ldapsearch syntax

Problem

You want to perform an LDAP search



Solution

Starting this topic slowly, by giving practical tips on LDAP commands.

Predominately LDAP has a couple of main commands: ldapsearch and ldapmodify. With openLDAP there is additionally ldapadd, with netscape this is just ldapmodify -a.



Example



ldapsearch [ -v ] -x -D'user' -w'password'
[ -h host -p port ] -b base
-s depth 'criteria' [ attribs ]

User – ldap user, quite often directory manager, so usually you can get away with cn=Manager,your_tree.

Password – is LDAP password for user. If using the manager, password configured in the LDAP configs. If not user password it is set within LDAP itself.

Host and port – self-explanatory (default localhost on port 389).

Base – starting point within LDAP tree. Remember LDAP is hierarchal, so search will traverse down from this point.

Depth – can just be base (only show the the base level, do not transcend the tree) – specify sub to transcend.

Criteria – requirements for fields equaling a specific value, more on this shortly.

Attribs – fields to return, the dn is normally returned by default.

Demo:

ldapsearch -x -v -D'cn=Manager,dc=users,dc=net' -w secret -b'dc=users,dc=net' -s sub 'objectclass=*'

Basic LDAP syntax demo



Reference

[tags]ldapsearch syntax, ldapsearch demo, LDAP Training School[/tags]



Leave a Reply

Your email address will not be published. Required fields are marked *