Use ldapsearch to verify LDAP authentication information

There will be countless accounts for a variety of systems in an enterprise. one of the better solutions is to use LDAP. However, to verify whether Microsoft's ActiveDirectory authentication is successful, you can use the ldapsearch command.

First install on Ubuntu:

 
Apt-Get install ldap_utils
 

Then the command can be run. Let's look at an example:

 
Root @ gitlab :~ # Ldapsearch-P 389-h $ ldaphost-d "cn = $ firstname $ lastname, ou = China, ou = International, ou = offices, Dc = ESRI, dc = com "-W" $ PWD "-B" DC = ESRI, Dc = com "-X" samaccountname = $ loginname"
 

Here several parameters to explain, detailed reference documents: http://linux.die.net/man/1/ldapsearch

-P port number

-H Domain Name of the LDAP server

-D binddn, which must be obtained from the LDAP administrator. Note that Cn = $ firstname $ lastname is your user name on Active Directory, first name and last name.

Binddn

Use the Distinguished Name BinddnTo bind to the LDAP directory. For SASL binds, the server is expected to ignore this value.

-W is followed by the password and should be included in ""

-B Search Base, which must also be obtained from the LDAP Administrator

Use SearchbaseAs the starting point for the search instead of the default.

-XUsername followed by samaccountname cannot be modified

Use simple authentication instead of SASL.

If the information is obtained after execution, the configuration is correct. You can copy the configuration to the system service that needs to connect to LDAP.