# Replaces mail entries that have @uni-leipzig.de in the AD domain idiv.de
# with corresponding mail entries of @idiv.de.
# You need to have a kerberos ticket with sufficient credentials to modify AD

ldapsearch -LLL -b 'dc=idiv,dc=de' 'mail=*@uni-leipzig.de' -H 'ldap://idivad1.idiv.de' mail | sed 's/\(mail: .*@\)uni-leipzig.de/changetype: modify\nreplace: mail\n\1idiv.de'/ > ldapmailentries_idiv_remaining.ldif

ldapmodify -f ldapmailentries_idiv.ldif -H 'ldap://idivad1.idiv.de'