... | @@ -434,7 +434,7 @@ modify an existing user or add a new one): |
... | @@ -434,7 +434,7 @@ modify an existing user or add a new one): |
|
|
|
|
|
This dump all known hosts in LDAP:
|
|
This dump all known hosts in LDAP:
|
|
|
|
|
|
ldapsearch -ZZ -Lx -h db.torproject.org -b "ou=hosts,dc=torproject,dc=org"
|
|
ldapsearch -ZZ -Lx -H ldap://db.torproject.org -b "ou=hosts,dc=torproject,dc=org"
|
|
|
|
|
|
Note that this will only work on the LDAP host itself or on
|
|
Note that this will only work on the LDAP host itself or on
|
|
whitelisted hosts which are few right now. Also note that this uses an
|
|
whitelisted hosts which are few right now. Also note that this uses an
|
... | @@ -443,7 +443,7 @@ not show up. For hosts, that's fine, but if you search for users, you |
... | @@ -443,7 +443,7 @@ not show up. For hosts, that's fine, but if you search for users, you |
|
will need to use authentication. This, for example, will dump all
|
|
will need to use authentication. This, for example, will dump all
|
|
users with an SSH key:
|
|
users with an SSH key:
|
|
|
|
|
|
ldapsearch -ZZ -LxW -h db.torproject.org -D "uid=$USER,ou=users,dc=torproject,dc=org" -b "ou=users,dc=torproject,dc=org" '(sshRSAAuthKey=*)'
|
|
ldapsearch -ZZ -LxW -H ldap://db.torproject.org -D "uid=$USER,ou=users,dc=torproject,dc=org" -b "ou=users,dc=torproject,dc=org" '(sshRSAAuthKey=*)'
|
|
|
|
|
|
Note how we added a [search filter](https://ldap.com/ldap-filters/) (`(sshRSAAuthKey=*)`) here. We could
|
|
Note how we added a [search filter](https://ldap.com/ldap-filters/) (`(sshRSAAuthKey=*)`) here. We could
|
|
also have parsed the output in a script or bash, but this can actually
|
|
also have parsed the output in a script or bash, but this can actually
|
... | @@ -452,22 +452,22 @@ objects. Sometimes it might be useful to only *list* the object |
... | @@ -452,22 +452,22 @@ objects. Sometimes it might be useful to only *list* the object |
|
handles or certain fields. For example, this will list all hosts
|
|
handles or certain fields. For example, this will list all hosts
|
|
`rebootPolicy` attribute:
|
|
`rebootPolicy` attribute:
|
|
|
|
|
|
ldapsearch -h db.torproject.org -x -ZZ -b ou=hosts,dc=torproject,dc=org -LLL '(objectClass=*)' 'rebootPolicy'
|
|
ldapsearch -H ldap://db.torproject.org -x -ZZ -b ou=hosts,dc=torproject,dc=org -LLL '(objectClass=*)' 'rebootPolicy'
|
|
|
|
|
|
This will list all servers with a manual reboot policy:
|
|
This will list all servers with a manual reboot policy:
|
|
|
|
|
|
ldapsearch -h db.torproject.org -x -ZZ -b ou=hosts,dc=torproject,dc=org -LLL '(rebootPolicy=manual)' ''
|
|
ldapsearch -H ldap://db.torproject.org -x -ZZ -b ou=hosts,dc=torproject,dc=org -LLL '(rebootPolicy=manual)' ''
|
|
|
|
|
|
Note here the empty (`''`) attribute list.
|
|
Note here the empty (`''`) attribute list.
|
|
|
|
|
|
To list hosts that do *not* have a reboot policy, you need a boolean modifier:
|
|
To list hosts that do *not* have a reboot policy, you need a boolean modifier:
|
|
|
|
|
|
ldapsearch -h db.torproject.org -x -ZZ -b ou=hosts,dc=torproject,dc=org -LLL '(!(rebootPolicy=manual))' ''
|
|
ldapsearch -H ldap://db.torproject.org -x -ZZ -b ou=hosts,dc=torproject,dc=org -LLL '(!(rebootPolicy=manual))' ''
|
|
|
|
|
|
Such filters can be stacked to do complex searches. For example, this
|
|
Such filters can be stacked to do complex searches. For example, this
|
|
filter lists all active accounts:
|
|
filter lists all active accounts:
|
|
|
|
|
|
ldapsearch -ZZ -vLxW -h db.torproject.org -D "uid=$USER,ou=users,dc=torproject,dc=org" -b "ou=users,dc=torproject,dc=org" '(&(!(|(objectclass=debianRoleAccount)(objectClass=debianGroup)(objectClass=simpleSecurityObject)(shadowExpire=1)))(objectClass=debianAccount))'
|
|
ldapsearch -ZZ -vLxW -H ldap://db.torproject.org -D "uid=$USER,ou=users,dc=torproject,dc=org" -b "ou=users,dc=torproject,dc=org" '(&(!(|(objectclass=debianRoleAccount)(objectClass=debianGroup)(objectClass=simpleSecurityObject)(shadowExpire=1)))(objectClass=debianAccount))'
|
|
|
|
|
|
This lists users with access to Gitolite:
|
|
This lists users with access to Gitolite:
|
|
|
|
|
... | | ... | |