Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How can I use LDAPSearch to retrieve email based on selected specific CN

Joshie
New Member
‎01-29-2013 08:02 PM

Hi I have used ldapsearch to narrow down the list of members based on a specific CN:

e.g.
|ldapsearch domain="mydom" search="(&(objectclass=group)(|(CN=#R1231)(CN=#R31412)))" attrs="member"

The above will yield the list of identidies for each of the identified CN.

However, I wanted to use the above the pull more information about the individual identidies e.f. telephone, email, department etc.

I was hoping I can pipe it to another ldapsearch command but don't have any progress thus far.

Anyone has manage to do nested ldapsearch or have done what I was hoping to before?

Thanks for any help!

Tags (1)
0 Karma
Reply

ahall_splunk
Splunk Employee
Splunk Employee
‎01-29-2013 10:32 PM

You can easily nest things by using the other LDAP commands in the package. For example, using

|ldapsearch domain="X" search="(CN=#*)" attrs="distinguishedName"|ldapgroup

You get an expansion that actually shows the membership in a field called memberDN. You can expand this with ldapfetch:

|ldapsearch domain="X" search="(CN=#*)" attrs="distinguishedName"|ldapgroup|mvexpand memberdn|table cn,memberdn|ldapfetch dn=memberdn attrs="mail"|table cn,memberdn,mail

Check out the specific documentation within the SA-ldapsearch app, that has explicit examples for each of the four commands.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...