LDAP query

Others 2021-03-31 21:00:35 views: null

1. Query command

-p indicates the port number
-h indicates the host name
-D indicates the DN administrator account
-W indicates the way to manually enter the password for sampling
-w followed by the password, which is equivalent to -W enter the password
-b search base, the
usual query ldapsearch -p port number -h ldap://host address -D "cn=admin,dc=example,dc=com" -w "administrator password" -b "search scope, namely base (such as dc=example,dc=com)" "(Search criteria, if not set, all entries under base will be searched by default)"

2. Query filter conditions

1. Supported operators

Operator Meaning
= Equality
>= Greater than or equal to (lexicographical)
<= Less than or equal to (lexicographical)
& AND, all conditions must be met
| OR, any of the conditions must be met
! NOT, the clause must evaluate to False

For example, query cn is Jim Smith or givenName is Jim and sn is Smith
"(|(cn=Jim Smith)(&(givenName=Jim)(sn=Smith)))"

2. Special characters

The special characters contained in LDAP are commonly used as follows. If the following special characters are included in the search criteria, they can be escaped with hexadecimal expressions

Character Hex Representation
* \ 2A
( \28
) \29
\ \5C
No \00

For example, to search for items whose cn is "James (Jim) Smith", the
condition should be written as "(cn=James Jim\2A\29 Smith)"

3. Examples

Example
1. LDAP authentication
ldapsearch -p 389 -h ldap://localhost -D "cn=admin,dc=example,dc=com" -W
Insert picture description here

2. Search for all entries
ldapsearch -p 389 -h ldap://localhost -D "cn=admin,dc=example,dc=com" -W -b "dc=example,dc=com"
3. Search for all entries with ou=People
ldapsearch -p 389 -h ldap://localhost -D "cn=admin,dc=example,dc=com" -W -b "ou=People,dc=example,dc=com"
4. Search for entries with uid of xxx
ldapsearch -p 389 -h ldap://localhost -D "cn=admin,dc=example,dc=com" -W -b "dc=example,dc=com" "(uid=xxx)"
4. Fuzzy query for entries with uid starting with xxx
ldapsearch -p 389 -h ldap://localhost -D "cn=admin,dc=example,dc=com" -W -b "dc=example,dc=com" "(uid=xxx*)"
To be improved...
Reference: https://social.technet.microsoft.com/wiki /contents/articles/5392.active-directory-ldap-syntax-filters.aspx?Sort=MostUseful
Reference: https://m.linuxidc.com/Linux/2013-08/88841.htm

Guess you like

Origin blog.csdn.net/rj2017211811/article/details/110946934
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com