blob: 3f9097141163d9f18e50fd305a42599661beae0c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
#!/usr/bin/env perl
use strict;
use warnings;
use Net::LDAP;
use Net::LDAP::Util qw(ldap_explode_dn escape_filter_value);
use Authen::SASL;
open my $fh, '<', '/usr/local/etc/openldap/ldap.conf' or die($!);
my %config;
while (<$fh>) {
chomp;
next if /^#/;
my @pair = split(' ', $_, 2);
next unless (@pair == 2);
$config{$pair[0]} = $pair[1];
}
close($fh);
my $mech = $config{SASL_MECH} // 'GSSAPI';
my $uri = $config{URI} // die("URI not specified\n");
my $user_basedn = $config{USERS_BASE} // die("USERS_BASE not specified\n");
my $group_basedn = $config{GROUPS_BASE} // die("GROUPS_BASE not specified\n");
@ARGV == 1 or die "usage: $0 USERNAME\n";
my $username = $ARGV[0];
my $conn = Net::LDAP->new($uri, version => '3') or die "$0: $@";
my $sasl = Authen::SASL->new($mech);
my $status = $conn->bind(sasl => $sasl);
$status->code and die "$0: ".$status->error;
my $search = $conn->search(
scope => 'sub',
base => $user_basedn,
filter => '(uid='.escape_filter_value($username).')',
attrs => ['memberOf']);
$search->code and die "$0: ".$search->error;
$search->entries == 0 and die "no such user: $username\n";
$search->entries > 1 and die "multiple results returned for user: $username\n";
foreach my $group_dn (($search->entries)[0]->get_value('memberOf')) {
next unless $group_dn =~ /,\Q$group_basedn\E$/;
my $parts = ldap_explode_dn($group_dn);
next unless exists $parts->[0]{'CN'};
print $parts->[0]{'CN'} =~ s/\s/_/gr . "\n";
}
|
