forked from brentley/ldap-management-tools
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathldap-disableuser.erb
executable file
·51 lines (44 loc) · 1.02 KB
/
ldap-disableuser.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/bin/bash
if [ "$#" -ne 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
echo "Usage: $0 USERNAME" >&2
exit 1
fi
confirm () {
# call with a prompt string or use a default
echo "This will disable the $USERNAME account."
read -r -p "This is irreversible. Are you sure? [y/N] " response
case $response in
[yY][eE][sS]|[yY])
true
;;
*)
false
;;
esac
}
USERNAME=$1
NEWPASSWORD="`openssl rand -base64 24`"
BINDUSER="cn=Directory Manager"
BINDPW=DirManPassWord
LDAPHOST=ldap.example.org
confirm && echo \
"dn: uid=$USERNAME,ou=People,dc=example,dc=org
changetype: modify
replace: userPassword
userPassword: $NEWPASSWORD
-
replace: gecos
gecos: DISABLED DISABLED
-
replace: loginShell
loginShell: /sbin/nologin
-
add: nsRoleDN
nsRoleDN: cn=nsmanageddisabledrole,dc=example,dc=org
-
delete: host
dn: uid=$USERNAME,ou=People,dc=example,dc=org
changetype: modify
delete: sshPublicKey" \
\
| ldapmodify -vc -x -ZZ -h $LDAPHOST -D "$BINDUSER" -w "$BINDPW"