ldapsearch on a json attribute.

Posted on 13 February 2025 by kosmas

Problem

You have an LDAP entry with an attribute that consists of json entries, and you would like to use ldapsearch to filter on a json item condition.

So having the attribute

mobileIDAuthenticator: {“creationDateTime”:”2023-08-28T14:53:29.061Z”,”state”:”ENABLED”,”mobileNumber”:”+411111111″,”mobileSerialNumber”:”AAAAAAAAAAAAA”}

you would like to filter on the state item.

Solution

you can use the following syntax:

ldapsearch -LLL -H "ldaps://domain.com:1636" -D "cn=Directory Manager" -w $LDP -o ldif_wrap=no -c -vvvv -b "ou=persons,dc=domain,dc=com" -s sub "(mobileIdAuthenticator=state eq 'ENABLED')"  uid mobileIDAuthenticator

Return results from LDAP without a line wrap (attribute)

Posted on 10 January 2025 by kosmas

0 Comments

Problem

You have an attribute in LDAP that might be a long line (ie a json array that contains many records like logins for example)

loginHistory: [{"lastLoginDate":"20250107094531.782Z","loginModule":"1"},{"lastLoginDate":"20241202075005.298Z","loginModule":"1"},{"lastLoginDate":"20241129143412.785Z","loginModule":"1"},{"lastLoginDate":"20241129103347.029Z","loginModule":"1"},{"lastLoginDate":"20240920105718.171Z","loginModule":"2"}]

But you want to return it in one line for further processing (ie counting the number of times in a year).

Solution

You can use the -o ldif_wrap=no option in your ldapsearch like

ldapsearch -LLL -H "ldaps://ldap.com:1636" -o ldif_wrap=no -D "cn=User" -w $LDP -b "ou=people,dc=domain,dc=com" -s sub "(mail=usernname@domain.com)" uid loginHistory

Return all attributes from LDAP (user and operational)

Posted on 3 December 2024 by kosmas

To return all attributes from LDAP using ldapsearch you can use both “*” for user and “+” for operational attributes

ldapsearch -LLL -H "ldaps://url:1636" -D "cn=Directory Manager" -w $LDP -b "ou=entity,dc=domain,dc=com" -s sub "(&(attr_filter1=SOMETHING)(attr_filter2=ELSE))" "*" "+"

Suppressing empty output lines when using ldapsearch

Posted on 10 May 2024 by kosmas

0 Comments

Problem

You want to use ldapsearch to search from a file (file contains domains and ldap contains emails), but you want to suppress empty output lines (option -LLL does not seem to suppress them).

Solution

Use grep -v ‘^$’ like

ldapsearch -LLL -H "ldaps://ldap_url:nnnn" -D "cn=Directory Manager" -w $LDP -b "ou=ou_name,dc=domain,dc=com" -s sub -f denyDomains.txt  "(mail=*@%s)" uid mail status | grep -v '^$' > denyDomainsResults.txt

ldapsearch – OpenLDAP – Mandriva

Posted on 9 February 2011 by kosmas

0 Comments

Problem
You need to install OpenLDAP for testing the authentication against LDAP, but the command line utility ldapsearch is not installed in your system.

Solution
You would need to install Mandriva’s openldap-clients package that includes the ldapsearch:

sudo urpmi openldap-clients

42

Web notebook about thoughts and discoveries in DevOps, SRE, Software Engineering….

Category Archives: OpenLDAP

ldapsearch on a json attribute.

Problem

Solution

Return results from LDAP without a line wrap (attribute)

Problem

Solution

Return all attributes from LDAP (user and operational)

Suppressing empty output lines when using ldapsearch

Problem

Solution

ldapsearch – OpenLDAP – Mandriva