Browsing LDAP Users and Groups
The CipherTrust Manager allows you to browse the LDAP users and groups created in the LDAP connection manager. Before browsing, make sure that LDAP connection must be configured. Refer to LDAP for details.
Note
LDAP browsing is not applicable to the LDAP connection available through Access Management.
Browsing LDAP Users
To browse LDAP users, run:
Syntax
ksctl ldap-browse users --connection-id <connectionID/name> --limit <limit> --username <username> --groupname <groupname> --server-maximum-page-size <server-maximum-page-size> -- early-listing-stop <early-listing-stop>
Here,
connection-id- connection ID of the ldap server.limit- maximum number of connection information structures that can be returned by this query.username- username of the ldap user.groupname- groupname of the ldap group.server-maximum-page-size- Sets the page size which determines the number of users/groups to be fetched from the LDAP server using pagination.early-listing-stop- When set tofalsedisplays the total number of users/groups that are present on the LDAP server. When set totrue, the value oftotalin the response is displayed as-1indicating that more records are present on the ldap server than the limit specified. The default value ofearly-listing-stopis false. Let's take a scenario where we have setearly-listing-stopto true and the LDAP server contains total 5000 users. On the CipherTrust Manager, thelimitparameter is set to 1000, then total number of entries in response will 1000 and the value oftotalwill be-1.
Example Request 1
ksctl ldap-browse users --connection-id 19f0228c-a928-4ba0-87d2-bcef829f77eb --limit 2
Example Response 1
{
"skip": 0,
"limit": 2,
"total": 7,
"users": [
{
"DN": "cn=Amy Wong+sn=Kroker,ou=people,dc=planetexpress,dc=com",
"attributes": [
{
"name": "cn",
"values": [
"Amy Wong"
]
},
{
"name": "uid",
"values": [
"amy"
]
}
]
},
{
"DN": "cn=Bender Bending Rodríguez,ou=people,dc=planetexpress,dc=com",
"attributes": [
{
"name": "cn",
"values": [
"Bender Bending Rodríguez"
]
},
{
"name": "uid",
"values": [
"bender"
]
}
]
}
]
}
Example Request 2
ksctl ldap-browse users --connection-id 5ca9eaae-f319-4d62-b448-21c1dd537cc2 --limit 1 --username fry
Example Response 2
{
"skip": 0,
"limit": 1,
"total": 1,
"users": [
{
"DN": "cn=Philip J. Fry,ou=people,dc=planetexpress,dc=com",
"attributes": [
{
"name": "cn",
"values": [
"Philip J. Fry"
]
},
{
"name": "uid",
"values": [
"fry"
]
}
]
}
]
}
Example Request 3
ksctl ldap-browse users --connection-id 5ca9eaae-f319-4d62-b448-21c1dd537cc2 --limit 1 --username bender --groupname *crew
Example Response 3
{
"skip": 0,
"limit": 10,
"total": 1,
"users": [
{
"DN": "cn=Bender Bending Rodríguez,ou=people,dc=planetexpress,dc=com",
"attributes": [
{
"name": "cn",
"values": [
"Bender Bending Rodríguez"
]
},
{
"name": "uid",
"values": [
"bender"
]
}
]
}
]
}
Example Request 4
ksctl ldap-browse users --connection-id 19f0228c-a928-4ba0-87d2-bcef829f77eb --limit 2 --server-maximum-page-size 10000 --early-listing-stop true
Example Response 4
{
"skip": 0,
"limit": 2,
"total": -1,
"users": [
{
"DN": "uid=arsh,ou=people,dc=example,dc=com",
"attributes": [
{
"name": "uid",
"values": [
"2000"
]
},
{
"DN": "cn=Member4,ou=people,dc=example,dc=com",
"attributes": [
{
"name": "uname",
"values": [
"Member4"
]
}
]
}
]
}
Browsing LDAP Groups
To browse LDAP groups, run:
Syntax
ksctl ldap-browse groups --connection-id <connectionID/name> --limit <> --group_id_attribute <group-id-attribute> --groupname <group-name> --user_id <user-id> --server-maximum-page-size <server-maximum-page-size> --early-listing-stop <early-listing-stop>
Here,
connection-id- connection ID of the ldap server.limit- maximum number of connection information structures that can be returned by this query.group_id_attribute- attribute inside the group object which contains the group identifier (name). This value should be unique.groupname- groupname of the ldap group.user_id- username of the ldap user.server-maximum-page-size- sets the page size which determines the number of users/groups to be fetched from the LDAP server using pagination.early-listing-stop- when set tofalsedisplays the total number of users/groups that are present on the LDAP server. When set totrue, the value oftotalin the response is displayed as-1indicating that more records are present on the ldap server than the limit specified. The default value ofearly-listing-stopis false. Let's take a scenario where we have setearly-listing-stopto true and the LDAP server contains total 5000 users. On the CipherTrust Manager, thelimitparameter is set to 1000, then total number of entries in response will 1000 and the value oftotalwill be-1.
Example Request 1
ksctl ldap-browse groups --connection-id 5ca9eaae-f319-4d62-b448-21c1dd537cc2 --limit 1
Example Response 1
{
"skip": 0,
"limit": 1,
"total": 2,
"groups": [
{
"DN": "cn=admin_staff,ou=people,dc=planetexpress,dc=com",
"attributes": [
{
"name": "cn",
"values": [
"admin_staff"
]
}
]
}
]
}
Example Request 2
ksctl ldap-browse groups --connection-id 5ca9eaae-f319-4d62-b448-21c1dd537cc2 --limit 1 --group_id_attribute cn --groupname admin*
Example Response 2
{
"skip": 0,
"limit": 1,
"total": 1,
"groups": [
{
"DN": "cn=admin_staff,ou=people,dc=planetexpress,dc=com",
"attributes": [
{
"name": "cn",
"values": [
"admin_staff"
]
}
]
}
]
}
Example Request 3
ksctl ldap-browse groups --connection-id 5ca9eaae-f319-4d62-b448-21c1dd537cc2 --limit 1 --group_id_attribute cn --user_id fry
Example Response 3
{
"skip": 0,
"limit": 1,
"total": 2,
"groups": [
{
"DN": "cn=admin_staff,ou=people,dc=planetexpress,dc=com",
"attributes": [
{
"name": "cn",
"values": [
"admin_staff"
]
}
]
}
]
}
Example Request 4
ksctl ldap-browse groups --connection-id 19f0228c-a928-4ba0-87d2-bcef829f77eb --limit 2 --server-maximum-page-size 10000 --early-listing-stop true
Example Response 4
{
"skip": 0,
"limit": 2,
"total": -1,
"groups": [
{
"DN": "cn=boys,ou=groups,dc=example,dc=com",
"attributes": [
{
"name": "gname",
"values": [
"boys"
]
}
]
},
{
"DN": "cn=testGrp8,ou=groups,dc=example,dc=com",
"attributes": [
{
"name": "gname",
"values": [
"testGrp8"
]
}
]
}
]
}
