LDAP Cheat sheet

From Coolscript
Jump to navigation Jump to search

Using ldapsearch

/etc/ldap.conf

#Required
BASE    DC=domain,DC=com
TLS_CACERT      /etc/ssl/certs/fqdn
#OR
TLS_CACERTDIR   /etc/ssl/private
#Optional
SIZELIMIT       0
TIMELIMIT       15
DEREF           never
bind_timelimit  4
ldap_version    3
tls_reqcert     demand
bind_policy     soft

ldapsearch samples

  • User properties
ldapsearch -LLL -H ldaps://server.com/ -b "DC=server,DC=com" -s sub "(&(objectClass=user) (CN=UserName))" -D LDAP-LoginUser -W
  • Group properties
ldapsearch -LLL -H ldaps://server.com/ -b "DC=server,DC=com" -s sub "(&(objectCategory=group) (CN=Group))" -D LDAP-LoginUser -W
  • List Group Members
ldapsearch -LLL -H ldaps://server.com/ -b "DC=server,DC=com" -s sub "(&(objectCategory=group)(cn=Group))" -D LDAP-LoginUser -W member