You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org

User:BryanDavis/LDAP

From Wikitech-static
Jump to navigation Jump to search

Notes on using LDAP.

Easy CLI queries

I have a shell alias for running ldapsearch which tells it to use paginated queries with a large page size, no prompting before fetching the next page, and no line wrapping:


$ alias ldap='ldapsearch -xLLL -P 3 -E pr=5000/noprompt -o ldif-wrap=no -b"dc=wikimedia,dc=org"'
$ ldap uid=bd808 cn
dn: uid=bd808,ou=people,dc=wikimedia,dc=org
cn: BryanDavis

Decoding base64 entries

LDAP returns non-ascii values as base64 encoded strings. Developer accounts with unicode characters in their cn (wikitech username) values are a common example of this in our directory tree. Ldapsearch displays base64 values with two colons after the attribute name. I have a shell alias that ldapsearch results can be piped through which looks for these double colons and decodes the string.


$ alias un64='awk '\''BEGIN{FS=":: ";c="base64 -d"}{if(/\w+:: /) {print $2 |& c; close(c,"to"); c |& getline $2; close(c); printf("%s:: \"%s\"\n", $1, $2); next} print $0 }'\'''
$ ldap uid=smccandlish displayName
dn: uid=smccandlish,ou=people,dc=wikimedia,dc=org
displayName:: 4oCUIDxmb250IGZhY2U9IlRyZWJ1Y2hldCBNUyI+JycnW1tVc2VyOlNNY0NhbmRsaXNofFNNY0NhbmRsaXNoXV0nJycgJm5ic3A7PHNwYW4gc3R5bGU9IndoaXRlLXNwYWNlOm5vd3JhcDsiPltbVXNlciB0YWxrOlNNY0NhbmRsaXNofFRhbGvih5JdXSDJljxzdXA+PGJpZz7iip08L2JpZz48L3N1cD7XmzxzdXA+4oqZPC9zdXA+w74gPC9zcGFuPiA8c21hbGw+W1tTcGVjaWFsOkNvbnRyaWJ1dGlvbnMvU01jQ2FuZGxpc2h8Q29udHJpYi5dXTwvc21hbGw+PC9mb250PiA=
$ ldap uid=smccandlish displayName | un64
dn: uid=smccandlish,ou=people,dc=wikimedia,dc=org
displayName:: "— <font face="Trebuchet MS">'''[[User:SMcCandlish|SMcCandlish]]''' &nbsp;<span style="white-space:nowrap;">[[User talk:SMcCandlish|Talk⇒]] ɖ<sup><big>⊝</big></sup>כ<sup>⊙</sup>þ </span> <small>[[Special:Contributions/SMcCandlish|Contrib.]]</small></font> "

Manual changes


$ ssh cloudcontrol1003.wikimedia.org
$ ldapmodify -v -H 'ldap://ldap-rw.eqiad.wikimedia.org:389' -D 'uid=novaadmin,ou=people,dc=wikimedia,dc=org' -W -f $LDIF_FILE
Enter LDAP Password:

One way to find the password for uid=novaadmin is in the /etc/mediawiki/WikitechPrivateSettings.php file on a labweb server.