I’ve been manually querying an active directory server using LDAP a lot recently to test filters and such, and it gets tiring to type in, edit, or even paste really the really long commands needed to use the ldapsearch tool from the command line.
I’m talking about such long commands as
ldapsearch -H "ldaps://ad1.my.organization.net ldaps://ad2.my.organization.net" -b "dc=my,dc=organization,dc=net" -w "bind-password" -D "cn=ad-bind-user,cn=users,dc=my,dc=organization,dc=net" "(&(objectClass=user)(mail=*))"
What a beast! And that’s a relatively simple filter at the end.
Since the search base, server, and bind parameters don’t ever change I just aliased it in my shell. I opened up ~/.bashrc and at the bottom wrote
alias ldapsearch='ldapsearch -H "ldaps://ad1.my.organization.net ldaps://ad2.my.organization.net" -b "dc=my,dc=organization,dc=net" -w "bind-password" -D "cn=ad-bind-user,cn=users,dc=my,dc=organization,dc=net"'
Close the terminal, log back in, and now I can get away with the much nicer command
ldapsearch "(&(objectClass=user)(mail=*))"
Plus, there’s the added benefit of not leaving the whole bind password out there on your screen each time!
No Comments, Be The First!