cancel
Showing results for 
Search instead for 
Did you mean: 

ldapsearch

Gordon Brown_5
Frequent Advisor

ldapsearch

I want to query our AD for the email address of a username; my Windows admins don't seem to be too clued up about how to query the AD and I get the following error when I attempt to use ldapsearch :

ldap_search: additional info: 00000000: LdapErr: DSID-0C090627

The problem would appear to be authentication but the available documentation is a bit sketchy on what is required - the Windoze admins are unhappy about creating a proxy user - so how do you supply credentials to ldapsearch.

Thanks in advance

Gordon
Older than the 840
3 REPLIES
Gordon Brown_5
Frequent Advisor

Re: ldapsearch

Well that might work on your installation but you obviously have something configured elsewhere - eg where is your -h ?
Older than the 840
Heironimus
Honored Contributor

Re: ldapsearch

ldapsearch -b 'dc=your,dc=domain,dc=com' -D 'cn=binduser,...' -H ldap://domain.controller/ -W -x '(samaccountname=userid)'

The ldapsearch man page is your friend, but that's the general formula. I put all the common stuff in my ~/.ldaprc for convenience. I also use SSL, which requires that you specify the root CA chain in ldaprc (or ldap.conf).
Gordon Brown_5
Frequent Advisor

Re: ldapsearch

Thank you everyone, I have actually solved it myself so for anyone else in the future this is how it is done.

ldapsearch -x -h "ip_address:port" \
-D "yourlogon@yourdomain" \
-w "yourdomainpassword"
-b "ou=accounts,dc=domain,dc=net"
"(sAMAccountName=whotolookfor)"

So for a Directory server on ip address 1.1.1.1 , domain windoze.net and we want to look up user billyg's mail address. You are user scriptman and your password is unixrules:

ldapsearch -x -h "1.1.1.1:389" \
-D "scriptman@windoze.net" -w "unixrules" \
-b "ou=accounts,dc=windoze,dc=net" \
"(sAMAccountName=billyg)" mail

Best of luck - Gordon
Older than the 840