This appendix provides sample scripts for editing the default attribute mappings for reconciliation.
Sample scripts for the procedure described in Adding Custom Attributes for Target Resource Reconciliation are as follows:
This is the original FetchAllUserRecords.txt script.
while read inputline ;do __NAME__=$(echo $inputline | cut -d: -f1); USID=$(echo $inputline | cut -d: -f3); COMMENTS=$(echo $inputline | cut -d: -f5); HOME_DIR=$(echo $inputline | cut -d: -f6); CREATE_HOME_DIR="false"; if [ -d "$HOME_DIR" ] ;then CREATE_HOME_DIR="true";fi; USER_SHELL=$(echo $inputline | cut -d: -f7); PGROUP=$( id -G -n $__NAME__ | cut -d' ' -f1); shadowRecord=$(cat /etc/shadow |grep $__NAME__); INACTIVE=$(echo $shadowRecord | cut -d: -f7); EXP_DATE=$(echo $shadowRecord | cut -d: -f8); secgrplist=""; id -G -n $__NAME__ | grep -q " "; if [ $? -eq 0 ];then secgrplist=$( id -G -n $__NAME__ | cut -d ' ' -f2- | sed 's/ /~~~/g'); fi; ENABLE="true"; if [ ! -z "$__NAME__" ] ;then passwd -S $__NAME__ | grep -w LK >/dev/null; if [ $? -eq 0 ] ;then ENABLE="false"; fi; passwd -S $__NAME__ | grep -w locked >/dev/null; if [ $? -eq 0 ] ;then ENABLE="false"; fi; fi; RESULT1=__NAME__:$__NAME__:__ENABLE__:$ENABLE:COMMENTS:$COMMENTS:USID:$USID:USER_SHELL:$USER_SHELL:HOME_DIR:$HOME_DIR:; RESULT2=CREATE_HOME_DIR:$CREATE_HOME_DIR:SECONDARYGROUP:$secgrplist:; RESULT3=PGROUP:$PGROUP:INACTIVE:$INACTIVE:EXP_DATE:$EXP_DATE:__UID__:$__NAME__; RESULT="$RESULT1$RESULT2$RESULT3"; echo "$RESULT" | grep -q -w "$connectorPrompt"; if [ $? -gt 0 ];then echo "RESULT_START $RESULT RESULT_END"; else echo "Record contains connector prompt. Hence ignored"; fi; done < /etc/passwd;[ $? -eq 0 ] && echo "SUCCESS"; unset inputline __NAME__ USID COMMENTS HOME_DIR USER_SHELL PGROUP secgrplist; unset ENABLE passwordFull passwordF passwordS RESULT RESULT1 RESULT2 RESULT3 __UID__ INACTIVE EXP_DATE shadowRecord;
This is the FetchAllUserRecords.txt script that has been updated to include the newly added __GID__ attribute. The updated lines are represented in bold font.
while read inputline ;do __NAME__=$(echo $inputline | cut -d: -f1); USID=$(echo $inputline | cut -d: -f3); COMMENTS=$(echo $inputline | cut -d: -f5); HOME_DIR=$(echo $inputline | cut -d: -f6); CREATE_HOME_DIR="false"; if [ -d "$HOME_DIR" ] ;then CREATE_HOME_DIR="true";fi; USER_SHELL=$(echo $inputline | cut -d: -f7); PGROUP=$( id -G -n $__NAME__ | cut -d' ' -f1); __GID__=$( id -G $__NAME__ | cut -d' ' -f1); shadowRecord=$(cat /etc/shadow |grep $__NAME__); INACTIVE=$(echo $shadowRecord | cut -d: -f7); EXP_DATE=$(echo $shadowRecord | cut -d: -f8); secgrplist=""; id -G -n $__NAME__ | grep -q " "; if [ $? -eq 0 ];then secgrplist=$( id -G -n $__NAME__ | cut -d ' ' -f2- | sed 's/ /~~~/g'); fi; ENABLE="true"; if [ ! -z "$__NAME__" ] ;then passwd -S $__NAME__ | grep -w LK >/dev/null; if [ $? -eq 0 ] ;then ENABLE="false"; fi; passwd -S $__NAME__ | grep -w locked >/dev/null; if [ $? -eq 0 ] ;then ENABLE="false"; fi; fi; RESULT1=__NAME__:$__NAME__:__ENABLE__:$ENABLE:COMMENTS:$COMMENTS:USID:$USID:USER_SHELL:$USER_SHELL:HOME_DIR:$HOME_DIR:; RESULT2=CREATE_HOME_DIR:$CREATE_HOME_DIR:SECONDARYGROUP:$secgrplist:; RESULT3=PGROUP:$PGROUP:INACTIVE:$INACTIVE:EXP_DATE:$EXP_DATE:__UID__:$__NAME__:__GID__:$__GID__; RESULT="$RESULT1$RESULT2$RESULT3"; echo "$RESULT" | grep -q -w "$connectorPrompt"; if [ $? -gt 0 ];then echo "RESULT_START $RESULT RESULT_END"; else echo "Record contains connector prompt. Hence ignored"; fi; done < /etc/passwd;[ $? -eq 0 ] && echo "SUCCESS"; unset inputline __NAME__ USID COMMENTS HOME_DIR USER_SHELL PGROUP secgrplist __GID__; unset ENABLE passwordFull passwordF passwordS RESULT RESULT1 RESULT2 RESULT3 __UID__ INACTIVE EXP_DATE shadowRecord;