8 Replies Latest reply on Dec 1, 2015 8:28 AM by Jim Campbell

    command line to query an AD

    Olivier Renault


      Because of a lot of changes in the organisation of the company, I need to synchronize the DESCRIPTION property of my users with the active directory in order to created beautiful reports in BDSSA of the use of BSA depending of users. For these reports we need the DESCRIPTION of users up to date (Name, Team)

      So I created a nsh script which queries the AD from the application server (linux), and set the property up to date.

      In a loop on each user, the main command line is this one:

      RESULT=`nexec opsgafs1 ldapsearch -LLL  -D "AD\thrt1886" -w "${PASSWD}" -H ldap://activedirectoryserver:389 -b 'OU=Utilisateurs,OU=France Telecom,DC=ad,DC=francetelecom,DC=fr' -s sub "(sAMAccountName=$USER)" FTEntite  givenName sn|grep -v "^dn: "`

      I think that this command line can help (syntax in not easy)

      after that I set the property:

      blcli_execute RBACUser setPropertyValueByName  ${USER} DESCRIPTION "${DESCRIPTION}"


      As you see I use a variable $PASSWD containing the password of the account thrt1886

      I created a parameter of my script containing the password. After executing the job I empty the job parameter. Masked parameter does not exist.

      How can I pass the password in a better way (encrypted or masked)?