cheatsheet ldapsearch | zuhdi.org

Cheat Sheet ldapsearch

Environment

  • Debian 10.0 x64
  • slapd 2.4.44 (Jan 29 2019 17:42:45)
  • ldapsearch (Aug 10 2019 18:58:18)

Excerpt

Log 2019 / 11

1. Install ldap-utils

root@chimera:~# apt-get -y install ldap-utils

root@chimera:~# ldapsearch -VV
ldapsearch: @(#) $OpenLDAP: ldapsearch  (Aug 10 2019 18:58:18) $
        Debian OpenLDAP Maintainers <pkg-openldap-devel@lists.alioth.debian.org>
        (LDAP library: OpenLDAP 20447)

2. Simple Authentication (Anonymous Bind)

-x Use simple authentication instead of SASL

root@chimera:~# ldapsearch -H ldap://athos.host -x -LLL
No such object (32)

root@chimera:~# ldapsearch -H ldap://athos.host -x -LLL -b '' -s base namingContexts
dn:
namingContexts: dc=athos,dc=host

root@chimera:~# ldapsearch -H ldap://athos.host -x -LLL -b 'dc=athos,dc=host' 'dn'
dn: dc=athos,dc=host
dn: ou=GIT,dc=athos,dc=host
dn: cn=Group IT,ou=GIT,dc=athos,dc=host
dn: uid=zuhdi,ou=GIT,dc=athos,dc=host

3. Authenticated Bind

ldapsearch -H ldap://athos.host -D 'cn=admin,dc=athos,dc=host' \
  -w 'p@ssw0rd' -x -LLL -b 'dc=athos,dc=host' 'dn'

root@chimera:~# ldapsearch -H ldap://athos.host -D 'cn=admin,dc=athos,dc=host' \
>   -w 'p@ssw0rd' -x -LLL -b 'dc=athos,dc=host' 'dn'
dn: dc=athos,dc=host
dn: ou=GIT,dc=athos,dc=host
dn: cn=Group IT,ou=GIT,dc=athos,dc=host
dn: uid=zuhdi,ou=GIT,dc=athos,dc=host

4. Interprocess Communication (LDAP IPC) ldapi://

root@athos:~# ldapsearch -H ldapi:// -x -LLL -b '' -s base supportedSASLMechanisms
dn:
supportedSASLMechanisms: EXTERNAL

ldapsearch -H ldapi:// -Y EXTERNAL -LLL -b '' \
  -s base supportedSASLMechanisms

root@athos:~# ldapsearch -H ldapi:// -Y EXTERNAL -LLL -b '' \
>   -s base supportedSASLMechanisms
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn:
supportedSASLMechanisms: EXTERNAL

root@athos:~# ldapsearch -H ldapi:// -LLL -b '' -s base supportedSASLMechanisms
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn:
supportedSASLMechanisms: EXTERNAL

root@athos:~# ldapsearch -H ldapi:// -LLL -b 'cn=config' | head -5
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/openldap/slapd.args
olcLogLevel: any

root@athos:~# ldapsearch -H ldapi:// -LLL -b 'cn=config' 'dn'
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
dn: cn=config
dn: cn=module{0},cn=config
dn: cn=schema,cn=config
dn: cn={0}core,cn=schema,cn=config
dn: cn={1}cosine,cn=schema,cn=config
dn: cn={2}inetorgperson,cn=schema,cn=config
dn: cn={3}nis,cn=schema,cn=config
dn: olcDatabase={-1}frontend,cn=config
dn: olcDatabase={0}config,cn=config
dn: olcDatabase={1}monitor,cn=config
dn: olcDatabase={2}bdb,cn=config
dn: olcOverlay={0}syncprov,olcDatabase={2}bdb,cn=config

- cn=config: global settings
- cn=module{0},cn=config: a dynamically loaded module
- cn=schema,cn=config: contains hard-coded system-level schema
- cn={0}core,cn=schema,cn=config: the hard-coded core schema
- cn={1}cosine,cn=schema,cn=config: the cosine schema
- cn={2}inetorgperson,cn=schema,cn=config: the inetorgperson schema
- cn={3}nis,cn=schema,cn=config: the nis schema
- olcDatabase={-1}frontend,cn=config: frontend database, default settings for databases
- olcDatabase={0}config,cn=config: slapd configuration database (cn=config)
- olcDatabase={1}monitor,cn=config: 
- olcDatabase={2}bdb,cn=config: your database instance (dc=athos,dc=host)
- olcOverlay={0}syncprov,olcDatabase={2}bdb,cn=config: syncprov settings

Hugo. Malte Kiefer & Zuhdi Najib.