Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Re: mass disabling & enabling of users

80 views
Skip to first unread message

Jim Willeke

unread,
Feb 20, 2010, 4:44:15 PM2/20/10
to
There are a number of methods to do this.

LDIF file would work.

And a better idea would be to look into Novell's IDM product. You could
automate most of these type tasks.

-jim

On 2/20/2010 2:56 PM, snobee wrote:
>
> Is there a way to mass enable or disable users via a text database?
> Each semester at the school I work at, I disable all user edirectory
> accounts, then just enable the ones that have registered for that
> semester. As I already have a list of the usernames, it would be nice
> if I could at least enable all the accounts automatically based on a
> text database.
>
>

Peter Kuo

unread,
Feb 20, 2010, 6:35:33 PM2/20/10
to
snobee wrote:

> already have a list of the usernames

In what format? CSV? One name per line? or?

--


Peter
eDirectory Rules!
http://www.DreamLAN.com

a...@novell.com

unread,
Feb 21, 2010, 2:21:13 AM2/21/10
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Assuming by name you mean the full LDAP DN then disabling or enabling is
trivial. You need to convert each name to something like this (untested,
but should work):

dn: cn=name0,ou=goes,dc=here
changetype: modify
replace: accountDisabled
accountDisabled: TRUE

dn: cn=name1,ou=goes,dc=here
changetype: modify
replace: accountDisabled
accountDisabled: TRUE

so the tricky part is putting 'dn: ' before your DN and then the rest
after the DN, but that's not even that hard:

Run the following (all on one line, your input file called 'userDNs.txt')
and it will generate the LDIF output, which you can then write to a file
and process with ldapmodify or you can pipe directly to ldapmodify and run
(with sufficient privileges in eDirectory):

<code>
sed 's/\(.\+\)/dn: \1\nchangetype: modify\nreplace:
accountDisabled\naccountDisabled: TRUE\n\n/g' ./userDNs.txt
</code>

Good luck.


On 02/20/2010 11:06 PM, snobee wrote:


>
> Peter;1936370 Wrote:
>> snobee wrote:
>>
>>> already have a list of the usernames
>>
>> In what format? CSV? One name per line? or?
>>
>> --
>>
>>
>> Peter
>> eDirectory Rules!

>> 'DreamLAN Network Consulting Ltd. - Leading Authority on eDirectory and
>> LDAP technologies' (http://www.DreamLAN.com)
>
> Currently one name per line. Though I could easily change that to tab
> or comma, etc.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJLgN7WAAoJEF+XTK08PnB5+dUP/jxACcTIkqeurwC47kUHjq9V
I3YSy7YEs2MSVZE0GtCUZlggYl4hg+o1/IHhMoP4XBr2reuCio7InqmX4O+hR0IM
Qre97uo4t9ywNSTJvazoAAxIRixQGKA5+0vVk2BhvfC+Y1EN96pzIJlPNX+dCJdu
YgpzmHcij4nBq+CXoWml+OuxMujmH0T8MbEGtnuR7RtzS7qr9r5bFAwWAWwXVYKb
QteiSz1kLoq9/98Psfo/Yss18b93PNFgtbRc3DH7TsU03Ty9dA/tfk7tZDFVnPmc
eW6gqBTMaEac/7+CfXnEoPn/LA8ALGbDRzlBZK5wMrhNbZsXzIb86FsNARvoNdwh
AY+Gla2nxEm4QeN829uJX+NPRJN8eUa9qEXsG4kOxh4t685D1XdySCRE9g6QF4Fp
mZ1iMayYBzP6+Odkuon7NytOa6+43b1QitJUGOpp5cmpl8LjfBTuORua+BaUO2m2
glm6b/54RJ7It46OhDPsSHOGYsJDGlKnUb07RxrI92UUHWt14TE97/3Mov9PRbip
AJ8o+7/8W0lOC6zYNv87ZBikdo6PR/nPAH7Rvw//EMuhDpXwHSrtJ9ojkA/+BPLv
Z73ZUaBaq0MONPoo8X0fvATw50SEyat+q2F7BpkdZQ2EnL9r1fYBHluDyHpv8fMA
IZ6JeCynlbDozZldO621
=7d1D
-----END PGP SIGNATURE-----

Peter Kuo

unread,
Feb 21, 2010, 6:38:52 PM2/21/10
to
There are two options: you can easily use something like Excel or
anything similar to insert a second column with the value of FALSE and
call this column "accountDisabled" (and the first column DN); export the
file as CSV and process it by ICE. Or you can use the ldapModify gadget
(http://www.dreamlan.com/gadgets.html) which has special settings for
enabling and disabling user DNs from either an LDIF or CSV file (the CSV
data must be quoted, such as "cn=user1,o=context"). The page isn't update
yet but will be by Tuesday morning.

Peter Kuo

unread,
Feb 21, 2010, 6:38:51 PM2/21/10
to
Just go the CSV route ...

Peter Kuo

unread,
Feb 21, 2010, 7:02:59 PM2/21/10
to
snobee wrote:

> Currently one name per line.

There are two options: you can easily use something like Excel or

anything similar to insert a second column with the value of FALSE and

call this column "loginDisabled" (and the first column DN); export the

file as CSV and process it by ICE. Or you can use the ldapModify gadget
(http://www.dreamlan.com/gadgets.html) which has special settings for
enabling and disabling user DNs from either an LDIF or CSV file (the CSV
data must be quoted, such as "cn=user1,o=context"). The page isn't update
yet but will be by Tuesday morning.

--

Michael Kimble

unread,
Feb 23, 2010, 9:35:25 AM2/23/10
to
I would get the JRB utilities.

www.jrbsoftware.com

Once you start using them, you will wonder how you ever lived without them.

0 new messages