Comments on: Automatically update DansGuardian Filter Groups List fromĀ LDAP https://blog.al4.co.nz/2009/09/automatically-update-dansguardian-filter-groups-list-from-ldap/ My hobby... Thu, 05 Apr 2012 11:02:07 +0000 hourly 1 https://wordpress.org/?v=6.9 By: Alex https://blog.al4.co.nz/2009/09/automatically-update-dansguardian-filter-groups-list-from-ldap/#comment-930 Thu, 05 Apr 2012 11:02:07 +0000 http://blog.al4.co.nz/?p=271#comment-930 Nice work. This is probably now at the point where it should be on Github, but when I wrote the original script I knew nothing about source control! I don’t have a need for it any more as I’m no longer working in an environment that uses Dansguardian, but if someone wants to start a Github project I’d happily link to it from this page.

There are many ways in which these scripts could be improved. :)

]]> By: Aron Leeper https://blog.al4.co.nz/2009/09/automatically-update-dansguardian-filter-groups-list-from-ldap/#comment-928 Wed, 28 Mar 2012 14:07:06 +0000 http://blog.al4.co.nz/?p=271#comment-928 Sorry guys. I though I shared this code with you. Here’s what we did to do multiple user groups.

#!/bin/bash
#
# Dansguardian filter group update script
# Alex Forbes, Edtech Ltd
# Updated 9th September 2009
# Edited 4/20/2010 Graham Pearson/Aron Leeper

## Variables
# Dansguardian filtergroupslist file
DESTFILE=/etc/dansguardian/lists/filtergroupslist
LOGFILE=/var/log/dansfgupdate.log

# LDAP settings
#LDAPFILTER=”(&(objectClass=Person)(|(groupMembership=cn=ALL-TEACHERS,ou=TCHR,o=HWK)(groupMembership=cn=ALL-ADMIN,ou=ADM,o=HWK)(groupMembership=cn=OESAdmins,o=HWK)))”
#LDAPFILTER=”(&(objectClass=Person)(|(groupMembership=cn=InternetAccess,o=Argos))”
LDAPTeacherAccessFILTER=”(groupMembership=cn=dgTeacherAccess,o=Argos)”
LDAPElemStudentAccessFILTER=”(groupMembership=cn=dgElemAccess,o=Argos)”
LDAPJrSrStudentAccessFILTER=”(groupMembership=cn=dgJrSrAccess,o=Argos)”
LDAPAdministratorAccessFILTER=”(groupMembership=cn=dgAdminAccess,o=Argos)”

# Path to the awk script (converts the ldif file to parseable text). I modified one from
# http://www.yolinux.com/TUTORIALS/LinuxTutorialLDAP-ScriptsAndTools.html
AWKSCRIPT=/etc/dansguardian/ldif2csv.awk
TMP=/tmp

# Make temp directories
WIP=$TMP/dgFilterUpdate
mkdir -p $WIP

# Header message
echo “## This file is automatically updated, any changes will be overwritten” > $WIP/4final
echo “## See /etc/dansguardian/updatefilter.sh” >> $WIP/4final
echo “” >>$WIP/4final

touch $DESTFILE
touch $WIP/Step.1.ElementaryStudents
touch $WIP/Step.1.JrSrStudents
touch $WIP/Step.1.Teachers
touch $WIP/Step.1.Administrators
touch $WIP/Step.2.ElementaryStudents
touch $WIP/Step.2.JrSrStudents
touch $WIP/Step.2.Teachers
touch $WIP/Step.2.Administrators

# Perform LDAP search. Outputs ldif file.
ldapsearch -uxvA -H ldap://192.168.0.1 -b “o=Argos” -S ” -s “sub” -D cn=ldapadmin,o=Argos -w ldapadmin “$LDAPElemStudentAccessFILTER” ufn > $WIP/Step.1.ElementaryStudents
ldapsearch -uxvA -H ldap://192.168.0.1 -b “o=Argos” -S ” -s “sub” -D cn=ldapadmin,o=Argos -w ldapadmin “$LDAPJrSrStudentAccessFILTER” ufn > $WIP/Step.1.JrSrStudents
ldapsearch -uxvA -H ldap://192.168.0.1 -b “o=Argos” -S ” -s “sub” -D cn=ldapadmin,o=Argos -w ldapadmin “$LDAPTeacherAccessFILTER” ufn > $WIP/Step.1.Teachers
ldapsearch -uxvA -H ldap://192.168.0.1 -b “o=Argos” -S ” -s “sub” -D cn=ldapadmin,o=Argos -w ldapadmin “$LDAPAdministratorAccessFILTER” ufn > $WIP/Step.1.Administrators

# Picks out the ufn attribute using a modified awk script I found:
cat $WIP/Step.1.ElementaryStudents | awk -F ‘: ‘ -f $AWKSCRIPT | cut -d, -f1 | sed ‘s/$/=filter2/’ > $WIP/Step.2.ElementaryStudents
cat $WIP/Step.1.JrSrStudents | awk -F ‘: ‘ -f $AWKSCRIPT | cut -d, -f1 | sed ‘s/$/=filter3/’ > $WIP/Step.2.JrSrStudents
cat $WIP/Step.1.Teachers | awk -F ‘: ‘ -f $AWKSCRIPT | cut -d, -f1 | sed ‘s/$/=filter4/’ > $WIP/Step.2.Teachers
cat $WIP/Step.1.Administrators | awk -F ‘: ‘ -f $AWKSCRIPT | cut -d, -f1 | sed ‘s/$/=filter5/’ > $WIP/Step.2.Administrators

# Finally, copy the file to overwrite the dansguardian list.
# I’ve done a simple check to make sure the file isn’t too small in case of error, but it could be handled better.
SIZE=`stat -c %s $WIP/Step.2.Administrators`

if [ $SIZE -gt 30 ]; then
cp $WIP/Step.2.Administrators $DESTFILE
cat $WIP/Step.2.Teachers >> $DESTFILE
cat $WIP/Step.2.JrSrStudents >> $DESTFILE
cat $WIP/Step.2.ElementaryStudents >> $DESTFILE
echo $(date +”%Y/%m/%d %H:%M”): Updated filter groups list “(“size $SIZE bytes”)” >> $LOGFILE
else
echo $(date +”%Y/%m/%d %H:%M”): Output file is too small, list not updated >> $LOGFILE
fi

# Gentle reload of dansguardian
dansguardian -g

]]> By: Heath https://blog.al4.co.nz/2009/09/automatically-update-dansguardian-filter-groups-list-from-ldap/#comment-44 Mon, 21 Mar 2011 06:09:08 +0000 http://blog.al4.co.nz/?p=271#comment-44 For Posterity, I have a working (not very clean) multigroup script running now. If someone posts an update to it, I would love to see it. There are some “appearance issues” with this script. It works, but some of the output isn’t as nice looking as I would like.
This is running on a CentOS 5.5 box so some commands may need to be adjusted for other systems
#!/bin/bash
#
# Dansguardian filter group update script
# Alex Forbes, Edtech Ltd
# Updated 20 March 2011
# by Heath Henderson, LCUSD2
# with Multigroup (removed external awk script)
#
## Variables
TMP=/tmp
LOGFILE=/var/log/dansguardian/dansfgupdate.log

#LDAP SERVER SPECIFIC SETTINGS

# Make temp directories
WIP=$TMP/dgFilterUpdate
mkdir -p $WIP

# LIST FILTERGROUPS HERE
FILTERGROUP1=filter1
FILTERGROUP2=filter2
FILTERGROUP3=filter3
FILTERGROUP4=filter4
FILTERGROUP5=filter5
FILTERGROUP6=filter6
FILTERGROUP7=filter7

#FILTERGROUP ROOTPATH
FILTERGRPATH=/tmp/dgFilterUpdate

# Dansguardian filtergroupslist file
DESTFILE1=$FILTERGRPATH/filtergroupslist1
DESTFILE2=$FILTERGRPATH/filtergroupslist2
DESTFILE3=$FILTERGRPATH/filtergroupslist3
DESTFILE4=$FILTERGRPATH/filtergroupslist4
DESTFILE5=$FILTERGRPATH/filtergroupslist5
DESTFILE6=$FILTERGRPATH/filtergroupslist6
DESTFILE7=$FILTERGRPATH/filtergroupslist7

LDAPSERVER=’-uxvALLL -H ldap://YOUR.SERVER.IP.ADDRESS -b o=LDAPBASE -S ” -s “one” -D cn=USER,LDAPBIND -w PASSWORD ufn’

# LDAP SEARCH CRITERIA
LDAPFILTERBASE1='”(&(groupMembership=cn=inetdisabled,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERLDO1='”(&(groupMembership=cn=inetdisabled,ou=MYOU,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERLJSH1='”(&(groupMembership=cn=inetdisabled,ou=MYOU1,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERLES1='”(&(groupMembership=cn=inetdisabled,ou=MYOU2,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERLPA1='”(&(groupMembership=cn=inetdisabled,ou=MYOU3,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERBASE2='”(&(groupMembership=cn=inetguest,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERLDO2='”(&(groupMembership=cn=inetguest,ou=MYOU,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERLJSH2='”(&(groupMembership=cn=inetguest,ou=MYOU1,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERLES2='”(&(groupMembership=cn=inetguest,ou=MYOU2,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERLPA2='”(&(groupMembership=cn=inetguest,ou=MYOU3,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERBASE3='”(&(groupMembership=cn=inetlimited,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERLDO3='”(&(groupMembership=cn=inetlimited,ou=MYOU,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERLJSH3='”(&(groupMembership=cn=inetlimited,ou=MYOU1,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERLES3='”(&(groupMembership=cn=inetlimited,ou=MYOU2,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERLPA3='”(&(groupMembership=cn=inetlimited,ou=MYOU3,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERBASE4='”(&(groupMembership=cn=inetpupils,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERLDO4='”(&(groupMembership=cn=inetpupils,ou=MYOU,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERLJSH4='”(&(groupMembership=cn=inetpupils,ou=MYOU1,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERLES4='”(&(groupMembership=cn=inetpupils,ou=MYOU2,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERLPA4='”(&(groupMembership=cn=inetpupils,ou=MYOU3,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERBASE5='”(&(groupMembership=cn=inetstaff,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERLDO5='”(&(groupMembership=cn=inetstaff,ou=MYOU,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERLJSH5='”(&(groupMembership=cn=inetstaff,ou=MYOU1,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERLES5='”(&(groupMembership=cn=inetstaff,ou=MYOU2,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERLPA5='”(&(groupMembership=cn=inetstaff,ou=MYOU3,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERBASE6='”(&(groupMembership=cn=inetstaffextended,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERLDO6='”(&(groupMembership=cn=inetstaffextended,ou=MYOU,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERLJSH6='”(&(groupMembership=cn=inetstaffextended,ou=MYOU1,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERLES6='”(&(groupMembership=cn=inetstaffextended,ou=MYOU2,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERLPA6='”(&(groupMembership=cn=inetstaffextended,ou=MYOU3,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERBASE7='”(&(groupMembership=cn=inetwebadmin,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERLDO7='”(&(groupMembership=cn=inetwebadmin,ou=MYOU,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERLJSH7='”(&(groupMembership=cn=inetwebadmin,ou=MYOU1,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERLES7='”(&(groupMembership=cn=inetwebadmin,ou=MYOU2,o=LDAPBASE))” ‘$LDAPSERVER”
LDAPFILTERLPA7='”(&(groupMembership=cn=inetwebadmin,ou=MYOU3,o=LDAPBASE))” ‘$LDAPSERVER”

# Header message
#echo “## This file is automatically updated, any changes will be overwritten” > $WIP/4final
#echo “## See /opt/edir2dansg.sh” >> $WIP/4final
#echo “” >>$WIP/4final

# Perform LDAP search. Outputs ldif file.
#FILTER1
ldapqueryf11=”ldapsearch $LDAPFILTERBASE1 >”
ldapqueryf12=”ldapsearch $LDAPFILTERLDO1 >”
ldapqueryf13=”ldapsearch $LDAPFILTERLJSH1 >”
ldapqueryf14=”ldapsearch $LDAPFILTERLES1 >”
ldapqueryf15=”ldapsearch $LDAPFILTERLPA1 >”
echo “${ldapqueryf11} $WIP/1ldif.f11” > $WIP/1ldif.f11 |bash $WIP/1ldif.f11 | sleep 1
echo “${ldapqueryf12} $WIP/1ldif.f12” > $WIP/1ldif.f12 | bash $WIP/1ldif.f12 | sleep 1
echo “${ldapqueryf13} $WIP/1ldif.f13” > $WIP/1ldif.f13 | bash $WIP/1ldif.f13 | sleep 1
echo “${ldapqueryf14} $WIP/1ldif.f14” > $WIP/1ldif.f14 | bash $WIP/1ldif.f14 | sleep 1
echo “${ldapqueryf15} $WIP/1ldif.f15″ > $WIP/1ldif.f15 | bash $WIP/1ldif.f15 | sleep 1
cat $WIP/1ldif.f1* > $WIP/1ldif

#FILTER2
ldapqueryf21=”ldapsearch $LDAPFILTERBASE2 >”
ldapqueryf22=”ldapsearch $LDAPFILTERLDO2 >”
ldapqueryf23=”ldapsearch $LDAPFILTERLJSH2 >”
ldapqueryf24=”ldapsearch $LDAPFILTERLES2 >”
ldapqueryf25=”ldapsearch $LDAPFILTERLPA2 >”
echo “${ldapqueryf21} $WIP/2ldif.f21” > $WIP/2ldif.f21 | bash $WIP/2ldif.f21 | sleep 1
echo “${ldapqueryf22} $WIP/2ldif.f22” > $WIP/2ldif.f22 | bash $WIP/2ldif.f22 | sleep 1
echo “${ldapqueryf23} $WIP/2ldif.f23” > $WIP/2ldif.f23 | bash $WIP/2ldif.f23 | sleep 1
echo “${ldapqueryf24} $WIP/2ldif.f24” > $WIP/2ldif.f24 | bash $WIP/2ldif.f24 | sleep 1
echo “${ldapqueryf25} $WIP/2ldif.f25″ > $WIP/2ldif.f25 | bash $WIP/2ldif.f25 | sleep 1
cat $WIP/2ldif.f2* > $WIP/2ldif

#FILTER3
ldapquery31=”ldapsearch $LDAPFILTERBASE3 >”
ldapquery32=”ldapsearch $LDAPFILTERLDO3 >”
ldapquery33=”ldapsearch $LDAPFILTERLJSH3 >”
ldapquery34=”ldapsearch $LDAPFILTERLES3 >”
ldapquery35=”ldapsearch $LDAPFILTERLPA3 >”
echo “${ldapquery31} $WIP/3ldif.f31” > $WIP/3ldif.f31 | bash $WIP/3ldif.f31 | sleep 1
echo “${ldapquery32} $WIP/3ldif.f32” > $WIP/3ldif.f32 | bash $WIP/3ldif.f32 | sleep 1
echo “${ldapquery33} $WIP/3ldif.f33” > $WIP/3ldif.f33 | bash $WIP/3ldif.f33 | sleep 1
echo “${ldapquery34} $WIP/3ldif.f34” > $WIP/3ldif.f34 | bash $WIP/3ldif.f34 | sleep 1
echo “${ldapquery35} $WIP/3ldif.f35″ > $WIP/3ldif.f35 | bash $WIP/3ldif.f35 | sleep 1
cat $WIP/3ldif.f3* > $WIP/3ldif

#FILTER4
ldapquery41=”ldapsearch $LDAPFILTERBASE4 >”
ldapquery42=”ldapsearch $LDAPFILTERLDO4 >”
ldapquery43=”ldapsearch $LDAPFILTERLJSH4 >”
ldapquery44=”ldapsearch $LDAPFILTERLES4 >”
ldapquery45=”ldapsearch $LDAPFILTERLPA4 >”
echo “${ldapquery41} $WIP/4ldif.f41” > $WIP/4ldif.f41 | bash $WIP/4ldif.f41 | sleep 1
echo “${ldapquery42} $WIP/4ldif.f42” > $WIP/4ldif.f42 | bash $WIP/4ldif.f42 | sleep 1
echo “${ldapquery43} $WIP/4ldif.f43” > $WIP/4ldif.f43 | bash $WIP/4ldif.f43 | sleep 1
echo “${ldapquery44} $WIP/4ldif.f44” > $WIP/4ldif.f44 | bash $WIP/4ldif.f44 | sleep 1
echo “${ldapquery45} $WIP/4ldif.f45″ > $WIP/4ldif.f45 | bash $WIP/4ldif.f45 | sleep 1
cat $WIP/4ldif.f4* > $WIP/4ldif

#FILTER5
ldapquery51=”ldapsearch $LDAPFILTERBASE5 >”
ldapquery52=”ldapsearch $LDAPFILTERLDO5 >”
ldapquery53=”ldapsearch $LDAPFILTERLJSH5 >”
ldapquery54=”ldapsearch $LDAPFILTERLES5 >”
ldapquery55=”ldapsearch $LDAPFILTERLPA5 >”
echo “${ldapquery51} $WIP/5ldif.f51” > $WIP/5ldif.f51 | bash $WIP/5ldif.f51 | sleep 1
echo “${ldapquery52} $WIP/5ldif.f52” > $WIP/5ldif.f52 | bash $WIP/5ldif.f52 | sleep 1
echo “${ldapquery53} $WIP/5ldif.f53” > $WIP/5ldif.f53 | bash $WIP/5ldif.f53 | sleep 1
echo “${ldapquery54} $WIP/5ldif.f54” > $WIP/5ldif.f54 | bash $WIP/5ldif.f54 | sleep 1
echo “${ldapquery55} $WIP/5ldif.f55″ > $WIP/5ldif.f55 | bash $WIP/5ldif.f55 | sleep 1
cat $WIP/5ldif.f5* > $WIP/5ldif

#FILTER6
ldapquery61=”ldapsearch $LDAPFILTERBASE6 >”
ldapquery62=”ldapsearch $LDAPFILTERLDO6 >”
ldapquery63=”ldapsearch $LDAPFILTERLJSH6 >”
ldapquery64=”ldapsearch $LDAPFILTERLES6 >”
ldapquery65=”ldapsearch $LDAPFILTERLPA6 >”
echo “${ldapquery61} $WIP/6ldif.f61” > $WIP/6ldif.f61 | bash $WIP/6ldif.f61 | sleep 1
echo “${ldapquery62} $WIP/6ldif.f62” > $WIP/6ldif.f62 | bash $WIP/6ldif.f62 | sleep 1
echo “${ldapquery63} $WIP/6ldif.f63” > $WIP/6ldif.f63 | bash $WIP/6ldif.f63 | sleep 1
echo “${ldapquery64} $WIP/6ldif.f64” > $WIP/6ldif.f64 | bash $WIP/6ldif.f64 | sleep 1
echo “${ldapquery65} $WIP/6ldif.f65″ > $WIP/6ldif.f65 | bash $WIP/6ldif.f65 | sleep 1
cat $WIP/6ldif.f6* > $WIP/6ldif

#FILTER7
ldapquery71=”ldapsearch $LDAPFILTERBASE7 >”
ldapquery72=”ldapsearch $LDAPFILTERLDO7 >”
ldapquery73=”ldapsearch $LDAPFILTERLJSH7 >”
ldapquery74=”ldapsearch $LDAPFILTERLES7 >”
ldapquery75=”ldapsearch $LDAPFILTERLPA7 >”
echo “${ldapquery71} $WIP/7ldif.f71” > $WIP/7ldif.f71 | bash $WIP/7ldif.f71 | sleep 1
echo “${ldapquery72} $WIP/7ldif.f72” > $WIP/7ldif.f72 | bash $WIP/7ldif.f72 | sleep 1
echo “${ldapquery73} $WIP/7ldif.f73” > $WIP/7ldif.f73 | bash $WIP/7ldif.f73 | sleep 1
echo “${ldapquery74} $WIP/7ldif.f74” > $WIP/7ldif.f74 | bash $WIP/7ldif.f74 | sleep 1
echo “${ldapquery75} $WIP/7ldif.f75” > $WIP/7ldif.f75 | bash $WIP/7ldif.f75 | sleep 1
cat $WIP/7ldif.f7* > $WIP/7ldif

# Picks the first field of the ufn attribute to generate a clean list of users
cat $WIP/1ldif | sed ‘/^dn: /d’ |cut -d: -f2 |cut -d, -f1 | cut -d= -f1 | sed ‘/^$/d’ |sed -e ‘s/^[ t]*//’ | sed “s/$/=$FILTERGROUP1/” > $WIP/1final
cat $WIP/2ldif | sed ‘/^dn: /d’ |cut -d: -f2 |cut -d, -f1 | cut -d= -f1 | sed ‘/^$/d’ |sed -e ‘s/^[ t]*//’ | sed “s/$/=$FILTERGROUP2/” > $WIP/2final
cat $WIP/3ldif | sed ‘/^dn: /d’ |cut -d: -f2 |cut -d, -f1 | cut -d= -f1 | sed ‘/^$/d’ |sed -e ‘s/^[ t]*//’ | sed “s/$/=$FILTERGROUP3/” > $WIP/3final
cat $WIP/4ldif | sed ‘/^dn: /d’ |cut -d: -f2 |cut -d, -f1 | cut -d= -f1 | sed ‘/^$/d’ |sed -e ‘s/^[ t]*//’ | sed “s/$/=$FILTERGROUP4/” > $WIP/4final
cat $WIP/5ldif | sed ‘/^dn: /d’ |cut -d: -f2 |cut -d, -f1 | cut -d= -f1 | sed ‘/^$/d’ |sed -e ‘s/^[ t]*//’ | sed “s/$/=$FILTERGROUP5/” > $WIP/5final
cat $WIP/6ldif | sed ‘/^dn: /d’ |cut -d: -f2 |cut -d, -f1 | cut -d= -f1 | sed ‘/^$/d’ |sed -e ‘s/^[ t]*//’ | sed “s/$/=$FILTERGROUP6/” > $WIP/6final
cat $WIP/7ldif | sed ‘/^dn: /d’ |cut -d: -f2 |cut -d, -f1 | cut -d= -f1 | sed ‘/^$/d’ |sed -e ‘s/^[ t]*//’ | sed “s/$/=$FILTERGROUP7/” > $WIP/7final

###################################################################
# Finally, copy the file to overwrite the dansguardian list.
# I’ve done a simple check to make sure the file isn’t too small in
# case of error, but it could be handled better.
# FILTERUSERGROUPS LISTED IN ORDER OF FEWEST MEMBERS > MOST MEMBERS
# EASIER TO READ THIS WAY
# ADMIN, GUEST, AND DISABLED USERS ARE GENERALLY EASIER TO MANAGE
# IF YOU DON’T HAVE TO GO LOOKING
####################################################################
echo “###############################################################” > $DESTFILE1
echo “#############” >> $DESTFILE1
echo “# NO ACCESS #” >> $DESTFILE1
echo “#############” >> $DESTFILE1
SIZE=`stat -c %s $WIP/1final`
if [ $SIZE -gt 2 ]; then
cat $WIP/1final >> $DESTFILE1
echo $(date +”%Y/%m/%d %H:%M”): Updated filter groups list “(“size $SIZE bytes”)” >> $LOGFILE
else echo $(date +”%Y/%m/%d %H:%M”): Output file is too small, list not updated >> $LOGFILE
fi

echo ” ” > $DESTFILE2
echo “#########” >> $DESTFILE2
echo “# GUEST #” >> $DESTFILE2
echo “#########” >> $DESTFILE2
SIZE=`stat -c %s $WIP/2final`
if [ $SIZE -gt 2 ]; then
cat $WIP/2final >> $DESTFILE2
echo $(date +”%Y/%m/%d %H:%M”): Updated filter groups list “(“size $SIZE bytes”)” >> $LOGFILE
else echo $(date +”%Y/%m/%d %H:%M”): Output file is too small, list not updated >> $LOGFILE
fi

echo ” ” > $DESTFILE7
echo “#########” >> $DESTFILE7
echo “# ADMIN #” >> $DESTFILE7
echo “#########” >> $DESTFILE7
SIZE=`stat -c %s $WIP/7final`
if [ $SIZE -gt 2 ]; then
cat $WIP/7final >> $DESTFILE7
echo $(date +”%Y/%m/%d %H:%M”): Updated filter groups list “(“size $SIZE bytes”)” >> $LOGFILE
else echo $(date +”%Y/%m/%d %H:%M”): Output file is too small, list not updated >> $LOGFILE
fi

echo ” ” > $DESTFILE6
echo “#################################” >> $DESTFILE6
echo “# EXTENDED STAFF (FACEBOOK ETC) #” >> $DESTFILE6
echo “#################################” >> $DESTFILE6
SIZE=`stat -c %s $WIP/6final`
if [ $SIZE -gt 2 ]; then
cat $WIP/6final >> $DESTFILE6
echo $(date +”%Y/%m/%d %H:%M”): Updated filter groups list “(“size $SIZE bytes”)” >> $LOGFILE
else echo $(date +”%Y/%m/%d %H:%M”): Output file is too small, list not updated >> $LOGFILE
fi

echo ” ” > $DESTFILE3
echo “#######################” >> $DESTFILE3
echo “# RESTRICTED STUDENTS #” >> $DESTFILE3
echo “#######################” >> $DESTFILE3
SIZE=`stat -c %s $WIP/3final`
if [ $SIZE -gt 2 ]; then
cat $WIP/3final >> $DESTFILE3
echo $(date +”%Y/%m/%d %H:%M”): Updated filter groups list “(“size $SIZE bytes”)” >> $LOGFILE
else echo $(date +”%Y/%m/%d %H:%M”): Output file is too small, list not updated >> $LOGFILE
fi

echo ” ” > $DESTFILE5
echo “#########” >> $DESTFILE5
echo “# STAFF #” >> $DESTFILE5
echo “#########” >> $DESTFILE5
SIZE=`stat -c %s $WIP/5final`
if [ $SIZE -gt 2 ]; then
cat $WIP/5final >> $DESTFILE5
echo $(date +”%Y/%m/%d %H:%M”): Updated filter groups list “(“size $SIZE bytes”)” >> $LOGFILE
else echo $(date +”%Y/%m/%d %H:%M”): Output file is too small, list not updated >> $LOGFILE
fi

echo ” ” > $DESTFILE4
echo “############” >> $DESTFILE4
echo “# STUDENTS #” >> $DESTFILE4
echo “############” >> $DESTFILE4
SIZE=`stat -c %s $WIP/4final`
if [ $SIZE -gt 2 ]; then
cat $WIP/4final >> $DESTFILE4
echo $(date +”%Y/%m/%d %H:%M”): Updated filter groups list “(“size $SIZE bytes”)” >> $LOGFILE
else echo $(date +”%Y/%m/%d %H:%M”): Output file is too small, list not updated >> $LOGFILE
fi

#FULL PATH TO filtergroupslist
FULLPATH=/etc/dansguardian/lists

#BACKUP ORIGINAL FILE
cat $FULLPATH/filtergroupslist > $FULLPATH/filtergroupslist.bak

##################################
#COMBINE AND BUILD FILTERGROUPFILE
##################################
echo “###############################################################” > $FULLPATH/filtergroupslist
echo “# Filter Groups List file for DansGuardian” >> $FULLPATH/filtergroupslist
echo “#” >> $FULLPATH/filtergroupslist
echo “# Format is (user)=filter(1-9) where 1-9 are the groups” >> $FULLPATH/filtergroupslist
echo “#” >> $FULLPATH/filtergroupslist
echo “# Eg:” >> $FULLPATH/filtergroupslist
echo “# daniel=filter2” >> $FULLPATH/filtergroupslist
echo “#” >> $FULLPATH/filtergroupslist
echo “# This file is only of use if you have more than 1 filter group” >> $FULLPATH/filtergroupslist
cat $DESTFILE1 >> $FULLPATH/filtergroupslist
cat $DESTFILE2 >> $FULLPATH/filtergroupslist
cat $DESTFILE7 >> $FULLPATH/filtergroupslist
cat $DESTFILE6 >> $FULLPATH/filtergroupslist
cat $DESTFILE3 >> $FULLPATH/filtergroupslist
cat $DESTFILE5 >> $FULLPATH/filtergroupslist
cat $DESTFILE4 >> $FULLPATH/filtergroupslist
chmod 644 $FULLPATH/filtergroupslist
chown nobody.nobody $FULLPATH/filtergroupslist
# Gentle reload of dansguardian
service dansguardian stop
sleep 10
service dansguardian start

]]> By: Alex https://blog.al4.co.nz/2009/09/automatically-update-dansguardian-filter-groups-list-from-ldap/#comment-43 Sun, 20 Mar 2011 03:43:16 +0000 http://blog.al4.co.nz/?p=271#comment-43 In reply to Heath.

Thanks for your contribution Heath. I can’t really test it as I don’t have an edirectory or even LDAP server around any more, but I’ll add a note to the article.

]]> By: Heath https://blog.al4.co.nz/2009/09/automatically-update-dansguardian-filter-groups-list-from-ldap/#comment-42 Fri, 18 Mar 2011 00:50:10 +0000 http://blog.al4.co.nz/?p=271#comment-42 I removed some of the need to external processing. Made it a little more efficient. I haven’t worked on multigroup yet, but that is next. I will submit those back once I have them working.

# Perform LDAP search. Outputs ldif file.
ldapsearch “$LDAPFILTER” -uxvALLL -H ldap://IP.OF.LDAP.SERVER -b “o=MYTREE” -S ” -s “sub” -D cn=BINDUSER,o=MYTREE -w PASSWORD ufn
> $WIP/1ldif

(REMOVE THE FOLLOWING 4 LINES)
#Make copy of current ldif (1ldif) working file
#cat $WIP/1ldif > $WIP/2txt
# Picks out the ufn attribute using a modified awk script I found:
#awk -F ‘: ‘ -f $AWKSCRIPT $WIP/2txt

# Picks the first field of the ufn attribute to generate a clean list of users
#cut -d, -f1 $WIP/2txt > $WIP/3userlist (REMOVE THIS LINE)
cat $WIP/1ldif | sed ‘/^dn: /d’ |cut -d: -f2 |cut -d, -f1 | cut -d= -f1 | sed ‘/^$/d’ | sed -e ‘s/^[ t]*//’ > $WIP/3userlist

]]> By: Alex https://blog.al4.co.nz/2009/09/automatically-update-dansguardian-filter-groups-list-from-ldap/#comment-41 Thu, 17 Mar 2011 17:15:44 +0000 http://blog.al4.co.nz/?p=271#comment-41 In reply to Heath.

Hi Heath, glad you found it useful but the modifications referenced above didn’t make it to me unfortunately.

]]> By: Heath https://blog.al4.co.nz/2009/09/automatically-update-dansguardian-filter-groups-list-from-ldap/#comment-40 Thu, 17 Mar 2011 17:09:30 +0000 http://blog.al4.co.nz/?p=271#comment-40 In reply to Alex.

Just curious if the multogroup modification made it up to you for posting? We are doing something similar here with some filter groups and a fresh DG install.
This has been a very informative read/script.

Thanks for posting

]]> By: Alex https://blog.al4.co.nz/2009/09/automatically-update-dansguardian-filter-groups-list-from-ldap/#comment-39 Wed, 21 Apr 2010 21:18:39 +0000 http://blog.al4.co.nz/?p=271#comment-39 In reply to Aron Leeper.

Glad it was useful.

If you’re happy to release your modifications into the public domain it would be great if you sent through the code. This script could do with some improvements and your contributions would be most welcome!

]]> By: Aron Leeper https://blog.al4.co.nz/2009/09/automatically-update-dansguardian-filter-groups-list-from-ldap/#comment-38 Wed, 21 Apr 2010 12:21:34 +0000 http://blog.al4.co.nz/?p=271#comment-38 Great script! A friend of mine (Graham Pearson) and I modified it to include multiple LDAP groups and to write multiple DG filter groups. Would you like me to send you the code?

]]> By: Alex https://blog.al4.co.nz/2009/09/automatically-update-dansguardian-filter-groups-list-from-ldap/#comment-37 Fri, 20 Nov 2009 01:11:45 +0000 http://blog.al4.co.nz/?p=271#comment-37 In reply to Marcus Friedman | ellipsys….

Thanks Marcus, I appreciate the comment. You have a very interesting site.

Regards,
Alex

]]>