Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: LDAP Query - host allowed option
Top Forums UNIX for Advanced & Expert Users LDAP Query - host allowed option Post 303019451 by dagamier on Friday 29th of June 2018 11:27:16 AM
Old 06-29-2018
Network LDAP Query - host allowed option
I have an in interesting dilemna that I am trying to address. I have some ldap queries that I use to retrieve user information to perform access validations on a quarterly/annual basis. I can successfully pull the local users, and I can use ldapsearch to pull back all the users from the DN as well. However, my problem is, I need to narrow down this search so that I can report on LDAP users who have access to the local server and not just return every user in the DN on every server so that I can then truly validate whether people need to retain access to the specific hosts they have access to. I have so far been unable to come up with (or find an example of) a proper command that returns a "host allowed" value, or just returns a list of users with access to the host that I am running the ldap search on. Has anyone run across this before and have a viable option of how to report only LDAP users with access to the server on which the query is running? I have to run this on hundreds of servers, so getting this right is pretty critical to me.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Ldap dn chars allowed

Hi Is it possible to add the following to an ldif entry: dn=estmmartín i.e Note the charchter 'í' Thanks in advance (3 Replies)
Discussion started by: tom123
3 Replies

2. Shell Programming and Scripting

Perl and Net::LDAP, objects and arrays query

Hi I'm not a programmer but am muddling through as best I can. I am trying to set up a PostSearchHook for Radiator (RADIUS server), that carries out an LDAP lookup, and, based on the string returned ("staff" or "student") in the "businessCategory" attribute, will set the $role to be either 40... (3 Replies)
Discussion started by: mikie
3 Replies

3. UNIX for Dummies Questions & Answers

LDAP search query help

I would like to do an ldap search which looks for entries which do not actually have a certain attribute. Not that the attribute is Null, but where the attribute does not exist. Is this possible using ldapsearch? (3 Replies)
Discussion started by: dopple
3 Replies

4. UNIX for Dummies Questions & Answers

CRON JOB SCHEDULER throwing "option not allowed error"

Hi All, Pardon me if this turns out to be a dumb question. But I am trying to schedule a cron job for a my script which takes input options. So an entry in crontab would be something like: 1 * * * * run_report.sh -o out.csv -m monthly -e somename@email.com > cron_output.log 2> cron_error.log... (3 Replies)
Discussion started by: trueharsh
3 Replies

5. Solaris

Mail issue solution query- host map: lookup (domain): deferred

Hi all I had a mail issue earlier today where I was not receiving any emails from the servers of one of our clients. The mail queue just showed this: -----Q-ID----- --Size-- -----Q-Time----- ------------Sender/Recipient----------- o8S7eSpp020274* 5858 Tue Sep 28 10:42... (0 Replies)
Discussion started by: notreallyhere
0 Replies

6. Red Hat

SMB can't locate LDAP on another host

Hi, We have a mail server which has Zimbra installed on it and a file server. Folks use the same login information they use to access their email to access the file server. So the file server is using the same LDAP server as the mail server. Couple days ago, at around 12 PM all of the sudden,... (3 Replies)
Discussion started by: tezarin
3 Replies

7. Shell Programming and Scripting

Ldap search query

Hi All, I have a existing Ldap query which take a HOME as variable and gives the result where i grep for a particular line. ldapsearch -h server_domain_name -p 389 -D "uid=user,ou=appadm,o=ent" -w PaB -b "ou=roles,o=ent" "cidx=$HOME" | grep -w "ent: xyz" Now i have 330K Homes in a... (1 Reply)
Discussion started by: posner
1 Replies

8. Emergency UNIX and Linux Support

LDAP and AD Authentication Query

Hi Friends, I have below scenarios . dom1.test.com - LDAP dom2.test.com - AD Requirement is establish a trust relation between LDAP and AD server in such a way that if any user login on LDAP managed authentication server with dom1\username -> get authenticated by LDAP host ... (2 Replies)
Discussion started by: Shirishlnx
2 Replies

9. Shell Programming and Scripting

Db2 query on other host

Hello, i need some help with a script. I made a script, which connect to different hosts to get some informations. But i got now some problems with getting informations of a database (db2) which is on a other host. I tried something like var=$(rsh HOST su - db2adm -c "db2 connect to database;... (2 Replies)
Discussion started by: Cyver
2 Replies

10. UNIX and Linux Applications

LDAP Group query

I need to write LDAP group query where I need to find if a particular user is a member of a 2 specific Groups. This is LDAP Novell edirectory implementation. Below are the details - ================ LDIF entry for OndotAPI group dn: cn=OndotAPI,ou=Groups,o=CNS changetype: add ... (0 Replies)
Discussion started by: jhamaks
0 Replies

LEARN ABOUT DEBIAN

authen::simple::ldap

Authen::Simple::LDAP(3pm)				User Contributed Perl Documentation				 Authen::Simple::LDAP(3pm)

NAME

       Authen::Simple::LDAP - Simple LDAP authentication

SYNOPSIS

	   use Authen::Simple::LDAP;

	   my $ldap = Authen::Simple::LDAP->new(
	       host    => 'ldap.company.com',
	       basedn  => 'ou=People,dc=company,dc=net'
	   );

	   if ( $ldap->authenticate( $username, $password ) ) {
	       # successfull authentication
	   }

	   # or as a mod_perl Authen handler

	   PerlModule Authen::Simple::Apache
	   PerlModule Authen::Simple::LDAP

	   PerlSetVar AuthenSimpleLDAP_host   "ldap.company.com"
	   PerlSetVar AuthenSimpleLDAP_basedn "ou=People,dc=company,dc=net"

	   <Location /protected>
	     PerlAuthenHandler Authen::Simple::LDAP
	     AuthType	       Basic
	     AuthName	       "Protected Area"
	     Require	       valid-user
	   </Location>

DESCRIPTION

       Authenticate against a LDAP service.

METHODS

       o   new

	   This method takes a hash of parameters. The following options are valid:

	   o	   host

		   Connection host, can be a hostname, IP number or a URI. Defaults to "localhost".

		       host => ldap.company.com
		       host => 10.0.0.1
		       host => ldap://ldap.company.com:389
		       host => ldaps://ldap.company.com

	   o	   port

		   Connection port, default to 389. May be overridden by host if host is a URI.

		       port => 389

	   o	   timeout

		   Connection timeout, defaults to 60.

		       timeout => 60

	   o	   version

		   The LDAP version to use, defaults to 3.

		       version => 3

	   o	   binddn

		   The distinguished name to bind to the server with, defaults to bind anonymously.

		       binddn => 'uid=proxy,cn=users,dc=company,dc=com'

	   o	   bindpw

		   The credentials to bind with.

		       bindpw => 'secret'

	   o	   basedn

		   The distinguished name of the search base.

		       basedn => 'cn=users,dc=company,dc=com'

	   o	   filter

		   LDAP filter to use in search, defaults to "(uid=%s)".

		       filter => '(uid=%s)'

	   o	   scope

		   The search scope, can be "base", "one" or "sub", defaults to "sub".

		       filter => 'sub'

	   o	   log

		   Any object that supports "debug", "info", "error" and "warn".

		       log => Log::Log4perl->get_logger('Authen::Simple::LDAP')

       o   authenticate( $username, $password )

	   Returns true on success and false on failure.

EXAMPLE USAGE

   Apple Open Directory
	   my $ldap = Authen::Simple::LDAP->new(
	       host    => 'od.company.com',
	       basedn  => 'cn=users,dc=company,dc=com',
	       filter  => '(&(objectClass=inetOrgPerson)(objectClass=posixAccount)(uid=%s))'
	   );

   Microsoft Active Directory
	   my $ldap = Authen::Simple::LDAP->new(
	       host    => 'ad.company.com',
	       binddn  => 'proxyuser@company.com',
	       bindpw  => 'secret',
	       basedn  => 'cn=users,dc=company,dc=com',
	       filter  => '(&(objectClass=organizationalPerson)(objectClass=user)(sAMAccountName=%s))'
	   );

       Active Directory by default does not allow anonymous binds. It's recommended that a proxy user is used that has sufficient rights to search
       the desired tree and attributes.

SEE ALSO

       Authen::Simple::ActiveDirectory.

       Authen::Simple.

       Net::LDAP.

AUTHOR

       Christian Hansen "chansen@cpan.org"

COPYRIGHT

       This program is free software, you can redistribute it and/or modify it under the same terms as Perl itself.

perl v5.14.2							    2012-04-23						 Authen::Simple::LDAP(3pm)
All times are GMT -4. The time now is 04:44 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy