From 72aed455f31a7275692760842a8216d93a4211fc Mon Sep 17 00:00:00 2001 From: akshay Date: Thu, 2 May 2024 18:11:03 +0530 Subject: [PATCH] Authentik LDAP sync script for deleted users --- authentik_deleted_user_sync.sh | 57 ++++++++++++++++++++++++++++++++++ 1 file changed, 57 insertions(+) create mode 100644 authentik_deleted_user_sync.sh diff --git a/authentik_deleted_user_sync.sh b/authentik_deleted_user_sync.sh new file mode 100644 index 0000000..77cf578 --- /dev/null +++ b/authentik_deleted_user_sync.sh @@ -0,0 +1,57 @@ +#! /bin/bash +IFS=" +" + + +SSO_HOST="example.com/api/v3" +SSO_TOKEN="token" +LDAP_HOST="localhost" +LDAP_USERDN="uid=user,ou=people,dc=example,dc=com" +LDAP_PASS='pass' +LDAP_BASE="ou=people,dc=example,dc=com" +DIRECTORY="/usr/local/src/authentik_ldap_sync" +deleted_users="$DIRECTORY/deleted_users" +deleted_pklist="$DIRECTORY/user_pklist" +authentik_users="$DIRECTORY/authentik_users" + +ldap_search() { + ldapsearch -D $LDAP_USERDN -w$LDAP_PASS -b $LDAP_BASE -h $LDAP_HOST $* +} + + +if [ ! -d "$DIRECTORY" ]; then + mkdir $DIRECTORY +fi + +if [ ! -f "$deleted_pklist" ]; then + touch $deleted_pklist +else + rm $deleted_pklist +fi + + + +ldap_search 'uid' | grep -E '^uid:' | cut -d' ' -f2 | sort > $DIRECTORY/ldap_users + +curl -X GET "https://$SSO_HOST/core/users/?page_size=1000" \ + -H "accept: application/json"\ + -H "authorization: Bearer $SSO_TOKEN" | jq 'del(.results[].groups_obj)' | jq '.results[].attributes.ldap_uniq' | sed -e '/null/d' -e 's/"//g' | sort > $authentik_users + +curl -X GET "https://$SSO_HOST/core/users/?page_size=1000" \ + -H "accept: application/json"\ + -H "authorization: Bearer $SSO_TOKEN" | jq '.results[] | "\(.pk) \(.username)"' | sed 's/"//g' > $DIRECTORY/pk_username + +diff $DIRECTORY/ldap_users $authentik_users |grep '^>'|awk '{print $2}' > $deleted_users + +for user in `cat $deleted_users` +do + grep " $user$" $DIRECTORY/pk_username >> $deleted_pklist +done + +for user_pk in `cat $deleted_pklist` +do + PK=`echo $user_pk | cut -d' ' -f1` + curl -X DELETE "https://$SSO_HOST/core/users/$PK/" \ + -H "accept: application/json" \ + -H "authorization: Bearer $SSO_TOKEN" +done