Tag Archives: ldap

Return results from LDAP without a line wrap (attribute)

Posted on by
Reply

Problem

You have an attribute in LDAP that might be a long line (ie a json array that contains many records like logins for example)

loginHistory: [{"lastLoginDate":"20250107094531.782Z","loginModule":"1"},{"lastLoginDate":"20241202075005.298Z","loginModule":"1"},{"lastLoginDate":"20241129143412.785Z","loginModule":"1"},{"lastLoginDate":"20241129103347.029Z","loginModule":"1"},{"lastLoginDate":"20240920105718.171Z","loginModule":"2"}]

But you want to return it in one line for further processing (ie counting the number of times in a year).

Solution

You can use the -o ldif_wrap=no option in your ldapsearch like 

ldapsearch -LLL -H "ldaps://ldap.com:1636" -o ldif_wrap=no -D "cn=User" -w $LDP -b "ou=people,dc=domain,dc=com" -s sub "(mail=usernname@domain.com)" uid loginHistory

Suppressing empty output lines when using ldapsearch

Posted on by
Reply

Problem

You want to use ldapsearch to search from a file (file contains domains and ldap contains emails), but you want to suppress empty output lines (option -LLL does not seem to suppress them).

Solution

Use grep -v ‘^$’ like

ldapsearch -LLL -H "ldaps://ldap_url:nnnn" -D "cn=Directory Manager" -w $LDP -b "ou=ou_name,dc=domain,dc=com" -s sub -f denyDomains.txt  "(mail=*@%s)" uid mail status | grep -v '^$' > denyDomainsResults.txt

LDAP search using a file as input

Posted on by
Reply

Problem

You would like to do a search for a specific LDAP attribute (ie email) using a file (emails.txt) with the list of emails you want to search for.

Solution

After exporting the password (LDP) you can use the following to do the search and output the results into a file (search_results.txt)

ldapsearch -LLL _H "ldaps://ldap_url:port" -D "cn=User_name" -w $LDP -b "ou=ou_name,dc=dc_name,dc=domain_name" -s sub -f emails.txt "(mail_attribute=%s)" uid mail_attribute other_attribute > search_results.txt