LDAP
Concepts
Distinguished Name (DN):full path, similar to /home/username/test.txt Relative Distinguished Name (RDN): relative path, similar to test.txt
-
dc: Domain Component
-
cn: Common Name
-
sn: Surname
-
ou: Organizational Unit
-
c: Country
-
st: State
-
L: Locality
-
mail: Email
-
StartTLS: establishes Transport Layer Security (the descendant of SSL) on the connection
-
Bind (authenticate): authenticates the client to the server.
-
Search and Compare:
ldap://host:port/DN?attributes?scope?filter?extensions
Use Linux Command Line(ldapsearch)
Install if not available
$ sudo apt-get install ldap-utils
Check
$ which ldapsearch
/usr/bin/ldapsearch
Anonymous search. Provide hostname, port and base DN.
$ ldapsearch -h ldaphostname -p 389 -x -b "dc=foo,dc=bar,dc=com"
- -h
- -p
- -x Perform a simple_authentication
- -b
May receive the following information
# extended LDIF
#
# LDAPv3
# base <dc=foo,dc=bar,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# search result
search: 2
result: 1 Operations error
text: 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this ope
ration a successful bind must be completed on the connection., data 0, v1db1
# numResponses: 1
which means a bind is required
Bind
$ ldapsearch -h ldaphostname -p 389 -x -b "dc=foo,dc=bar,dc=com"
-D "your userid" -w "your password"
- -D
- -w
- -W will prompt to ask your password
Where in my case is the email address.
Gotcha: if there is !(exclamation mark) in your password, use ' instead of ", otherwise it will run the previous command. A simple illustration:
$ echo Hello!
Hello!
$ echo "Hello!"
bash: !": event not found
$ echo 'Hello!'
Hello!
Use Python API (Python-LDAP)
Install
$ sudo apt-get install python-ldap