H - ldap URI eg: ldap://192.168.1.1/
D - Distinguished Name of the Ad User
b - Search base
s sub - {base|one|sub|children}
x - Use simple authentication instead of SASL
w - Password
1) Retrieving Particular User Information based on CN
ldapsearch -LLL -H <LDAP-URI> -D '<LDAP-AD-USER>' -b '<LDAP-SEARCH-BASE>' -s sub -x "(&(objectClass=User)(CN=Test User \282001\29))" "cn objectGUID" -w <PASSWORD>
Note: Here \28 is for ( and \29 is for ), otherwise there will be a exception
2) Retrieving Particular User Information based on DN
ldapsearch -LLL -H <LDAP-URI> -D '<LDAP-AD-USER>' -b '<LDAP-SEARCH-BASE>' -s sub -x "(&(objectClass=User)(distinguishedname=<DN-USER>))" "cn" "objectGUID" -w <PASSWORD>
3) Retrieving Only the Active Users
Need to use this filter (!(userAccountControl:1.2.840.113556.1.4.803:=2)) to retrieve only the active users.
ldapsearch -LLL -H <LDAP-URI> -D '<LDAP-AD-USER>' -b '<LDAP-SEARCH-BASE>' -s sub -x "(&(objectClass=User)(distinguishedname=<DN-USER>)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))" "cn" "objectGUID" -w <PASSWORD>
4) Retrieve Groups of a particular User
ldapsearch -LLL -H <LDAP-URI> -D '<LDAP-AD-USER>' -b '<LDAP-SEARCH-BASE>' -s sub -x "(&(objectClass=Group)(member=<DN-USER>))" "cn" "objectGUID" -w <PASSWORD>
Note: Here for member=<Need to provide distinguishedName>
5) Retrieve Users of a particular Group
ldapsearch -LLL -H <LDAP-URI> -D '<LDAP-AD-USER>' -b '<LDAP-SEARCH-BASE>' -s sub -x "(&(objectClass=User)(memberOf=<DN-GROUP>))" "cn" "objectGUID" -w <PASSWORD>
6) Retrieving Users of a Group with pagination
ldapsearch -LLL -H <LDAP-URI> -D '<LDAP-AD-USER>' -b '<LDAP-SEARCH-BASE>' -s sub -x "(&(objectClass=Group)(CN=LoopTest2Group))" "cn" "objectGUID" "member;range=0-1" -w <PASSWORD>
No comments:
Post a Comment