what does it mean

dap        Directory Access Protocol, Ldap ancestor
dit        Directory Information Tree
dsa        Directory System Agent is the element of an X.500 directory service that provides User Agents with access to a portion of the directory
dse        Directory System Entry. A DSE is a special entry within the LDAP directory that provides information about the directory itself and its configuration.
sasl       Simple Authentication and Security Layer

Install ldap server.

dnf install 389*

Configure ldap.

dscreate interactive

ldapsearch examples

Base64 decode. No line wrap.

ldapsearch -o ldif-wrap=no -u -H ldaps://www.halfface.se.se:636 -b 'DC=www,DC=halfface,DC=se' -D username -w _password_ "(&(objectClass=*)(anr=search_string" | perl -MMIME::Base64 -MEncode=decode -n -00 -e 's/\n //g;s/(?<=:: )(\S+)/decode("UTF-8",decode_base64($1))/eg;print' | less -ISRM
ldapsearch -o ldif-wrap=no -u -H ldaps://www.halfface.se.se:636 -b 'DC=www,DC=halfface,DC=se' -D username -w _password_ "(&(objectClass=*)(anr=search_string" | perl -pe"binmode(STDOUT,':utf8');" -MMIME::Base64 -MEncode=decode -n -00 -e 's/\n +//g;s/(?<=:: )(\S+)/decode("UTF-8",decode_base64($1))/eg;print' | strings

search for numbers higher than 42435.

ldapsearch -x -b ou=People,ou=Nordic,ou=eng,dc=infineon,dc=com "uidNumber>=42435"

search for next suitable gid. Look for good matching number. For some reason I get some low numbers in my test.

ldapsearch -LLL -l 5 -o nettimeout=5 -x -b "dc=example,dc=net" -h ldap.example.com  "uidNumber>=68000" uidNumber | grep uidNumber | awk '{print $2}' | sort -n | less

Wild card search.

ldapsearch -o ldif-wrap=no -H ldap://ldap.int.redbridge.se:389 -x -D "uid=$USERNAME,cn=users,cn=accounts,dc=redbridge,dc=se" -w $COMPANY_PASSWORD -b "dc=redbridge,dc=se" -s sub -a always '(&(objectClass=*)(cn=*kompetensportalen*))'

matching

Match user belonging to one of the groups.

(|(memberOf=CN=%s,OU=Test_Users,DC=matthew,DC=com)(sAMAccountName=%s))

Match user belonging to both groups.

(&(memberOf=CN=%s,OU=Test_Users,DC=matthew,DC=com)(sAMAccountName=%s))

get root dse

root DSE (the top-level entry of the directory), supported LDAP versions, naming contexts, supported LDAP extensions, and other operational attributes. The root DSE, in particular, provides essential information about the LDAP server and the directory service it hosts, allowing LDAP clients to discover important details about the directory configuration and capabilities.

ldapsearch -o ldif-wrap=no -H ldaps://ldap.int.redbridge.se:636 -x -b "" -s base -a always "(objectClass=*)"

Get root dse using python

python3 -c 'from ldap3 import Server, Connection, ALL ; server = Server("ipa.demo1.freeipa.org",  get_info=ALL) ; conn = Connection(server, auto_bind=True) ; print(server.info) ;'