We help IT Professionals succeed at work.

Using Windows Powershell to do openldap quey.  How?

batmon34
batmon34 asked
on
8,098 Views
Last Modified: 2012-05-05
Hi,

I want to use Windows powershell to query LDAP information on a Linux server using OpenLDAP.  How do I do this?

500 points.  Thank you.
Comment
Watch Question

Commented:
AFAIK you can use the standard LDAP providers in System.DirectoryServices.DirectoryEntry

$de = New-Object System.DirectoryServices.DirectoryEntry("LDAP://Path")

Can you give me a example of what your trying?

Author

Commented:
For starter, I just want to query all entries in the OpenLDAP server and list them out.

host: ldap.ms.com
port: 389
Base: dc=ms, dc=com
anonymous bind

With Powershell, how do I list out all entries in this ldap server?

Thanks

Commented:
Try this.. I am not sure the filter is correct for OpenLDAP, but I belive it is.

$root = "LDAP://ldap.ms.com/dc=ms,dc=com"
$filter = "(&(objectcategory=*))"
$dsearcher = new-object System.DirectoryServices.directorysearcher($root,$filter)
$dsearcher.pagesize = 1000
$dsearcher.findall()

Commented:
you know.. try objectclass instead of objectcategory

Author

Commented:
It works for AD but does not work for openLDAP...

Commented:
Did you try objectclass?
What error did you get?

What happens if you just do this?

$de = new-object System.DirectoryServices.DirectoryEntry("LDAP://ldap.ms.com/dc=ms,dc=com")
$de.psbase.children

Commented:
Another option is to using
System.DirectoryServices.Protocols

I can post example, but I will need to install Linux and install openldap (already started)

Commented:
Yet another option and it maybe the easiest for you
http://www.codeplex.com/PowerShellCX

This is free and has a built in cmdlets for openldap queries

Author

Commented:
It says cannot login or something.  I will take a look at the PwershellCX.

Commented:
Ok... I will still try to post something using System.DirectoryServices.Protocols

Author

Commented:
I just installed PSCX.  It has "GET-PSPROVIDER" command that allow me to check my AD LDAP.  I haven't found a way to check OpenLDAP yet...

Commented:
use Get-ADObject

Commented:
I should get to testing the openldap code I have tonight.

Commented:
Ok.. I got it working for me
###################################
$DN = "LDAP://192.168.0.104/dc=example,dc=com"
$auth = [System.DirectoryServices.AuthenticationTypes]::Anonymous
$de = New-Object System.DirectoryServices.DirectoryEntry($DN,$auth)
$ds = New-Object system.DirectoryServices.DirectorySearcher($de,"(objectclass=*)")
$ds.FindAll() | ft
###################################
Output
Path                                                                                     Properties                                                
----                                                                                       ----------                                                
LDAP://192.168.0.104/dc=example,dc=com                        {o, objectclass, adspath, dc}                              
LDAP://192.168.0.104/cn=Manager,dc=example,dc=com    {objectclass, adspath, cn}                                
LDAP://192.168.0.104/cn=user,dc=example,dc=com           {objectclass, adspath, cn}                                
LDAP://192.168.0.104/cn=loser,dc=example,dc=com          {objectclass, adspath, cn}  

Author

Commented:
It says:

New-Object : Cannot find an overload for ".ctor" and the argument count: "2".
At C:\Scripts\test.ps1:3 char:17
+ $de = New-Object  <<<< System.DirectoryServices.DirectoryEntry($DN,$auth)

and then it list out my own AD/LDAP info...  For some reason it is not taking my LDAP based address.

LDAP://CN=0013ceede78a,OU=MAC-AUTH,DC=research... {samaccountname, useraccountcontrol, primarygr...

Commented:
Did you specify server?
LDAP://<SERVER>/CN=0013ceede78a,OU=MAC-AUTH,DC=research...

Normally this would not be required, but dont think discovery it going to work for you.

Would you mind posting your $DN? You can change the "names" but keep the format.

Author

Commented:
I did add it but it is not taking it.  I am running the Powershell script on one of my Windows server and I want to grab a Linux OpenLDAP's information.

$DN = "LDAP://ldap001.linux.ldap.com:389/dc=linux,dc=ldap,dc=com"

Commented:
Thats curious. It worked for me (against my OpenLDAP server.)

Can you attach to the server using ldp.exe from the support tools?

Author

Commented:
Installed and ldp works fine.  Humm... why?

Author

Commented:
So the "System.DirectoryServices.DirectoryEntry($DN,$auth)" does not work...  It says

New-Object : Cannot find an overload for ".ctor" and the argument count: "2".
At C:\Scripts\test.ps1:3 char:17
+ $de = New-Object  <<<< System.DirectoryServices.DirectoryEntry($DN,$auth)

Author

Commented:
Further info.. if I don't use $auth and use "System.DirectoryServices.DirectoryEntry($DN)" instead, it will say:

PS C:\Scripts> $ds.FindAll()
Exception calling "FindAll" with "0" argument(s): "Logon failure: unknown user name or bad password.

Any idea?
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
that works!!  Thank you.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.