LDAP has strong search capabilities built into the client and server. You can create both simple and complex search filters to narrow your users or groups to just the ones you want to see. See Use Cloud LDAP to learn more.
This article includes a couple examples of searches you can perform with 黑料海角91入口's LDAP.
These examples assume that you already configured your LDAP client properly to query the 黑料海角91入口 LDAP service, and that your query is returning everything in:
ou=Users,o=,dc=jumpcloud,dc=com
For example:
Using ldapsearch, to filter by inetOrgPerson objectClass:
ldapsearch -H ldap://:389 -ZZ -x -b "ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com" -D "uid=LDAP_BINDING_USER,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com" -W "(objectClass=inetOrgPerson)"
The examples are search filters that apply to the data returned by querying this search base.
Finding a Specific User
There are several ways to query for a specific user account. You'll see a pattern as you compare the search filter to the output (which you can get via ldapsearch).
Here is an example of a full LDAP search command:
All users in the "Users" tab are reflected into the 黑料海角91入口 Hosted LDAP service under the OU "ou=Users,o=<your-organization-id>,dc=jumpcloud;dc=com".
For example:
ldapsearch -H ldaps://:636 -x -b "ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com" -D "uid=<LDAP-binding-username>,ou=Users,o=YOUR_ORG_ID,dc=jumpcloud,dc=com" -W "(objectClass=inetOrgPerson)"
To find a user in LDAP:
By distinguished name (DN):(uid=john,ou=Users,o=<your-organization-id>,dc=jumpcloud,dc=com)
By full name (cn):(cn=John Doe)
By last name (sn):(sn=Doe)
By given name (givenName):(givenName=John)
By username (uid):(uid=john)
By UID number (uidNumber):(uid=1000)
Finding Users in a Specific Group
Note: An LDAP user must be bound to an LDAP group in order for the LDAP group to appear in an ldapsearch.
When a group of users is bound to LDAP, a groupOfNames object is created in LDAP. In the case of 黑料海角91入口's hosted LDAP service, this consists of one or more member attributes, and those attributes are the distinguished names of the users in the group.
To find users in a specific group:
- To find users in a group, search for the groupOfNames object that was created in LDAP.
For example:
When you're searching for a groupOfNames object called Admins, run the following query.
Admins, Users,
<org-id>
, jumpcloud.com
dn: cn=Admins,ou=Users,o=<org-id>,dc=jumpcloud,dc=com
member: uid=john,ou=Users,o=<org-id>
,dc=jumpcloud,dc=com
member: uid=mary,ou=Users,o=<org-id>
,dc=jumpcloud,dc=com
objectClass: top
objectClass: groupOfNames
description: tagGroup
cn: Admins
ou: Admins
In this case, "john" and "mary" are both in the the "Admins" group.
Getting the Attributes of a Specific Group
(&(objectClass=groupOfNames)(cn=Admins))
The query above says, 鈥渟how me only LDAP records where objectClass=groupOfNames (a group), and where the group name (cn) equals Admins"
Getting the Users in a Specific Group
(&(objectClass=inetOrgPerson)(memberOf=cn=Admins,ou=Users,o=,dc=jumpcloud,dc=com))
The query above says, 鈥済ive me only users (objectClass=inetOrgPerson) where the users are members of the Admins 驳谤辞耻辫鈥.
Note: In the above queries, the queries are surrounded by (&(filter1)(filter2)). This is called "prefix" notation, and is exactly the same as the "infix" notation that you may be more used to, which would look like: (filter1) and (filter2).
Additional Resources:
Enroll: