10.9.3 BASH
I have what I think is a simple project, but I am having trouble digesting tutorials on the web so I was hoping somebody could clarify. I have been looking at ldap and ldapsearch commands.
My company has an LDAP directory which I would like to query to pull information such as name, dept #, phone number etc. The search string that I have to work with is an email address.
Can somebody provide some insight, or point me in the direction on how I can get this done in a BASH script?
You will need to browse AD and find the correct OU and DC plus the fields you are interested most organisations will populate OU and different fields so this is usually the biggest hurdle
Here is an example of searching for mail address and displaying some info:
MAIL="auser@acme.com"
ldapsearch -h mydchost.acme.local -b 'OU=Acme Group,DC=acme,DC=local' -D 'ACME\sudo' -W "(&(objectclass=*)(mail=$MAIL))" cn mail department phone
You can try running without specifying any fields and try an pick out what you are interested in:
ldapsearch -h mydchost.acme.local -b 'OU=Acme Group,DC=acme,DC=local' -D 'ACME\sudo' -W "(&(objectclass=*)(mail=$MAIL))"
Thanks for the reply- 2 questions? Is there a common was to browse the Active Directory to get OU and DC information? I do not host/admin the server.
'OU=Acme Group,DC=acme,DC=local' -D 'ACME\sudo'
I'm familiar with o/ou but not DC. Can you explain the DC fields as well as the ACME\sudo field?
Much appreciated.
Try downloading the application called GetMyDN.exe in domain to get your own Distinguished Name. Then the last part before the "User Accounts" or such is you value you want to start your ldapsearch at.
For example it may return something like this
CN=Sudo user,OU=Information Technology,OU=New York,OU=Corporate Services,OU=User Accounts,OU=Acme Group,DC=acme,DC=local
It can be downloaded from
http://download.softerra.com/files/GetMyDN.zip
replace ACME\sudo with your login, format is DOMAIN\userid. The assumption here is that you have access to browse the domain.