[Freeipa-users] Querying the dir srv
Sean Hogan
schogan at us.ibm.com
Thu Aug 4 16:43:53 UTC 2016
Thanks Ben.. appreciated.. will give it a go. Do you guys recommend any
specific ldap viewer to view the internals? I was looking at apache dir
studio I think it was... but needs java and I don't want to add java
to a server that does not have it increasing the mitigation/vulnerability
factor of the box.
I ran ipa host-find --all
and noticed this setting in the list
Keytab: True
I am thinking Keytab entry = enroll true
Sean Hogan
From: Ben Lipton <blipton at redhat.com>
To: Sean Hogan/Durham/IBM at IBMUS, freeipa-users
<freeipa-users at redhat.com>
Date: 08/04/2016 09:08 AM
Subject: Re: [Freeipa-users] Querying the dir srv
On 08/04/2016 11:31 AM, Sean Hogan wrote:
>
> Hi All,
>
> Where can I find information about the IPA schema as in what = what in
> the dir srv? I do not have a ldap viewer.
> I am looking to pull specific info from it such as a list of servers
> that have enrolled = true and have been playing with ldapsearch to no
> avail.
>
You could try something like 'ipa <objecttype>-show --all <object>' to
see the dn of the associated LDAP object for a particular IPA entity.
This would give you a sense of what tree to ldapsearch. You could try
adding the --raw flag as well to see the LDAP attributes of the object.
# ipa user-show --all admin
dn: uid=admin,cn=users,cn=accounts,dc=example,dc=domain
[...]
# ldapsearch -xLLL -D cn='Directory manager' -w <directory manager pw>
-b 'cn=users,cn=accounts,dc=example,dc=domain' '(objectClass=*)' '*' |
perl -p0e 's/\n //g' | less
You can also take a look at
https://git.fedorahosted.org/cgit/freeipa.git/tree/ipalib/constants.py#n78
for a list of LDAP entities that act as containers for IPA objects
(subtrees to search under).
Someone else may have some better ideas, but maybe this can get you
started.
Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160804/053164d9/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160804/053164d9/attachment.gif>
More information about the Freeipa-users
mailing list