Ldap

ldapsearch -H ldaps://vmwintstvds001.science.roche.com:636 -x -W -b "dc=science,dc=roche,dc=com" -D "cn=SVC-TESTVDS-T1,ou=ServiceAccounts,dc=science,dc=roche,dc=com"

source ~/ldappass
ldapsearch -H ldaps://vmwintstvds001.science.roche.com:636 -x  -w $PASS -b "dc=science,dc=roche,dc=com" -D "cn=SVC-TESTVDS-T1,ou=ServiceAccounts,dc=science,dc=roche,dc=com" "cn=SVC-TESTVDS-T1"




bin/ldapsearch -p 1636 -X -Z -D "cn=directory manager" -w $DIRMGR_PASS --baseDN "cn=aspera,ou=Groups,dc=netflix,dc=net"  --searchScope base "(objectclass=*)" uniqueMember

bin/ldapsearch -p 1389 --bindDN "cn=directory manager" -w $DIRMGR_PASS --baseDN "cn=monitor" "(objectclass=*)"

ldapsearch -H ldaps://partnerdirectory.meechum.prod.netflix.net:636 -x -D "cn=Directory Manager" -W -b "dc=netflix,dc=net" -s sub -a always -z 1000 "(cn=kingpin::beehive*)" "objectClass"

ldapsearch -H ldaps://dc.example.com -x -W -D "user@example.com" -b "dc=example,dc=com" "(sAMAccountName=user)"

ldapsearch -H ldaps://dc.example.com -x -W -D "user@example.com" -b "dc=example,dc=com" "(filter)" "attr1" "attr2"

LDAP Search filters start with a (, followed by either a filter component, or one of three operators and operand(s), and end with a ).

For example, they will look something like this:

(Operator(filter)(filter)(filter)...) or this:

(attr=value)

(mail=*@tylersguides.com) (uid=tyler)

The | operator (Logical or operator)
(|(gidNumber>=2000)(mail=*@tylersguides.com))

You can give | as many filters as you like. So the following filter is perfectly valid:

(|(gidNumber=5000)(uid=testuser)(memberUid=tyler)(loginShell=/bin/bash)) The ! Operator (!(gidNumber=2000))

The & Operator (&(gidNumber=5000)(mail=*)) The & operator is a logical and. This means that all of the filters must match. In the example, only entries with a gidNumber of 5000 that have a mail attribute will match the filter. Consider the following two entries.

The operands |, &, and ! work on are just filters, so you can nest operators. For example:

(!(|(gidNumber=4000)(uid=testuser)))

When you are nesting an & or a | inside of a !, another way to think about it is to flip & and |, and put a ! in front of the operands. That sounds confusing, so consider that

(!(|(gidNumber=4000)(uid=testuser))) is equivalent to:

(&(!(gidNumber=4000))(!(uid=testuser)))

(&(objectclass=user)(uidNumber=*))

/etc/ldap/ldap.conf
URI daps://10.159.65.30
BASE dc=science,dc=roche,dc=com
DEREF never
REFERRALS off
TLS_REQCERT never
#TLS_CACERT /etc/ssl/certs/ca-certificates.crt