Searching LDAP using a file for search filter
Most of the time you will do basic searches looking for an individual or group. Or you are looking to get a list of people that meet a particular set of criteria. So your search filter will help you to narrow down who you are looking for. But sometimes you need to do a search based on a series of different search criteria. Maybe you have a list of users and need to find out what a particular attribute is set to for each of them. You can use that file to perform the search. Basically the command will keep looping using each line in the file until it is complete. You can redirect the output to a file. So let's take a look at how we would do this.
First, let's look at how you would type out the ldapsearch command. If you have ever done any scripting or more complicated batch files you should be familiar with the idea of using variables to insert information. We basically do the same thing in the search command. We will use a variable in the place that will hold the information from the file we have created. Note: I will use ellipsis in the basic parts of the command you should already know. If you are not sure what to put in those spots then go to the page on performing an ldapsearch for background information.
ldapsearch -h ... -D ... -w ... -x -LLL -b ... -f filename.txt "(cn=%s)" cn description
So there are two differences between this command line and the regular ldapsearch command line. The first is the use of the -f switch. This tells the command we are using an input file for some part of the search filter. Then you put in the name of the file. If the file is not in the current directory you are in you will have to give the full path for the file. We will go over formatting the file in a moment. The second difference is the use of %s as a variable. Depending on how you format the file this could be a part of the filter, as in this example, or it could be the full filter. The command will run and will put the information in the file in place of the variable. The command will loop as it moves from line to line in the file till it gets to the end of the file.
So the file itself is a standard text file. So in this example we are searching a list of user names, or common names. So the file will simply be that list of user names. The file will look something like this...
apond
dnoble
msmith
rtyler
...
You can have as many lines as needed in the file. So in the command above the actual filter the command sees for the first two lines would be
"(cn=apond)"
"(cn=dnoble)"
and then would return the dn the cn and the description for the user.
You could also have a file that has the full search string. Let's say you get a listing of user names that looks like cn=apond instead of just the user name. Then you could do the following command.
ldapsearch -h ... -D ... -w ... -x -LLL -b ... -f filename.txt "(%s)" cn description
And the file will look like the following:
cn=apond
cn=dnoble
cn=msmith
cn=rtyler
Obviously you can put any list of attributes at the end of the command line for what you want to return when the command runs. You can also put in a more complex filter and use the file to add to just a portion of the filter. So let's say you wanted to look for the users, but only if they were in the USA and then you wanted to list out their email and phone number. You could do the following command.
ldapsearch -h ... -D ... -w ... -x -LLL -b ... -f filename.txt "(&(country=usa)(cn=%s))" cn mail phone
First, let's look at how you would type out the ldapsearch command. If you have ever done any scripting or more complicated batch files you should be familiar with the idea of using variables to insert information. We basically do the same thing in the search command. We will use a variable in the place that will hold the information from the file we have created. Note: I will use ellipsis in the basic parts of the command you should already know. If you are not sure what to put in those spots then go to the page on performing an ldapsearch for background information.
ldapsearch -h ... -D ... -w ... -x -LLL -b ... -f filename.txt "(cn=%s)" cn description
So there are two differences between this command line and the regular ldapsearch command line. The first is the use of the -f switch. This tells the command we are using an input file for some part of the search filter. Then you put in the name of the file. If the file is not in the current directory you are in you will have to give the full path for the file. We will go over formatting the file in a moment. The second difference is the use of %s as a variable. Depending on how you format the file this could be a part of the filter, as in this example, or it could be the full filter. The command will run and will put the information in the file in place of the variable. The command will loop as it moves from line to line in the file till it gets to the end of the file.
So the file itself is a standard text file. So in this example we are searching a list of user names, or common names. So the file will simply be that list of user names. The file will look something like this...
apond
dnoble
msmith
rtyler
...
You can have as many lines as needed in the file. So in the command above the actual filter the command sees for the first two lines would be
"(cn=apond)"
"(cn=dnoble)"
and then would return the dn the cn and the description for the user.
You could also have a file that has the full search string. Let's say you get a listing of user names that looks like cn=apond instead of just the user name. Then you could do the following command.
ldapsearch -h ... -D ... -w ... -x -LLL -b ... -f filename.txt "(%s)" cn description
And the file will look like the following:
cn=apond
cn=dnoble
cn=msmith
cn=rtyler
Obviously you can put any list of attributes at the end of the command line for what you want to return when the command runs. You can also put in a more complex filter and use the file to add to just a portion of the filter. So let's say you wanted to look for the users, but only if they were in the USA and then you wanted to list out their email and phone number. You could do the following command.
ldapsearch -h ... -D ... -w ... -x -LLL -b ... -f filename.txt "(&(country=usa)(cn=%s))" cn mail phone
Home |
About |
Services |
Copyright © 2016