breednet

I had a need to build a quick and simple shell script to quickly gather all of the user email addresses and descriptions from a MS Active Directory Domain Controller, so I could cross-reference with some user security rights and user identity tracking I was doing for a customer.

First, I had a CentOS 5.3 server that I need to get the ldapsearch binary installed. To do this, all you need to do is install the openldap-clients RPM package by running yum install openldap-clients from a command line.

Once this finishes, create a new file (vi newfile.sh) and add the following (change the bolded areas to suit your needs):

#!/bin/sh

ldapsearch -x -LLL -E pr=200/noprompt -h 1.2.3.4 -D “administrator@subdomain.somedomain.com” -w somepassword -b “ou=Some Users, dc=subdomain, dc=somedomain, dc=com” -s sub “(cn=*)” cn mail description

Escape then :wq! to save in vi. Be sure to chmod +x newfile.sh to make executable.

The output of this script will spit out full CN path, email address and the description field within MS Active Directory, which administrators often use as a free-text field for job title or description.

I have had the need on occasion to quickly and easily obfuscate the contents of a simple shell script. Shc is a great utility to do just that.
Man page is available here, and you can download the latest source here, and I have used this on FreeBSD, Linux and HP-UX.