======= LDAP search Command =======

aka. Sanity check that ldap is working for a user

=== Syntax ====
<code>
ldapsearch -x -H "ldap://ip_addr:port" -D "ldapuser@foo.bar" -W -b "dc=domain,dc=org" "(sAMAccountName=ldap_user)"
</code>

=== Example ===
<code>
ldapsearch -x -H "ldap://x.x.x.x:3268" -D "ldapuser@mikelivolsi.com" -W -b "dc=mikelivolsi,dc=com" "(sAMAccountName=foobar_user)"
</code>

=== Better Example ===
<code>
ldapsearch \
  -H ldap://x.x.x.x:3268 \
  -x \
  -D "username@domain.org" \
  -W \
  -b "dc=mla,dc=org" \
  "(userPrincipalName=foo@bar.com)" \
cn
</code>

Explanation

  - H is the ldap/ad server
  - D is the username used to authenticate (signing onto the server)
  - b is the tree structure
  - userPrincipalName is the field you want to authenticate against
  - cn is the field you want returned.

In the example above, you can switch "userPrincipalName" with "mail" to search on emails. If you don't want a specific field returned, you can omit 'cn', and/or specify more fields like

 cn mail userPrincipalName sAMAccountName objectClass