LDAP examples

2023-06-16 15:04:03 +02:00
parent 0f855fdf65
commit 5c7dd9f4c2
2 changed files with 55 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -17,6 +17,7 @@
        * [Installation instructions for UEFI + GPT](./linux/arch/installation.md)
    * [Firefox](./linux/firefox.md)
    * [KDE](./linux/kde.md)
+    * [LDAP](./linux/ldap.md)
    * [libvirt](./linux/libvirt.md)
    * [OneDrive](./linux/onedrive.md)
 	* [Shell commands](./linux/shell_commands.md)
--- a/linux/ldap.md
+++ b/linux/ldap.md
@@ -0,0 +1,54 @@
+# LDAP
+
+LDAP is the Lightweight Directory Access Protocol.
+
+## ldapsearch
+
+ldapsearch is a command line tool, to search through a LDAP directory.
+
+## Glossary
+
+* CN = Common Name
+    * ???
+* DN = Distinguished Name
+    * The full path of an object, like an URL/URI, e.g.: `uid=jdoe,cn=users,dc=example,dc=com`
+* UID = User Identification
+    * The 'username'
+
+### Basic structure for basic auth
+
+```
+ldapsearch -D <Bind DN> -x -H <LDAP server URI> -W -b <Base DN> <filter> <attributes>
+```
+
+| Parameter              | Explanation                                                                          |
+|------------------------|--------------------------------------------------------------------------------------|
+| `-D <Bind DN>`         | The object (user/account) to connect to the LDAP server. Is limited to their rights. |
+| `-x`                   | Use basic auth.                                                                      |
+| `-H <LDAP server URI>` | The URI of the server to connect to, e.g.: ldaps://example.com                       |
+| `-W`                   | Ask for the basic auth password on the command line.                                 |
+| `-b <Base DN>`         | Where to start searching for the object, e.g.: cn=users,dc=example,dc.com            |
+| `<filter>`             | Defines, which object(s) to search for. (Examples below)                             |
+| `<attributes>`         | Defines, which attributes you want to see of the objects. (Examples below)           |
+
+### Filter examples
+
+#### Search for all groups where someone is a member
+
+```
+member=uid=jdoe,cn=users,dc=example,dc=com
+uniqueMember=uid=jdoe,cn=users,dc=example,dc=com
+memberUid=jdoe
+member=sAMAccountName=jdoe,cn=users,dc=example,dc=com  # To be checked
+```
+
+Also there's the `memberOf` attribute, which is attached to an object. It can be there multiple times and shows all the groups the object is memeber of.
+
+#### Search for a specific user
+
+```
+uid=jdoe
+sAMAccountName=jdoe
+```
+
+It's noteworthy that you should combine this search with a fitting `-b <Base DN>`, e.g. `cn=users,dc=example,dc=com`.