LDAP/Active Directory troubleshooting via ldapsearch command

This article provides some examples for how to verify connectivity to your ldap (or Active Directory) server

Use ldapsearch command

From the Metric Insights linux command line, you can issue ldap queries via ldapsearch command line tool.

1. ldapsearch - get all users

$ ldapsearch -xLLL -H ldaps://<ldap server> -b 'ou=People,dc=metricinsights,dc=com' 
dn: ou=people,dc=metricinsights,dc=com 
ou: people 
objectClass: organizationalUnit 
dn: uid=testuser1,ou=people,dc=metricinsights,dc=com 
uid: testuser1 
uidNumber: 1002 
gidNumber: 1000 
cn: testuser1 
sn: Test1 
objectClass: top 
objectClass: person 
objectClass: posixAccount 
objectClass: shadowAccount 
loginShell: /bin/bash 
homeDirectory: /home/testuser1 
dn: uid=testuser3,ou=people,dc=metricinsights,dc=com 
uid: testuser3 
uidNumber: 1001 
gidNumber: 1000 
cn: testuser3 
sn: Test3 
objectClass: top 
objectClass: person 
objectClass: inetOrgPerson 
objectClass: posixAccount 
objectClass: shadowAccount 
loginShell: /bin/bash 
homeDirectory: /home/testuser 
givenName: Test3 
mail: [email protected] 

2. ldapsearch - get specific user

$ ldapsearch -xLLL -H ldaps://<ldap server> -b 'ou=People,dc=metricinsights,dc=com' '(uid=testuser1)' 
dn: uid=testuser,ou=people,dc=metricinsights,dc=com 
uid: testuser1 
uidNumber: 1001 
gidNumber: 1000 
cn: testuser1 
sn: Test1 
objectClass: top 
objectClass: person 
objectClass: inetOrgPerson 
objectClass: posixAccount 
objectClass: shadowAccount 
loginShell: /bin/bash 
homeDirectory: /home/testuser 
givenName: Tester 
mail: [email protected] 

3. ldapsearch - provide credentials to access ldap server

ldapsearch -xLLL -H ldaps://<ldap server> -D '<ldap credentials username>' -W -b 'CN=Users,DC=metricinsights,DC=com' 'samaccountname=tester1'