Skip to content
/ ldaps Public

simple wrapper around ldapsearch(1) for easy command-line AD/LDAP queries

License

Notifications You must be signed in to change notification settings

zackse/ldaps

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

ldaps

simple wrapper around ldapsearch(1) for easy command-line AD/LDAP queries

description

This script wraps the OpenLDAP ldapsearch(1) utility, allowing simple command-line AD/LDAP queries without having to remember the various arguments/options to ldapsearch.

usage

ldaps <filter> [ attribute1, ... ]

This will search your configured LDAP server (see installation below) using the given filter and will return the specified attributes. If no attributes are specified, all attributes are returned.

To handle the common case of searching by Active Directory username, specifying a single word will be treated as a search against the sAMAccountName field. For example, the following command would search using the LDAP filter (sAMAccountName=zackse) and return the displayName attribute.

ldaps zackse displayName

requirements

  • OpenLDAP clients
    • Debian/Ubuntu: ldap-utils
    • Red Hat/CentOS/Fedora: openldap-clients
    • OS X: installed by default
  • Perl

tab-completion

If you install the bash completion script (see installation below), you can tab-complete usernames and attributes. For example, this would provide completions for usernames starting with zack:

ldaps zack<TAB>

If you are searching on a username, you can tab-complete attribute names:

$ ldaps zackse sam<TAB>
samaccountname  samaccounttype

examples

Find a mobile number:

ldaps zackse mobile

Create a shell function to display members in the specified group:

members() {
    ldaps "$1" | grep ^member: | cut -c9-
}

Now you can issue members engineering_team to get a list of people in that group.

Search for Jack Tors:

ldaps 'cn=jack tors'

installation

Copy ldaps into a directory in your PATH. For example:

cp ldaps ~/bin/
chmod 755 ~/bin/ldaps

Create a config file:

mkdir -p ~/.config/ldaps
cp sample_rc ~/.config/ldaps/rc
chmod 600 ~/.config/ldaps/rc
$EDITOR ~/.config/ldaps/rc
...

Optional: add tab completion!

cp ldaps_completion /etc/bash_completion.d/
source /etc/bash_completion.d/ldaps_completion

a note on security

This script requires credentials for an account with read access to your AD/LDAP server. If you do not want to save the credentials in a config file (~/.config/ldaps/rc), you can set them in your environment. This isn't necessarily more secure, but it is an alternate approach if you don't want the credentials in persistent storage.

For example, if you prefer to omit the password from the config file, you could set it in your environment and make it available to ldaps:

read -s LDAP_BIND_PW
(type in your password here, it will not be displayed while you are typing)

export LDAP_BIND_PW

About

simple wrapper around ldapsearch(1) for easy command-line AD/LDAP queries

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages