AD and LDAP requests
- Doc
About LDAP search filtering
For the LDAP search filters, boolean operators can be combined and nested together to form complex expressions, such as:
(Boolean-operator(filter)(Boolean-operator(filter)(filter)))
List of LDAP search filter operators
AND
&: All specified filters must be true for the statement to be true. Example:(&(filter)(filter)(filter)...)OR
|: At least one specified filter must be true for the statement to be true. Example:(|(filter)(filter)(filter)...)NOT
!: The specified statement must not be true for the statement to be true. Only one filter is affected by the NOT operator. Example:(!(filter))
Extract commands
Extract config in a config.ad file
ldapsearch -H ldap://${CCME_AD_DIR_NAME} -w ${CCME_AD_PASSWORD} -D admin -b "cn=Configuration,dc=${CCME_AD_DIR_NAME_DC1},dc=${CCME_AD_DIR_NAME_DC2}" > config.ad
Extract every information in the AD in a all.ad file
ldapsearch -H ldap://${CCME_AD_DIR_NAME} -w ${CCME_AD_PASSWORD} -D admin -b "dc=${CCME_AD_DIR_NAME_DC1},dc=${CCME_AD_DIR_NAME_DC2}" > all.ad
Extract all information about users and groups in a users.ad file
ldapsearch -H ldap://${CCME_AD_DIR_NAME} -w ${CCME_AD_PASSWORD} -D admin -b "cn=Users,dc=${CCME_AD_DIR_NAME_DC1},dc=${CCME_AD_DIR_NAME_DC2}" > users.ad
Only users:
ldapsearch -H ldap://${CCME_AD_DIR_NAME} -w ${CCME_AD_PASSWORD} -D admin -b "cn=Users,dc=${CCME_AD_DIR_NAME_DC1},dc=${CCME_AD_DIR_NAME_DC2}" "(&(objectClass=user))"
Only groups:
ldapsearch -H ldap://${CCME_AD_DIR_NAME} -w ${CCME_AD_PASSWORD} -D admin -b "cn=Users,dc=${CCME_AD_DIR_NAME_DC1},dc=${CCME_AD_DIR_NAME_DC2}" "(&(objectClass=group))" #### Search information about a group: > You can specify a filter per attribute(s) > example: attribute=“uidNumber sshPublicKey”
ldapsearch -H ldap://${CCME_AD_DIR_NAME} -w ${CCME_AD_PASSWORD} -D admin -b "dc=${CCME_AD_DIR_NAME_DC1},dc=${CCME_AD_DIR_NAME_DC2}" "(&(objectClass=user)(cn=${USER_NAME}))" $attribute
List user’s attributes in the ActiveDirectory
Search information about a user
ldapsearch -H ldap://${CCME_AD_DIR_NAME} -w ${CCME_AD_PASSWORD} -D admin -b "dc=${CCME_AD_DIR_NAME_DC1},dc=${CCME_AD_DIR_NAME_DC2}" "(&(objectClass=user)(cn=${USER_NAME}))" $attribute
You can specify an optional filter per attribute(s) example: attribute="uidNumber sshPublicKey
Get the sshPublicKey of a user:
ldapsearch -H ldap://${CCME_AD_DIR_NAME} -w ${CCME_AD_PASSWORD} -D admin -b "dc=${CCME_AD_DIR_NAME_DC1},dc=${CCME_AD_DIR_NAME_DC2}" "(&(objectClass=user)(cn=${USER_NAME}))" | grep sshPublicKey