If you are working in on a Linux OpenLDAP server, the LDAP protocol is very useful to centralize authentication.
However, as your LDAP directory grows, you might get lost in all the entries that you may have to manage.
Luckily, there is a command that will help you search for entries in a LDAP directory tree : ldapsearch.
# 驗證是否有此帳號 (AD)
ldapsearch -x -H "ldap://LDAPSERVER" -b "OU=OU,DC=DOMAIN,DC=LOCAL" -D "CN=BINDUSER,CN=Users,DC=DOMAIN,DC=LOCAL" -w "BINDPASSWORD" "(&(objectclass=user)(sAMAccountName=username))"
# 驗證是否有此帳號 (LDAP)
ldapsearch -x -H "ldap://LDAPSERVER" -b "OU=OU,DC=DOMAIN,DC=LOCAL" -D "uid=BINDUSER,CN=Users,DC=DOMAIN,DC=LOCAL" -w "BINDPASSWORD" "(&(objectClass=person)(uid=username))"
# 驗證是否有此帳號 (Zimbra)
ldapsearch -x -h LDAPSERVER:389 -b "ou=people,DC=DOMAIN,DC=LOCAL" -D "uid=zimbra,cn=admins,cn=zimbra" -w "BINDPASSWORD" "(&(objectClass=zimbraAccount)(uid=username))"
# 以完整格式搜尋使用者並取回帳號名稱 (AD)
ldapsearch -x -H "ldap://LDAPSERVER" -b "OU=OU,DC=DOMAIN,DC=LOCAL" -D "uid=BINDUSER,CN=Users,DC=DOMAIN,DC=LOCAL" -w "BINDPASSWORD" -s sub "(userPrincipalName=
# 以完整格式搜尋使用者並取回別名 (AD)
ldapsearch -x -H "ldap://LDAPSERVER" -b "OU=OU,DC=DOMAIN,DC=LOCAL" -D "uid=BINDUSER,CN=Users,DC=DOMAIN,DC=LOCAL" -w "BINDPASSWORD" -s sub "(userPrincipalName=
# 搜尋具有指定屬性及文字的帳號 (LDAP)
ldapsearch -x -H "ldap://LDAPSERVER" -b "CN=Users,DC=DOMAIN,DC=LOCAL" -D "uid=BINDUSER,CN=Users,DC=DOMAIN,DC=LOCAL" -w "BINDPASSWORD" -s base "(&(objectClass=user)(description=*字串*))"
---
Examples:
./ldapsearch -x -b "cn=groups,dc=amiam,dc=com" -H ldap://ldap-2 -D "cn=config" -w mypassword
ldapsearch -x -h ldap-2 -b "ou=people,dc=amiam,dc=com" -D "uid=zimbra,cn=admins,cn=zimbra" -w "mypassword" "(&(objectClass=zimbraAccount)(uid=jack))"
ldapsearch -x -h ldap-2 -b "ou=people,dc=amiam,dc=com" -D "uid=zimbra,cn=admins,cn=zimbra" -w "mypassword" "(&(objectClass=zimbraAccount)(uid=*))"
Reference: http://blog.jason.tools/2022/02/ldapsearch-cli.html
