Skip to main content
Question

LdapSearch Syntax Help

  • April 9, 2019
  • 4 replies
  • 19 views
D
Forum|alt.badge.img+3

First post here, sorry if this is in the wrong area!

I've mapped Jamf to perform LDAP lookups to Okta's Open directory feature. I've been following a guide I found on this forum, but some of my attributes are different so I cannot resolve group names when testing.

Guides: Jamf Nation Post & Offsite Resource Guide
Note: I've also found that wildcards now work correctly.

So I connected to Okta's open directory using ldapsearch. I'm a terminal rookie, but thus far I have been able to identify all the user attributes that I needed. When I search the groups OU I receive a listing of all users that are members of groups.

Does anyone know how to make ldap search spit out the group attributes for a group?

Sanitized Syntax I'm using:
ldapsearch -x -vv -H ldaps://YOUROKTAINSTANCE.ldap.okta.com -b "ou=groups,dc=YOUROKTAINSTANCE,dc=okta,dc=com" -D "uid=ADUSERNAMEFORQUERYAUTHENTICATION, ou=users, dc=YOUROKTAINSTANCE, dc=okta, dc=com" -W

It seems the above command returns groups that have been created in Okta, not groups that are sync'd from my AD environment. I will start a ticket with Okta as well.

4 replies

R
Forum|alt.badge.img+19
  • ryan_ball
  • Contributor
  • April 9, 2019

@doooglasss You just want a listing of groups in the search base?

D
Forum|alt.badge.img+3
  • doooglasss
  • Author
  • New Contributor
  • April 9, 2019

Just looking for the attributes with their values to be listed out such as the AD Users were:

USERNAME, users, YOUROKTADOMAIN.okta.com
dn: uid=USERNAME,ou=users,dc=YOUROKTADOMAIN,dc=okta,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: x
uniqueIdentifier: x
organizationalStatus: x
givenName: x
sn: x
cn: x
mail: x
otherHomePhone: x
physicalDeliveryOfficeName:x
telephoneNumber: x
otherMailbox: x

With the above information I was able to provide the user attribute mappings to Jamf. Looking to do the same for groups.

R
Forum|alt.badge.img+19
  • ryan_ball
  • Contributor
  • April 9, 2019

@doooglasss How about this:

ldapUser="user_with_ldap_read_access"
ldapPass="pass_goes_here"
ldapsearch -LLL -h YOUROKTAINSTANCE.ldap.okta.com -x -D "$ldapUser" -w "$ldapPass" -b "ou=groups,dc=YOUROKTAINSTANCE,dc=okta,dc=com" "(objectCategory=group)"
D
Forum|alt.badge.img+3
  • doooglasss
  • Author
  • New Contributor
  • April 9, 2019

Thanks @ryan.ball Some of the command was case sensitive, but even after resolving I receive no output. even after substituting object categories.

Terms & ConditionsCookie settingsAccessibility statement