07-26-2010
ldap search to find dn for user
How can I do a ldapsearch to find a DN for a user when I know the exact cn for that user out of active directory.
I have tried several different commands (hundreds) but need the -b with the full dn to perform the search using ldapsearch from AIX. I am trying to find the OU for a user and the sAMAccountName. Our user are in several different OU's.
example that works:
ldapsearch -h something.acorp.com -p 389 -D "cn=${USER},ou=RealOU,DC=something,DC=acorp,DC=com" -w "${PW}" -s sub -b "cn=${SEARCH_USER},ou=UsersRealOU,DC
=something,DC=acorp,DC=com" "cn=*"
example that does not work (one of many):
ldapsearch -h something.acorp.com -p 389 -D "cn=${USER},ou=RealOU,DC=something,DC=acorp,DC=com" -w "${PW}" -s sub "cn=${SEARCH_USER}"
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi,
I am trying to do an ldapsearch with a filter that checks the uid and the userpassword:
$filter= "(&(uid=$user) (userpassword=$password)";
$objs = $ldap->search( base => $basedn, filter => "($filter)");
i based it on this example i found on CPAN:
$mesg = $ldap->search(
... (2 Replies)
Discussion started by: tine
2 Replies
2. Programming
hi all
i m writin a c program to search ldap db for values.
i used the following code after search result return a value >0
if (result==1)
{
entry=ldap_first_entry(ld,msg);
for(....;....;...)
{
// code to store the data values
}
}
i m gettin an error at... (1 Reply)
Discussion started by: mridula
1 Replies
3. UNIX for Dummies Questions & Answers
I would like to do an ldap search which looks for entries which do not actually have a certain attribute. Not that the attribute is Null, but where the attribute does not exist.
Is this possible using ldapsearch? (3 Replies)
Discussion started by: dopple
3 Replies
4. Linux
Hi All,
If ldap user is disabled on linux. Do you think ldap processes will still run while ldap user had been disabled?
Thanks for any comment you may add. (2 Replies)
Discussion started by: itik
2 Replies
5. Shell Programming and Scripting
I am converting all users on all AIX systems to LDAP users. As such, I must delete the local user, and recreate the user via LDAP. When I delete the local user, all files and directories owned by the local user will revert to the UID. I need a script to find all files and directories belonging... (1 Reply)
Discussion started by: andybren
1 Replies
6. UNIX for Advanced & Expert Users
Besides doing some shell-script which loops through /etc/passwd, I was wondering if there was some command that would tell me, like an enhanced version of getent.
The Operating system is Solaris 10 (recent-ish revision) using Sun DS for LDAP. (5 Replies)
Discussion started by: ckmehta
5 Replies
7. AIX
If I create a new user id test:
mkuser id=400 test
then I want it to LDAP user:
chuser -R LDAP SYSTEM=LDAP registry=LDAP test
It shows:
3004-687 User "test" does not exist.
How to do? (4 Replies)
Discussion started by: rainbow_bean
4 Replies
8. UNIX for Dummies Questions & Answers
I am posting in this section because in this regard I am a Dummy. I know very little about ldap.
We have a couple of ldap registries running on an AIX box. I can connect into those registries using an openldap browser.
But I am trying to run some queries against the registry on the server itself,... (1 Reply)
Discussion started by: fwellers
1 Replies
9. UNIX for Dummies Questions & Answers
i want run query to identify witch groups that user A belong,
CN=name,CN=Users,DC=mydomain ?? (1 Reply)
Discussion started by: prpkrk
1 Replies
10. Shell Programming and Scripting
Hi All,
I have a existing Ldap query which take a HOME as variable and gives the result where i grep for a particular line.
ldapsearch -h server_domain_name -p 389 -D "uid=user,ou=appadm,o=ent" -w PaB -b "ou=roles,o=ent" "cidx=$HOME" | grep -w "ent: xyz"
Now i have 330K Homes in a... (1 Reply)
Discussion started by: posner
1 Replies
LEARN ABOUT CENTOS
ocf_heartbeat_slapd
OCF_HEARTBEAT_SLAPD(7) OCF resource agents OCF_HEARTBEAT_SLAPD(7)
NAME
ocf_heartbeat_slapd - Manages a Stand-alone LDAP Daemon (slapd) instance
SYNOPSIS
slapd [start | stop | monitor | meta-data | validate-all]
DESCRIPTION
Resource script for Stand-alone LDAP Daemon (slapd). It manages a slapd instance as an OCF resource.
SUPPORTED PARAMETERS
slapd
Full path to the slapd binary. For example, "/usr/sbin/slapd".
(optional, string, default "/usr/sbin/slapd")
ldapsearch
Full path to the ldapsearch binary. For example, "/usr/bin/ldapsearch".
(optional, string, default "ldapsearch")
config
Full path to a slapd configuration directory or a slapd configuration file. For example, "/etc/ldap/slapd.d" or "/etc/ldap/slapd.conf".
(unique, optional, string, no default)
pidfile
File to read the PID from; read from olcPidFile/pidfile in config if not set.
(optional, string, no default)
user
User name or id slapd will run with. The group id is also changed to this user's gid, unless the group parameter is used to override.
(optional, string, no default)
group
Group name or id slapd will run with.
(optional, string, no default)
services
LDAP (and other scheme) URLs slapd will serve. For example, "ldap://127.0.0.1:389 ldaps:/// ldapi:///"
(unique, optional, string, default "ldap:///")
watch_suffix
Suffix (database backend) that will be monitored for availability. Multiple suffixes can be specified by providing a space seperated
list. By providing one or more suffixes here, the ignore_suffix parameter is discarded. All suffixes will be monitored if left blank.
(optional, string, no default)
ignore_suffix
Suffix (database backend) that will not be monitored for availability. Multiple suffixes can be specified by providing a space
seperated list. No suffix will be excluded if left blank.
(optional, string, no default)
bind_dn
Distinguished Name used to bind to the LDAP directory for testing. Leave blank to bind to the LDAP directory anonymously.
(optional, string, no default)
password
Password used to bind to the LDAP directory for testing.
(optional, string, no default)
parameters
slapd may be called with additional parameters. Specify any of them here.
(optional, string, no default)
stop_escalate
Number of seconds to wait for shutdown (using SIGTERM) before resorting to SIGKILL
(optional, integer, default 15)
SUPPORTED ACTIONS
This resource agent supports the following actions (operations):
start
Starts the resource. Suggested minimum timeout: 20s.
stop
Stops the resource. Suggested minimum timeout: 20s.
monitor
Performs a detailed status check. Suggested minimum timeout: 20s. Suggested interval: 60s.
validate-all
Performs a validation of the resource configuration. Suggested minimum timeout: 20s.
meta-data
Retrieves resource agent metadata (internal use only). Suggested minimum timeout: 5s.
EXAMPLE
The following is an example configuration for a slapd resource using the crm(8) shell:
primitive p_slapd ocf:heartbeat:slapd
op monitor depth="0" timeout="20s" interval="60s"
SEE ALSO
http://www.linux-ha.org/wiki/slapd_(resource_agent)
AUTHOR
Linux-HA contributors (see the resource agent source for information about individual authors)
resource-agents UNKNOWN 06/09/2014 OCF_HEARTBEAT_SLAPD(7)