[Freeipa-users] Querying the dir srv
Martin Basti
mbasti at redhat.com
Fri Aug 5 08:25:29 UTC 2016
On 04.08.2016 18:43, Sean Hogan wrote:
>
> Thanks Ben.. appreciated.. will give it a go. Do you guys recommend
> any specific ldap viewer to view the internals? I was looking at
> apache dir studio I think it was... but needs java and I don't want to
> add java
> to a server that does not have it increasing the
> mitigation/vulnerability factor of the box.
>
> I ran ipa host-find --all
> and noticed this setting in the list
> Keytab: True
>
> I am thinking Keytab entry = enroll true
>
> Sean Hogan
>
>
You can use also --raw option together with --all to see raw LDAP values
I use apache directory studio and ldapsearch
Martin
>
>
>
> Inactive hide details for Ben Lipton ---08/04/2016 09:08:40 AM---On
> 08/04/2016 11:31 AM, Sean Hogan wrote: >Ben Lipton ---08/04/2016
> 09:08:40 AM---On 08/04/2016 11:31 AM, Sean Hogan wrote: >
>
> From: Ben Lipton <blipton at redhat.com>
> To: Sean Hogan/Durham/IBM at IBMUS, freeipa-users <freeipa-users at redhat.com>
> Date: 08/04/2016 09:08 AM
> Subject: Re: [Freeipa-users] Querying the dir srv
>
> ------------------------------------------------------------------------
>
>
>
> On 08/04/2016 11:31 AM, Sean Hogan wrote:
> >
> > Hi All,
> >
> > Where can I find information about the IPA schema as in what = what in
> > the dir srv? I do not have a ldap viewer.
> > I am looking to pull specific info from it such as a list of servers
> > that have enrolled = true and have been playing with ldapsearch to no
> > avail.
> >
>
> You could try something like 'ipa <objecttype>-show --all <object>' to
> see the dn of the associated LDAP object for a particular IPA entity.
> This would give you a sense of what tree to ldapsearch. You could try
> adding the --raw flag as well to see the LDAP attributes of the object.
>
> # ipa user-show --all admin
> dn: uid=admin,cn=users,cn=accounts,dc=example,dc=domain
> [...]
> # ldapsearch -xLLL -D cn='Directory manager' -w <directory manager pw>
> -b 'cn=users,cn=accounts,dc=example,dc=domain' '(objectClass=*)' '*' |
> perl -p0e 's/\n //g' | less
>
> You can also take a look at
> https://git.fedorahosted.org/cgit/freeipa.git/tree/ipalib/constants.py#n78
> for a list of LDAP entities that act as containers for IPA objects
> (subtrees to search under).
>
> Someone else may have some better ideas, but maybe this can get you
> started.
>
> Ben
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160805/09b8738d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 105 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160805/09b8738d/attachment.gif>
More information about the Freeipa-users
mailing list