Ldapsearch
Jump to navigation
Jump to search
Simple auth check with bash
https://serverfault.com/questions/514870/how-do-i-authenticate-with-ldap-via-the-command-line
ldapsearch -x -D "uid=user,ou=People,dc=example,dc=com" \
-W -H ldap://ldap.example.com -b "ou=People,dc=example,dc=com" \
-s sub 'uid=user'
ldapsearch -xLLL -H ldaps://ldaps.example.com:636 -D "DOMAIN\\myuser" -W -b "DC=example,DC=com" -s sub "(&(objectclass=user)(memberOf=Domain U sers))" sAMAccountName
ldapsearch # the command itself -LLL # just a particular way to display the results -H ldap://wspace.mydomain.com # the URL where the LDAP server listens -x # use simple authentication, not SASL -D 'WSPACE\ENUMuser' # the account to use to authenticate to LDAP -w 'ENUMpass' # the password that goes with the account on the previous line -E pr=1000/noprompt # ask the server for all pages, don't stop after one -b 'ou=mydomain,dc=wspace,dc=mydomain,dc=com' # the base of the search. We don't want results from e.g. 'ou=blah,dc=wspace,dc=mydomain,dc=com' '(&(objectClass=person)(uidNumber=*))' # Ask for any entry that has attributes objectClass=person and uidNumber has a value SAMAccountName uid uidNumber # Show only these attributes List the bulk of machines: ldapsearch -LLL -H ldap://wspace.mydomain.com -x -D 'WSPACE\ENUMuser' -w 'ENUMpass' -E pr=1000/noprompt -b 'ou=computers,ou=mydomain,dc=wspace,dc=mydomain,dc=com' name|grep ^name: ... list a few more: ldapsearch -LLL -H ldap://wspace.mydomain.com -x -D 'WSPACE\ENUMuser' -w 'ENUMpass' -b 'cn=computers,dc=wspace,dc=mydomain,dc=com' ... and yet more: ldapsearch -LLL -H ldap://wspace.mydomain.com -x -D 'WSPACE\ENUMuser' -w 'ENUMpass' -b 'ou=extra workstations,ou=computers,ou=mydomain,dc=wspace,dc=mydomain,dc=com'
More
ldapsearch -H ldaps://ad.example.com -x -W -D "myuser@example.com" -b "dc=example,dc=com" 'objectClass=computer' name