logo

LDAP

Concepts

Distinguished Name (DN):full path, similar to /home/username/test.txt Relative Distinguished Name (RDN): relative path, similar to test.txt

  • dc: Domain Component

  • cn: Common Name

  • sn: Surname

  • ou: Organizational Unit

  • c: Country

  • st: State

  • L: Locality

  • mail: Email

  • StartTLS: establishes Transport Layer Security (the descendant of SSL) on the connection

  • Bind (authenticate): authenticates the client to the server.

  • Search and Compare:

ldap://host:port/DN?attributes?scope?filter?extensions

Use Linux Command Line(ldapsearch)

Install if not available

$ sudo apt-get install ldap-utils

Check

$ which ldapsearch
/usr/bin/ldapsearch

Anonymous search. Provide hostname, port and base DN.

$ ldapsearch -h ldaphostname -p 389 -x -b "dc=foo,dc=bar,dc=com"
  • -h
  • -p
  • -x Perform a simple_authentication
  • -b

May receive the following information

# extended LDIF
#
# LDAPv3
# base <dc=foo,dc=bar,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 1 Operations error
text: 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this ope
 ration a successful bind must be completed on the connection., data 0, v1db1

# numResponses: 1

which means a bind is required

Bind

$ ldapsearch -h ldaphostname -p 389 -x -b "dc=foo,dc=bar,dc=com"
    -D "your userid" -w "your password"
  • -D
  • -w
  • -W will prompt to ask your password

Where in my case is the email address.

Gotcha: if there is !(exclamation mark) in your password, use ' instead of ", otherwise it will run the previous command. A simple illustration:

$ echo Hello!
Hello!
$ echo "Hello!"
bash: !": event not found
$ echo 'Hello!'
Hello!

Use Python API (Python-LDAP)

Install

$ sudo apt-get install python-ldap