Much prettier LDAP searches

I’ve been manually querying an active directory server using LDAP a lot recently to test filters and such, and it gets tiring to type in, edit, or even paste really the really long commands needed to use the ldapsearch tool from the command line.

I’m talking about such long commands as

ldapsearch -H "ldaps:// ldaps://" -b "dc=my,dc=organization,dc=net" -w "bind-password" -D "cn=ad-bind-user,cn=users,dc=my,dc=organization,dc=net" "(&(objectClass=user)(mail=*))"

What a beast! And that’s a relatively simple filter at the end.

Since the search base, server, and bind parameters don’t ever change I just aliased it in my shell. I opened up ~/.bashrc and at the bottom wrote

alias ldapsearch='ldapsearch -H "ldaps:// ldaps://" -b "dc=my,dc=organization,dc=net" -w "bind-password" -D "cn=ad-bind-user,cn=users,dc=my,dc=organization,dc=net"'

Close the terminal, log back in, and now I can get away with the much nicer command

ldapsearch "(&(objectClass=user)(mail=*))"

Plus, there’s the added benefit of not leaving the whole bind password out there on your screen each time!

No Comments, Be The First!

Your email address will not be published.