Posted on 04-08-2019 10:24 PM
First post here, sorry if this is in the wrong area!
I've mapped Jamf to perform LDAP lookups to Okta's Open directory feature. I've been following a guide I found on this forum, but some of my attributes are different so I cannot resolve group names when testing.
Guides: Jamf Nation Post & Offsite Resource Guide
Note: I've also found that wildcards now work correctly.
So I connected to Okta's open directory using ldapsearch. I'm a terminal rookie, but thus far I have been able to identify all the user attributes that I needed. When I search the groups OU I receive a listing of all users that are members of groups.
Does anyone know how to make ldap search spit out the group attributes for a group?
Sanitized Syntax I'm using:
ldapsearch -x -vv -H ldaps://YOUROKTAINSTANCE.ldap.okta.com -b "ou=groups,dc=YOUROKTAINSTANCE,dc=okta,dc=com" -D "uid=ADUSERNAMEFORQUERYAUTHENTICATION, ou=users, dc=YOUROKTAINSTANCE, dc=okta, dc=com" -W
It seems the above command returns groups that have been created in Okta, not groups that are sync'd from my AD environment. I will start a ticket with Okta as well.
Posted on 04-09-2019 06:05 AM
@doooglasss You just want a listing of groups in the search base?
Posted on 04-09-2019 06:18 AM
Just looking for the attributes with their values to be listed out such as the AD Users were:
USERNAME, users, YOUROKTADOMAIN.okta.com
dn: uid=USERNAME,ou=users,dc=YOUROKTADOMAIN,dc=okta,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: x
uniqueIdentifier: x
organizationalStatus: x
givenName: x
sn: x
cn: x
mail: x
otherHomePhone: x
physicalDeliveryOfficeName:x
telephoneNumber: x
otherMailbox: x
With the above information I was able to provide the user attribute mappings to Jamf. Looking to do the same for groups.
Posted on 04-09-2019 06:55 AM
@doooglasss How about this:
ldapUser="user_with_ldap_read_access"
ldapPass="pass_goes_here"
ldapsearch -LLL -h YOUROKTAINSTANCE.ldap.okta.com -x -D "$ldapUser" -w "$ldapPass" -b "ou=groups,dc=YOUROKTAINSTANCE,dc=okta,dc=com" "(objectCategory=group)"
Posted on 04-09-2019 11:47 AM
Thanks @ryan.ball Some of the command was case sensitive, but even after resolving I receive no output. even after substituting object categories.