Reputation: 35
How to convert ldap python code to ldapsearch parameters?
The following python code provides me with the expected entry:
from ldap3 import Server, Connection, ALL, SUBTREE, ALL_ATTRIBUTES
from pprint import pprint
import json
server = Server( 'server.domain.org', use_ssl = True, port = 636 )
c = Connection( server, user = 'username', password = 'password123' )
c.bind()
c.search(search_base = 'cn=users,dc=domain,dc=org',
search_filter = '(mailNickname=username)',
search_scope = SUBTREE,
attributes = ALL_ATTRIBUTES,
paged_size = 5)
total_entries = len( c.response )
print( total_entries )
for entry in c.entries:
converted = json.loads( entry.entry_to_json() )
pprint( converted )
I would like to be able to get the same entry using the ldapsearch command.
However, when I try variants on:
ldapsearch -x -LLL -H ldaps://server.domain.org:636 -D '' -w password123 -b 'cn=users,dc=domain,dc=org' -s sub '(objectClass=*)' 'givenName=username'
I just get back errors like:
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
Any idea what might be going wrong?
Upvotes: 0
Views: 420
Answers (2)
Reputation: 35
The issue was that the python code was able to access the certificates required for TLS communication where ldapsearch was not. I was able to resolve the problem by adding:
TLS_CACERT /full/path/to/Certificates.pem
TLS_REQCERT demand
to ~/.ldaprc. Certificates.pem contained the certificates I needed.
There are likely other valid ways which would allow ldapsearch to find the required certificate.
Upvotes: 0
Reputation: 1706
Converting the search performed in your code (I changed the domain name to one of the RFC 2606 reserved domains) to ldapsearch yields:
ldapsearch -x -LLL -H ldaps://server.example.org:636 -D 'username' -w password123 -b 'cn=users,dc=domain,dc=org' -s sub '(mailNickname=username)'
The ldapsearch binary may not be able to negotiate an SSL connection with your LDAP server. If clear text LDAP is available on the host, test without SSL to verify the cause of the connection failure:
ldapsearch -x -LLL -H ldap://server.example.org:389 -D 'username' -w password123 -b 'cn=users,dc=domain,dc=org' -s sub '(mailNickname=username)'
Upvotes: 1
Related Questions
- LDAP query in python
- Python LDAP How to convert search entry into string
- Shell script to python script convertion
- Python LDAP Search
- python ldap3 search LDAPOperationsErrorResult
- LDAP search attributes
- ldapsearch works but python-ldap doesn't
- Searching LDAP with Python without LDAP library
- Using parentheses in Python LDAP's search
- python ldap "Bad search filter" error