Ldap: Difference between revisions
Jump to navigation
Jump to search
(19 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
= | =what does it mean= | ||
dap Directory Access Protocol, Ldap ancestor | |||
dit Directory Information Tree | |||
dsa Directory System Agent is the element of an X.500 directory service that provides User Agents with access to a portion of the directory | |||
dse Directory System Entry. A DSE is a special entry within the LDAP directory that provides information about the directory itself and its configuration. | |||
dua Directory User Agent | |||
rdn parts of the DN are called Relative Distinguished Name (RDN) | |||
sasl Simple Authentication and Security Layer | |||
=Install ldap server.= | |||
dnf install 389* | |||
=Configure ldap.= | |||
dscreate interactive | |||
=ldapsearch examples= | |||
Base64 decode. No line wrap. | Base64 decode. No line wrap. | ||
ldapsearch -o ldif-wrap=no -u -H ldaps://www.halfface.se.se:636 -b 'DC=www,DC=halfface,DC=se' -D username -w _password_ "(&(objectClass=*)(anr=search_string" | perl -MMIME::Base64 -MEncode=decode -n -00 -e 's/\n //g;s/(?<=:: )(\S+)/decode("UTF-8",decode_base64($1))/eg;print' | less -ISRM | ldapsearch -o ldif-wrap=no -u -H ldaps://www.halfface.se.se:636 -b 'DC=www,DC=halfface,DC=se' -D username -w _password_ "(&(objectClass=*)(anr=search_string" | perl -MMIME::Base64 -MEncode=decode -n -00 -e 's/\n //g;s/(?<=:: )(\S+)/decode("UTF-8",decode_base64($1))/eg;print' | less -ISRM | ||
ldapsearch -o ldif-wrap=no -u -H ldaps://www.halfface.se.se:636 -b 'DC=www,DC=halfface,DC=se' -D username -w _password_ "(&(objectClass=*)(anr=search_string" | perl -pe"binmode(STDOUT,':utf8');" -MMIME::Base64 -MEncode=decode -n -00 -e 's/\n +//g;s/(?<=:: )(\S+)/decode("UTF-8",decode_base64($1))/eg;print' | strings | |||
search for numbers higher than 42435. | |||
ldapsearch -x -b ou=People,ou=Nordic,ou=eng,dc=infineon,dc=com "uidNumber>=42435" | ldapsearch -x -b ou=People,ou=Nordic,ou=eng,dc=infineon,dc=com "uidNumber>=42435" | ||
search for next suitable gid. Look for good matching number. For some reason I get some low numbers in my test. | |||
ldapsearch -LLL -l 5 -o nettimeout=5 -x -b "dc=example,dc=net" -h ldap.example.com "uidNumber>=68000" uidNumber | grep uidNumber | awk '{print $2}' | sort -n | less | ldapsearch -LLL -l 5 -o nettimeout=5 -x -b "dc=example,dc=net" -h ldap.example.com "uidNumber>=68000" uidNumber | grep uidNumber | awk '{print $2}' | sort -n | less | ||
Wild card search. | |||
ldapsearch -o ldif-wrap=no -H ldap://<url>:389 -x -D "uid=$USERNAME,cn=users,cn=accounts,dc=company,dc=se" -w $COMPANY_PASSWORD -b "dc=company,dc=se" -s sub -a always '(&(objectClass=*)(cn=*<string>*))' | |||
=matching= | =matching= | ||
Match user belonging to one of the groups. | Match user belonging to one of the groups. | ||
Line 157: | Line 29: | ||
Match user belonging to both groups. | Match user belonging to both groups. | ||
(&(memberOf=CN=%s,OU=Test_Users,DC=matthew,DC=com)(sAMAccountName=%s)) | (&(memberOf=CN=%s,OU=Test_Users,DC=matthew,DC=com)(sAMAccountName=%s)) | ||
= | =get root dse= | ||
root DSE (the top-level entry of the directory), supported LDAP versions, naming contexts, supported LDAP extensions, and other operational attributes. The root DSE, in particular, provides essential information about the LDAP server and the directory service it hosts, allowing LDAP clients to discover important details about the directory configuration and capabilities. | |||
ldapsearch -o ldif-wrap=no -H ldaps://ldap.int.redbridge.se:636 -x -b "" -s base -a always "(objectClass=*)" | |||
Get root dse using python | |||
python3 -c 'from ldap3 import Server, Connection, ALL ; server = Server("ipa.demo1.freeipa.org", get_info=ALL) ; conn = Connection(server, auto_bind=True) ; print(server.info) ;' | |||
Get schemas | |||
python3 -c 'from ldap3 import Server, Connection, ALL ; server = Server("ipa.demo1.freeipa.org", get_info=ALL) ; conn = Connection(server, auto_bind=True) ; print(server.schema) ;' | |||
[[Category:Applications]] | [[Category:Applications]] | ||
[[Category:Unix]] | [[Category:Unix]] |
Latest revision as of 10:49, 3 May 2024
what does it mean
dap Directory Access Protocol, Ldap ancestor dit Directory Information Tree dsa Directory System Agent is the element of an X.500 directory service that provides User Agents with access to a portion of the directory dse Directory System Entry. A DSE is a special entry within the LDAP directory that provides information about the directory itself and its configuration. dua Directory User Agent rdn parts of the DN are called Relative Distinguished Name (RDN) sasl Simple Authentication and Security Layer
Install ldap server.
dnf install 389*
Configure ldap.
dscreate interactive
ldapsearch examples
Base64 decode. No line wrap.
ldapsearch -o ldif-wrap=no -u -H ldaps://www.halfface.se.se:636 -b 'DC=www,DC=halfface,DC=se' -D username -w _password_ "(&(objectClass=*)(anr=search_string" | perl -MMIME::Base64 -MEncode=decode -n -00 -e 's/\n //g;s/(?<=:: )(\S+)/decode("UTF-8",decode_base64($1))/eg;print' | less -ISRM ldapsearch -o ldif-wrap=no -u -H ldaps://www.halfface.se.se:636 -b 'DC=www,DC=halfface,DC=se' -D username -w _password_ "(&(objectClass=*)(anr=search_string" | perl -pe"binmode(STDOUT,':utf8');" -MMIME::Base64 -MEncode=decode -n -00 -e 's/\n +//g;s/(?<=:: )(\S+)/decode("UTF-8",decode_base64($1))/eg;print' | strings
search for numbers higher than 42435.
ldapsearch -x -b ou=People,ou=Nordic,ou=eng,dc=infineon,dc=com "uidNumber>=42435"
search for next suitable gid. Look for good matching number. For some reason I get some low numbers in my test.
ldapsearch -LLL -l 5 -o nettimeout=5 -x -b "dc=example,dc=net" -h ldap.example.com "uidNumber>=68000" uidNumber | grep uidNumber | awk '{print $2}' | sort -n | less
Wild card search.
ldapsearch -o ldif-wrap=no -H ldap://<url>:389 -x -D "uid=$USERNAME,cn=users,cn=accounts,dc=company,dc=se" -w $COMPANY_PASSWORD -b "dc=company,dc=se" -s sub -a always '(&(objectClass=*)(cn=*<string>*))'
matching
Match user belonging to one of the groups.
(|(memberOf=CN=%s,OU=Test_Users,DC=matthew,DC=com)(sAMAccountName=%s))
Match user belonging to both groups.
(&(memberOf=CN=%s,OU=Test_Users,DC=matthew,DC=com)(sAMAccountName=%s))
get root dse
root DSE (the top-level entry of the directory), supported LDAP versions, naming contexts, supported LDAP extensions, and other operational attributes. The root DSE, in particular, provides essential information about the LDAP server and the directory service it hosts, allowing LDAP clients to discover important details about the directory configuration and capabilities.
ldapsearch -o ldif-wrap=no -H ldaps://ldap.int.redbridge.se:636 -x -b "" -s base -a always "(objectClass=*)"
Get root dse using python
python3 -c 'from ldap3 import Server, Connection, ALL ; server = Server("ipa.demo1.freeipa.org", get_info=ALL) ; conn = Connection(server, auto_bind=True) ; print(server.info) ;'
Get schemas
python3 -c 'from ldap3 import Server, Connection, ALL ; server = Server("ipa.demo1.freeipa.org", get_info=ALL) ; conn = Connection(server, auto_bind=True) ; print(server.schema) ;'