LDAP
Test LDAP connection
ldapsearch -x -b "cn=Users,dc=office,dc=company,dc=com" -H ldaps://dc.address.com:636 -D 'username@domain.com' -W -d 1
Check LDAP server search (Active Directory lookup)
ldapsearch -H ldap://10.10.0.7:389 -x -b "dc=kvk,dc=company,dc=com" -D "user@kvk.company.com" -W -s sub "(cn=SnipeIT*)" cn mail sn -v
LDAP query for enabled user accounts
(&(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(objectClass=computer)))
PHP app LDAPS trust certificate
- Put AD DC Base-64 certificate to C:\openldap\sysconf
- Create ldap.conf in that folder with content
TLS_REQCERT never TLS_CACERT c:\openldap\sysconf\webcert.crt
- Create System variable LDAPTLS_CACERT that points to that certificate
Get server SSL certificate from handshake (for LDAPS f.x.)
openssl s_client -connect dc.kvk.company.com:636
Part of the output of this file will be the Base-64 encoded .cer file that was presented for LDAPS. Just cut and paste into notepad beginning at "--Begin Certificate--" through "---End Certificate---" and save as a .cer
Double-click on the certificate file and you will now be viewing the certificate presented for LDAPS.
LDAP query search for user
ldapsearch -x -LLL -h domaincontroller.company.com -D username -w password -b"dc=company,dc=com" -s sub "(objectClass=user)" givenName
Check the certificate used for an LDAPS connection
echo | openssl s_client -connect dc.company.com:636 2>/dev/null | openssl x509 -noout -text
LDAP find user in Active Directory
Provide password for bindaduser
that is used to connect to the domain:
ldapsearch -H ldaps://dc.office.company.com:3269 -D "bindaduser" -W -b "dc=office,dc=company,dc=com" "(sAMAccountName=first.last)"