55

Can anyone let me know if querying Active Directory server using ldapsearch, ldapadd, ldapdelete, etc. utilities is possible or not?

Daniel Serodio
  • 4,229
  • 5
  • 37
  • 33
Shriram
  • 4,343
  • 8
  • 37
  • 64

2 Answers2

118

The short answer is "yes". A sample ldapsearch command to query an Active Directory server is:

ldapsearch \
    -x -h ldapserver.mydomain.example \
    -D "mywindowsuser@mydomain.example" \
    -W \
    -b "cn=users,dc=mydomain,dc=com" \
    -s sub "(cn=*)" cn mail sn

This would connect to an AD server at hostname ldapserver.mydomain.example as user mywindowsuser@domain.example, prompt for the password on the command line and show name and email details for users in the cn=users,dc=mydomain,dc=com subtree.

See Managing LDAP from the Command Line on Linux for more samples. See LDAP Query Basics for Microsoft Exchange documentation for samples using LDAP queries with Active Directory.

Stephen Ostermiller
  • 23,933
  • 14
  • 88
  • 109
Richard Neish
  • 8,414
  • 4
  • 39
  • 69
  • 1
    Saved my day! :D I had gotten a username (`api-user`) for an LDAP Active Directory without any `@example.org`-part. The trick was to concatenate the CNs -- e.g. `CN=edu,CN=school,CN=com` becomes `@edu.school.com` giving `api-user@edu.school.com` – qff Feb 17 '17 at 13:30
  • 1
    The answer is nice, but as there are a lot of options for the command, something more extensive documentation is helpful. The link in the answer is not existing now, so I offer the Redhat documentation https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Creating_Directory_Entries-LDIF_Update_Statements.html#LDIF_Update_Statements-Modifying_an_Entry_Using_LDIF – zhrist Jul 10 '18 at 09:18
2

You could query an LDAP server from the command line with ldap-utils: ldapsearch, ldapadd, ldapmodify

Draken
  • 3,134
  • 13
  • 34
  • 54
Anand
  • 693
  • 1
  • 8
  • 26