[clug] Querying an Active Directory server via ldapsearch

Michael Manning michael at michaelmanning.org
Thu Nov 3 00:20:21 GMT 2005

Hi Anthony,
I have had some success with BASH scripts which not only query but 
update the AD via LDAP, but -
Currently I am at work so not much time to get you all the details, but 
I can give you a couple of lines of code which might help you get started

COMMAND="/usr/bin/ldapsearch -LLL";
BINDDN="username at example.com" ;    # Just the email address of a user 
with the ability to look for what you need
SORT="-S dn";

echo "Querying Active Directory for user email addresses and login details";
result=$($COMMAND -x -b $BASEDN -H ldap://$LDAP_SERVER -D $BINDDN 
$FILTER $QUERY $SORT -w $BINDPW|$GREP -i sAMAccountName -);
echo $result;

If you need more help then just post what you have and I will take 
another look tonight.

Antony Wuth wrote:

>Good morning,
>I am currently trying to query our shiny new AD servers - initially to
>retrieve contact details. I seem to have pretty much run up against a brick
>I have been playing around with ldapsearch and trying to throw together bits
>from random google searches but have not had anything that seems to be
>remotely close to success.
>Things I know;
>* We are running windows server 2003.
>* I know an IP address (and possibly a port) of a service that appears to be
>* I have access to a workstation (with some kinda-admin rights) that can
>query the ldap server.
>* I can capture LDAP packets and get confused as to what they are meant to
>look like.
>* Just pointing an ldapclient at the server and asking for the whole tree
>receives (the predictable) result of being told to go away.
>Things I have not much idea about:
>* AD
>* The exact scheme in use here,
>Does someone know of a good howto or at least some kind of newbie
>description of how LDAP is meant to work & Authenticate in the weird MS
>Antony Wuth

More information about the linux mailing list