Using ldapsearch to do an LDAP Search using TLS/SSL
In older / previous versions of Solaris (pre-Solaris 12/11.4) ldapsearch was based on the original Netscape ldapsearch using a different syntex.
Searching for a user was something like the syntax below.
1 |
ldapsearch -Z -P /var/ldap -h ldap.domain.com -p 1636 -b dc=domain,dc=com uid=usera dn |
In more recent versions of 11.4 (Solaris 12), the ldapsearch application was updated to work more like the Linux version, which added many options but also changed the the syntax.
Below are some examples.
Note: Some of the steps below are only required if the LDAP CA certificate is not using a public CA or your private CA was not added to your system certificates.
1 2 |
export LDAPTLS_REQCERT=never ldapsearch -x -H ldaps://ldap.domain.com:1636 "(uid=usera)" dn |
You can also added/modify one of the files below to make this a permanent setting.
Add to /etc/openldap/ldap.conf or ~/.ldaprc.
1 |
tls_reqcert never |
Two additional examples.
1 2 3 4 5 |
# group search ldapsearch -x -H ldap://ldap.domain.com:1389 -b dc=domain,dc=com '(&(memberUid=usera)(cn=groupa))' dn # user search ldapsearch -x -H ldap://ldap.domain.com:1389 -b dc=domain,dc=com '(&(uid=usera)(objectClass=posixAccount))' dn |
Getting the last unused uidNumber by implementing LDAP server side sorting.
1 |
ldapsearch -D "cn=Directory Manager" -W -H ldap://ldap.domain.com:1389 -b "dc=domain,dc=com" -s sub -x -E 'sss=-uidNumber:2.5.13.15' -z 1 -LLL "(uidNumber=*)" uidNumber |
Example with paged results
1 2 3 4 5 6 7 |
ldapsearch -D "cn=Directory Manager" -W -H ldap://ldap.domain.com:1389 -b "dc=domain,dc=com" -s sub -x -E 'pr=3:1.2.840.113556.1.4.319' -LLL "(uidNumber=*)" uidNumber dn: ... ... # sortResult: (0) Success # pagedresults: cookie=fHwAAAAAAAACPw== Press [size] Enter for the next {3|size} entries. |
Leave a Reply