LDAP Cheat sheet: Difference between revisions

From Coolscript
Jump to navigation Jump to search
(Created page with "=Using ldapsearch= ==/etc/ldap.conf== #Required BASE DC=domain,DC=com TLS_CACERT /etc/ssl/certs/fqdn #OR TLS_CACERTDIR /etc/ssl/private #Optional SIZELIMIT 0 T...")
 
 
Line 1: Line 1:
=Using ldapsearch=
=Using ldapsearch=
==/etc/ldap.conf==
==/etc/ldap.conf==
#Required
#Required
BASE    DC=domain,DC=com
BASE    DC=domain,DC=com
TLS_CACERT      /etc/ssl/certs/fqdn
TLS_CACERT      /etc/ssl/certs/fqdn
#OR
#OR
TLS_CACERTDIR  /etc/ssl/private
TLS_CACERTDIR  /etc/ssl/private
#Optional
#Optional
SIZELIMIT      0
SIZELIMIT      0
TIMELIMIT      15
TIMELIMIT      15
DEREF          never
DEREF          never
bind_timelimit  4
bind_timelimit  4
ldap_version    3
ldap_version    3
tls_reqcert    demand
tls_reqcert    demand
bind_policy    soft
bind_policy    soft
==ldapsearch samples==
==ldapsearch samples==


Latest revision as of 16:08, 13 June 2022

Using ldapsearch

/etc/ldap.conf

#Required
BASE    DC=domain,DC=com
TLS_CACERT      /etc/ssl/certs/fqdn
#OR
TLS_CACERTDIR   /etc/ssl/private
#Optional
SIZELIMIT       0
TIMELIMIT       15
DEREF           never
bind_timelimit  4
ldap_version    3
tls_reqcert     demand
bind_policy     soft

ldapsearch samples

  • User properties
ldapsearch -LLL -H ldaps://server.com/ -b "DC=server,DC=com" -s sub "(&(objectClass=user) (CN=UserName))" -D LDAP-LoginUser -W
  • Group properties
ldapsearch -LLL -H ldaps://server.com/ -b "DC=server,DC=com" -s sub "(&(objectCategory=group) (CN=Group))" -D LDAP-LoginUser -W
  • List Group Members
ldapsearch -LLL -H ldaps://server.com/ -b "DC=server,DC=com" -s sub "(&(objectCategory=group)(cn=Group))" -D LDAP-LoginUser -W member
Retrieved from "https://coolscript.org/index.php?title=LDAP_Cheat_sheet&oldid=773"