Browsing LDAP Users and Groups
The CipherTrust Manager allows you to browse the LDAP users and groups created in the LDAP connection manager. Before browsing, make sure that LDAP connection must be configured. Refer to LDAP for details.
Note
LDAP browsing is not applicable to the LDAP connection available through Access Management.
Parameter Description
Parameter | Description |
---|---|
connection-id | ID or name of the LDAP connection. |
limit | maximum number of connection information structures that can be returned by this query. |
username | username of the ldap user. |
user_id | username of the ldap user. |
groupname | groupname of the ldap group. |
hard-limit | maximum number of entries that can be returned from LDAP. The default value is 300 and range is 1-10000. |
ignore_attribute_mapping | this attribute is used to handle the response. The default value is false . When the "ignore_attribute_mapping" property is set to false , the following attributes are displayed:"uname", "uid", "gname", "gid", "osDomain" For Open LDAP: • "uname" is mapped to "user _login_attribute" which is provided while configuring the connection. • "uid" is mapped to "uidNumber" in the User Object. • "gid" is mappped to "gidNumber" in the User Object. • "gname" is mapped to the "cn" of a group in the Group Object. For Active Directory: • "uname" is mapped to "UserPrincipalName" by default. If "UserPrincipalName" is not found, it maps to "sAMAccountName". • "osDomain" is mapped to the domain provided in "UserPrincipalName" or "sAMAccountName". When the ignore_attribute_mapping property is set to true , only the dn of the User Object is displayed. |
Browsing LDAP Users
To browse LDAP users, run:
Syntax
ksctl ldap-browse users --connection-id <connectionID/Name>
Example Request 1
ksctl ldap-browse users --connection-id 19f0228c-a928-4ba0-87d2-bcef829f77eb --limit 2
Example Response 1
{
"skip": 0,
"limit": 2,
"total": 17,
"users": [
{
"DN": "uid=jblas,ou=people,dc=sjinternal,dc=com",
"attributes": [
{
"name": "uname",
"values": [
"jblas"
]
},
{
"name": "uid",
"values": [
"2000"
]
},
{
"name": "gid",
"values": [
"2000"
]
},
{
"name": "gname",
"values": [
"users"
]
}
]
},
{
"DN": "cn=Sharmeen Sorathiya,ou=people,dc=sjinternal,dc=com",
"attributes": [
{
"name": "uname",
"values": [
"ssorathiya"
]
},
{
"name": "uid",
"values": [
"2001"
]
},
{
"name": "gid",
"values": [
"2000"
]
},
{
"name": "gname",
"values": [
"users"
]
}
]
}
]
}
Example Request 2
ksctl ldap-browse users --connection-id 5ca9eaae-f319-4d62-b448-21c1dd537cc2 --username ssorathiya
Example Response 2
{
"skip": 0,
"limit": 10,
"total": 1,
"users": [
{
"DN": "cn=Sharmeen Sorathiya,ou=people,dc=sjinternal,dc=com",
"attributes": [
{
"name": "uname",
"values": [
"ssorathiya"
]
},
{
"name": "uid",
"values": [
"2001"
]
},
{
"name": "gid",
"values": [
"2000"
]
},
{
"name": "gname",
"values": [
"users"
]
}
]
}
]
}
Example Request 3
ksctl ldap-browse users --connection-id 5ca9eaae-f319-4d62-b448-21c1dd537cc2 --username ssorathiya --groupname Blue Team
Example Response 3
{
"skip": 0,
"limit": 10,
"total": 1,
"users": [
{
"DN": "cn=Sharmeen Sorathiya,ou=people,dc=sjinternal,dc=com",
"attributes": [
{
"name": "uname",
"values": [
"ssorathiya"
]
},
{
"name": "uid",
"values": [
"2001"
]
},
{
"name": "gid",
"values": [
"2000"
]
},
{
"name": "gname",
"values": [
"users"
]
}
]
}
]
}
Example Request 4
ksctl ldap-browse users --connection-id 19f0228c-a928-4ba0-87d2-bcef829f77eb --limit 1 --ignore-attribute-mapping true
Example Response 4
{
"skip": 0,
"limit": 1,
"total": 17,
"users": [
{
"DN": "uid=jblas,ou=people,dc=sjinternal,dc=com"
}
]
}
Example Request 5 (for Open LADP)
ksctl ldap-browse users --connection-id 19f0228c-a928-4ba0-87d2-bcef829f77eb --limit 1 --ignore-attribute-mapping false
Example Response 5
{
"skip": 0,
"limit": 1,
"total": 17,
"users": [
{
"DN": "uid=jblas,ou=people,dc=sjinternal,dc=com",
"attributes": [
{
"name": "uname",
"values": [
"jblas"
]
},
{
"name": "uid",
"values": [
"2000"
]
},
{
"name": "gid",
"values": [
"2000"
]
},
{
"name": "gname",
"values": [
"users"
]
}
]
}
]
}
Example Request 6 (for Active Directory)
ksctl ldap-browse users --connection-id 87822946-6e9e-42c7-9a6a-2c01dbe63840 --limit 1 --ignore-attribute-mapping false
Example Response 6
{
"skip": 0,
"limit": 1,
"total": 5,
"users": [
{
"DN": "CN=Joseph Blas,CN=Users,DC=dsmqa,DC=com",
"attributes": [
{
"name": "uname",
"values": [
"EntAdmin"
]
},
{
"name": "osDomain",
"values": [
"dsmqa.com"
]
}
]
}
]
}
Example Request 7
ksctl ldap-browse users --connection-id 19f0228c-a928-4ba0-87d2-bcef829f77eb --hard-limit 2
Example Response 7
{
"skip": 0,
"limit": 10,
"total": 2,
"users": [
{
"DN": "uid=jblas,ou=people,dc=sjinternal,dc=com",
"attributes": [
{
"name": "uname",
"values": [
"jblas"
]
},
{
"name": "uid",
"values": [
"2000"
]
},
{
"name": "gid",
"values": [
"2000"
]
},
{
"name": "gname",
"values": [
"users"
]
}
]
},
{
"DN": "cn=Sharmeen Sorathiya,ou=people,dc=sjinternal,dc=com",
"attributes": [
{
"name": "uname",
"values": [
"ssorathiya"
]
},
{
"name": "uid",
"values": [
"2001"
]
},
{
"name": "gid",
"values": [
"2000"
]
},
{
"name": "gname",
"values": [
"users"
]
}
]
}
]
}
Example Request 8
ksctl ldap-browse users --connection-id 19f0228c-a928-4ba0-87d2-bcef829f77eb --limit 1 --hard-limit 2
Example Response 8
{
"skip": 0,
"limit": 1,
"total": 2,
"users": [
{
"DN": "uid=jblas,ou=people,dc=sjinternal,dc=com",
"attributes": [
{
"name": "uname",
"values": [
"jblas"
]
},
{
"name": "uid",
"values": [
"2000"
]
},
{
"name": "gid",
"values": [
"2000"
]
},
{
"name": "gname",
"values": [
"users"
]
}
]
}
]
}
Browsing LDAP Groups
To browse LDAP groups, run:
Syntax
ksctl ldap-browse groups --connection-id <connectionID/Name>
Example Request 1
ksctl ldap-browse groups --connection-id 5ca9eaae-f319-4d62-b448-21c1dd537cc2 --limit 2
Example Response 1
{
"skip": 0,
"limit": 2,
"total": 3,
"groups": [
{
"DN": "cn=users,ou=groups,dc=sjinternal,dc=com",
"attributes": [
{
"name": "gname",
"values": [
"users"
]
}
]
},
{
"DN": "cn=Red Team,ou=groups,dc=sjinternal,dc=com",
"attributes": [
{
"name": "gname",
"values": [
"Red Team"
]
}
]
}
]
}
Example Request 2
ksctl ldap-browse groups --connection-id 5ca9eaae-f319-4d62-b448-21c1dd537cc2 --user_id ssorathiya
Example Response 2
{
"skip": 0,
"limit": 10,
"total": 1,
"groups": [
{
"DN": "cn=Blue Team,ou=groups,dc=sjinternal,dc=com",
"attributes": [
{
"name": "gname",
"values": [
"Blue Team"
]
}
]
}
]
}