Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

G Suite LDAP Search with ldapsearch

Tags:

ldap

google-workspace

I've configured an ldap app in G Suite and I've downloaded the cert & key. I'm trying to query it via ldapsearch:

LDAPTLS_CERT="Google_cert.crt" \
LDAPTLS_KEY="Google_cert.key" \
ldapsearch -H ldaps://ldap.google.com:636 -b dc=XXXXX,dc=XXX -x '([email protected])'

The response I get is this:

# extended LDIF
#
# LDAPv3
# base <dc=XXXXX,dc=XXX> with scope subtree
# filter: ([email protected])
# requesting: ALL
#

# search result
search: 2
result: 0 Success

# numResponses: 1

I'm not sure how to interpret the response. Did it execute the search and find nothing? What do the search, result, and numResponses mean?

I would expect more information, as I'm searching for myself, so I know I'm in there. Is my query messed up?

EDIT Based on the comments, I changed my query to *:

LDAPTLS_CERT="Google_cert.crt" \
LDAPTLS_KEY="Google_cert.key" \
ldapsearch -H ldaps://ldap.google.com:636 -b dc=XXXXX,dc=XXX -x '*'

and got this:

# extended LDIF
#
# LDAPv3
# base <dc=XXXXX,dc=XXX> with scope subtree
# filter: (objectclass=*)
# requesting: *
#

# XXXXX.XXX
dn: dc=XXXXX,dc=XXX
objectClass: top
objectClass: domain
objectClass: dcObject
dc: XXXXX

# Groups, XXXXX.XXX
dn: ou=Groups,dc=XXXXX,dc=XXX
objectClass: top
objectClass: organizationalUnit
ou: Groups

# search result
search: 2
result: 0 Success

# numResponses: 3
# numEntries: 2

Does this mean the only next level container is Groups and that next I need to search down in that ou?

like image 513
BigTexasDork Avatar asked Dec 05 '25 12:12

BigTexasDork

1 Answers

I'm on a Mac, and ldapsearch on Mac is different. Instead of using LDAPTLS_CERT & LDAPTLS_KEY, I had to convert the certificate and key files to one PKCS12 formatted file and import them into my MacBook's keychain, then use the LDAPTLS_IDENTITY environment variable with the ldapsearch command. This page Connect LDAP clients to the Secure LDAP service has specific instructions for using ldapsearch on MacOS.

After that, this is the command that found my user:

LDAPTLS_IDENTITY="LDAP Client" ldapsearch -H ldaps://ldap.google.com:636 -b dc=XXXXX,dc=XXX '(uid=first.last)'

Hope this saves somebody else some time.

like image 157
BigTexasDork Avatar answered Dec 07 '25 16:12

BigTexasDork

Sign in to Comment

Related questions

Active Directory Filter PHP
Apache client certificate authentication with LDAP authorization
What is the best client LDAP API for Python? [duplicate]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!