Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
rb:authagainstldap [07/09/2018 16:27]
andrew [ACL on LDAP server]
rb:authagainstldap [24/07/2019 16:00]
andrew [ldapsearch]
Line 1: Line 1:
 ====== Authenticating against LDAP ====== ====== Authenticating against LDAP ======
 +
 +===== ldapsearch =====
 +
 +''​ldapsearch''​ is a command used to gather information from LDAP, but it can be used to test login auth too, if a user can bind successfully,​ they can be considered to authenticated,​ depending on what groups a user is a member of can be used to determine if they are authorized to access a specific resource.
 +
 +ldapsearch -h <​LDAPserverHostname>​ -D "bind DN" -W -b "​searchbase DN"
 +
 +-h LDAP server hostname \\
 +-b searchbase \\
 +-D bind DN \\
 +-W prompt for password on screen \\
 +
 +===== Examples =====
 +
 +
 +  ldapsearch -x -W -D  '​cn=Manager,​dc=company,​dc=net'​ -b ""​ -s base -h inet01.fqdn
 +  ​
 +  -x Simple Auth, not SASL
 +  -W Prompt for simple Auth, not on command line
 +  -D Distinguished name to bind with
 +  -b search Base
 +  -s Scope of search, base, onelevel or subtree.
 +  -h Host to search on
 +  ​
 +  eg. to see all users and UID'​s:​-
 +  ldapsearch -x -W -D '​uid=user1,​ou=People,​dc=prod,​dc=company,​dc=net'​ -b '​ou=People,​dc=prod,​dc=company,​dc=net'​ -s onelevel | grep -E '​cn:​|uidN|#​ '
 +  ​
 +  eg. to see just one user:-
 +  ldapsearch -x -W -D '​uid=user1,​ou=People,​dc=prod,​dc=company,​dc=net'​ -b '​cn=testuser,​ou=People,​dc=prod,​dc=company,​dc=net'​ -s base
 +  ​
 +  eg. to get email address for one user:-
 +   ​ldapsearch -x -W -D '​uid=user1,​ou=People,​dc=prod,​dc=company,​dc=net'​ -b '​cn=testuser,​ou=People,​dc=prod,​dc=company,​dc=net'​ -s base mail
 +  Enter LDAP Password:
 +  # extended LDIF
 +  #
 +  # LDAPv3
 +  # base <​cn=testuser,​ou=People,​dc=prod,​dc=company,​dc=net>​ with scope base
 +  # filter: (objectclass=*)
 +  # requesting: mail
 +  #
 +  ​
 +  # testuser, People, prod.company.net
 +  dn: cn=testuser,​ou=People,​dc=prod,​dc=company,​dc=net
 +  mail: test.user@company.com
 +  ​
 +  # search result
 +  search: 2
 +  result: 0 Success
 +  ​
 +  # numResponses:​ 2
 +  # numEntries: 1
 +  ​
 +   
 +
 +
  
 ===== Cannot find group info ===== ===== Cannot find group info =====

rb/authagainstldap.txt ยท Last modified: 24/07/2019 16:00 by andrew