blob: d18b1998c6c1addd3a879c7f4fe294eb0780ec65 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
#!/usr/local/bin/perl
use strict;
use warnings;
use Net::LDAP;
use Net::LDAP::Util qw(escape_filter_value);
use Authen::SASL;
open my $fh, '<', '/usr/local/etc/openldap/ldap.conf' or quit($!);
my %config;
while (<$fh>) {
chomp;
next if /^#/;
my @pair = split(' ', $_, 2);
next unless (@pair == 2);
$config{$pair[0]} = $pair[1];
}
close($fh);
my $mech = $config{SASL_MECH} // 'GSSAPI';
my $uri = $config{URI} // quit('URI not specified');
my $basedn = $config{BASE} // quit('BASE not specified');
@ARGV == 1 or die "usage: $0 USERNAME\n";
my $username = $ARGV[0];
my $conn = Net::LDAP->new($uri, version => '3') or die "$0: $@";
my $sasl = Authen::SASL->new($mech);
my $status = $conn->bind(sasl => $sasl);
$status->code and die "$0: ".$status->error;
my $search = $conn->search(
scope => 'sub',
base => "ou=accounts,$basedn",
filter => '(&(objectClass=posixAccount)(sshPublicKey=*)(uid=' . escape_filter_value($username) . '))',
attrs => ['sshPublicKey']);
$search->code and die "$0: ".$search->error;
exit 0 if $search->entries == 0;
die "$0: multiple LDAP entries returned for user: $username\n" if $search->entries > 1;
print "$_\n" foreach (($search->entries)[0]->get_value('sshPublicKey'));
|
