Handling output from ldapsearch
utb...@gmail.com
trying to figure out how to just derive a list of the sAMAccountName
values:
"dn: CN=user01,CN=Users,DC=mynet,DC=local
sAMAccountName: user01
dn: CN=user02,CN=Users,DC=mynet,DC=local
sAMAccountName: user02
dn: CN=user03,CN=Users,DC=mynet,DC=local
sAMAccountName: user03"
...ideally, resulting in a list like this (based on above):
"user01 user02 user03"
Have tinkered with regexp/lsearch et al (for many hours now), searched
various wiki's, google and also scanned Mr Welch's good book for clues
but still no luck ...apart from realising my skills are very much at
beginner level. What's the best way to approach this?
BTW ...would prefer *not* to write ldapsearch output to a file and
then read in the file if possible.
Kind Regards,
UTB
schlenk
I'm biased, because i maintain the ldap module, if you can use the
tcllib ldap module
(it does not support all auth methods yet and not all features like
following referrals correctly)
package require ldap
set conn [ldap::connect ldap.yourdomain.com]
ldap::bind $conn user {password}
set res [ldap::search $conn {baseDN} {(objectClass=person)}
sAMAccountName]
set accountlist [lsearch -index {1 1} -all -inline -subindices $res]
ldap::disconnect $conn
http://tcllib.sf.net/doc/ldap.html
Otherwise if you need to use ldapsearch it should work with some
regexping...
Michael
Helmut Giese
>"dn: CN=user01,CN=Users,DC=mynet,DC=local
>sAMAccountName: user01
>
>dn: CN=user02,CN=Users,DC=mynet,DC=local
>sAMAccountName: user02
>
>dn: CN=user03,CN=Users,DC=mynet,DC=local
>sAMAccountName: user03"
>
Hi,
assuming that each result is on a line of its own and that the whole
string is in a variable 's' e.g. by means of a call like
set s [<your call here>]
the following should work:
---
# turn 's' into a list of lines
set lineLst [split $s \n]
# make sure you start with an empty list
set userLst {}
# iterate over the lines
foreach line $lineLst {
if { $line eq "" } {
# ignore empty lines
continue
}
# isolate the words in $line
set wordLst [split $line " "]
# ... and take the last one
lappend userLst [lindex $wordLst end]
}
puts "userLst: $userLst"
---
HTH
Helmut Giese
Glenn Jackman
> In the following example output (from an exec call to ldapsearch) am
> trying to figure out how to just derive a list of the sAMAccountName
> values:
>
> "dn: CN=user01,CN=Users,DC=mynet,DC=local
> sAMAccountName: user01
>
> dn: CN=user02,CN=Users,DC=mynet,DC=local
> sAMAccountName: user02
>
> dn: CN=user03,CN=Users,DC=mynet,DC=local
> sAMAccountName: user03"
>
> ...ideally, resulting in a list like this (based on above):
>
> "user01 user02 user03"
>
The simple way is:
set accts [list]
foreach line [split $output \n] {
lassign [split $line :] key value
if {$key eq "sAMAccountName"} {
lappend accts [string trim $value]
}
}
More generally, I'd write:
package require textutil
set accts [dict create]
set user [dict create]
set key_field sAMAccountName
foreach line [split $out \n] {
if {$line eq ""} {
dict set accts [dict get $user $key_field] $user
set user [dict create]
} else {
dict set user {*}[textutil::splitx $line ": "]
}
}
Now you can get the list of usernames:
set userlist [dict keys $accts]
And you have at your fingertips all the other LDAP data you pulled out,
for example:
dict for {user subdict} $accts {
puts "$user: [dict get $subdict cn]"
}
Use the -LLL flag on your ldapsearch command. I find it's output
easier to parse.
--
Glenn Jackman
Write a wise saying and your name will live forever. -- Anonymous
Cameron Laird
.
.
While I agree with Michael that you'll probably want to learn Tcl's
own LDAP binding, and my own instinct, like Helmut's, is to work on
a line-oriented basis, I want you to know that your efforts with
regular expressions *can* be fruitful. Consider this example:
set s "dn: CN=user01,CN=Users,DC=mynet,DC=local
sAMAccountName: user01
dn: CN=user02,CN=Users,DC=mynet,DC=local
sAMAccountName: user02
dn: CN=user03,CN=Users,DC=mynet,DC=local
sAMAccountName: user03"
set pattern {sAMAccountName: ([^\s]*)}
foreach {clause name} [regexp -all -inline $pattern $s] {
lappend result_list $name
}
puts "The result list is '$result_list'."
utb...@gmail.com
Frankly, I am pleasantly overwhelmed with your helpful
responses...thank you all very much indeed!
Although I'm developing my little 'app' on Linux it also has to work
on Solaris and I don't think tcllib is available for that platform so
have chosen to base my 'solution' on one of the other options ...I'll
see if I can compile and package a version of tcllib for Solaris
later.
It seems my main problem was not being able to deal with the
ldapsearch output on a line-by-line basis plus being somewhat confused
with regexp syntax ...all fixed now (though regexp is still a
challenge - for me) and am on to next coding challenge :)
Kind Regards,
UTB
schlenk
> Hi Michael, Helmut, Glenn and Cameron,
>
> Frankly, I am pleasantly overwhelmed with your helpful
> responses...thank you all very much indeed!
>
> Although I'm developing my little 'app' on Linux it also has to work
> on Solaris and I don't think tcllib is available for that platform so
> have chosen to base my 'solution' on one of the other options ...I'll
> see if I can compile and package a version of tcllib for Solaris
> later.
Tcllib is pure tcl, so anywhere you get a recent Tcl installed you can
use the tcllib packages. This also means tcllib ldap has no external
dependencies on openldap or similar, it speaks ldap natively. (but as
i said has not all the bells and whistles of the openldap libs yet, so
test if it works for you and maybe file a feature request if something
critical is missing).
Basically you can get tcllib from sourceforge or prebuilt from
ActiveState as part of their Solaris or Linux distro.
(via teapot download, its not included in the base distro anymore)
Michael