I'd like ldapsearch to return only the value of the UID of a user based on a specified mail address. I can make it work with the following query:
ldapsearch -H ldap://localhost -w '...' -D "cn...com" -b "ou...com" mail=... -LLL uid | grep 'uid:' | cut -d ' ' -f2-
This gives the desired result, but requires 2 other Linux commands.
If I remove the Linux commands, the output is:
dn: uid=...,ou=...
uid: ...
Q: Is it possible to retrieve the UID value based on a mail address, with only using command ldapsearch?
Note, I do not like to add arguments -tt, since that will write the variable to a file, which is undesired.
Related
ldapsearch -x -h <domain> -b "(&(cn=users,dc=apple,dc=com)(cn=groups,dc=apple,dc=com))" -s sub -LLL
Trying to use group search and user search in the same query but it's not working, suggest what is wrong or how it can be done.
I tried multiple query
ldapsearch -x -h nod.apple.com -b "(|(cn=users)(cn=groups))",dc=apple,dc=com -s sub
You can only make a search request to one base to a DSA (LDAP Server).
ldapsearch -x -LLL -h <domain> -b "dc=apple,dc=com" -s sub "(|(objectclass=group)(Objectclass=user"))
You can "Google/Bing" for ldapsearch examples or read https://www.openldap.org/software/man.cgi?query=ldapsearch
-jim
I think what I am trying to do is fairly simple, I want to setup ldap so that incoming binds check that the password is correct and the user is a member of a specific group.
Running the following query yields the following
ldapsearch -x -LLL -H ldap:/// -b uid=myname,ou=users,dc=example,dc=com dn memberof
Result
dn: uid=myname,ou=users,dc=example,dc=com
memberOf: cn=admin,ou=groups,dc=example,dc=com
I have tried the following query
ldapsearch -x -H "ldap://localhost" -D "(&(cn=My Name)(memberOf=cn=admin,ou=groups,dc=example,dc=com))" -W -b "dc=example,dc=com"
ldapsearch keeps throwing the following error
ldap_bind: Invalid DN syntax (34)
additional info: invalid DN
What am I doing wrong?
There are 2 things to fix in your search query :
the filter part should be placed after all options and before the list of attributes if any.
the -D option requires an argument, a bind dn to bind to the LDAP directory.
In other words : ldapsearch -x -H <ldapuri> -D <binddn> -W -b <basedn> <filter>
Assuming you can use this bind dn cn=manager,dc=example,dc=com, you should end up with a query looking like this :
ldapsearch -x -H "ldap://localhost" -D "cn=manager,dc=example,dc=com" -W -b "dc=example,dc=com" "(&(cn=My Name)(memberOf=cn=admin,ou=groups,dc=example,dc=com))"
https://linux.die.net/man/1/ldapsearch
This question is similar to:
psql - write a query and the query's output to a file
However, their syntax doesn't work.
When I open a psql session from the command line, I'd like to save both the queries sent and the result.
The below code saves queries, but not output:
psql -h host -U username -p port -d database -L ~/file_to_save_output.txt
You can just redirect the output (STDOUT) using the > symbol like below. Redirection works in both Unix and Windows command prompt.
psql -h host -U username -p port -d database -L ~/file_to_save_output.txt > output.txt
From Postgres Doc
--echo-queries
Copy all SQL commands sent to the server to standard output as well.
This is equivalent to setting the variable ECHO to queries.
So in order to get query + query results to a single file,
psql -h host -U username -p port -d database --echo-queries -L output_queries_and_results.txt
Additionally you can save queries and query results in separate files,
psql -h host -U username -p port -d database --echo-queries -L output_queries_only.txt -o output_results_only.txt
Note: The first method will still show queries and query results in terminal, the second will output all results to the file and won't show in the terminal.
.
I have an odd problem, where I cannot seem to use wildcard searches for the "member" or the "uniquemember" attibutes for a group.
Consider the following:
cn=myusers,ou=groups,dc=example,dc=com
objectClass=groupOfNames
objectClass=top
This returns fine:
ldapsearch -h ldap-server -p 389 -D "cn=admin,dc=example,dc=com" -w Password -s sub -b "ou=groups,dc=example,dc=com" "(objectclass=groupOfNames)" member
cn=myusers,ou=groups,dc=example,dc=com
member=cn=user1234,ou=groups,dc=example,dc=com
And if I use this, it also works fine:
ldapsearch -h ldap-server -p 389 -D "cn=admin,dc=example,dc=com" -w Password -s sub -b "ou=groups,dc=example,dc=com" "(&(member=cn=user1234,ou=groups,dc=example,dc=com)(objectclass=groupOfNames)" member
But, suppose I want to find all the groups, with member names that start with "user". I try this:
ldapsearch -h ldap-server -p 389 -D "cn=admin,dc=example,dc=com" -w Password -s sub -b "ou=groups,dc=example,dc=com" "(&(member=cn=user*)(objectclass=groupOfNames))" member
But nothing returns!
Now I have tried adding indexes to the "member" and "uniquemember" attibutes as:
member pres,eq,approx,sub
uniquemember pres,eq,approx,sub
... but get a returned error of 'additional info: approx index of attribute "member" disallowed', so I was left with:
member pres,eq
uniquemember pres,eq
Even after the change, I still cannot perform wildcard searches using "member" or "uniquemember" attibutes. Any ideas?
.
This works as expected with the UnboundID Directory Server. Try updating the directory server software - there are some similar questions on the OpenLDAP forums where this problem was resolved by a fix to DN normalization.
Also, there is no such thing as a 'wildcard' search. The assertion value to which you refer results in what is called a 'substring' search. For increased performance, the server should index the member and uniqueMember attribute values for substring (sub), assuming the legacy OpenLDAP server supports indexing those attributes for substrings.
I have an LDIF file that contains a bunch of test users.
I would like to change the password for some of these users and was wondering what would be the best way to do so.
Use ldapmodify with LDIF, for example:
ldapmodify -h hostname -p port -D dn -w password <<!
dn: uid=user,dc=example,dc=com
changetype: modify
replace: userPassword
userPassword: new-password
!
or specify a filename:
ldapmodify -c -a -f file.ldif -h hostname -p port -D dn -w password
Of course, use the correct attribute names, distinguished names, and so forth. The distinguished name used for the bind of the ldapmodify tool must have access rights to modify the password of the distinguished name specified in the LDIF.
see also
LDIF: rfc2849
LDAP: Using ldapmodify