I wanted to search for mentioned entity from the ldapsearch:
ldapsearch -LLL -x -H ldaps://ldapserver -E pr=1000/noprompt -b "O=XXX,C=AN " "(dn=cn=firstName lastName 1231233,ou=employee,o=xxx,c=an)"
I get the output as
# pagedresults: cookie=
But when i search the same entity with its alias name, I am getting the whole object return from the command.
So, why I am not getting the return from the mentioned command.
I wanted to do the filter on the dn field from the as already mentioned and the same dn I got from the alias search field. So ideally I should get the result if I used the correct way to filter.
Please let me know if I made any mistake on the filter query.
You can access the entry by its dn using the following (probably what #user207421 suggested) :
ldapsearch -LLL -x -H ldaps://ldapserver -b "cn=firstName lastName 1231233,ou=employee,o=xxx,c=an" -s base
The key is to set the searched entry as the base with the appropriate scope, that is base.
Related
I am totally new to LDAP, and have just started. I have seen a couple of examples, which to my understanding have used the query as I have done, but in my case it seems to be not working.
I have a hierarchy like this (I am using Apache Directory Studio):
If I double click on the object with ou=scientists then its info will pop up as followed:
So this group with ou=scientists has a cn=Scientists (I have checked and there are no following spaces after Scientists.
I want to simply find stuff inside the group with ou=scientists.
There is 1 way to do it like this:
ou=scientists,dc=example,dc=com which gives the expected result.
But I want to be able to find the content inside the group with ou=scientists not by its ou value, but by its cn value. So I thought to myself, ok I can use this: cn=Scientists,dc=example,dc=com
But this yields 0 results. I think I am missing a key point here. What should I actually do?
There are multiple things to consider when you query a LDAP directory.
In your case you want to lookup from a branch (call search base dn in LDAP) and apply a filter in all the childrens of this branch to select those you want :
ldapsearch ... -b <search base dn> -s sub "<FILTER>"
So for your DIT :
ldapsearch ... -b dc=example,dc=com -s sub "(&(objectClass=groupOfUniqueNames)(cn=scientists))"
Consider learning how the search request works in LDAP if you want to work more deeply with ldap : https://ldapwiki.com/wiki/SearchRequest
#SeanGoudarzi I think there is some misunderstanding about how LDAP model works.
If you want to find Sub-entries of a given entry, you need 2 searches.
One to find the base-entry and one to find the child entries
To find entry with so called 'relative distinguished name' ou=scientists you need a search like
ldapsearch ... -b dc=example,dc=com -s sub cn=scientists dn
and then
ldapsearch ... -b DN_RESULT_FORM_PREVIOUS_SEARCH -s one objectclass=* dn
this will give you
dn: ou=italians,ou=scientiests,dc=example,dc=com
Or do you want to achieve something else?
How to create a REST query to get all roles assigned to a user?
As this is many to many relation in the opposite direction the regular $relatedTo operator seems to be not enough...
finally I found the solution which seems to be much easier than I was afraid of :) As I found similar questions on SO and github I hope it will help others.
the curl query to get all the roles directly assigned to a user is:
curl -X GET \
-H "X-Parse-Application-Id: ${APPLICATION_ID}" \
-H "X-Parse-REST-API-Key: ${REST_API_KEY}" \
https://parseapi.back4app.com/roles \
--data-urlencode \
'where={"users":{"__type":"Pointer","className":"_User","objectId":"<objectId>"}}'
Seen many related posts but nothing has helped me resolve my issue. I have a CURL command in a bash script. The Data element contains a SQL command. The SQL command includes a param that must be single quoted. So, it looks like this:
jsonData=$(curl --request POST \
--url $uribase/Redrock/Query \
--header 'content-type: application/json' \
--header 'X-NATIVE-CLIENT: 1' \
--data '{"Script":"'"Select Server.ID, Server.ComputerClass, Server.FQDN, Server.Name, Server.SessionType from Server WHERE Server.ComputerClass='Unix' COLLATE NOCASE"'"}')
I've tried so many variations on quoting the Server.ComputerClass value to no avail. I can't get it to resolve to ='Unix'. Even tried \u0027 unicode.
Any help appreciated.
Rather than trying to quote it correctly, feed it to curl from a here document via standard input. Use an array to allow you to organize the options more cleanly as well.
curl_opts=( --request POST
--url "$uribase/Redrock/Query"
--header 'content-type: application/json'
--header 'X-NATIVE-CLIENT: 1'
--data #-
)
The #- tells curl to read the data from a file named -, which is a curl-defined alias for standard input.
jsonData=$(curl "${curl_opts[#]}" <<EOF
{ "Script": "Select Server.ID, Server.ComputerClass, Server.FQDN, Server.Name, Server.SessionType from Server WHERE Server.ComputerClass='Unix' COLLATE NOCASE"}
EOF
)
Quoting gets confusing fast. Yes, using a file to store the statement will work ; if you prefer not to do that, then here is something you could try.
Create a function :
sql_request()
{
printf "'{"
printf '"Script"'
...
}
You get the general idea : break it down in as many pieces as needed ; when you need a single quote enclose it in double quotes, when you need a double quote, enclose it in single quotes.
You can then call that function as needed to get your request :
"$(sql_request)"
You can even easily feed arguments into this function to change portions of the string.
Im currently trying to get Parse's geo-query system to work. On my data browser, I have an installation with a key "location" of type geo-point that has a geo-point with latitude 30.27263636013176 and longitude -97.75766807716373 set in it.
However, if I try to query with the following code, I always get "results":[].
curl -X GET \
-H "X-Parse-Application-Id: myAppKey" \
-H "X-Parse-REST-API-Key: myAPIKey" \
-G \ --data-urlencode 'limit=10' \
--data-urlencode 'where={
"location": {
"$nearSphere": {
"__type": "GeoPoint",
"latitude": 30,
"longitude": -97
}
}
}' \
https://api.parse.com/1/classes/PlaceObject
Note that the query is running successfully; there are no errors. The problem is the installation I have should come up.
If I change the latitude and longitude in the query to exactly the latitude and longitude shown in the data browser, I still get empty results. What is the reason for this? Is it not possible to query for device installations near a point?
The Installation class can't be queried from the client, for good reason. Too much sensitive information is stored in the Installation class to allow querying from a client.
Either move the location property to another class you can query, or query it in a Cloud Function.
You can query it in Cloud Code if you use Parse.Cloud.useMasterKey();, though I strongly recommend using a different class to store the location.
Should the url be https://api.parse.com/1/classes/Installation instead of https://api.parse.com/1/classes/PlaceObject ?
In the repository home page , i can see comments posted in recent activity at the bottom, bit it only shows 10 commnets.
i want to all the comments posted since beginning.
Is there any way
Comments of pull requests, issues and commits can be retrieved using bitbucket’s REST API.
However it seems that there is no way to list all of them at one place, so the only way to get them would be to query the API for each PR, issue or commit of the repository.
Note that this takes a long time, since bitbucket has seemingly set a limit to the number of accesses via API to repository data: I got Rate limit for this resource has been exceeded errors after retrieving around a thousand results, then I could retrieve about only one entry per second elapsed from the time of the last rate limit error.
Finding the API URL to the repository
The first step is to find the URL to the repo. For private repositories, it is necessary to get authenticated by providing username and password (using curl’s -u switch). The URL is of the form:
https://api.bitbucket.org/2.0/repositories/{repoOwnerName}/{repoName}
Running git remote -v from the local git repository should provide the missing values. Check the forged URL (below referred to as $url) by verifying that repository information is correctly retrieved as JSON data from it: curl -u username $url.
Fetching comments of commits
Comments of a commit can be accessed at $url/commit/{commitHash}/comments.
The resulting JSON data can be processed by a script. Beware that the results are paginated.
Below I simply extract the number of comments per commit. It is indicated by the value of the member size of the retrieved JSON object; I also request a partial response by adding the GET parameter fields=size.
My script getNComments.sh:
#!/bin/sh
pw=$1
id=$2
json=$(curl -s -u username:"$pw" \
https://api.bitbucket.org/2.0/repositories/{repoOwnerName}/{repoName}/commit/$id/comments'?fields=size')
printf '%s' "$json" | grep -q '"type": "error"' \
&& printf "ERROR $id\n" && exit 0
nComments=$(printf '%s' "$json" | grep -o '"size": [0-9]*' | cut -d' ' -f2)
: ${nComments:=EMPTY}
checkNumeric=$(printf '%s' "$nComments" | tr -dc 0-9)
[ "$nComments" != "$checkNumeric" ] \
&& printf >&2 "!ERROR! $id:\n%s\n" "$json" && exit 1
printf "$nComments $id\n"
To use it, taking into account the possibility for the error mentioned above:
A) Prepare input data. From the local repository, generate the list of commits as wanted (run git fetch -a prior to update the local git repo if needed); check out git help rev-list for how it can be customised.
git rev-list --all | sort > sorted-all.id
cp sorted-all.id remaining.id
B) Run the script. Note that the password is passed here as a parameter – so first assign it to a variable safely using stty -echo; IFS= read -r passwd; stty echo, in one line; also see security considerations below. The processing is parallelised onto 15 processes here, using the option -P.
< remaining.id xargs -P 15 -L 1 ./getNComments.sh "$passwd" > commits.temp
C) When the rate limit is reached, that is when getNComments.sh prints !ERROR!, then kill the above command (Ctrl-C), and execute these below to update the input and output files. Wait a while for the request limit to increase, then re-execute the above one command and repeat until all the data is processed (that is when wc -l remaining.id returns 0).
cat commits.temp >> commits.result
cut -d' ' -f2 commits.result | sort | comm -13 - sorted-all.id > remaining.id
D) Finally, you can get the commits which received comments with:
grep '^[1-9]' commits.result
Fetching comments of pull requests and issues
The procedure is the same as for fetching commits’ comments, but for the following two adjustments:
Edit the script to replace in the URL commit by pullrequests or by issues, as appropriate;
Let $n be the number of issues/PRs to search. The git rev-list command above becomes: seq 1 $n > sorted-all.id
The total number of PRs in the repository can be obtained with:
curl -su username $url/pullrequests'?state=&fields=size'
and, if the issue tracker is set up, the number of issues with:
curl -su username $url/issues'?fields=size'
Hopefully, the repository has few enough PRs and issues so that all data can be fetched in one go.
Viewing comments
They can be viewed normally via the web interface on their commit/PR/issue page at:
https://bitbucket.org/{repoOwnerName}/{repoName}/commits/{commitHash}
https://bitbucket.org/{repoOwnerName}/{repoName}/pull-requests/{prId}
https://bitbucket.org/{repoOwnerName}/{repoName}/issues/{issueId}
For example, to open all PRs with comments in firefox:
awk '/^[1-9]/{print "https://bitbucket.org/{repoOwnerName}/{repoName}/pull-requests/"$2}' PRs.result | xargs firefox
Security considerations
Arguments passed on the command line are visible to all users of the system, via ps ax (or /proc/$PID/cmdline). Therefore the bitbucket password will be exposed, which could be a concern if the system is shared by multiple users.
There are three commands getting the password from the command line: xargs, the script, and curl.
It appears that curl tries to hide the password by overwriting its memory, but it is not guaranteed to work, and even if it does, it leaves it visible for a (very short) time after the process starts. On my system, the parameters to curl are not hidden.
A better option could be to pass the sensitive information through environment variables. They should be visible only to the current user and root via ps axe (or /proc/$PID/environ); although it seems that there are systems that let all users access this information (do a ls -l /proc/*/environ to check the environment files’ permissions).
In the script simply replace the lines pw=$1 id=$2 with id=$1, then pass pw="$passwd" before xargs in the command line invocation. It will make the environment variable pw visible to xargs and all of its descendent processes, that is the script and its children (curl, grep, cut, etc), which may or may not read the variable. curl does not read the password from the environment, but if its password hiding trick mentioned above works then it might be good enough.
There are ways to avoid passing the password to curl via the command line, notably via standard input using the option -K -. In the script, replace curl -s -u username:"$pw" with printf -- '-s\n-u "%s"\n' "$authinfo" | curl -K - and define the variable authinfo to contain the data in the format username:password. Note that this method needs printf to be a shell built-in to be safe (check with type printf), otherwise the password will show up in its process arguments. If it is not a built-in, try with print or echo instead.
A simple alternative to an environment variable that will not appear in ps output in any case is via a file. Create a file with read/write permissions restricted to the current user (chmod 600), and edit it so that it contains username:password as its first line. In the script, replace pw=$1 with IFS= read -r authinfo < "$1", and edit it to use curl’s -K option as in the paragraph above. In the command line invocation replace $passwd with the filename.
The file approach has the drawback that the password will be written to disk (note that files in /proc are not on the disk). If this too is undesirable, it is possible to pass a named pipe instead of a regular file:
mkfifo pipe
chmod 600 pipe
# make sure printf is a builtin, or use an equivalent instead
(while :; do printf -- '%s\n' "username:$passwd"; done) > pipe&
pid=$!
exec 3<pipe
Then invoke the script passing pipe instead of the file. Finally, to clean up do:
kill $pid
exec 3<&-
This will ensure the authentication info is passed directly from the shell to the script (through the kernel), is not written to disk and is not exposed to other users via ps.
You can go to Commits and see the top line for each commit, you will need to click on each one to see further information.
If I find a way to see all without drilling into each commit, I will update this answer.