Differences

This shows you the differences between two versions of the page.

--- sysadmin:ldap [2026/02/04 21:58] – created mlivolsi
+++ sysadmin:ldap [2026/05/20 14:22] (current) – mlivolsi
@@ Line 3: / Line 3: @@
 aka. Sanity check that ldap is working for a user
+=== Syntax ====
 <code>
 ldapsearch -x -H "ldap://ip_addr:port" -D "ldapuser@foo.bar" -W -b "dc=domain,dc=org" "(sAMAccountName=ldap_user)"
 </code>
-Example
+=== Example ===
 <code>
-ldapsearch -x -H "ldap://192.168.1.2:3268" -D "ldaper@mikelivolsi.com" -W -b "dc=mikelivolsi,dc=com" "(sAMAccountName=foobar_user)"
+ldapsearch -x -H "ldap://x.x.x.x:3268" -D "ldapuser@mikelivolsi.com" -W -b "dc=mikelivolsi,dc=com" "(sAMAccountName=foobar_user)"
 </code>
+=== Better Example ===
+<code>
+ldapsearch \
+  -H ldap://x.x.x.x:3268 \
+  -x \
+  -D "username@domain.org" \
+  -W \
+  -b "dc=mla,dc=org" \
+  "(userPrincipalName=foo@bar.com)" \
+cn
+</code>
+Explanation
+  - H is the ldap/ad server
+  - D is the username used to authenticate (signing onto the server)
+  - b is the tree structure
+  - userPrincipalName is the field you want to authenticate against
+  - cn is the field you want returned.
+In the example above, you can switch "userPrincipalName" with "mail" to search on emails. If you don't want a specific field returned, you can omit 'cn', and/or specify more fields like
+ cn mail userPrincipalName sAMAccountName objectClass