LDAP(1) | General Commands Manual | LDAP(1) |
ldap
— simple LDAP
client
ldap |
search [-LvWxZ ]
[-b basedn]
[-c CAfile]
[-D binddn]
[-H host]
[-l timelimit]
[-s scope]
[-w secret]
[-y secretfile]
[-z sizelimit]
[filter] [attributes ...] |
The ldap
utility is a simple LDAP client.
It queries an LDAP server to perform a command and outputs the results in
the LDAP Data Interchange Format (LDIF).
search
options [filter]
[attributes ...]ldap
restricts the output to the specified
attributes.The options are as follows:
-b
basedn-c
CAfile-D
binddn-H
host[protocol://]host[:port][/
basedn?
attribute,...?
scope?
filter]
The default is ldap://localhost:389/. Each of basedn, attribute, scope and filter may be omitted, but the preceding ‘/’ or ‘?’ is required if a subsequent field is non-empty.
The following protocols are supported:
-Z
option.-L
ldap
encodes “unsafe” characters and
newlines in a visual format using vis(3)
instead.-l
timelimit-s
scopebase
, one
, or
sub
. The default is sub
for subtree searches.-v
-W
-w
secret-x
ldap
does not support SASL authentication.-y
secretfile-Z
-z
sizelimitThe following script can be used with the AuthorizedKeysCommand option of sshd(8):
#!/bin/sh ldap search -D cn=Reader,dc=example,dc=com -w mypass123 \ -b ou=People,dc=example,dc=com \ -H ldapserver -c /etc/ssl/ldapserver.crt -Z \ "(&(objectClass=bsdAccount)(uid=$1))" sshPublicKey | \ sed 's/^sshPublicKey: //p;d;' exit 0
And the related configuration in sshd_config(5):
Match Group ldapusers AuthorizedKeysCommand /etc/ssh/ldap-authorized_keys.sh AuthorizedKeysCommandUser _ldap
G. Good, The LDAP Data Interchange Format (LDIF) - Technical Specification, RFC 2849, June 2000.
M. Smith, Ed. and T. Howes, Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters, RFC 4515, June 2006.
M. Smith, Ed. and T. Howes, Lightweight Directory Access Protocol (LDAP): Uniform Resource Locator, RFC 4516, June 2006.
The ldap
utility first appeared in
OpenBSD 6.4.
The ldap
utility was written by
Reyk Floeter
<reyk@openbsd.org>.
SASL authentication is not supported. Authentication should be performed using simple authentication over a TLS connection.
August 1, 2018 | OpenBSD-current |