Commands tagged ldap (6)

  • These are the parameters to ldapsearch (from ldap-utils in Ubuntu), for searching for the record for Joe Blogg's user. sAMAccountName is the LDAP field that ActiveDirectory uses to store the user name. 'DOMAIN\Joe.Bloggs' where "DOMAIN" is the the active directory domain. Othewise you could use "CN=Joe.Bloggs,DC=example,DC=com" instead of "DOMAIN\Joe.Bloggs" Show Sample Output


    10
    ldapsearch -LLL -H ldap://activedirectory.example.com:389 -b 'dc=example,dc=com' -D 'DOMAIN\Joe.Bloggs' -w '[email protected]' '(sAMAccountName=joe.bloggs)'
    greppo · 2009-06-11 13:07:11 2
  • When Ldapsearch queries an Active directory server, all the dates are shown using a timestamp of 18 digits. This perl regexp decodes them in a more human friendly notation. 11644473600 corresponds to some microsoft epoch. Show Sample Output


    4
    ldapsearch -v -H ldap://<server> -x -D cn=<johndoe>,cn=<users>,dc=<ourdomain>,dc=<tld> -w<secret> -b ou=<lazystaff>,dc=<ourdomain>,dc=<tld> -s sub sAMAccountName=* '*' | perl -pne 's/(\d{11})\d{7}/"DATE-AD(".scalar(localtime($1-11644473600)).")"/e'
    flux · 2009-04-22 00:57:34 0
  • This command line detect ldap hosts, by mandatory dns entry, then ping them to detect response average. based on ping response average it sorts and print the faster server in first output line Show Sample Output


    2
    host -t srv _ldap._tcp | sed "s/.*[ ]\([^ ]*\)[.]$/\1/g" | xargs -i ping -c 1 {} | grep -E "(statistics|avg)" | sed "s/^--- \([^ ]*\).*/,\1:/g"|tr -d "\n" | tr "," "\n" | sed "1d;s|^\([^:]*\).*=[^/]*/\([^/]*\).*|\2\t\1|g" |sort -n
    glaudiston · 2016-09-02 03:26:29 0
  • Find statistics for an Edirectory server form LDAPsearch. We have a lot more examples at: http://ldapwiki.willeke.com/wiki/Ldapsearch%20Examples The full command got shut off it is: ldapsearch -h ldapserver.willeke.com -p636 -e C:\mydata\treerootcert.der -b "" -s base -D cn=admin,ou=administration,dc=willeke,dc=com -w secretpwd "(objectclass=*)" chainings removeEntryOps referralsReturned listOps modifyRDNOps repUpdatesIn repUpdatesOut strongAuthBinds addEntryOps compareOps wholeSubtreeSearchOps modifyEntryOps searchOps errors simpleAuthBinds inOps oneLevelSearchOps inBytes abandonOps bindSecurityErrors securityErrors unAuthBinds outBytes extendedOps readOps dsaName directoryTreeName vendorVersion vendorName Show Sample Output


    1
    ldapsearch -h ldapserver.willeke.com -p389 -b "" -s base -D cn=admin,ou=administration,dc=willeke,dc=com -w secretpwd "(objectclass=*)" chainings removeEntryOps referralsReturned listOps modifyRDNOps repUpdatesIn repUpdatesOut strongAuthBinds addEntryOps
    jwilleke · 2009-06-12 13:28:18 0
  • Shows list of users and their details in LDAP


    0
    ldapsearch -x -LLL uid=*
    boylah · 2013-08-20 10:54:45 0
  • Permit to generate a password for userPassword in ldap. Use ?slappasswd -g? to generate a random passowrd. Show Sample Output


    -1
    slpappasswd
    evolix · 2011-10-13 14:46:03 0

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands


Check These Out

Nginx - print all optional modules before compilation
wget http://nginx.org/download/nginx-1.15.3.tar.gz && tar -xzf 1.15.3.tar.gz && cd nginx-1.15.3

show dd progress
if you need see progress of long dd command, enter subj on other console

backup local MySQL database into a folder and removes older then 5 days backups

Find the files that contain a certain term
Simple use of find and grep to recursively search a directory for files that contain a certain term.

Alert visually until any key is pressed
I learned a few things reading this command. But I did run into a few issues: 1. On systems that don't use GNU echo (e.g. macOS 10.14.5 Mojave), the e option may not be supported. In this case ANSI escape codes will echoed as text and the terminal will not flash, like this: \e[?5h\e[38;5;1m A L E R T Thu Jun 20 16:31:29 PDT 2019 2. Since the read command strips\ignores leading backslashes, if a user types the backslash character once in the loop, it will not break. Typing backslash twice in a loop will break as expected. 3. The foreground color is set to red (\e[38;5;1m) on every loop. This could be set once before we call while, and then reset once when the loop breaks. 4. Instead of resetting the foreground color when it breaks, the video mode is set back to normal (\e[?5l). This has the effect of leaving the terminal text red until it is manually reset. The alternative I'm proposing here addresses these issues. I tested it on macOS and Arch Linux.

Create a bunch of dummy files for testing
Sometimes I need to create a directory of files to operate on to test out some commandlinefu I am cooking up. The main thing is the range ({1..N}) expansion.

netstat with group by (ip adress)
Same as the rest, but handle IPv6 short IPs. Also, sort in the order that you're probably looking for.

Swap a file or dir with quick resotre
This lets you replace a file or directory and quickly revert if something goes wrong. For example, the current version of a website's files are in public_html. Put a new version of the site in public_html~ and execute the command. The names are swapped. If anything goes wrong, execute it again (up arrow or !!).

Get AWS temporary credentials ready to export based on a MFA virtual appliance
You might want to secure your AWS operations requiring to use a MFA token. But then to use API or tools, you need to pass credentials generated with a MFA token. This commands asks you for the MFA code and retrieves these credentials using AWS Cli. To print the exports, you can use: `awk '{ print "export AWS_ACCESS_KEY_ID=\"" $1 "\"\n" "export AWS_SECRET_ACCESS_KEY=\"" $2 "\"\n" "export AWS_SESSION_TOKEN=\"" $3 "\"" }'` You must adapt the command line to include: * $MFA_IDis ARN of the virtual MFA or serial number of the physical one * TTL for the credentials

Simplest way to get size (in bytes) of a file


Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: