问题
I'm pulling information about a user from ldap. This includes directReports, which is in the full "CN=cnBlah, OU=ouBlah, DC=dcBlah" form. I'm trying to do another lookup to find info about the reportee.
So far the only way I've been able to actually find said user is to break out the CN= and set the remainder of the string as the base.
Is this the proper way of doing it? Or is there a way to search for an entry given the full dn?
回答1:
Use the DN as the base object in the search and set the scope of the search to base.
回答2:
Calling ldapsearch with the -f option would do pretty much what you want.
Save your first search results to a file, with only the value of the cn attribute. For example, your file would look like this :
user1
user2
cnBlah
john
jim
user883
Then call ldapsearch with a base that is high enough to encompass all users. This could be -b dc=users,dc=example,dc=com.
So if you saved your user list to a file named users.txt, your ldapsearch command line would look like this :
#I removed the hostname, port and authentification for clarity
ldapsearch -b "dc=users,dc=example,dc=com" -s sub "cn=%s" -f users.txt -LLL
Long lines will wrap at ~76 characters. Nothing that a pipe through perl -p00e 's/\r?\n //g' can't fix.
回答3:
When you already have the complete DN you don't need to do a search at all. Just do a lookup operation.
来源:https://stackoverflow.com/questions/16799452/how-do-you-search-by-dn-in-ldap