2.1 KiB
2.1 KiB
LDAP
LDAP is the Lightweight Directory Access Protocol.
Glossary
- CN = Common Name
- ???
- DN = Distinguished Name
- The full path of an object, like an URL/URI, e.g.:
uid=jdoe,cn=users,dc=example,dc=com
- The full path of an object, like an URL/URI, e.g.:
- UID = User Identification
- The 'username'
ldapsearch
ldapsearch is a command line tool, to search through a LDAP directory.
Basic structure for basic auth
ldapsearch -D <Bind DN> -x -H <LDAP server URI> -W -b <Base DN> <filter> <attributes>
| Parameter | Explanation |
|---|---|
-D <Bind DN> |
The object (user/account) to connect to the LDAP server. Is limited to their rights. |
-x |
Use basic auth. |
-H <LDAP server URI> |
The URI of the server to connect to, e.g.: ldaps://example.com |
-W |
Ask for the basic auth password on the command line. |
-b <Base DN> |
Where to start searching for the object, e.g.: cn=users,dc=example,dc.com |
<filter> |
Defines, which object(s) to search for. (Examples below) |
<attributes> |
Defines, which attributes you want to see of the objects. (Examples below) |
Filter examples
Search for all groups where someone is a member
member=uid=jdoe,cn=users,dc=example,dc=com
uniqueMember=uid=jdoe,cn=users,dc=example,dc=com
memberUid=jdoe
member=sAMAccountName=jdoe,cn=users,dc=example,dc=com # To be checked
Also there's the memberOf attribute, which is attached to an object. It can be there multiple times and shows all the groups the object is memeber of.
Search for a specific user
uid=jdoe
sAMAccountName=jdoe
It's noteworthy that you should combine this search with a fitting -b <Base DN>, e.g. cn=users,dc=example,dc=com.