LDAP

Find LDAP groups with obsolete users

shart - Sun, 02/21/2010 - 11:04am

OpenLDAP has a nice "feature" that allows for group members to continue to exist, even if the user does not exist any more. Really handy! Problem is, if you, say, have a user in the "Domain Admins" group, and you delete that account, and then some normal user comes along with the same username, they will end up with unexpected elevated privileges.

So I created a script that I run weekly that finds group members that no longer exist, and sends me a report. It also tells me which groups are empty.

This relies on my toolbox... Find it here.

Fixed Tags:

Read more about Find LDAP groups with obsolete users
shart's blog
Log in to post comments
4805 reads

shart's Toolbox

shart - Sun, 02/21/2010 - 10:09am

Fixed Tags:

http://xrayspx.com/part-1-foundations
http://xrayspx.com/part-2-some-standard-declarations-and-personalizing-y...
http://xrayspx.com/part-3-subroutines
http://xrayspx.com/part-4-wrapping-foundations

Read more about shart's Toolbox
4467 reads

Using some of our new tools

shart - Sat, 02/20/2010 - 11:30pm

Ok... Now that we have our toolbox Let's do something with it. Today we'll look at a simple solution to an everyday problem. Resetting a password.

Fixed Tags:

Read more about Using some of our new tools
shart's blog
Log in to post comments
6293 reads