Spent too many minutes doing a simple task today:

Take groups from LDAP and tell me who in in group 1 but not group 2.

Apache’s Directory Studio is essential if you do a lot of LDAP work. It makes it easy to navigate and peek around. With this I was able to dump two files, each listing the members of their GroupOfName records. Each line looked like:

mail=emailaddress,ou=Groups,dc=company,dc=com

All I really cared about were the email addresses. So let’s get those first:

cat userlist1.txt | sed 's/mail=\(.*\),ou=Group,dc=company,dc=com/\1/' > emails1.txt

I did that for twice, once for each file. Then I wanted to sort them:

sort email1.txt > sorted_email1.txt

Once again, twice. Once per file. I need to sort them for the comparison tool, as it expected ordered data. Finally, my in group 1 but not group 2 report:

comm -23 sorted_email1.txt sorted_email2.txt

The comm command reports three colums: only in file 1, only in file 2, and in both. The -23 switch suppresses columns 2 and 3.

So it took me a good 5 minutes (after 10 to remember sed syntax), simple unix tools saved me a script. And if need to be done enough, could easily be a script. Yay Unix text!