ldap - 使用 ldapsearch 进行 G Suite LDAP 搜索

问题描述

我已经在 G Suite 中配置了一个 ldap 应用程序，并且我已经下载了证书和密钥。我正在尝试通过 ldapsearch 查询它：

LDAPTLS_CERT="Google_cert.crt" \
LDAPTLS_KEY="Google_cert.key" \
ldapsearch -H ldaps://ldap.google.com:636 -b dc=XXXXX,dc=XXX -x '(mail=first.last@XXXXX.XXX)'

我得到的回应是这样的：

# extended LDIF
#
# LDAPv3
# base <dc=XXXXX,dc=XXX> with scope subtree
# filter: (mail=first.last@XXXXX.XXX)
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1

我不确定如何解释响应。它是否执行了搜索但什么也没找到？search,result和是什么numResponses意思？

我期待更多信息，因为我正在寻找自己，所以我知道我在那里。我的查询有问题吗？

编辑根据评论，我将查询更改为*：

LDAPTLS_CERT="Google_cert.crt" \
LDAPTLS_KEY="Google_cert.key" \
ldapsearch -H ldaps://ldap.google.com:636 -b dc=XXXXX,dc=XXX -x '*'

得到了这个：

# extended LDIF
#
# LDAPv3
# base <dc=XXXXX,dc=XXX> with scope subtree
# filter: (objectclass=*)
# requesting: *
#

# XXXXX.XXX
dn: dc=XXXXX,dc=XXX
objectClass: top
objectClass: domain
objectClass: dcObject
dc: XXXXX

# Groups, XXXXX.XXX
dn: ou=Groups,dc=XXXXX,dc=XXX
objectClass: top
objectClass: organizationalUnit
ou: Groups

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2

这是否意味着唯一的下一级容器是Groups，下一个我需要在那个ou中搜索？

标签： ldapgoogle-workspace

I'm on a Mac, and ldapsearch on Mac is different. Instead of using LDAPTLS_CERT & LDAPTLS_KEY, I had to convert the certificate and key files to one PKCS12 formatted file and import them into my MacBook's keychain, then use the LDAPTLS_IDENTITY environment variable with the ldapsearch command. This page Connect LDAP clients to the Secure LDAP service has specific instructions for using ldapsearch on MacOS.

After that, this is the command that found my user:

LDAPTLS_IDENTITY="LDAP Client" ldapsearch -H ldaps://ldap.google.com:636 -b dc=XXXXX,dc=XXX '(uid=first.last)'

Hope this saves somebody else some time.

ldap - 使用 ldapsearch 进行 G Suite LDAP 搜索

问题描述

解决方案

推荐阅读