A Friendly Guide to 'ldapsearch'
๐ฑ Introduction
ldapsearch is a versatile command-line tool for querying LDAP directories like OpenLDAP or Active Directory.
Great for sysadmins, SREs, or developers dealing with user directories.
โ๏ธ Basic Syntax
ldapsearch [options] [filter] [attributes]
๐ ๏ธ Common Options
| Option | Description |
|---|---|
-x | Use simple authentication |
-H ldap://host:port | Specify LDAP server |
-b "base_dn" | Set search base DN |
-D "bind_dn" | Login identity (DN) |
-w password | Password for bind DN |
-W | Prompt for password (preferred) |
-LLL | Clean, LDIF-free output |
-s scope | Search scope: base, one, or sub |
-z limit | Limit number of entries |
๐ Code Samples
Basic Search
ldapsearch -x -H ldap://ldap.example.com -b "dc=example,dc=com"
Search for Specific User
ldapsearch -x -H ldap://ldap.example.com -b "dc=example,dc=com" \
-D "cn=admin,dc=example,dc=com" -w adminpassword "(uid=jdoe)"
Get Only Specific Attributes
ldapsearch -x -b "dc=example,dc=com" "(objectClass=person)" cn mail telephoneNumber
Filter with AND Condition
ldapsearch -x -b "dc=example,dc=com" "(&(objectClass=person)(departmentNumber=Engineering))"
Use Secure Connection (LDAPS)
ldapsearch -x -H ldaps://ldap.example.com:636 -b "dc=example,dc=com"
Handle Large Result Sets
ldapsearch -x -b "dc=example,dc=com" -E pr=500/noprompt "objectClass=person"
๐ Conceptual Overview
flowchart TD
Start[Start] -->|Use -x| Auth[Simple Bind Auth]
Auth --> Server[Specify LDAP Server (-H)]
Server --> Base[Set Base DN (-b)]
Base -->|Optional| BindDN[Bind DN (-D)]
BindDN -->|Optional| Password[-w or -W]
Base --> Filter[Search Filter]
Filter -->|Optional| Attrs[Requested Attributes]
Attrs -->|Optional| Output[-LLL for clean output]
Output --> Done[Results]
๐งพ Conclusion
ldapsearch gives you direct, scriptable access to directory data. Mastering the filters and options makes you way more effective in dealing with directory services.
Dive deeper with man ldapsearch or your LDAP vendor’s documentation.