*)'
|
|
|
|
|
|
|
|
This shows the final format of this command, notice how we don't specify a
|
|
|
|
value, to assure that the entire attribute is removed. This is potentially
|
|
|
|
dangerous, so again be careful.
|
|
|
|
|
|
|
|
=head1 INSTALLATION
|
|
|
|
|
|
|
|
In order to use this script, you'll need Perl version 5.004 or later, the
|
1998-08-13 13:15:00 +04:00
|
|
|
LDAP SDK, and also the LDAP Perl module (aka PerLDAP). Once you've installed
|
1998-07-30 10:49:03 +04:00
|
|
|
these packages, just copy this file to where you keep your admin binaries,
|
|
|
|
e.g. /usr/local/bin.
|
|
|
|
|
|
|
|
In order to get good performance, you should make sure you have indexes on
|
|
|
|
the attributes you typically use with this script. Our experience has been
|
|
|
|
that in most cases the standard indexes in the Directory Server are
|
|
|
|
sufficient, e.g. I<CN>, I<UID> and I<MAIL>.
|
|
|
|
|
|
|
|
=head1 AVAILABILITY
|
|
|
|
|
1998-08-14 03:34:50 +04:00
|
|
|
This package can be retrieved from a number of places, including:
|
1998-07-30 10:49:03 +04:00
|
|
|
|
1998-08-14 03:34:50 +04:00
|
|
|
http://www.mozilla.org/directory/
|
|
|
|
Your local CPAN server
|
1998-07-30 10:49:03 +04:00
|
|
|
|
1998-08-14 03:34:50 +04:00
|
|
|
=head1 CREDITS
|
1998-07-30 10:49:03 +04:00
|
|
|
|
|
|
|
This little tool was developed internally at Netscape, by Leif Hedstrom.
|
|
|
|
|
|
|
|
=head1 BUGS
|
|
|
|
|
|
|
|
None, of course...
|
|
|
|
|
|
|
|
=head1 SEE ALSO
|
|
|
|
|
|
|
|
L<Mozilla::LDAP::API> and L<Perl>
|
|
|
|
|
|
|
|
=cut
|