Here's the piece of code I've wrote. It's not complex, but have to think
about those ":" and "::".
USER_CITY2="$(ldapsearch -LLL -C -x \
-h $VAR_DC \
-b $VAR_SEARCHBASE \
-D $VAR_BINDER \
-w $VAR_PWBINDER \
if [[ $USER_CITY2== *l::* ]]
USER_CITY="$(echo "$USER_CITY2" | sed -n -e 's/^.*l:: //p' |
USER_CITY="$(echo "$USER_CITY2" | sed -n -e 's/^.*l:
This way, the first command will search the AD the $USER's city and
store it in $CITY2. If the result contains "::", then I have to decode
and if the result contains ":", I don't have to decode.
The final result is stored in $USER_CITY.
Thanks a lot to have helped me.
Le 26/05/2014 15:41, Nicolas a écrit :
To be more efficient, here's what I want to do :
I've made a script wich generates automatically disclaimers (or
signatures) using an AD database to search users attributes : name,
surname, telephone number...
I've made a command like this :
ldapsearch -LLL -C \
-h 'DC.DOMAIN.LAN' \
-b 'ou=OU_NAME,dc=DOMAIN,dc=lan' \
-D 'CN=binder,OU=OU_NAME,DC=DOMAIN,DC=lan' \
-w 'BINDER_PW' \
'(sAMAccountname='A_USER_NAME')' sn \
| sed -n -e 's/^.*sn: //p'
With this command, I catch the "sn" attribute of a user. This command
only works if the sn dosen't contain special caracters. If it does, I
had to use "sed" like this : sed -n -e 's/^.*_sn::_ //p'
With the "sed" command, I only take what is after the "sn:" or
to only have data I want.
The result of this command is sent in a variable of my script I use
after to make html and txt signatures.
This scripts works perfectly, only when an attribute I catch have a
What you said is a good track for me. What I "only have to do" is to
search if the line contains one or two ":". If there's one ":", I
don't have decode, if there's two":", I have to decode.
Are you OK with me ?
Thanks a lot.
Le 26/05/2014 15:08, Matthias Apitz a écrit :
> El día Monday, May 26, 2014 a las 02:08:51PM +0200, Nicolas Cauchie escribió:
>> Hi Nicolas,
>> Are you sure that no results are returned? Can you show the output of a
>> ldapsearch cmd-line tool? I saw that in the result values are encoded if
>> they contain non ASCII chars.
>> Yes, I wrote it in a previous answer.
>> The result is base64 encoded if "-t" switch is not used, or sent to
>> temp file if this switch is used. But in both cases, I can't use the
>> result "as is" without another manipulation, but i'm stuck..
> I think, the encoded attributes have a double colon '::'; do a test like
> $ /usr/bin/ldapsearch .... | fgrep ::
> attributeMailText:: U29ycnksIEknbSBvdXQgb2Ygb2ZmaWNlIHVudGlsIEF1Z3VzdC
> $ echo U29ycnksIEknbSBvdXQgb2Ygb2ZmaWNlIHVudGlsIEF1Z3VzdC | mmencode -u
> Sorry, I'm out of office until Augus