From: Frank Brehm Date: Wed, 22 Jan 2025 12:14:48 +0000 (+0100) Subject: Completing get-last-login-times X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=34e46396813ad837b10af9138ef127971894e804;p=pixelpark%2Fpp-admin-tools.git Completing get-last-login-times --- diff --git a/scripts/get-last-login-times b/scripts/get-last-login-times index 34fd0fe..4460d86 100755 --- a/scripts/get-last-login-times +++ b/scripts/get-last-login-times @@ -35,6 +35,11 @@ LAST_DAYS= LAST_SECONDS=$(( DEFAULT_LAST_MONTHS * 30 * 24 * 3600 )) +declare -A ACCOUNTS=() +NR_ACCOUNTS_TOTAL= +NR_ACCOUNTS_WITH_LOGIN_TIME= +NR_ACCOUNTS_OUTDATED= + DESCRIPTION=$( cat <<-EOF Searching for the last login time of accounts in Digitas LDAP." @@ -206,11 +211,149 @@ get_options() { } +#------------------------------------------------ +get_accounts() { + + local cmd= + local filter= + local dn= + local uid= + local last_login_time= + local i= + local line= + local diff= + local old_ifs="${IFS}" + local dt_year= + local dt_month= + local dt_day= + local dt_hour= + local dt_minute= + local dt_second= + + local rest= + local diff_secs= + local diff_mins= + local diff_hours= + local diff_days= + + + local current_unix_time=$( date +'%s' ) + + local cmd_base="ldapsearch -LLL -o ldif-wrap=no " + cmd_base+="-H \"${LDAP_URL}\" -b \"${LDAP_BASE}\"" + cmd_base+=" -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\" " + + empty_line + filter="(&(uid=*)(userPassword=*))" + cmd="${cmd_base} \"${filter}\" dn | grep '^dn:' | wc -l" + debug "Executing: ${cmd}" + NR_ACCOUNTS_TOTAL=$( eval ${cmd} ) + info "Number of accounts total: ${NR_ACCOUNTS_TOTAL}" + + empty_line + filter="(&(uid=*)(userPassword=*)(lastLoginTime=*))" + cmd="${cmd_base} \"${filter}\" dn | grep '^dn:' | wc -l" + debug "Executing: ${cmd}" + NR_ACCOUNTS_WITH_LOGIN_TIME=$( eval ${cmd} ) + info "Number of accounts with a last login time: ${NR_ACCOUNTS_WITH_LOGIN_TIME}" + + empty_line + cmd="${cmd_base} \"${filter}\" dn uid lastLoginTime" + debug "Executing: ${cmd}" + IFS=" +" + i=0 + for line in $( eval ${cmd} ) ; do + if [[ "${line}" =~ ^\s*$ ]] ; then + continue + fi + + # if [[ "$i" -gt 20 ]] ; then + # break + # fi + debug "Evaluating line: ${line}" + + if [[ "${line}" =~ ^dn: ]] ; then + dn=$( echo "${line}" | sed -e 's/^dn: //i' -e 's/{ ]*$//' ) + i=$(( i + 1 )) + debug "Found DN: ${dn}" + continue + fi + + if [[ "${line}" =~ ^uid: ]] ; then + uid=$( echo "${line}" | sed -e 's/^uid: //i' -e 's/{ ]*$//' ) + continue + fi + + if [[ "${line}" =~ ^lastLoginTime: ]] ; then + dt_year=$( echo "${line}" | sed -e 's/^lastLoginTime: //i' -e 's/^\(....\).*/\1/' ) + dt_month=$( echo "${line}" | sed -e 's/^lastLoginTime: //i' -e 's/^....\(..\).*/\1/' ) + dt_day=$( echo "${line}" | sed -e 's/^lastLoginTime: //i' -e 's/^......\(..\).*/\1/' ) + dt_hour=$( echo "${line}" | sed -e 's/^lastLoginTime: //i' -e 's/^........\(..\).*/\1/' ) + dt_minute=$( echo "${line}" | sed -e 's/^lastLoginTime: //i' -e 's/^..........\(..\).*/\1/' ) + dt_second=$( echo "${line}" | sed -e 's/^lastLoginTime: //i' -e 's/^............\(..\).*/\1/' ) + debug "Found last login time: ${dt_year}-${dt_month}-${dt_day} ${dt_hour}:${dt_minute}:${dt_second} UTC" + last_login_time=$( date -d "${dt_year}-${dt_month}-${dt_day} ${dt_hour}:${dt_minute}:${dt_second}" +"%s" ) + debug "UNIX last login time: ${last_login_time}" + diff=$(( current_unix_time - last_login_time )) + debug "Age of last login time: ${diff} seconds." + if [[ "${diff}" -ge "${LAST_SECONDS}" ]] ; then + diff_secs=$(( diff % 60 )) + rest=$(( diff / 60 )) + diff_mins=$(( rest % 60 )) + rest=$(( rest / 60 )) + diff_hours=$(( rest % 24 )) + diff_days=$(( rest / 24 )) + diff=$( printf "%4dd %2dh %2dm %2ds" "${diff_days}" "${diff_hours}" "${diff_mins}" "${diff_secs}" ) + debug "Account '${dn}' is outdated since ${diff}." + ACCOUNTS[${dn}]="${diff} (${dt_year}-${dt_month}-${dt_day} ${dt_hour}:${dt_minute}:${dt_second} UTC)." + fi + continue + fi + + done + + IFS="${old_ifs}" + + if [[ "${#ACCOUNTS[*]}" -gt 0 ]] ; then + + warn "Found ${YELLOW}${#ACCOUNTS[*]}${NORMAL} outdated accounts." + + if [[ -z "${BRIEF}" && "${QUIET}" != 'y' ]] ; then + + empty_line + local len= + local max_len=1 + local val= + + for dn in "${!ACCOUNTS[@]}" ; do + len=$(echo -n "${dn}" | wc -m ) + if [[ "${len}" -gt "${max_len}" ]] ; then + max_len="${len}" + fi + done + + max_len=$(( max_len + 1 )) + + for dn in "${!ACCOUNTS[@]}" ; do + printf "%-${max_len}s %s\n" "${dn}:" "${ACCOUNTS[${dn}]}" + done + + + fi + else + info "Did not found any outdated accounts." + fi + +} + #------------------------------------------------ main() { get_options "$@" + get_accounts + empty_line info "Finished."