Help

LdapSearch Syntax Help

doooglasss
New Contributor II

Posted on ‎04-08-2019 10:24 PM

First post here, sorry if this is in the wrong area!

I've mapped Jamf to perform LDAP lookups to Okta's Open directory feature. I've been following a guide I found on this forum, but some of my attributes are different so I cannot resolve group names when testing.

Guides: Jamf Nation Post & Offsite Resource Guide
Note: I've also found that wildcards now work correctly.

So I connected to Okta's open directory using ldapsearch. I'm a terminal rookie, but thus far I have been able to identify all the user attributes that I needed. When I search the groups OU I receive a listing of all users that are members of groups.

Does anyone know how to make ldap search spit out the group attributes for a group?

Sanitized Syntax I'm using:
ldapsearch -x -vv -H ldaps://YOUROKTAINSTANCE.ldap.okta.com -b "ou=groups,dc=YOUROKTAINSTANCE,dc=okta,dc=com" -D "uid=ADUSERNAMEFORQUERYAUTHENTICATION, ou=users, dc=YOUROKTAINSTANCE, dc=okta, dc=com" -W

It seems the above command returns groups that have been created in Okta, not groups that are sync'd from my AD environment. I will start a ticket with Okta as well.

Labels:
0 Kudos
4 REPLIES 4

ryan_ball
Valued Contributor

Posted on ‎04-09-2019 06:05 AM

@doooglasss You just want a listing of groups in the search base?

0 Kudos

doooglasss
New Contributor II

Posted on ‎04-09-2019 06:18 AM

Just looking for the attributes with their values to be listed out such as the AD Users were:

USERNAME, users, YOUROKTADOMAIN.okta.com
dn: uid=USERNAME,ou=users,dc=YOUROKTADOMAIN,dc=okta,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: x
uniqueIdentifier: x
organizationalStatus: x
givenName: x
sn: x
cn: x
mail: x
otherHomePhone: x
physicalDeliveryOfficeName:x
telephoneNumber: x
otherMailbox: x

With the above information I was able to provide the user attribute mappings to Jamf. Looking to do the same for groups.

0 Kudos

ryan_ball
Valued Contributor

Posted on ‎04-09-2019 06:55 AM

@doooglasss How about this:

ldapUser="user_with_ldap_read_access"
ldapPass="pass_goes_here"
ldapsearch -LLL -h YOUROKTAINSTANCE.ldap.okta.com -x -D "$ldapUser" -w "$ldapPass" -b "ou=groups,dc=YOUROKTAINSTANCE,dc=okta,dc=com" "(objectCategory=group)"
0 Kudos

doooglasss
New Contributor II

Posted on ‎04-09-2019 11:47 AM

Thanks @ryan.ball Some of the command was case sensitive, but even after resolving I receive no output. even after substituting object categories.

0 Kudos