# LDAP LDAP is the Lightweight Directory Access Protocol. ## Glossary * CN = Common Name * ??? * DN = Distinguished Name * The full path of an object, like an URL/URI, e.g.: `uid=jdoe,cn=users,dc=example,dc=com` * UID = User Identification * The 'username' ## ldapsearch ldapsearch is a command line tool, to search through a LDAP directory. ### Basic structure for basic auth ``` ldapsearch -D -x -H -W -b ``` | Parameter | Explanation | |------------------------|--------------------------------------------------------------------------------------| | `-D ` | The object (user/account) to connect to the LDAP server. Is limited to their rights. | | `-x` | Use basic auth. | | `-H ` | The URI of the server to connect to, e.g.: ldaps://example.com | | `-W` | Ask for the basic auth password on the command line. | | `-b ` | Where to start searching for the object, e.g.: cn=users,dc=example,dc.com | | `` | Defines, which object(s) to search for. (Examples below) | | `` | Defines, which attributes you want to see of the objects. (Examples below) | ### Filter examples #### Search for all groups where someone is a member ``` member=uid=jdoe,cn=users,dc=example,dc=com uniqueMember=uid=jdoe,cn=users,dc=example,dc=com memberUid=jdoe member=sAMAccountName=jdoe,cn=users,dc=example,dc=com # To be checked ``` Also there's the `memberOf` attribute, which is attached to an object. It can be there multiple times and shows all the groups the object is memeber of. #### Search for a specific user ``` uid=jdoe sAMAccountName=jdoe ``` It's noteworthy that you should combine this search with a fitting `-b `, e.g. `cn=users,dc=example,dc=com`.