55 lines
2.1 KiB
Markdown
55 lines
2.1 KiB
Markdown
# LDAP
|
|
|
|
LDAP is the Lightweight Directory Access Protocol.
|
|
|
|
## Glossary
|
|
|
|
* CN = Common Name
|
|
* ???
|
|
* DN = Distinguished Name
|
|
* The full path of an object, like an URL/URI, e.g.: `uid=jdoe,cn=users,dc=example,dc=com`
|
|
* UID = User Identification
|
|
* The 'username'
|
|
|
|
## ldapsearch
|
|
|
|
ldapsearch is a command line tool, to search through a LDAP directory.
|
|
|
|
### Basic structure for basic auth
|
|
|
|
```
|
|
ldapsearch -D <Bind DN> -x -H <LDAP server URI> -W -b <Base DN> <filter> <attributes>
|
|
```
|
|
|
|
| Parameter | Explanation |
|
|
|------------------------|--------------------------------------------------------------------------------------|
|
|
| `-D <Bind DN>` | The object (user/account) to connect to the LDAP server. Is limited to their rights. |
|
|
| `-x` | Use basic auth. |
|
|
| `-H <LDAP server URI>` | The URI of the server to connect to, e.g.: ldaps://example.com |
|
|
| `-W` | Ask for the basic auth password on the command line. |
|
|
| `-b <Base DN>` | Where to start searching for the object, e.g.: cn=users,dc=example,dc.com |
|
|
| `<filter>` | Defines, which object(s) to search for. (Examples below) |
|
|
| `<attributes>` | Defines, which attributes you want to see of the objects. (Examples below) |
|
|
|
|
### Filter examples
|
|
|
|
#### Search for all groups where someone is a member
|
|
|
|
```
|
|
member=uid=jdoe,cn=users,dc=example,dc=com
|
|
uniqueMember=uid=jdoe,cn=users,dc=example,dc=com
|
|
memberUid=jdoe
|
|
member=sAMAccountName=jdoe,cn=users,dc=example,dc=com # To be checked
|
|
```
|
|
|
|
Also there's the `memberOf` attribute, which is attached to an object. It can be there multiple times and shows all the groups the object is memeber of.
|
|
|
|
#### Search for a specific user
|
|
|
|
```
|
|
uid=jdoe
|
|
sAMAccountName=jdoe
|
|
```
|
|
|
|
It's noteworthy that you should combine this search with a fitting `-b <Base DN>`, e.g. `cn=users,dc=example,dc=com`.
|