I have a large Openldap directory. In the directory the display name property for every is filled but i need to modify these entry and make it like "givenName + + sn". Is there are way i can do it directly in the directory just like sql queries (update query). I have read about the ldapmodify but could not find the way to use it like this.
Any help in this regard will be appreciated.
There is no way to do this with a single LDAP API call. You'll always have to use one LDAP search operation to get givenname and sn attributes, and one LDAP modify operation to modify the displayName attribute.
If you use the command line ldaptools "ldapsearch" and "ldapmodify", you can do this easily with some shell scripting, but you'll have to be careful: sometimes ldapsearch(1) can return LDIF data in base64 format, with UTF-8 strings that contain characters beyond ascii. For instance: 'sn:: Base64data' (note the double ':')
So, if I were you I would use a simple script in my language of choice, that has an LDAP API, instead of using shell commands. This would save me the troubles of base64 decoding that the ldaptools sometimes impose.
For instance, with php-cli, your script would be roughly like this (perhaps some more error checking would be appropriate):
<?php
$ldap = ldap_connect('host');
ldap_bind($ldap, ...);
$sr = ldap_search($ldap, 'ou=people,...', 'objectclass=*');
$entries= ldap_get_entries($ldap, $sr);
for($i=0; $i<$entries['count']; $i++) {
$modify = array('displayname' => $entries[$i]['givenname'] . ' ' . $entries[$i]['sn']);
ldap_modify($ldap, $entries[$i]['dn'], $modify);
}
Addendum: if you want to keep this data up to date without any intervention, you will probably need to use a specialized OpenLDAP module that keeps "virtual" attributes, or even a virtual directory, such as Penrose or Oracle Virtual Directory, on top of OpenLDAP. However this might be overkill for a simple concatenation of attributes.
Related
What would be the syntax for LDAP for the below scenario:
Where sAMAccountName = GRA-* without $. I want the records which are highlighted in green.
This is my current LADP Filter for your reference:
(&(objectClass=user)sAMAccountName=GRA-*))
Anyone, Please help with the correct syntax.
Your filter can work, but you're missing a ( in front of sAMAccountName:
(&(objectClass=user)(sAMAccountName=GRA-*))
But you may be able to do better. If those ones that end in $ are computer objects (which always have sAMAccountNames that end in $, but also have an objectClass of user), then you can make sure you only get user objects by including (objectCategory=person):
(&(objectClass=user)(objectCategory=person)(sAMAccountName=GRA-*))
If, for whatever reason, those $ objects are actually user accounts, then you can exclude them with (!sAMAccountName=*$):
(&(objectClass=user)(objectCategory=person)(sAMAccountName=GRA-*)(!sAMAccountName=*$))
I'm using EntityFramework to access a sql server to return data. The data needs to be formatted into a tab delimited file. I then want to compress the data to return to the user.
I can do the select, and then iterate over the EF objects and format all the data into one big string- but this takes forever (I'm returning abouit 800k rows). The query itself is quite fast, but its just the creating of the csv file in memory that is killing it.
I found this post that describes how to use sqlcmd to do this directly as an export (but with csv) with sql which seems very promising, but I'm unclear how to pass the -E and other parameters to ExecuteSqlCommand()... or if it is even meant for this.
I tried to do something like this:
var test = context.Database.ExecuteSqlCommand("select Chromosome c,
StartLocation sl, Endlocation el, GeneName gn from Gencode where c = chr1",
"-E", "-Q", new SqlParameter("-s", "\t"));
But of course that didn't work...
Any suggestions as to how to go about this? I'm using EF 6.1 if that matters.
Alternate option using simple method.
F5-->store result--> keep file name
I've been asked to pull a report containing User's name, username, enabled/disabled, and the last login time from our Windows server 2008 domain. I'm using the script below and it's working, but the problem is it's pulling built-in security accounts and some system accounts, and I need just users. Does anyone know if this filtering is possible? The script I'm using is below. Thanks in advance!
$ADUserParams=#{
'Server' = 'servername.domain.local'
'Searchbase' = 'DC=domain,DC=local'
'Searchscope'= 'Subtree'
'Filter' = '*'
'Properties' = '*'
}
$SelectParams=#{
'Property' = 'CN', 'SAMAccountname', 'DisplayName', 'enabled', 'lastlogondate',
}
get-aduser #ADUserParams | select-object #SelectParams | export-csv "c:\temp\users.csv"
At the very least you'll want to modify your filter to something like:
'(&(|(objectclass=person)(objectclass=inetorgperson))(!(objectclass=computer)))'.
That will still leave Administrator, Guest and and domain/realm trusts you've got, but otherwise it's pretty clean.
'(&(sAMAccountType=805306368)(!(isCriticalSystemObject=TRUE)))' is even cleaner, and may be exactly what you need. This uses sAMAccountType, but I pulled from existing AD users rather than build that value from scratch.
Also there is no Enabled attribute. The closest you can get is userAccountControl. lastLogonDate is actually lastLogonTimestamp.
part of your requirements for the report are to show all users in AD, this would include system and built-in accounts. That being said, ff you can exclude the OUs or containers that contain the built-in/system accounts you don't want in the report that would be easiest. It looks like your trying to audit the whole AD DS and should use exclusions otherwise only include the OU that contains the User Accounts as long as it is only possible to not have User accounts anywhere else.
It really depends on what you can use to separate your built-ins and system accounts.
The easiest way would be to add a SearchBase to your $ADUserParams:
$ADUserParams=#{
'Server' = 'servername.domain.local'
...
'SearchBase' = 'OU=Lemmings,DC=contoso,DC=com'
}
If there's one OU that you need to filter out, try adding a Where-Object:
get-aduser #ADUserParams | ?{$_.DistinguishedName -notlike '*ou=Beancounters,*'} | select-object #SelectParams | export-csv c:\temp\users.csv"
The ?{ } bit is an alias for the Where-Object command. $_ represents the objects passed along the pipe.
This is all assuming that these accounts are cleanly separated by OU, however. I know this isn't true in my environment.
You might have to play around for a while before finding something that will separate your users cleanly. It might help to store your initial query as a variable, $users = Get-ADUser #ADUserParams, and see what you can pick apart:
$users | ?{$_.SomeProperty -eq 'SomeValue'}
Try running $users[0] to get an idea of what properties there might be to help you filter through these users. If you need to wrap your head around things like -eq and -like, take a look here.
If all the accounts you're wanting to filter contain a character like $, you could filter the output like so:
$users | ?{$_.SamAccountName -notlike "*$*"}
I am trying to adapt the Zend Skeleton App to use an ODBC connection. I am able to set up a PDO connection outside of Zend (same table, server, everything) like this:
new PDO('odbc:DRIVER={iSeries Access ODBC Driver};SYSTEM=<serverName>;HOSTNAME=<serverName>;DATABASE=<databaseName>;',
'<userName>', '<password>');
$r = $this->conn->query('SELECT * FROM <databaseName>.<tableName>');
But when I add this information to the global.php file:
'db' => array(
'driver' => 'Pdo',
'dsn' => 'odbc:DRIVER={iSeries Access ODBC Driver};SYSTEM=<serverName>;HOSTNAME=<serverName>;DATABASE=<databaseName>;',
),
And in local.php:
return array(
'db' => array(
'username' => '<userName>',
'password' => '<password>',
),
);
I get an error that the table is not found:
SQLSTATE[42S02]: Base table or view not found: 0 [IBM][iSeries Access ODBC Driver][DB2 UDB]SQL0204 - <tableName> in <userName - yes you read that right> type *FILE not found.
I believe this is because my prefixed <databaseName>.<tableName> is being wrapped in double quotes when the query runs through Zend. I cannot explain why Zend is looking for my table under userName. However, I cannot get PDO to recognize the table without the prefix, even though I have tried declaring my database in the initialization of the PDO every way I can think of.
Is there a way for PDO to actually pick up the database name so I don't need the prefix? Or is there a way to tell Zend to use the prefix (not lumped in the quotes with the table name)?
Please pardon if I'm using the wrong language here - I get a little lost between Schema, Database, Library, File, Table, etc. when I'm going between SQL and iSeries.
I really appreciate any help you can offer, Zend is new to me.
Not familiar with PDO, as I use ibm_db2, but the database name can be found with the CL command WRKRDBDIRE.
With *SQL naming, an unqualified table name (SELECT * FROM TABLENAME) is implicitly qualified with the user profile name. So if SARAHK is executing the select, it becomes SELECT * FROM SARAHK.TABLENAME. So the error you're seeing indicates that IBM i thinks you have an unqualified table name.
If you could configure the ODBC driver to use *SYSTEM naming, it would use the library list to locate unqualified table names.
I'm an old school RPG programmer, so I'm more familiar with the traditional names; here's a cheat sheet:
Library -> Schema
File -> Table
Member -> No SQL equivalent - use ALIAS
I just went through the process of converting the tutorial to connect to IBM i with the ODBC driver but did not want to specify (a.k.a. hardcode) the library in the connection string. Setting the "NAMING" parameter to '1' (*SYS rather than *SQL) will use the *USRLIBL of the user's connection/profile/JOBD (WRKJOBD INLLIBL( ...) ). If you use *SQL naming, it will take the User ID as the Schema when searching for the table.
My DSN looks like this:
'dsn' => "odbc:DRIVER={iSeries Access ODBC Driver};SYSTEM= your host IP;HOSTNAME=your host;DATABASE=your dbname;NAMING=1"
As long as the table I'm looking for is in the *LIBL, I don't have to worry about schema at the client.
I solved this by finally finding an addition to my DSN that properly specified the library/schema I wanted to work under. This site (http://www.sqlthing.com/HowardsODBCiSeriesFAQ.htm) gave me the parameter DBQ=<libraryName> which finally worked for me after trying DATABASE, DBNAME, and many others.
Now that my library is properly specified in my connection string, I don't need to prefix the table name so my queries work even though I never got Zend to take a schema in the construction of a TableGateway. I'm going to mark this as an answer for now, but if anyone knows how to send a schema name to a new TableGateway I would be happy to change that.
I have multiple Steam accounts that I want to launch via a single Lua script with the options I specify. I've got pretty much everything sorted, except for launching with the code provided. I have no idea how to "pass" the variable with this format.
function Steam(n, opt1, opt2, opt3)
os.execute[["start C:\Program" "Files\Sandboxie\Start.exe /box:Steam2 D:\Steam\steam.exe -login username password -opt1 -opt2 -opt3"]]
end
I have my usernames and Sandboxes setup so that only the number needs changing (fenriros2, fenriros3, Steam2, Steam3 etc) with the same password.
Basically, I want this;
Steam(3, -tf, -exit, -textmode)
to do;
os.execute[["start C:\Program" "Files\Sandboxie\Start.exe /box:Steam3 D:\Steam\steam.exe -login fenriros3 password -applaunch 440 -textmode"]]
I'll use -exit to close the lua window after it's done.
I realize my code isn't exactly efficient, but that's a worry for a later time. Right now I just need to get it working.
Any help is greatly appreciated, and I apologize if I missed something obvious, I'm still fairly new at Lua.
First obvious one. The [[ ]] delimit a string so all you need to do is to create a variable for the string and replace the contents as needed.
function Steam(n, opt1, opt2, opt3)
-- Set up execute string with placeholders for the parameters.
local strExecute = [["start C:\Program" "Files\Sandboxie\Start.exe /box:Steam{n} D:\Steam\steam.exe -login fenriros{n} password -{opt1} -{opt2} -{opt3}"]]
-- Use gsub to replace the parameters
-- You could just concat the string but I find it easier to work this way.
strExecute = strExecute:gsub('{n}',n)
strExecute = strExecute:gsub('{opt1}',opt1:gsub('%%','%%%%'))
strExecute = strExecute:gsub('{opt2}',opt2:gsub('%%','%%%%'))
strExecute = strExecute:gsub('{opt3}',opt3:gsub('%%','%%%%'))
os.execute(strExecute)
end
Steam(1,'r1','r2','r3')