Skip to content

Latest commit

 

History

History
64 lines (55 loc) · 2.88 KB

ldap-cheat-sheet.md

File metadata and controls

64 lines (55 loc) · 2.88 KB
Raw

LDAP cheat sheet

implementation

browsers

browsers

commands

whoami

ldapwhoami -x -v -H $LDAP_HOST -D $LDAP_USER -w $LDAP_PASSWORD
ldapwhoami -x -v -D "CN=Vitalii,OU=Users,OU=UBS,OU=Accounts,DC=vantage,DC=org" -H ldaps://ubsinfesv0015.vantage.org:636 -W
# CN - Common Name
# OU - Organizational Unit
# DC - Domain Component

perform user search

LDAP_HOST="ldaps://ldap.ubshost.net:5522"
LDAP_USER="uid=techuserldap,ou=people,dc=ubshost,dc=com"
LDAP_PASSWORD='' 

# log from ldap
# SEARCH conn=61392 op=3 msgID=4 base="ou=groups,dc=com" scope=sub filter="(uid=normaluser)" attrs="ismemberof" requestControls=2.26.140.2.2730.4.1.0 result=0 nentries=0 entrySize=975 authDN="uid=techuserldap,ou=people,dc=ubshost,dc=com" etime=372222
BASE_DN="ou=groups,dc=com"; 
LDAP_FILTER="uid=normaluser"; 

ldapsearch -LLL -o ldif-wrap=no -H $LDAP_HOST -b $BASE_DN -D $LDAP_USER -w $LDAP_PASSWORD $LDAP_FILTER

find owner of account

LDAP_HOST=ubsinfesv0015.vantage.org
LDAP_USER="uid=Vitali,ou=people,dc=group,dc=zur"

ldapsearch -LLL -o ldif-wrap=no -H $LDAP_HOST -b $BASE_DN -D $LDAP_USER -w $LDAP_PASSWORD 
ldapsearch -LLL -o ldif-wrap=no -h $LDAP_HOST -b "DC=vantage,DC=org" samaccountname=pen_import-s
ldapsearch -LLL -o ldif-wrap=no -h $LDAP_HOST -b "OU=Accounts,DC=vantage,DC=org" samaccountname=cherkavi
ldapsearch -LLL -o ldif-wrap=no -h $LDAP_HOST -b "OU=Accounts,DC=vantage,DC=org" -s sub "displayName=Vitalii Cherkashyn"
ldapsearch -LLL -o ldif-wrap=no -h $LDAP_HOST -b "OU=Accounts,DC=vantage,DC=org" -s sub "Mail=vitalii.cherkashyn@ubs.de"
ldapsearch -LLL -o ldif-wrap=no -h $LDAP_HOST -b "OU=Accounts,DC=vantage,DC=org" -s sub "Mail=vitalii.cherkashyn@ubs.de" -D "CN=Vitalii Cherkashyn,OU=Users,OU=UBS,OU=Accounts,DC=vantage,DC=org" -Q -W
# in case of error message: No Kerberos credentials available
kinit pen_import-s

find all accounts in LDAP

# list of the accounts
ldapsearch -LLL -o ldif-wrap=no -E pr=1000/noprompt -h $LDAP_HOST -b "DC=vantage,DC=org" samaccountname=r-d-ubs-developer member 
# account name and e-mail 
ldapsearch -LLL -o ldif-wrap=no -E pr=1000/noprompt -h $LDAP_HOST -b "DC=vantage,DC=org" cn="Vitalii Cherkashyn" samaccountname
ldapsearch -LLL -o ldif-wrap=no -E pr=1000/noprompt -h $LDAP_HOST -b "DC=vantage,DC=org" cn="Vitalii Cherkashyn" samaccountname mail

Architecture

image image

links