|
|
@ -0,0 +1,57 @@ |
|
|
|
#! /bin/bash |
|
|
|
IFS=" |
|
|
|
" |
|
|
|
|
|
|
|
|
|
|
|
SSO_HOST="example.com/api/v3" |
|
|
|
SSO_TOKEN="token" |
|
|
|
LDAP_HOST="localhost" |
|
|
|
LDAP_USERDN="uid=user,ou=people,dc=example,dc=com" |
|
|
|
LDAP_PASS='pass' |
|
|
|
LDAP_BASE="ou=people,dc=example,dc=com" |
|
|
|
DIRECTORY="/usr/local/src/authentik_ldap_sync" |
|
|
|
deleted_users="$DIRECTORY/deleted_users" |
|
|
|
deleted_pklist="$DIRECTORY/user_pklist" |
|
|
|
authentik_users="$DIRECTORY/authentik_users" |
|
|
|
|
|
|
|
ldap_search() { |
|
|
|
ldapsearch -D $LDAP_USERDN -w$LDAP_PASS -b $LDAP_BASE -h $LDAP_HOST $* |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
if [ ! -d "$DIRECTORY" ]; then |
|
|
|
mkdir $DIRECTORY |
|
|
|
fi |
|
|
|
|
|
|
|
if [ ! -f "$deleted_pklist" ]; then |
|
|
|
touch $deleted_pklist |
|
|
|
else |
|
|
|
rm $deleted_pklist |
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ldap_search 'uid' | grep -E '^uid:' | cut -d' ' -f2 | sort > $DIRECTORY/ldap_users |
|
|
|
|
|
|
|
curl -X GET "https://$SSO_HOST/core/users/?page_size=1000" \ |
|
|
|
-H "accept: application/json"\ |
|
|
|
-H "authorization: Bearer $SSO_TOKEN" | jq 'del(.results[].groups_obj)' | jq '.results[].attributes.ldap_uniq' | sed -e '/null/d' -e 's/"//g' | sort > $authentik_users |
|
|
|
|
|
|
|
curl -X GET "https://$SSO_HOST/core/users/?page_size=1000" \ |
|
|
|
-H "accept: application/json"\ |
|
|
|
-H "authorization: Bearer $SSO_TOKEN" | jq '.results[] | "\(.pk) \(.username)"' | sed 's/"//g' > $DIRECTORY/pk_username |
|
|
|
|
|
|
|
diff $DIRECTORY/ldap_users $authentik_users |grep '^>'|awk '{print $2}' > $deleted_users |
|
|
|
|
|
|
|
for user in `cat $deleted_users` |
|
|
|
do |
|
|
|
grep " $user$" $DIRECTORY/pk_username >> $deleted_pklist |
|
|
|
done |
|
|
|
|
|
|
|
for user_pk in `cat $deleted_pklist` |
|
|
|
do |
|
|
|
PK=`echo $user_pk | cut -d' ' -f1` |
|
|
|
curl -X DELETE "https://$SSO_HOST/core/users/$PK/" \ |
|
|
|
-H "accept: application/json" \ |
|
|
|
-H "authorization: Bearer $SSO_TOKEN" |
|
|
|
done |