Welcome to Aaron Thompson's Page Friday, December 26 2014 @ 03:29 CST  
Contact Info
probability project
Perl Modules
Win32::AD::User (cpan)
backup_file (source)
chkconfig (source)
gen-autohome (source)
group-utils (source)
mail-deny (source)
mail-logs (source | archive)
mailman-qmail (source)
qmail vacation (source)
Beast of Burden LLC
Central Iowa LUG
ITS Home
UNI Home


group-utils -- utility to manage LDAP groups

    group-utils -c -g #### -n groupName [-m user1,user2,...,userN] [-Y|-N]
    group-utils -d {-g #### | -n groupName} [-b fileName.ldif] [-Y|-N]
    group-utils -a -m user1,user2,...,userN {-g #### | -n groupName} [-Y|-N]
    group-utils -e -m user1,user2,...,userN {-g #### | -n groupName} [-Y|-N]
    group-utils -s {-g #### | -n groupName}


group-utils provides a simple command-line tool for maintaining groups in an LDAP environment.

group-utils was developed using Debian GNU/Linux using Perl v5 and requires Net::LDAP, Net::LDAP::Search, Net::LDAP::Entry, and Net::LDAP::LDIF.

group-utils has five distinct functions: create a new group, delete an existing group, add a user to an existing group, expunge a user from an existing group, and show the members of an existing group. The show function will accept wild cards if searching for group names.

When group-utils is run either without any options or with unknown or incorrect options, it displays usage/license information.


Read the Synopsis for proper usage information. The following options are listed alphabetically.

add one or more users to a group. List which users are to be added to the group with the '-m' option. Use the '-g' option or the '-n' option (or both) to specify to which group the users are to be added.
create a backup ldif file. This is used with the '-d' option to make a backup of a group before deleting the group from the LDAP tree. You should use a full path with the file name to ensure it is created in the proper place.
create a new group containing 0 or more users. Use the '-g' and '-n' options to specify the group number and name (both are required). If desired list the users that should initially be members of the group with the '-m' option.
delete and existing group. Specify which group to delete using either the '-g' or the '-n' option (or both). If you would like a backup ldif file give the file name using the '-b' option.
expunge one or more users from an existing group. List the users to be removed from the group using the '-m' option. Specify which group to remove users from using either the '-g' or the '-n' option (or both).
specify a group number. This refers to the 'gidnumber', the number assigned to the group. This number should be a UNIX standard group number, and 32-bit unsigned (positive) integer. (eg: 1,500,1000,2001).
specify a list of group members. This can be one or more usernames. When listing more than one user a comma separated list with no extra spaces should be use. (eg: user1,user2,user3,...,userN). The application will not check to make sure the username is valid - it will just add the username the the list of group members.
specify a group name. This refers to the 'cn' or 'common name' of the group object. The simple way to describe this is the text name of the group. This name cannot have any spaces, however '-' and '_' are appropriate. It is also common in the UNIX world to keep this string 8 or less characters long (like usernames). This is not required, but does make it easy to read when reading permissions in a UNIX file system.
assume 'No'. group-utils will ask for 'yes' or 'no' before doing any modifications. '-N' will answer negatively to all questions asked.
show the members of an existing group. Specify which group to remove users from using either the '-g' or the '-n' option (or both).
assume 'Yes'. group-utils will ask for 'yes' or 'no' before doing any modifications. '-Y' will answer positively to all questions asked.


group-utils minimally configurable, the following variables can be changed.
      This is the path that group-utils is located in. This path should allow
      writing as group-utils by default writes to the directory the script is
      located in. This can be change by editing the $tmpLdif definition. Make
      sure you end the path with '/';

      This is the name of the script, the program you are running. This is a
      redundancy used to make the source easier to read. If the script needs to
      call itself it uses $script_name. The default value for $script_name is:
      $base_dir . "group-utils".

      This is the FQDN or IP address of your server.

      This is the base distiguished name for your ldap server, in general.
      This is the base distinguished name of the Group OU.

      This is a distinguished name that allows read/write access to the LDAP
      This is the password required when binding to your LDAP server using the
      root_dn. Make sure your set the permissions on this script so no user other
      than root can read/write/execute group-utils.

Report a Bug

If you find a bug please let me know email me at thompson@cns.uni.edu.

Download / Source

Copyright (C) 2003 Aaron Thompson

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. or visit http://www.gnu.org/copyleft/gpl.html

Click here to view the source code online

Click here to download the script