Using ldapsearch

Problem

You're attempting to set up LDAP, and you're hitting a problem where you need to see the exact values being returned by the LDAP server. This is where a tool like ldapsearch comes in handy.

Solution

1. Open your System Console > Authentication > LDAP, or open your config.json file, and go to the LdapSettings section. We will use your LDAP values to populate the ldapsearch tool.

2. Install ldap-utils:

sudo apt install ldap-utils

3. Take note of the values below from your Mattermost System Console or config.json file:

  • BaseDN
  • LDAP Server
  • LDAP Port (if not a default ldap port)
  • Bind Username
  • Bind Password
  • User filter

4. Structure your ldapsearch command like below.

ldapsearch -x -b "BaseDN" -H ldap://ip_address:port -D "Bind Username" -W "user filters"

Example:

  • BaseDN - "dc=mattermost,dc=com"
  • LDAP Server - "10.8.57.32"
  • LDAP Port - "389"
  • Bind Username = "cn=admin,dc=mattermost,dc=com"
  • Bind Password = "really_secure_password"
  • User filter = "objectCategory=Person"
ldapsearch -x -b "DC=mattermost,DC=com" -H ldap ldap://10.8.57.32 -D "cn=admin,dc=mattermost,dc=com" -W "objectCategory=Person"

You can customize the user filter to be anything you'd like it to be, but we encourage you to always include the user filter you've configured in Mattermost to ensure you only are returned valid users who can log into Mattermost.

If you need to search for a specific user, use the AND operator in ldapsearch. For example, if we wanted the user 'Bill'.

ldapsearch -x -b "DC=mattermost,DC=com" -h 10.8.57.32 -p 389 -D "cn=admin,dc=mattermost,dc=com" -W "(&(objectCategory=Person)(sAMAccountName=Bill))"

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.