LDAP Cheat sheet

From Coolscript

Revision as of 16:08, 13 June 2022 by Admin (talk | contribs) (→‎Using ldapsearch)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Using ldapsearch

/etc/ldap.conf

#Required
BASE    DC=domain,DC=com
TLS_CACERT      /etc/ssl/certs/fqdn
#OR
TLS_CACERTDIR   /etc/ssl/private
#Optional
SIZELIMIT       0
TIMELIMIT       15
DEREF           never
bind_timelimit  4
ldap_version    3
tls_reqcert     demand
bind_policy     soft

ldapsearch samples

User properties

ldapsearch -LLL -H ldaps://server.com/ -b "DC=server,DC=com" -s sub "(&(objectClass=user) (CN=UserName))" -D LDAP-LoginUser -W

Group properties

ldapsearch -LLL -H ldaps://server.com/ -b "DC=server,DC=com" -s sub "(&(objectCategory=group) (CN=Group))" -D LDAP-LoginUser -W

List Group Members

ldapsearch -LLL -H ldaps://server.com/ -b "DC=server,DC=com" -s sub "(&(objectCategory=group)(cn=Group))" -D LDAP-LoginUser -W member

Retrieved from "https://coolscript.org/index.php?title=LDAP_Cheat_sheet&oldid=773"