How do I remove the directory [LDAP] link from users based on attribute match?

4 Likes
over 1 year ago

 

ISSUE:

 

You have the need to remove the directory [LDAP] link from multiple users based on attribute matching, for example, all users with the last name of "smith".

 

HOW TO STEPS:

 

Here is a script that will prompt you for the needed information and then delete the directory link from the matching user objects:

 

#/bin/bash
#
# You will need to know the IP Address or Hostname of a GroupWise Admin Service, preferably of the
# Primary GroupWise domain. To determine if you need the IP address or hostname, from a terminal
# window on the GW Admin server, run one of the following commands:
#
# Linux - /opt/novell/groupwise/admin/gwadmin-ipc query
# Windows - C:\Program Files\Novell\GroupWise Server\admin\gwadmin-ipc.exe query | more
#
# The output should read something like:
# 192.168.10.10:9710=>MyDomain(/mail/mydomain)
# or
# 0.0.0.0:9710=>MyDomain(/mail/mydomain)
#
# If it reads as the second example, the admin service is listening on all interfaces,
# so you can use either the IP address or DNS Hostname for this script.
# If an IP address or DNS Hostname is listed, you must use that for this script as the
# admin service is bound exclusively to it.
#
# You will also need to enter the admin service port, and valid GroupWise administrator
# credentials to login to the Admin service.
#
# The Post Office name is the name given to the Post Office.
#
# To see a list of valid attribute names for a user object in GroupWise go to:
# https://SeverIPorDNSname:<AdminPort>/gwadmin-service/list/USER/schema
#
# The attribute data match must be exact, for example, the data match for the attribute "externalEntity" must be
# either "true" or "false" as it's a Boolean value.
# An example of a "string" value: for the attribute "lastName" enter "Smith" -- all users with the last name
# of Smith will have their DirectoryID [LDAP association] removed.
#
# The LDAP Directory ID is the name of the LDAP directory that the user object is associated with.
#
#
echo " "
read -p "Enter GroupWise Admin Service IP/Hostname: " IP
echo " "
read -p "Enter GroupWise Admin Service Port: " PORT
echo " "
read -p "Enter GroupWise System Administrator: " GWADMIN
echo " "
read -p "Enter GroupWise Administrator Password: " PWD
echo " "
read -p "Enter Post Office name: " POA
echo " "
read -p "Enter Attribute name: " ATTR
echo " "
read -p "Enter attribute data match: " MATCH
echo " "
read -p "Enter LDAP Directory ID: " DIRECTORY
echo " "

BASEURL="https://$IP:$PORT/gwadmin-service"
LISTURL="$BASEURL/list/USER.csv?attrs=domain,postoffice,name&filter=postOfficeName eq '$POA' AND $ATTR eq '$MATCH' AND directoryId eq '$DIRECTORY'"

URLS=`curl -k --user $GWADMIN:$PWD $LISTURL |gawk --field-separator=, 'NR!=1 {print "'$BASEURL'/domains/"$1"/postoffices/"$2"/users/"$3"/directorylink"}'`

for URL in $URLS
do
echo $URL
curl -k --user $GWADMIN:$PWD -X DELETE $URL
done
echo "done"

 

A copy of the script is attached in .txt format for you to download.

Note:  This script is provided as-is.  You use it at your own risk. 

Labels:

Support Tip
Comment List
Anonymous
  •  

    To remove a legacy directory link from a resource you can use a command like this:

    curl -k --user admin:pwd -H "content-type:application/json" https://10.10.10.10:9710/gwadmin-service/domains/dom1/postoffices/po1/resources/myresource/directorylink -X DELETE

    Cheers,

    Laura

     

  • This is a very important example on how to remove this attribute for resources. So if you want to move resources from one postoffice to the next and these resources have been created in GW2012 and older, then they have a link to eDirectory.

    But you cannot remove this association because your GroupWise administration console does not offer this option.

    Laura's example will be a hint how to remove associations for resources.

Related Discussions
Recommended