Cheat Sheet ldapsearch
Environment
- Debian 10.0 x64
slapd2.4.44 (Jan 29 2019 17:42:45)ldapsearch(Aug 10 2019 18:58:18)
Excerpt
Log 2019 / 11
1. Install ldap-utils
root@chimera:~# apt-get -y install ldap-utils
root@chimera:~# ldapsearch -VV
ldapsearch: @(#) $OpenLDAP: ldapsearch (Aug 10 2019 18:58:18) $
Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
(LDAP library: OpenLDAP 20447)
2. Simple Authentication (Anonymous Bind)
-x Use simple authentication instead of SASL
root@chimera:~# ldapsearch -H ldap://athos.host -x -LLL
No such object (32)
root@chimera:~# ldapsearch -H ldap://athos.host -x -LLL -b '' -s base namingContexts
dn:
namingContexts: dc=athos,dc=host
root@chimera:~# ldapsearch -H ldap://athos.host -x -LLL -b 'dc=athos,dc=host' 'dn'
dn: dc=athos,dc=host
dn: ou=GIT,dc=athos,dc=host
dn: cn=Group IT,ou=GIT,dc=athos,dc=host
dn: uid=zuhdi,ou=GIT,dc=athos,dc=host
3. Authenticated Bind
ldapsearch -H ldap://athos.host -D 'cn=admin,dc=athos,dc=host' \
-w 'p@ssw0rd' -x -LLL -b 'dc=athos,dc=host' 'dn'
root@chimera:~# ldapsearch -H ldap://athos.host -D 'cn=admin,dc=athos,dc=host' \
> -w 'p@ssw0rd' -x -LLL -b 'dc=athos,dc=host' 'dn'
dn: dc=athos,dc=host
dn: ou=GIT,dc=athos,dc=host
dn: cn=Group IT,ou=GIT,dc=athos,dc=host
dn: uid=zuhdi,ou=GIT,dc=athos,dc=host
4. Interprocess Communication (LDAP IPC) ldapi://
root@athos:~# ldapsearch -H ldapi:// -x -LLL -b '' -s base supportedSASLMechanisms
dn:
supportedSASLMechanisms: EXTERNAL
ldapsearch -H ldapi:// -Y EXTERNAL -LLL -b '' \
-s base supportedSASLMechanisms
root@athos:~# ldapsearch -H ldapi:// -Y EXTERNAL -LLL -b '' \
> -s base supportedSASLMechanisms
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn:
supportedSASLMechanisms: EXTERNAL
root@athos:~# ldapsearch -H ldapi:// -LLL -b '' -s base supportedSASLMechanisms
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn:
supportedSASLMechanisms: EXTERNAL
root@athos:~# ldapsearch -H ldapi:// -LLL -b 'cn=config' | head -5
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/openldap/slapd.args
olcLogLevel: any
root@athos:~# ldapsearch -H ldapi:// -LLL -b 'cn=config' 'dn'
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn: cn=config
dn: cn=module{0},cn=config
dn: cn=schema,cn=config
dn: cn={0}core,cn=schema,cn=config
dn: cn={1}cosine,cn=schema,cn=config
dn: cn={2}inetorgperson,cn=schema,cn=config
dn: cn={3}nis,cn=schema,cn=config
dn: olcDatabase={-1}frontend,cn=config
dn: olcDatabase={0}config,cn=config
dn: olcDatabase={1}monitor,cn=config
dn: olcDatabase={2}bdb,cn=config
dn: olcOverlay={0}syncprov,olcDatabase={2}bdb,cn=config
- cn=config: global settings
- cn=module{0},cn=config: a dynamically loaded module
- cn=schema,cn=config: contains hard-coded system-level schema
- cn={0}core,cn=schema,cn=config: the hard-coded core schema
- cn={1}cosine,cn=schema,cn=config: the cosine schema
- cn={2}inetorgperson,cn=schema,cn=config: the inetorgperson schema
- cn={3}nis,cn=schema,cn=config: the nis schema
- olcDatabase={-1}frontend,cn=config: frontend database, default settings for databases
- olcDatabase={0}config,cn=config: slapd configuration database (cn=config)
- olcDatabase={1}monitor,cn=config:
- olcDatabase={2}bdb,cn=config: your database instance (dc=athos,dc=host)
- olcOverlay={0}syncprov,olcDatabase={2}bdb,cn=config: syncprov settings