LdapSearch Syntax Help

doooglasss
New Contributor II

First post here, sorry if this is in the wrong area!

I've mapped Jamf to perform LDAP lookups to Okta's Open directory feature. I've been following a guide I found on this forum, but some of my attributes are different so I cannot resolve group names when testing.

Guides: Jamf Nation Post & Offsite Resource Guide
Note: I've also found that wildcards now work correctly.

So I connected to Okta's open directory using ldapsearch. I'm a terminal rookie, but thus far I have been able to identify all the user attributes that I needed. When I search the groups OU I receive a listing of all users that are members of groups.

Does anyone know how to make ldap search spit out the group attributes for a group?

Sanitized Syntax I'm using:
ldapsearch -x -vv -H ldaps://YOUROKTAINSTANCE.ldap.okta.com -b "ou=groups,dc=YOUROKTAINSTANCE,dc=okta,dc=com" -D "uid=ADUSERNAMEFORQUERYAUTHENTICATION, ou=users, dc=YOUROKTAINSTANCE, dc=okta, dc=com" -W

It seems the above command returns groups that have been created in Okta, not groups that are sync'd from my AD environment. I will start a ticket with Okta as well.

4 REPLIES 4

ryan_ball
Valued Contributor

@doooglasss You just want a listing of groups in the search base?

doooglasss
New Contributor II

Just looking for the attributes with their values to be listed out such as the AD Users were:

USERNAME, users, YOUROKTADOMAIN.okta.com
dn: uid=USERNAME,ou=users,dc=YOUROKTADOMAIN,dc=okta,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: x
uniqueIdentifier: x
organizationalStatus: x
givenName: x
sn: x
cn: x
mail: x
otherHomePhone: x
physicalDeliveryOfficeName:x
telephoneNumber: x
otherMailbox: x

With the above information I was able to provide the user attribute mappings to Jamf. Looking to do the same for groups.

ryan_ball
Valued Contributor

@doooglasss How about this:

ldapUser="user_with_ldap_read_access"
ldapPass="pass_goes_here"
ldapsearch -LLL -h YOUROKTAINSTANCE.ldap.okta.com -x -D "$ldapUser" -w "$ldapPass" -b "ou=groups,dc=YOUROKTAINSTANCE,dc=okta,dc=com" "(objectCategory=group)"

doooglasss
New Contributor II

Thanks @ryan.ball Some of the command was case sensitive, but even after resolving I receive no output. even after substituting object categories.