Friday, 25 December 2009

ldapsearch authoritative and non-authoritative.

LDAP can be searched by two ways authoritative and non-authoritative.
non authoritative
ldapsearch -v -x -b "dc=example,dc=com" -h localhost -v 3 -p 389
authoritative
ldapsearch -v -x -D "cn=readuser,ou=systems,dc=example,dc=com" -w password -s sub -b "dc=example,dc=com" -h localhost -v 3 -p 389
Where:
-D "cn=readuser,ou=systems,dc=example,dc=com" - user on which account we read LDAP
-w password - password for user above
-s sub - scope, can be one of base, one, sub or children (search scope)
-b "dc=example,dc=com" - base DN
-h host LDAP server (also can be -H URI LDAP Uniform Resource Identifier(s))
-v 3 - run in verbose mode (diagnostics to standard output)
-p 389 port on LDAP server
Examples:
look for cn=John Connor and print his businessCategory
ldapsearch -v -x -D "cn=readuser,ou=systems,dc=example,dc=com" -w password -s sub -b "ou=users,dc=example,dc=com" "cn=John Connor" -h localhost -v 3 -p 389 businessCategory

ldapsearch -x -H ldap://192.168.x.x:389 -s sub -b "dc=example,dc=com" "(cn=Barbara Jensen)" -D "cn=test test,ou=admins,dc=example,dc=com" -W

-W prompt for user password
-w password - password sent in command

Looking for special attributes (in this case mail and homePhone)

ldapsearch -x -H ldap://192.168.x.x:389 -s sub -b "dc=example,dc=com" "(cn=Barbara Jensen)" -D "cn=test test,ou=admins,dc=example,dc=com" mail homePhone -w 100

# Barbara Jensen, Users, example.com
dn: cn=Barbara Jensen,ou=Users,dc=example,dc=com
mail: bjensen@example.com
homePhone: +412 123 456

# search result

search: 2

result: 0 Success

# numResponses: 2

# numEntries: 1

Note: user cn=test test,ou=admins,dc=example,dc=com should exists in your LDAP.

No comments: