LDAP Cheat sheet

From Coolscript
Revision as of 16:08, 13 June 2022 by Admin (talk | contribs) (Created page with "=Using ldapsearch= ==/etc/ldap.conf== #Required BASE DC=domain,DC=com TLS_CACERT /etc/ssl/certs/fqdn #OR TLS_CACERTDIR /etc/ssl/private #Optional SIZELIMIT 0 T...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Using ldapsearch

/etc/ldap.conf

  1. Required

BASE DC=domain,DC=com TLS_CACERT /etc/ssl/certs/fqdn

  1. OR

TLS_CACERTDIR /etc/ssl/private

  1. Optional

SIZELIMIT 0 TIMELIMIT 15 DEREF never bind_timelimit 4 ldap_version 3 tls_reqcert demand bind_policy soft

ldapsearch samples

  • User properties
ldapsearch -LLL -H ldaps://server.com/ -b "DC=server,DC=com" -s sub "(&(objectClass=user) (CN=UserName))" -D LDAP-LoginUser -W
  • Group properties
ldapsearch -LLL -H ldaps://server.com/ -b "DC=server,DC=com" -s sub "(&(objectCategory=group) (CN=Group))" -D LDAP-LoginUser -W
  • List Group Members
ldapsearch -LLL -H ldaps://server.com/ -b "DC=server,DC=com" -s sub "(&(objectCategory=group)(cn=Group))" -D LDAP-LoginUser -W member
Retrieved from "https://coolscript.org/index.php?title=LDAP_Cheat_sheet&oldid=772"