DevTech101

DevTech101
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

Using ldapsearch to do an LDAP Search using TLS/SSL

In older / previous versions of Solaris (pre-Solaris 12/11.4) ldapsearch was based on the original Netscape ldapsearch using a different syntex. Searching for a user was something like the syntax below.
ldapsearch -Z -P /var/ldap -h ldap.domain.com -p 1636 -b dc=domain,dc=com uid=usera dn
In more recent versions of 11.4 (Solaris 12), the ldapsearch application was updated to work more like the Linux version, which added many options but also changed the the syntax. Below are some examples. Note: Some of the steps below are only required if the LDAP CA certificate is not using a public CA or your private CA was not added to your system certificates.
export LDAPTLS_REQCERT=never
ldapsearch -x -H ldaps://ldap.domain.com:1636 "(uid=usera)" dn
You can also added/modify one of the files below to make this a permanent setting. Add to /etc/openldap/ldap.conf or ~/.ldaprc.
tls_reqcert never
Two additional examples.
# group search
ldapsearch -x -H ldap://ldap.domain.com:1389 -b dc=domain,dc=com '(&(memberUid=usera)(cn=groupa))' dn

# user search
ldapsearch -x -H ldap://ldap.domain.com:1389 -b dc=domain,dc=com '(&(uid=usera)(objectClass=posixAccount))' dn
Getting the last unused uidNumber by implementing LDAP server side sorting.
ldapsearch -D "cn=Directory Manager" -W -H ldap://ldap.domain.com:1389 -b "dc=domain,dc=com" -s sub -x -E 'sss=-uidNumber:2.5.13.15' -z 1 -LLL "(uidNumber=*)" uidNumber
Example with paged results
ldapsearch -D "cn=Directory Manager" -W -H ldap://ldap.domain.com:1389 -b "dc=domain,dc=com" -s sub -x -E 'pr=3:1.2.840.113556.1.4.319' -LLL "(uidNumber=*)" uidNumber

dn: ...
...
# sortResult: (0) Success
# pagedresults: cookie=fHwAAAAAAAACPw==
Press [size] Enter for the next {3|size} entries.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x
%d bloggers like this: