<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 04.08.2016 18:43, Sean Hogan wrote:<br>
</div>
<blockquote
cite="mid:OF7E2E9B3B.764ADADB-ON07258005.005AF84D-07258005.005BE896@notes.na.collabserv.com"
type="cite">
<p>Thanks Ben.. appreciated.. will give it a go. Do you guys
recommend any specific ldap viewer to view the internals? I was
looking at apache dir studio I think it was... but needs java
and I don't want to add java<br>
to a server that does not have it increasing the
mitigation/vulnerability factor of the box.<br>
<br>
I ran ipa host-find --all<br>
and noticed this setting in the list<br>
Keytab: True<br>
<br>
I am thinking Keytab entry = enroll true<br>
<br>
Sean Hogan<br>
<br>
<br>
</p>
</blockquote>
<br>
You can use also --raw option together with --all to see raw LDAP
values<br>
<br>
I use apache directory studio and ldapsearch<br>
<br>
Martin<br>
<blockquote
cite="mid:OF7E2E9B3B.764ADADB-ON07258005.005AF84D-07258005.005BE896@notes.na.collabserv.com"
type="cite">
<p><br>
<br>
<img src="cid:part1.E09C2EA2.B54E4045@redhat.com" alt="Inactive
hide details for Ben Lipton ---08/04/2016 09:08:40 AM---On
08/04/2016 11:31 AM, Sean Hogan wrote: >" border="0"
height="16" width="16"><font color="#424282">Ben Lipton
---08/04/2016 09:08:40 AM---On 08/04/2016 11:31 AM, Sean Hogan
wrote: ></font><br>
<br>
<font color="#5F5F5F" size="2">From: </font><font size="2">Ben
Lipton <a class="moz-txt-link-rfc2396E" href="mailto:blipton@redhat.com"><blipton@redhat.com></a></font><br>
<font color="#5F5F5F" size="2">To: </font><font size="2">Sean
Hogan/Durham/IBM@IBMUS, freeipa-users
<a class="moz-txt-link-rfc2396E" href="mailto:freeipa-users@redhat.com"><freeipa-users@redhat.com></a></font><br>
<font color="#5F5F5F" size="2">Date: </font><font size="2">08/04/2016
09:08 AM</font><br>
<font color="#5F5F5F" size="2">Subject: </font><font size="2">Re:
[Freeipa-users] Querying the dir srv</font><br>
</p>
<hr style="color:#8091A5; " align="left" size="2" width="100%"
noshade="noshade"><br>
<br>
<br>
<tt>On 08/04/2016 11:31 AM, Sean Hogan wrote:<br>
><br>
> Hi All,<br>
><br>
> Where can I find information about the IPA schema as in
what = what in <br>
> the dir srv? I do not have a ldap viewer.<br>
> I am looking to pull specific info from it such as a list
of servers <br>
> that have enrolled = true and have been playing with
ldapsearch to no <br>
> avail.<br>
><br>
<br>
You could try something like 'ipa <objecttype>-show --all
<object>' to <br>
see the dn of the associated LDAP object for a particular IPA
entity. <br>
This would give you a sense of what tree to ldapsearch. You
could try <br>
adding the --raw flag as well to see the LDAP attributes of the
object.<br>
<br>
# ipa user-show --all admin<br>
dn: uid=admin,cn=users,cn=accounts,dc=example,dc=domain<br>
[...]<br>
# ldapsearch -xLLL -D cn='Directory manager' -w <directory
manager pw> <br>
-b 'cn=users,cn=accounts,dc=example,dc=domain' '(objectClass=*)'
'*' | <br>
perl -p0e 's/\n //g' | less<br>
<br>
You can also take a look at <br>
</tt><tt><a moz-do-not-send="true"
href="https://git.fedorahosted.org/cgit/freeipa.git/tree/ipalib/constants.py#n78">https://git.fedorahosted.org/cgit/freeipa.git/tree/ipalib/constants.py#n78</a></tt><tt> <br>
for a list of LDAP entities that act as containers for IPA
objects <br>
(subtrees to search under).<br>
<br>
Someone else may have some better ideas, but maybe this can get
you started.<br>
<br>
Ben<br>
<br>
</tt><br>
<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>