Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5401
  • Last Modified:

Using Windows Powershell to do openldap quey. How?

Hi,

I want to use Windows powershell to query LDAP information on a Linux server using OpenLDAP.  How do I do this?

500 points.  Thank you.
0
batmon34
Asked:
batmon34
  • 13
  • 10
1 Solution
 
BSonPoshCommented:
AFAIK you can use the standard LDAP providers in System.DirectoryServices.DirectoryEntry

$de = New-Object System.DirectoryServices.DirectoryEntry("LDAP://Path")

Can you give me a example of what your trying?
0
 
batmon34Author Commented:
For starter, I just want to query all entries in the OpenLDAP server and list them out.

host: ldap.ms.com
port: 389
Base: dc=ms, dc=com
anonymous bind

With Powershell, how do I list out all entries in this ldap server?

Thanks
0
 
BSonPoshCommented:
Try this.. I am not sure the filter is correct for OpenLDAP, but I belive it is.

$root = "LDAP://ldap.ms.com/dc=ms,dc=com"
$filter = "(&(objectcategory=*))"
$dsearcher = new-object System.DirectoryServices.directorysearcher($root,$filter)
$dsearcher.pagesize = 1000
$dsearcher.findall()
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
BSonPoshCommented:
you know.. try objectclass instead of objectcategory
0
 
batmon34Author Commented:
It works for AD but does not work for openLDAP...
0
 
BSonPoshCommented:
Did you try objectclass?
What error did you get?

What happens if you just do this?

$de = new-object System.DirectoryServices.DirectoryEntry("LDAP://ldap.ms.com/dc=ms,dc=com")
$de.psbase.children
0
 
BSonPoshCommented:
Another option is to using
System.DirectoryServices.Protocols

I can post example, but I will need to install Linux and install openldap (already started)
0
 
BSonPoshCommented:
Yet another option and it maybe the easiest for you
http://www.codeplex.com/PowerShellCX

This is free and has a built in cmdlets for openldap queries
0
 
batmon34Author Commented:
It says cannot login or something.  I will take a look at the PwershellCX.
0
 
BSonPoshCommented:
Ok... I will still try to post something using System.DirectoryServices.Protocols
0
 
batmon34Author Commented:
I just installed PSCX.  It has "GET-PSPROVIDER" command that allow me to check my AD LDAP.  I haven't found a way to check OpenLDAP yet...
0
 
BSonPoshCommented:
use Get-ADObject
0
 
BSonPoshCommented:
I should get to testing the openldap code I have tonight.
0
 
BSonPoshCommented:
Ok.. I got it working for me
###################################
$DN = "LDAP://192.168.0.104/dc=example,dc=com"
$auth = [System.DirectoryServices.AuthenticationTypes]::Anonymous
$de = New-Object System.DirectoryServices.DirectoryEntry($DN,$auth)
$ds = New-Object system.DirectoryServices.DirectorySearcher($de,"(objectclass=*)")
$ds.FindAll() | ft
###################################
Output
Path                                                                                     Properties                                                
----                                                                                       ----------                                                
LDAP://192.168.0.104/dc=example,dc=com                        {o, objectclass, adspath, dc}                              
LDAP://192.168.0.104/cn=Manager,dc=example,dc=com    {objectclass, adspath, cn}                                
LDAP://192.168.0.104/cn=user,dc=example,dc=com           {objectclass, adspath, cn}                                
LDAP://192.168.0.104/cn=loser,dc=example,dc=com          {objectclass, adspath, cn}  
0
 
batmon34Author Commented:
It says:

New-Object : Cannot find an overload for ".ctor" and the argument count: "2".
At C:\Scripts\test.ps1:3 char:17
+ $de = New-Object  <<<< System.DirectoryServices.DirectoryEntry($DN,$auth)

and then it list out my own AD/LDAP info...  For some reason it is not taking my LDAP based address.

LDAP://CN=0013ceede78a,OU=MAC-AUTH,DC=research... {samaccountname, useraccountcontrol, primarygr...
0
 
BSonPoshCommented:
Did you specify server?
LDAP://<SERVER>/CN=0013ceede78a,OU=MAC-AUTH,DC=research...

Normally this would not be required, but dont think discovery it going to work for you.

Would you mind posting your $DN? You can change the "names" but keep the format.
0
 
batmon34Author Commented:
I did add it but it is not taking it.  I am running the Powershell script on one of my Windows server and I want to grab a Linux OpenLDAP's information.

$DN = "LDAP://ldap001.linux.ldap.com:389/dc=linux,dc=ldap,dc=com"
0
 
BSonPoshCommented:
Thats curious. It worked for me (against my OpenLDAP server.)

Can you attach to the server using ldp.exe from the support tools?
0
 
batmon34Author Commented:
Installed and ldp works fine.  Humm... why?
0
 
batmon34Author Commented:
So the "System.DirectoryServices.DirectoryEntry($DN,$auth)" does not work...  It says

New-Object : Cannot find an overload for ".ctor" and the argument count: "2".
At C:\Scripts\test.ps1:3 char:17
+ $de = New-Object  <<<< System.DirectoryServices.DirectoryEntry($DN,$auth)
0
 
batmon34Author Commented:
Further info.. if I don't use $auth and use "System.DirectoryServices.DirectoryEntry($DN)" instead, it will say:

PS C:\Scripts> $ds.FindAll()
Exception calling "FindAll" with "0" argument(s): "Logon failure: unknown user name or bad password.

Any idea?
0
 
BSonPoshCommented:
I am curious if you have any special settings on the LDAP server. This has work in three different environments for me.

Try
$de = New-Object System.DirectoryServices.DirectoryEntry($dn,$null,$null,$auth)

Technically speaking DirectoryEntry does not have a Constructor with only two parameters.
0
 
batmon34Author Commented:
that works!!  Thank you.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 13
  • 10
Tackle projects and never again get stuck behind a technical roadblock.
Join Now