LDAP as in OpenLDAP’s ldapsearch command¶
This weird ldapsearch command syntax¶
I, for one, never remember how to use ldapsearch (and similar commands). The man doesn’t have a clear example and Google searches aren’t always to the point.. well!
Find all members of group posix_sysadmins (or any other group)¶
This outputs the ‘memberUid’ attribute from users in ‘posix_sysadmins’ while logging in as email@example.com. This assumes an OU ‘groups’ (which is generally default...).
ldapsearch -h ldap.example.com -x -D "firstname.lastname@example.org,o=com,dc=example" -W -b 'cn=posix_sysadmins,ou=groups,dc=example' 'memberUid'
Filter valid acccounts in ldap¶
This outputs a list of “non-disabled” accounts. Note that in this case this is a custom attribute. This whos the syntax for queries where you want to exclude a match. Turns out using ‘!=’ operator would have been way too logical :)
ldapsearch -h ldap.example.com -x -D "email@example.com,o=com,dc=example" -W -b dc=example "(mail=*)" dn "(!(employeeType=DISABLED))"