If you want to use ldapsearch to find a user, do not use objectclass=user or objectcategory=person to specify the filter. Instead, you should use objectclass=posixaccount. For example, to find the user with the UNIX name jtr enter a command similar to the following:
/usr/share/centrifydc/bin/ldapsearch -x -h localhost -D “CN=Administrator,CN=Users,DC=pistolas,DC=org” -W -b “dc=pistolas,dc=org” "(&(objectclass=posixaccount)(uid=jtr))"“
Optionally, use the UID number instead of the UNIX name:
"(&(objectclass=posixaccount)(uidNumber=1234567))"
Similarly, use objectclass=posixgroup to retrieve information on a group. This filter supports the following options:
- cn: Find a group with a given UNIX name
- gidNumber: Find a group with a given GID
- memberUID: Search for secondary group membership of given UNIX user.
Doc Feedback