Wednesday, August 22, 2012

greping ldap for clues.

Sometimes you need to do queries off Active Directory. AD is basically an LDAP database with some weirdness. That's okay.

On my lovely ubuntu box, I need to do queries to find bunches of users.

ldapsearch -x -D "Domain\uid" -W \
-h ad.server.com \
-b "DC=my,DC=ad,DC=server,DC=com" \
-LLL -v "(sAMAccountName=anotheruid)" cn

What is all this?
-x says we're doing a simple bind.
AD likes authenticated queries. -D is who you're binding as. -W prompts for a pass.
-h is the AD server I'm talking to.
-b is the search base; that is the AD tree where I'm doing my query.
-LLL is the output format. It will show everything in the record.
-v is the verbose tag.
After all this is my search string. In this case, I'm looking for a uid and want to print its common name. I could plop sn which'd tell me the surname.
To be interesting, I could put in "(sn=clue)" cn and that'd display everyone with the surname "clue" and their common name. Fun.
Post a Comment