How do you search by dn in ldap

Question

I'm pulling information about a user from LDAP. This includes directReports, which is in the full CN=cnBlah, OU=ouBlah, DC=dcBlah form. I'm trying to do another lookup to find info about the reportee.

So far the only way I've been able to actually find said user is to break out the CN= and set the remainder of the string as the base.

Is this the proper way of doing it? Or is there a way to search for an entry given the full DN?

Answer 1

Use the DN as the base object in the search and set the scope of the search to base.

Answer 2

Calling ldapsearch with the -f option would do pretty much what you want.

Save your first search results to a file, with only the value of the cn attribute. For example, your file would look like this :

users.txt:

user1
user2
cnBlah
john
jim
user883

Then call ldapsearch with a base that is high enough to encompass all users. This could be -b dc=users,dc=example,dc=com.

So if you saved your user list to a file named users.txt, your ldapsearch command line would look like this :

#I removed the hostname, port and authentification for clarity
ldapsearch -b "dc=users,dc=example,dc=com" -s sub "cn=%s" -f users.txt -LLL

Long lines will wrap at ~76 characters. Nothing that a pipe through perl -p00e 's/\r?\n //g' can't fix. (Or just add option -o ldif-wrap=no to your ldapsearch commandline.)

Answer 3

Closing the loop on this question, courtesy of https://www.openldap.org/lists/openldap-software/200503/msg00520.html

When you know the DN of an entry, there is no need to "search" for it all, just retrieve the entry directly: ldapsearch -x -LLL -b "uid=droy,ou=people,dc=eclipse,dc=org"

So that answers the "how do you use ldapsearch to lookup() an item rather than search for it"