A few basic LDAP searches to discover an OpenLDAP server
Wed, 2012.04.04 - 12:19 — müzso
If you have to discover an LDAP server, it's important to know the basics. I'll list a few important
ldapsearch commands to get you started.- Listing the contents of the root DSE:
ldapsearch -xLLL -H "ldaps://ldapserver.example.com/" -b "" -s base "(objectClass=*)" "+" "*"
Let's see what each of the options mean:
-xLLL:-xspecifies to use simple authentication (instead of SASL), the threeLLLrestrict the output to LDIFv1, disable comments and printing of the LDIF version (and without any-Dand-Woptions this will result in an anonymous bind to the LDAP server)-H: specifies the URI of the LDAP server (theldaps://ldapserver.example.com/means an SSL connection to ldapserver.example.com using the standard 636 SSL port)-b: specifies the base DN for the search (for the root DSE we need an empty base DN)-s: specifies the search scope (for the root DSE we need a base objects search)"(objectClass=*)": the search filter (where the objectClass=* value means: no filtering at all)"+"and"*": specifies the attributes to fetch ("+"stands for all operational attributes and"*"stands for all user attributes)
- Listing the schemas of the LDAP server:
ldapsearch -xLLL -H "ldaps://ldapserver.example.com/" -b "cn=Subschema" -s base "(objectClass=*)" "+" "*"
In the result of the first query you'll find asubschemaSubentryattribute. In our second query we list the contents of the DN specified by this attribute. - Listing the configuration context tree:
ldapsearch -xLLL -H "ldaps://ldapserver.example.com/" -b "cn=config" -s base -a always "(objectClass=*)" "+" "*"
In the result of the first query you'll find aconfigContextattribute. In our third query we list the contents of the DN specified by this attribute.
You might get an error here since not all LDAP servers let you have a peek at the configuration context. - Listing the contents of the default naming context:
ldapsearch -xLLL -H "ldaps://ldapserver.example.com/" -b "dc=example,dc=com" -s sub -a always "(objectClass=*)" "+" "*"
In the result of the first query you'll find anamingContextsattribute. In our fourth query we list the contents of the DN specified by the first element of this attribute.
Note that we do a subtree search here (due to the-s suboption) which will list the entire domain. You might not want to do this in a larger organization since it'd dump a huge amount of information that you don't necessarily need.
-D cn=admin,dc=example,dc=com -W to the commands where -D specifies the DN of the LDAP server's admin account and -W asks for its password.
All of my own contents here (if not noted otherwise) are licensed under the
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 License. My posts reflect my personal opinion and shall not be associated with any of my employers.
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 License. My posts reflect my personal opinion and shall not be associated with any of my employers.
Recent comments
1 year 46 weeks ago
3 years 15 weeks ago
3 years 15 weeks ago
3 years 17 weeks ago
3 years 18 weeks ago
3 years 25 weeks ago
3 years 25 weeks ago
3 years 25 weeks ago
3 years 25 weeks ago
3 years 26 weeks ago