Checking if an organizationalUnit exists by it's DN. (LDAP, Bash)

Question

I want to check in a bash script that a specific organizationalunit with the given DN exists.

I'm doing an ldapsearch:

OU="ou=HQ,dc=myroot,dc=local"

ldapsearch -h localhost -b dc=myroot,dc=local -x -v "(&(objectClass=organizationalUnit)(dn="'"'$OU'"'"))"

and it always results in 0 even if the DN exists.

I have also tried:

ldapsearch -h localhost -b dc=myroot,dc=local -x -v "(&(objectClass=organizationalUnit)(dn=$OU))"

But the results are the same.

How can I do it? Is there a trick to the dn attribute?

Disregard that I'm using simple authentication.

score 0 · Accepted Answer · answered Mar 18 '12 at 18:48

You cannot put the DN inside the search filter because the DN is not an attribute name. Put your dn as the search base (ldapsearch -b) and the objectclass into the search filter. Something like this:

OU='ou=HQ,dc=myroot,dc=local'
ldapsearch -h localhost -b "$OU" -x -v -D'cn=admin,dc=myroot,dc=local' -wyour_ldap_password '(&(objectClass=organizationalUnit))'

And you'll be fine.

Checking if an organizationalUnit exists by it's DN. (LDAP, Bash)

1 Answers1