All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

ldapsearch path/base parameter manipulation and command reference

dmcinnis
New Member
‎12-16-2013 05:05 AM

Hi Everyone,

I am looking at using ldapsearch / ldapfilter in a search I am launching, and I wish to change at which location the ldapsearch will look for specific objects and attributes.

using this syntax from inside the search page :

|ldapsearch domain=internal search="(objectCategory=computer)" attrs="cn,userAccountControl" | table cn userAccountControl

I get a list of computer objects and their userAccountControl values.

However I wish to only search for objects that reside in specific OU's in the AD structure.
I cannot seem to find the command reference for all parameters for "ldapsearch" within splunk that would indicate how to select parts of a domain structure.
Or can you use the full ldapsearch with command line parameters inside the search bar like "ldapsearch -h hostname.domain -b ou=myou,dc=mydomain1,dc=mydomain2,dc=mydomaintld objectCategory=computer attrs="cn,userAccountControl" and so forth? I tried this maybe inproperly and got nothing but errors.

Many thanks for any information or guidance
David.

Tags (1)
0 Karma
Reply

MuS
Legend
‎08-27-2014 12:02 PM

Hi dmcinnis,

Take a look at this app http://apps.splunk.com/app/1852/ it can be used like the *nix ldapsearch command.

cheers, MuS

Reply

dmcinnis
New Member
‎12-16-2013 06:14 AM

I found a way of restricting it somehow by adding a | search "ou=XYZ ABC " as a second search afterwards. Possibly there is a better method of accomplishing this however.

0 Karma
Reply
Get Updates on the Splunk Community!

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

At .conf25, Splunk proudly recognized Fast Lane as the 2025 Authorized Learning Partner of the Year. This ...

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...