Here's the piece of code I've wrote. It's not complex, but have to think about those ":" and "::".

USER_CITY2="$(ldapsearch -LLL -C -x \
                -h $VAR_DC \
                -b $VAR_SEARCHBASE \
                -D $VAR_BINDER \
                -w $VAR_PWBINDER \
                '(mail='$USER')' \
if [[ $USER_CITY2== *l::* ]]
    USER_CITY="$(echo "$USER_CITY2" | sed -n -e 's/^.*l:: //p' | base64 --decode)";
    USER_CITY="$(echo "$USER_CITY2" | sed -n -e 's/^.*l: //p')";

This way, the first command will search the AD the $USER's city and store it in $CITY2. If the result contains "::", then I have to decode and if the result contains ":", I don't have to decode.
The final result is stored in $USER_CITY.

Thanks a lot to have helped me.


Le 26/05/2014 15:41, Nicolas a écrit :
To be more efficient, here's what I want to do :

I've made a script wich generates automatically disclaimers (or signatures) using an AD database to search users attributes : name, surname, telephone number...

I've made a command like this :

ldapsearch -LLL -C \
-b 'ou=OU_NAME,dc=DOMAIN,dc=lan' \
-D 'CN=binder,OU=OU_NAME,DC=DOMAIN,DC=lan' \
-w 'BINDER_PW' \
'(sAMAccountname='A_USER_NAME')' sn \
| sed -n -e 's/^.*sn: //p'

With this command, I catch the "sn" attribute of a user. This command only works if the sn dosen't contain special caracters. If it does, I had to use "sed" like this :  sed -n -e 's/^.*sn:: //p'

With the "sed" command, I only take what is after the "sn:" or "sn::" to only have data I want.

The result of this command is sent in a variable of my script I use after to make html and txt signatures.

This scripts works perfectly, only when an attribute I catch have a special caracter.

What you said is a good track for me. What I "only have to do" is to search if the line contains one or two ":". If there's one ":", I don't have decode, if there's two":", I have to decode.

Are you OK with me ?

Thanks a lot.


Le 26/05/2014 15:08, Matthias Apitz a écrit :
El día Monday, May 26, 2014 a las 02:08:51PM +0200, Nicolas Cauchie escribió:

Hi Nicolas,

Are you sure that no results are returned? Can you show the output of a
ldapsearch cmd-line tool? I saw that in the result values are encoded if
they contain non ASCII chars.


   Yes, I wrote it in a previous answer.
   The result is base64 encoded if "-t" switch is not used, or sent to a
   temp file if this switch is used. But in both cases, I can't use the
   result "as is" without another manipulation, but i'm stuck..
I think, the encoded attributes have a double colon '::'; do a test like this:

$ /usr/bin/ldapsearch .... | fgrep ::
attributeMailText:: U29ycnksIEknbSBvdXQgb2Ygb2ZmaWNlIHVudGlsIEF1Z3VzdC

$ echo U29ycnksIEknbSBvdXQgb2Ygb2ZmaWNlIHVudGlsIEF1Z3VzdC | mmencode -u 2>/dev/null
Sorry, I'm out of office until Augus