LDAP Cheat sheet
Jump to navigation
Jump to search
Using ldapsearch
/etc/ldap.conf
#Required BASE DC=domain,DC=com TLS_CACERT /etc/ssl/certs/fqdn #OR TLS_CACERTDIR /etc/ssl/private #Optional SIZELIMIT 0 TIMELIMIT 15 DEREF never bind_timelimit 4 ldap_version 3 tls_reqcert demand bind_policy soft
ldapsearch samples
- User properties
ldapsearch -LLL -H ldaps://server.com/ -b "DC=server,DC=com" -s sub "(&(objectClass=user) (CN=UserName))" -D LDAP-LoginUser -W
- Group properties
ldapsearch -LLL -H ldaps://server.com/ -b "DC=server,DC=com" -s sub "(&(objectCategory=group) (CN=Group))" -D LDAP-LoginUser -W
- List Group Members
ldapsearch -LLL -H ldaps://server.com/ -b "DC=server,DC=com" -s sub "(&(objectCategory=group)(cn=Group))" -D LDAP-LoginUser -W member