[clug] Querying an Active Directory server via ldapsearch
Michael Manning
michael at michaelmanning.org
Thu Nov 3 00:20:21 GMT 2005
Hi Anthony,
I have had some success with BASH scripts which not only query but
update the AD via LDAP, but -
Currently I am at work so not much time to get you all the details, but
I can give you a couple of lines of code which might help you get started
COMMAND="/usr/bin/ldapsearch -LLL";
GREP=/bin/grep;
COPY=/bin/cp;
LDAP_SERVER=example.com
BASEDN=dc=example,dc=com;
BINDDN="username at example.com" ; # Just the email address of a user
with the ability to look for what you need
BINDPW="secret";
SORT="-S dn";
FILTER=$'(&(objectcategory=person)(objectclass=user)(givenname=*)(mail=*))';
echo "Querying Active Directory for user email addresses and login details";
result=$($COMMAND -x -b $BASEDN -H ldap://$LDAP_SERVER -D $BINDDN
$FILTER $QUERY $SORT -w $BINDPW|$GREP -i sAMAccountName -);
echo $result;
If you need more help then just post what you have and I will take
another look tonight.
HTH
Michael
Antony Wuth wrote:
>Good morning,
>
>I am currently trying to query our shiny new AD servers - initially to
>retrieve contact details. I seem to have pretty much run up against a brick
>wall.
>
>I have been playing around with ldapsearch and trying to throw together bits
>from random google searches but have not had anything that seems to be
>remotely close to success.
>
>Things I know;
>* We are running windows server 2003.
>* I know an IP address (and possibly a port) of a service that appears to be
>LDAP.
>* I have access to a workstation (with some kinda-admin rights) that can
>query the ldap server.
>* I can capture LDAP packets and get confused as to what they are meant to
>look like.
>* Just pointing an ldapclient at the server and asking for the whole tree
>receives (the predictable) result of being told to go away.
>
>Things I have not much idea about:
>* LDAP
>* AD
>* The exact scheme in use here,
>
>Does someone know of a good howto or at least some kind of newbie
>description of how LDAP is meant to work & Authenticate in the weird MS
>world?
>
>Thanks
>Antony Wuth
>
>
More information about the linux
mailing list