How can I use LDAPSearch to retrieve email based o...

Joshie · ‎01-29-2013

Hi I have used ldapsearch to narrow down the list of members based on a specific CN:

e.g.
|ldapsearch domain="mydom" search="(&(objectclass=group)(|(CN=#R1231)(CN=#R31412)))" attrs="member"

The above will yield the list of identidies for each of the identified CN.

However, I wanted to use the above the pull more information about the individual identidies e.f. telephone, email, department etc.

I was hoping I can pipe it to another ldapsearch command but don't have any progress thus far.

Anyone has manage to do nested ldapsearch or have done what I was hoping to before?

Thanks for any help!

ahall_splunk · ‎01-29-2013

You can easily nest things by using the other LDAP commands in the package. For example, using

|ldapsearch domain="X" search="(CN=#*)" attrs="distinguishedName"|ldapgroup

You get an expansion that actually shows the membership in a field called memberDN. You can expand this with ldapfetch:

|ldapsearch domain="X" search="(CN=#*)" attrs="distinguishedName"|ldapgroup|mvexpand memberdn|table cn,memberdn|ldapfetch dn=memberdn attrs="mail"|table cn,memberdn,mail

Check out the specific documentation within the SA-ldapsearch app, that has explicit examples for each of the four commands.

How can I use LDAPSearch to retrieve email based on selected specific CN

Simplifying the Analyst Experience with Finding-based Detections

[Puzzles] Solve, Learn, Repeat: Word Search

[Puzzles] Solve, Learn, Repeat: Advent of Code - Day 4

Join the Conversation

How can I use LDAPSearch to retrieve email based on selected specific CN

Simplifying the Analyst Experience with Finding-based Detections

[Puzzles] Solve, Learn, Repeat: Word Search

[Puzzles] Solve, Learn, Repeat: Advent of Code - Day 4