Friday, 5 July 2013

LDAP Queries Examples

1) To determine about the Directory Server info and its capability
ldapsearch  -h ldapserver -Z -x -b '' -s base 'objectClass=*'

2) To search directory from base just one level down.
ldapsearch  -h ldapserver -Z -x -b 'dc=example,dc=net' -s onelevel

3) Pick desired dn from above output and traverse further
ldapsearch  -h ldapserver -ZZ -x -b 'ou=Users,dc=example,dc=net' -s onelevel

4) To search for a User whose only half name is known
ldapsearch  -h ldapserver -ZZ -x -b 'ou=Users,dc=example,dc=net' -s onelevel '(cn=Tes*)'
ldapsearch  -h ldapserver -ZZ -x -b 'ou=Users,dc=example,dc=net'  '(cn=Tes*)'

ldapsearch  -h ldapserver -ZZ -x -b 'dc=example,dc=net' -s onelevel '(cn=Tes*)'  => will not yield any result
ldapsearch  -h ldapserver -ZZ -x -b 'dc=example,dc=net'  '(cn=Tes*)'   => this will yield result

5) to list only specific information (like common name)
ldapsearch  -h ldapserver -ZZ -x -b 'dc=example,dc=net'  '(uid=testu)' cn

6) To list sudo users and commands
ldapsearch  -h ldapserver -ZZ -x -b 'ou=SUDOers,dc=example,dc=net' -s one

7) To list all groups
ldapsearch  -h ldapserver -ZZ -x -b 'dc=example,dc=com' 'objectClass=*roup*'

8) To list all groups in which "cn=Test User, ou=Users,dc=example, dc=com"  exists
ldapsearch  -h ldapserver -ZZ -x -b 'dc=example,dc=com' '(&(objectClass=*roup*)(uniqueMember=cn=Test User,ou=Users,dc=example, dc=com))'

9) To list entries using Admin or Directory Manager
ldapsearch -L -b 'ou=Users, dc=example, dc=com' -x -D "cn=directory manager" -w 'Password'

10) Anonymous binding and listing everything
ldapsearch -h ldapserver "objectClass=*"
ldapsearch  -h ldapserver  -x -b 'dc=appauth,dc=example,dc=net'

11) Binded LDAP search
ldapsearch  -H ldaps://ldapserver -D 'uid=Manager,ou=App1,dc=appauth,dc=org'  -b 'dc=appauth,dc=org' -w 'Password' -s onelevel

ldapsearch  -H ldaps://ldapserver -D 'cn=Test User,ou=Users,dc=example,dc=com'  -w 'Password' -s onelevel

12) To list all top level trees with Binded authentication
ldapsearch  -H ldaps://ldapserver -D 'cn=Test User,ou=Users,dc=example,dc=com'  -w 'Password' -b "" -s base "objectclass=*"

ldapsearch  -H ldaps://ldapserver -D 'cn=Test User,ou=Users,dc=example,dc=com'  -w 'Password' -b 'dc=appauth,dc=org'

12) TO list against AD (Active Directory).
ldapsearch -H ldap://AD-Server -x -D 'domain\user' -W
on No comments:
Labels:
Subscribe to: Posts (Atom)