|
|
- #! /bin/bash
- IFS="
- "
-
-
- SSO_HOST="example.com/api/v3"
- SSO_TOKEN="token"
- LDAP_HOST="localhost"
- LDAP_USERDN="uid=user,ou=people,dc=example,dc=com"
- LDAP_PASS='pass'
- LDAP_BASE="ou=people,dc=example,dc=com"
- DIRECTORY="/usr/local/src/authentik_ldap_sync"
- deleted_users="$DIRECTORY/deleted_users"
- deleted_pklist="$DIRECTORY/user_pklist"
- authentik_users="$DIRECTORY/authentik_users"
-
- ldap_search() {
- ldapsearch -D $LDAP_USERDN -w$LDAP_PASS -b $LDAP_BASE -h $LDAP_HOST $*
- }
-
-
- if [ ! -d "$DIRECTORY" ]; then
- mkdir $DIRECTORY
- fi
-
- if [ ! -f "$deleted_pklist" ]; then
- touch $deleted_pklist
- else
- rm $deleted_pklist
- fi
-
-
-
- ldap_search 'uid' | grep -E '^uid:' | cut -d' ' -f2 | sort > $DIRECTORY/ldap_users
-
- curl -X GET "https://$SSO_HOST/core/users/?page_size=1000" \
- -H "accept: application/json"\
- -H "authorization: Bearer $SSO_TOKEN" | jq 'del(.results[].groups_obj)' | jq '.results[].attributes.ldap_uniq' | sed -e '/null/d' -e 's/"//g' | sort > $authentik_users
-
- curl -X GET "https://$SSO_HOST/core/users/?page_size=1000" \
- -H "accept: application/json"\
- -H "authorization: Bearer $SSO_TOKEN" | jq '.results[] | "\(.pk) \(.username)"' | sed 's/"//g' > $DIRECTORY/pk_username
-
- diff $DIRECTORY/ldap_users $authentik_users |grep '^>'|awk '{print $2}' > $deleted_users
-
- for user in `cat $deleted_users`
- do
- grep " $user$" $DIRECTORY/pk_username >> $deleted_pklist
- done
-
- for user_pk in `cat $deleted_pklist`
- do
- PK=`echo $user_pk | cut -d' ' -f1`
- curl -X DELETE "https://$SSO_HOST/core/users/$PK/" \
- -H "accept: application/json" \
- -H "authorization: Bearer $SSO_TOKEN"
- done
|
