Ldapsearch
De Linuxmemo.
(Différences entre les versions)
| Ligne 1 : | Ligne 1 : | ||
[[Catégorie:Commandes]] | [[Catégorie:Commandes]] | ||
| - | |||
Client d'annuaire LDAP | Client d'annuaire LDAP | ||
Version du 4 avril 2014 à 09:30
Client d'annuaire LDAP
ldapsearch [options] "(filtre)" attrib [attrib] [attrib]...
- Options
-LLL Affichage au format LDIF (sans commentaires, sans version LDIF)
-x Authentification simple (sans utiliser SASL)
-D dn DN de connexion
-W Demande le mot de passe
-h uri URI du serveur LDAP
-b base Base de la recherche
-s scope Etendue de la recherche (base, one, sub)
-S "attr" trie selon l'attribut
-W prompt for password
Sommaire |
Configuration
Fichiers: /etc/openldap/ldap.conf, .ldaprc
LDAP
# # LDAP Defaults # # See ldap.conf(5) for details # This file should be world readable but not world writable. #BASE dc=example, dc=com #URI ldap://ldap.example.com ldap://ldap-master.example.com:666 #SIZELIMIT 12 TIMELIMIT 10 #DEREF never TLS_REQCERT allow BASE dc=xxxx,dc=xxxx,dc=fr URI ldap://machine.domain.topdomain:389 BINDDN
LDAPS
URI ldaps://ldapd.dom:636 BASE dc=dom BINDDN uidNumber=11259, dc=dom #HOST #PORT #SIZELIMIT #TIMELIMIT #DEREF #TLS_CACERT #TLS_CACERTDIR #TLS_CERT #TLS_KEY #TLS_RANDFILE TLS_REQCERT allow ldap_version 3 bind_policy soft scope sub timelimit 10 bind_timelimit 15 tls_checkpeer no
Filtres
Voir: Ldap
Problème
- ldapsearch says hostname does not match CN
if the TLS: hostname does not match CN in peer certificate error appears during LDAPS handshake get the LDAP server certificate to check for the servename with command
# openssl s_client -connect ldapserver:port
To avoid certificate check on client modify the /etc/openldap/ldap.conf and add/replace TLS_REQCERT ie
TLS_REQCERT allow
