Unlocking OID accounts: the script

Just a simple script to list locked accounts on an Oracle Internet Directory (OID), and then unlock them. Uses the basics set out in Finding and unlocking locked accounts on Oracle Internet Directory.

Note: Do yourself a favor and get pwdaccountlockedtime indexed (catalogued) if you have not done so already.


Call it “unlockoid.pl”. This script is interactive.

#!/usr/bin/perl
# unlockoid.pl Queries for and unlocks OID entries on list.
# Three modes: --find_locked; --unlock_listed; and --both

use strict;
use Net::LDAP;
use Net::LDAP::Entry;
use Custom::Net::LDAP::LDIF;
use Custom::Text::ParseWords;
use Net::LDAP::Message;
use Net::LDAP::Util qw(ldap_error_name ldap_error_text);
use File::Copy;
use Term::ReadKey;

my $HOME = $ENV{'HOME'};
my $USRBIN = "/usr/bin";
my $APPS = "$HOME/bin";
my $oidUsr = "cn=orcladmin";

my $basedn = "cn=Users,dc=example,dc=com";

print "---------------------------------------------------------------------n";
print "unlockoid.pl: Finds locked accounts on OID and unlocks listed IDsn";
print "n";

my $option = @ARGV[0];
chomp($option);

if($option !~ /^--find$|^--unlock$|^--all$/) {
	
  print "NO OPTION SPECIFIED!n";
  print "n";
  print "Usage:n";
  print "unlockoid.pl [option]n";
  print "Options available are:n";
  print "--find (Find and list locked IDs)n";
  print "--unlock (Unlock listed IDs)n";
  print "--all  (Find, list and unlock in one operation)n";
  print "Example:n";
  print "./unlockoid.pl --findn";
  print "--------------------------------------------------------n";
	
  exit;
}

print "Script invoked with $option optionn";
print "n";

print "OID hostname: ";
my $oidHost = ;
chomp ($oidHost);

print "OID admin password: ";
ReadMode('noecho');
my $oidPass = ;
ReadMode('restore');
chomp ($oidPass);
print "n";

my $result = check_oid($oidHost,$oidPass);
if ($result) {
  print "$resultn";
  exit;
}


my @attrs = qw(cn givenname sn displayname description employeetype mail title o telephonenumber c orclisenabled pwdaccountlockedtime);

my $time = localtime();

my ($minute,$hour,$day,$month,$year) = (localtime)[1,2,3,4,5];
my $datestamp = sprintf("%02d%02d%04d", $month + 1, $day, $year + 1900);

my $userlist = "$HOME/unlock.$oidHost.$datestamp.csv";
my $cmdfile = "$HOME/unlock.$oidHost.$datestamp.ldif";
my $logFile = "$HOME/unlock.$oidHost.$datestamp.log";
	
open LOGZ, ">$logFile" or die $!;

print LOGZ "$timetUnlock account process for $oidHost OIDn";

print "$timetUnlock account process for $oidHost OIDn";

# Subroutine callouts
if ($option eq '--find') {
	print "Finding locked accountsn";
	find_locked();
}
elsif ($option eq '--unlock') {
	print "Unlock listed accountsn";
	unlock_listed();
    clean_house();
}
elsif ($option eq '--all') {
	print "Find and unlock accountsn";
	find_locked();
	unlock_listed();
    clean_house();
}

else {
	
	exit;
}

sub find_locked {

 $time = localtime();
 
 print LOGZ "$timetSearching $oidHost for locked accountstn";
 print "$timetSearching $oidHost for locked accountsn";
 
 my $ldap = Net::LDAP->new($oidHost);
 my $mesg = $ldap->bind($oidUsr, password =>$oidPass) or die $!;
 
 open FH, ">$userlist" or die $!;
 print FH "UserID,LockTime,Status,Description,Type,Title,Email,Phone,Countryn";

 my $query = "(pwdaccountlockedtime=*)";
 my $mesg = $ldap->search (

			base =>$basedn,
			filter =>$query,
			scope =>'sub',
			attrs =>@attrs

				);

 while (my $entry = $mesg->shift_entry()) {

      my $userdn = $entry->dn;
      my $cn = $entry->get_value('cn');
      my $pwdaccountlockedtime = $entry->get_value('pwdaccountlockedtime');
      my $orclisenabled = $entry->get_value('orclisenabled');
      my $description = $entry->get_value('description');
      my $employeetype = $entry->get_value('employeetype');
      my $title = $entry->get_value('title');
      my $mail = $entry->get_value('mail');
      my $telephonenumber = $entry->get_value('telephonenumber');
      my $c = $entry->get_value('c');

      print FH "$cn,$pwdaccountlockedtime,$orclisenabled,"$description",$employeetype,"$title",$mail,"$telephonenumber",$cn";
 
 }
 close FH;
 $ldap->unbind;

}

sub unlock_listed {
  
 $time = localtime();
 
 print LOGZ "$timetUnlocking accounts on $oidHost listen on $userlistn";
 print "$timetUnlocking accounts on $oidHost listen on $userlistn";

 open FH, "$cmdfile" or die $!;

 while () {
  chomp;

  my (
  	$cn,
	$pwdaccountlockedtime, 
	$orclisenabled,
	$description,
	$employeetype,
	$title,
	$mail,
        $telephonenumber,
        $c
	
	)
	= ( &parse_line(',',0,$_));

    my $dn = "cn=$cn,$basedn";

    print FH1 "dn: $dnn";
    print FH1 "changetype: modifyn";
    print FH1 "add: orclpwdaccountunlockn";
    print FH1 "orclpwdaccountunlock: 1n";
    print FH1 "n";

 }

 close FH;
 close FH1;

 system("$USRBIN/ldapmodify -x -h $oidHost -f $cmdfile -D "$oidUsr" -w $oidPass -c >>$logFile 2>&1");
 

}


sub check_oid {
	
 my $oidHost = @_[0];
 my $oidPass = @_[1];

 my $result;
    
 my $ldap = Net::LDAP->new($oidHost);
 my $mesg = $ldap->bind($oidUsr, password =>$oidPass) or die $!;
  
 if ($mesg->is_error) {
  	
     $result = $mesg->error_text;
  		
 }
 return($result);


}

sub clean_house {

 $time = localtime();
 print LOGZ "$timetCleaning up datafilesn";
 print "$timetCleaning up datafilesn";
 unlink("$cmdfile") or warn $!;

}
__END__;