michael/Wiki
1
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

LDAP examples

Browse Source
This commit is contained in:
Michael Schlapa
2023-06-16 15:04:03 +02:00
parent 0f855fdf65
commit 5c7dd9f4c2
2 changed files with 55 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@@ -17,6 +17,7 @@
* [Installation instructions for UEFI + GPT](./linux/arch/installation.md) * [Installation instructions for UEFI + GPT](./linux/arch/installation.md)
* [Firefox](./linux/firefox.md) * [Firefox](./linux/firefox.md)
* [KDE](./linux/kde.md) * [KDE](./linux/kde.md)
* [LDAP](./linux/ldap.md)
* [libvirt](./linux/libvirt.md) * [libvirt](./linux/libvirt.md)
* [OneDrive](./linux/onedrive.md) * [OneDrive](./linux/onedrive.md)
* [Shell commands](./linux/shell_commands.md) * [Shell commands](./linux/shell_commands.md)

54
linux/ldap.md Normal file
View File

@@ -0,0 +1,54 @@
# LDAP
LDAP is the Lightweight Directory Access Protocol.
## ldapsearch
ldapsearch is a command line tool, to search through a LDAP directory.
## Glossary
* CN = Common Name
* ???
* DN = Distinguished Name
* The full path of an object, like an URL/URI, e.g.: `uid=jdoe,cn=users,dc=example,dc=com`
* UID = User Identification
* The 'username'
### Basic structure for basic auth
```
ldapsearch -D <Bind DN> -x -H <LDAP server URI> -W -b <Base DN> <filter> <attributes>
```
| Parameter | Explanation |
|------------------------|--------------------------------------------------------------------------------------|
| `-D <Bind DN>` | The object (user/account) to connect to the LDAP server. Is limited to their rights. |
| `-x` | Use basic auth. |
| `-H <LDAP server URI>` | The URI of the server to connect to, e.g.: ldaps://example.com |
| `-W` | Ask for the basic auth password on the command line. |
| `-b <Base DN>` | Where to start searching for the object, e.g.: cn=users,dc=example,dc.com |
| `<filter>` | Defines, which object(s) to search for. (Examples below) |
| `<attributes>` | Defines, which attributes you want to see of the objects. (Examples below) |
### Filter examples
#### Search for all groups where someone is a member
```
member=uid=jdoe,cn=users,dc=example,dc=com
uniqueMember=uid=jdoe,cn=users,dc=example,dc=com
memberUid=jdoe
member=sAMAccountName=jdoe,cn=users,dc=example,dc=com # To be checked
```
Also there's the `memberOf` attribute, which is attached to an object. It can be there multiple times and shows all the groups the object is memeber of.
#### Search for a specific user
```
uid=jdoe
sAMAccountName=jdoe
```
It's noteworthy that you should combine this search with a fitting `-b <Base DN>`, e.g. `cn=users,dc=example,dc=com`.