Difference between revisions of "Ldapsearch"
		
		
		
		
		
		Jump to navigation
		Jump to search
		
				
		
		
	
| (6 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | # Simple auth check with bash | ||
| + | |||
| + | https://www.digitalocean.com/community/tutorials/how-to-manage-and-use-ldap-servers-with-openldap-utilities | ||
| + | |||
| + | https://stackoverflow.com/questions/76458109/in-openldap-slapd-how-do-i-give-users-permission-to-search-which-groups-they | ||
| + | |||
| + | # Non-auth Query | ||
| + | ``` | ||
| + | ldapsearch -x uid=foo -H ldap://ldap.example.com:389 | ||
| + | ``` | ||
| + | |||
| + | # Auth Query | ||
| + | ``` | ||
| + | uri="ldap://ldap.example.com:389" | ||
| + | userdn="uid=foo,cn=users,cn=accounts,dc=example,dc=com" | ||
| + | password="bar" | ||
| + | base="cn=users,cn=accounts,dc=example,dc=com" | ||
| + | |||
| + | ldapsearch -x -LLL -H $uri -D $userdn -w $password -b $base -s sub -s sub '(objectClass=*)' 'givenName=username*' | ||
| + | ``` | ||
| + | |||
| + | |||
| + | |||
| + | https://serverfault.com/questions/514870/how-do-i-authenticate-with-ldap-via-the-command-line | ||
| + | ``` | ||
| + | ldapsearch -x -D "uid=user,ou=People,dc=example,dc=com" \ | ||
| + |            -W -H ldap://ldap.example.com -b "ou=People,dc=example,dc=com" \ | ||
| + |            -s sub 'uid=user' | ||
| + | ``` | ||
| + | |||
| + | ``` | ||
| + |  ldapsearch -xLLL -H ldaps://ldaps.example.com:636 -D "DOMAIN\\myuser" -W -b "DC=example,DC=com" -s sub "(&(objectclass=user)(memberOf=Domain U | ||
| + | sers))" sAMAccountName | ||
| + | ``` | ||
| + | |||
| ``` | ``` | ||
| ldapsearch  # the command itself | ldapsearch  # the command itself | ||
| Line 29: | Line 64: | ||
| More | More | ||
| ``` | ``` | ||
| − | ldapsearch -H ldaps:// | + | ldapsearch -H ldaps://ad.example.com -x -W -D "myuser@example.com" -b "dc=example,dc=com" 'objectClass=computer' name | 
| ``` | ``` | ||
Latest revision as of 17:59, 28 December 2023
Simple auth check with bash
Non-auth Query
ldapsearch -x uid=foo -H ldap://ldap.example.com:389
Auth Query
uri="ldap://ldap.example.com:389" userdn="uid=foo,cn=users,cn=accounts,dc=example,dc=com" password="bar" base="cn=users,cn=accounts,dc=example,dc=com" ldapsearch -x -LLL -H $uri -D $userdn -w $password -b $base -s sub -s sub '(objectClass=*)' 'givenName=username*'
https://serverfault.com/questions/514870/how-do-i-authenticate-with-ldap-via-the-command-line
ldapsearch -x -D "uid=user,ou=People,dc=example,dc=com" \
           -W -H ldap://ldap.example.com -b "ou=People,dc=example,dc=com" \
           -s sub 'uid=user'
ldapsearch -xLLL -H ldaps://ldaps.example.com:636 -D "DOMAIN\\myuser" -W -b "DC=example,DC=com" -s sub "(&(objectclass=user)(memberOf=Domain U sers))" sAMAccountName
ldapsearch # the command itself -LLL # just a particular way to display the results -H ldap://wspace.mydomain.com # the URL where the LDAP server listens -x # use simple authentication, not SASL -D 'WSPACE\ENUMuser' # the account to use to authenticate to LDAP -w 'ENUMpass' # the password that goes with the account on the previous line -E pr=1000/noprompt # ask the server for all pages, don't stop after one -b 'ou=mydomain,dc=wspace,dc=mydomain,dc=com' # the base of the search. We don't want results from e.g. 'ou=blah,dc=wspace,dc=mydomain,dc=com' '(&(objectClass=person)(uidNumber=*))' # Ask for any entry that has attributes objectClass=person and uidNumber has a value SAMAccountName uid uidNumber # Show only these attributes List the bulk of machines: ldapsearch -LLL -H ldap://wspace.mydomain.com -x -D 'WSPACE\ENUMuser' -w 'ENUMpass' -E pr=1000/noprompt -b 'ou=computers,ou=mydomain,dc=wspace,dc=mydomain,dc=com' name|grep ^name: ... list a few more: ldapsearch -LLL -H ldap://wspace.mydomain.com -x -D 'WSPACE\ENUMuser' -w 'ENUMpass' -b 'cn=computers,dc=wspace,dc=mydomain,dc=com' ... and yet more: ldapsearch -LLL -H ldap://wspace.mydomain.com -x -D 'WSPACE\ENUMuser' -w 'ENUMpass' -b 'ou=extra workstations,ou=computers,ou=mydomain,dc=wspace,dc=mydomain,dc=com'
More
ldapsearch -H ldaps://ad.example.com -x -W -D "myuser@example.com" -b "dc=example,dc=com" 'objectClass=computer' name