========================================
LDAP as in OpenLDAP's ldapsearch command
========================================

:Date: 2014-10-28

This weird ldapsearch command syntax
====================================
I, for one, never remember how to use ldapsearch (and similar commands). The man doesn't have a clear example and Google searches aren't always to the point.. well!

Find all members of group posix_sysadmins (or any other group)
--------------------------------------------------------------
This outputs the 'memberUid' attribute from users in 'posix_sysadmins' while logging in as kang@example.com.
This assumes an OU 'groups' (which is generally default...).

.. code::

	ldapsearch -h ldap.example.com -x -D "mail=kang@example.com,o=com,dc=example" -W  -b 'cn=posix_sysadmins,ou=groups,dc=example' 'memberUid'

Filter valid acccounts in ldap
-------------------------------
This outputs a list of "non-disabled" accounts. Note that in this case this is a custom attribute. This whos the syntax for queries where you want to exclude a match. Turns out using '!=' operator would have been way too logical :)

.. code::

	ldapsearch -h ldap.example.com -x -D "mail=kang@example.com,o=com,dc=example" -W -b dc=example "(mail=*)" dn "(!(employeeType=DISABLED))"