meta data for this page
apt-get install ldap-utils
Basic query
Check if anonymous bind was accepted by server:
$ ldapsearch -H ldap://server -x # extended LDIF # # LDAPv3 # base <dc=grinn-global,dc=com> (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 32 No such object # numResponses: 1
List root entries:
$ ldapsearch -H ldap://server -x -LLL -s base -b '' namingContexts dn: namingContexts: dc=example,dc=org
.ldaprc
- ~/.ldaprc
BASE dc=example,dc=org URI ldap://server BINDDN cn=admin,dc=example,dc=org
and verify if it works. First command will ask for password for user “cn=admin” or password can be specified by argument (second one):
ldapsearch -x -W ldapsearch -x -w admin
cn=config
$ ldapsearch -x -W -LLL -s base -D 'cn=admin,cn=config' -b 'cn=config' dn Enter LDAP Password: dn: cn=config
$ ldapsearch -x -W -LLL -D 'cn=admin,cn=config' -b 'cn=config' dn Enter LDAP Password: ... dn: olcDatabase={1}mdb,cn=config ...
$ ldapsearch -x -W -LLL -D 'cn=admin,cn=config' -b 'cn=config' 'olcDatabase={1}mdb' Enter LDAP Password: dn: olcDatabase={1}mdb,cn=config objectClass: olcDatabaseConfig objectClass: olcMdbConfig olcDatabase: {1}mdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=example,dc=org olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by dn="cn=admin,dc=example,dc=org" write by anonymous auth by * none olcAccess: {1}to * by self read by dn="cn=admin,dc=example,dc=org" write by * none olcLastMod: TRUE olcRootDN: cn=admin,dc=example,dc=org olcRootPW: {SSHA}abcdef... olcDbCheckpoint: 512 30 olcDbIndex: uid eq olcDbIndex: mail eq olcDbIndex: memberOf eq olcDbIndex: entryCSN eq olcDbIndex: entryUUID eq olcDbIndex: objectClass eq olcDbMaxSize: 1073741824
SASL
$ ldapsearch -x -LLL -s base -b "" supportedSASLMechanisms dn: supportedSASLMechanisms: SCRAM-SHA-1 supportedSASLMechanisms: GS2-IAKERB supportedSASLMechanisms: GS2-KRB5 supportedSASLMechanisms: GSSAPI supportedSASLMechanisms: GSS-SPNEGO supportedSASLMechanisms: DIGEST-MD5 supportedSASLMechanisms: OTP supportedSASLMechanisms: CRAM-MD5 supportedSASLMechanisms: NTLM
<code bash> ldapsearch -x -W -D 'cn=admin,dc=example,dc=org' ldapsearch -x -W -D 'uid=nextcloudsystemuser,ou=it,dc=grinn-global,dc=com' </codE>