Article

(View Disclaimer)

PROBLEM: There is no automated function to remove managed devices that have not "checked in" to ZLM for a defined period of time.

SOLUTION: A script can be scheduled to run that will poll the LDAP services on the eDirectory instance for ZLM. The script will generate a list of server names that have not checked in via refresh for the defined period of time. Following the list generation, the output will be piped to zlman to delete the devices.

Note: This script should be run from the primary ZLM server. In addition, a ZLM administrative account should be created. The account only needs "ALL" permissions to the "/Devices" folder in ZLM (all other permissions can be "View".

Example

 #!/bin/bash



# This script is used to automate the deletion of managed devices. When a device has

# not checked in (ie: refreshed) for a defined amount of time (MAX_AGE), the device

# will be added to a list and its corresponding object in ZLM will be deleted.

#

# Please send comments, questions, concerns, additions, etc. to

# Phillip Cockrell <pcockrell@novell.com>



# Tweakables

# ZLM server from which to delete expired devices (should be the master replica!)

ZLMMASTER=zlm7primary.digitalairlines.com



# Managed Zone name

ZLMZONE=ManagedZone1



# ZLM user / password with delete permissions to the /Devices folder

ADMINUSER=deladmin

ADMINPASSWD=novell



# Maximum age a device can go without checking in (in seconds - 86400 = 24 hours)

MAX_AGE=259200



# Where to find the eDirectory supported LDAP utilities

LDAP_PATH="/usr/ldaptools/bin"



#######################################

## Don't touch anything below this line

## unless you really know what you are 

## doing!

#######################################



# Get the current time and figure out a "cutoff" time

NOW=`date +%s`

CUTOFF=$(($NOW - $MAX_AGE))

ZULUCUTOFF=`echo -n $CUTOFF | awk '{print strftime("%Y%m%d%H%M%SZ", $0)}'`

#echo $NOW

#echo $CUTOFF

#echo $ZULUCUTOFF



# Create a file containing the DN's of any accounts

#  that were created more than $MAX_AGE seconds ago

$LDAP_PATH/ldapsearch -x -h $ZLMMASTER -b nrmName=~devices~,ou=$ZLMZONE,o=cell -D nrmName=$ADMINUSER,nrmName=~admins~,ou=$ZLMZONE,o=cell -ZZ -p 10389 -w $ADMINPASSWD -LLL "(loginTime<=$ZULUCUTOFF)" nrmName | grep ^nrmName | awk {'print $2'} > /tmp/$NOW-deviceExpired



# Delete any accounts from the previous search.

cat /tmp/$NOW-deviceExpired | while read line ; do zlman -U$ADMINUSER -P$ADMINPASSWD --quiet server-delete $line ; done



# Just delete the output file from temp for the time being so they don't stack up

rm -f /tmp/$NOW-deviceExpired

If you have any questions you may contact Phillip at pcockrellTAKETHISOUT@novell.com

Disclaimer: As with everything else at Cool Solutions, this content is definitely not supported by Novell (so don't even think of calling Support if you try something and it blows up).

It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test, test, test before you do anything drastic with it.