gbraccialli · October 18, 2016 17:45
diff --git a/ldap_search.txt b/ldap_search.txt
 sample search filters:
 (&(objectClass=group)(cn=*HADOOP*))
 (|(memberof=CN=GROUP1,OU=XXXX,OU=YYY,DC=domain,DC=com)(memberof=CN=GROUP2,OU=XXXX,OU=YYY,DC=domain,DC=com)(sAMAccountName=username1))
 ((CN=GROUP1,OU=XXXX,OU=YYY,DC=domain,DC=com)(CN=GROUP2,OU=XXXX,OU=YYY,DC=domain,DC=com))


 ldapsearch -x -h yourldapserver.com -b cn=accounts,dc=domain,dc=com -s sub "YOUR-SEARCH-FILTER"	





 #extract AD certificates
 echo "" | openssl s_client -host your-active-directory.com -port 636 -showcerts | awk '/BEGIN CERT/ {p=1} ; p==1; /END CERT/ {p=0}' > /certs/adcerts.cer

 vi /etc/openldap/ldap.conf
  TLS_CACERT /certs/adcerts.cer

 ldapsearch -H ldaps://your-active-directory.com:636 -b "DC=domain,DC=com" -D "[email protected]" -w PASSWORD -s sub "(&(objectClass=user)(cn=*braccialli*))"

 kinit youruser
 ldapsearch -H ldap://your-active-directory.com -Y GSSAPI -N -b "dc=domain,dc=com" "(sAMAccountName=test*)"
	sample search filters:
	(&(objectClass=group)(cn=HADOOP))
	(\|(memberof=CN=GROUP1,OU=XXXX,OU=YYY,DC=domain,DC=com)(memberof=CN=GROUP2,OU=XXXX,OU=YYY,DC=domain,DC=com)(sAMAccountName=username1))
	((CN=GROUP1,OU=XXXX,OU=YYY,DC=domain,DC=com)(CN=GROUP2,OU=XXXX,OU=YYY,DC=domain,DC=com))


	ldapsearch -x -h yourldapserver.com -b cn=accounts,dc=domain,dc=com -s sub "YOUR-SEARCH-FILTER"





	#extract AD certificates
	echo "" \| openssl s_client -host your-active-directory.com -port 636 -showcerts \| awk '/BEGIN CERT/ {p=1} ; p==1; /END CERT/ {p=0}' > /certs/adcerts.cer

	vi /etc/openldap/ldap.conf
	TLS_CACERT /certs/adcerts.cer

	ldapsearch -H ldaps://your-active-directory.com:636 -b "DC=domain,DC=com" -D "[email protected]" -w PASSWORD -s sub "(&(objectClass=user)(cn=braccialli))"

	kinit youruser
	ldapsearch -H ldap://your-active-directory.com -Y GSSAPI -N -b "dc=domain,dc=com" "(sAMAccountName=test*)"