{"id":16164586,"url":"https://github.com/reyk/ldapclient","last_synced_at":"2025-03-18T23:30:29.134Z","repository":{"id":151263064,"uuid":"133078513","full_name":"reyk/ldapclient","owner":"reyk","description":"Simple LDAP client for OpenBSD using aldap, pledge(2) and no OpenLDAP","archived":false,"fork":false,"pushed_at":"2018-06-13T15:53:11.000Z","size":109,"stargazers_count":16,"open_issues_count":0,"forks_count":2,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-02-28T12:46:47.431Z","etag":null,"topics":["authorizedkeyscommand","ldap","ldapsearch","openbsd"],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/reyk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-05-11T19:05:49.000Z","updated_at":"2023-11-11T16:16:25.000Z","dependencies_parsed_at":"2024-03-14T12:16:00.386Z","dependency_job_id":null,"html_url":"https://github.com/reyk/ldapclient","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reyk%2Fldapclient","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reyk%2Fldapclient/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reyk%2Fldapclient/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/reyk%2Fldapclient/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/reyk","download_url":"https://codeload.github.com/reyk/ldapclient/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243955361,"owners_count":20374369,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authorizedkeyscommand","ldap","ldapsearch","openbsd"],"created_at":"2024-10-10T02:47:08.774Z","updated_at":"2025-03-18T23:30:29.129Z","avatar_url":"https://github.com/reyk.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"ldap(1) - General Commands Manual\n\n# NAME\n\n**ldap** - Simple LDAP client.\n\n# SYNOPSIS\n\n**ldap**\n*command*\n\\[**-LvWxZ**]\n\\[**-b**\u0026nbsp;*basedn*]\n\\[**-c**\u0026nbsp;*CAfile*]\n\\[**-D**\u0026nbsp;*binddn*]\n\\[**-H**\u0026nbsp;*host*]\n\\[**-l**\u0026nbsp;*timelimit*]\n\\[**-s**\u0026nbsp;*scope*]\n\\[**-w**\u0026nbsp;*secret*]\n\\[**-z**\u0026nbsp;*sizelimit*]\n\\[*arguments\u0026nbsp;...*]\n\n# DESCRIPTION\n\nThe\n**ldap**\nprogram is a simple LDAP client program.\nIt queries an LDAP server to perform a command and outputs the results\nin the LDAP Data Interchange Format (LDIF).\n\nThe command is as follows:\n\n**search** *options* *filter* \\[*attribute ...*]\n\n\u003e Perform a directory search request.\n\u003e The optional\n\u003e *filter*\n\u003e argument specifies the LDAP filter for the directory search.\n\u003e The default is\n\u003e *(objectClass=\\*)*\n\u003e and the format must comply to the\n\u003e \"String Representation of Search Filters\"\n\u003e as described in RFC 4515.\n\u003e If one or more\n\u003e *attribute*\n\u003e options are specified,\n\u003e **ldap**\n\u003e restricts the output to the specified attributes.\n\nThe options are as follows:\n\n**-b** *basedn*\n\n\u003e Use the specified distinguished name (dn) as the starting point for\n\u003e directory search requests.\n\n**-c** *CAfile*\n\n\u003e When TLS is enabled, load the CA bundle for certificate verification\n\u003e from the specified file.\n\u003e The default is\n\u003e */etc/ssl/cert.pem*.\n\u003e If the LDAP server uses a self-signed certificate,\n\u003e use a file that contains the server certificate in PEM format, e.g.\n\u003e */etc/ssl/ldapserver.example.com.crt*.\n\n**-D** *binddn*\n\n\u003e Use the specified distinguished name to bind to the directory.\n\n**-H** *host*\n\n\u003e The hostname of the LDAP server or an LDAP URL.\n\u003e The LDAP URL is described in RFC 4516 with the following format:\n\n\u003e \\[*protocol*://]*host*\\[:*port*]\\[*/basedn*\\[*\u0026#63;attribute,...*]\\[*\u0026#63;scope*]\\[*\u0026#63;filter*]]\n\n\u003e The following protocols are supported:\n\n\u003e ldap\n\n\u003e \u003e Connect with TCP in plain text.\n\u003e \u003e This is the default.\n\n\u003e ldaps\n\n\u003e \u003e Connect with TLS.\n\u003e \u003e The default port is 636.\n\n\u003e ldap+tls\n\n\u003e \u003e Connect with TCP and enable TLS using the StartTLS operation.\n\u003e \u003e This is the same as the\n\u003e \u003e **-Z**\n\u003e \u003e option.\n\n\u003e ldapi\n\n\u003e \u003e Connect to a UNIX-domain socket.\n\u003e \u003e The host argument is required to be an URL-encoded path, for example\n\u003e \u003e *ldapi://%2fvar%2frun%2fldapi*\n\u003e \u003e for\n\u003e \u003e */var/run/ldapi*.\n\n\u003e The default is\n\u003e *ldap://localhost:389/*.\n\n**-L**\n\n\u003e Output the directory search result in a standards-compliant version of\n\u003e the LDAP Data Interchange Format (LDIF).\n\u003e This encodes attribute values that include non-printable or UTF-8\n\u003e characters in the Base64 format and wraps lines at a 79-character limit.\n\u003e If this option is not specified,\n\u003e **ldap**\n\u003e encodes\n\u003e \"unsafe\"\n\u003e characters and newlines in a visual format using\n\u003e vis(3)\n\u003e instead.\n\n**-l** *timelimit*\n\n\u003e Request the server to abort the search request after\n\u003e *timelimit*\n\u003e seconds.\n\u003e The default value is\n\u003e *0*\n\u003e for no limit.\n\n**-s** *scope*\n\n\u003e Specify the\n\u003e *scope*\n\u003e to be either\n\u003e **base**,\n\u003e **one**,\n\u003e or\n\u003e **sub**.\n\u003e The default is\n\u003e **sub**\n\u003e for subtree searches.\n\n**-v**\n\n\u003e Product more verbose output.\n\n**-W**\n\n\u003e Prompt for the bind secret with echo turned off.\n\n**-w** *secret*\n\n\u003e Specify the bind secret on the command line.\n\n**-x**\n\n\u003e Use simple authentication.\n\u003e This is the default as\n\u003e **ldap**\n\u003e does not support SASL authentication.\n\n**-Z**\n\n\u003e Enable TLS using the StartTLS operation.\n\n**-z** *sizelimit*\n\n\u003e Request the server to limit the search result to a maximum number of\n\u003e *sizelimit*\n\u003e entries.\n\u003e The default value is\n\u003e *0*\n\u003e for no limit.\n\n# EXAMPLES\n\nThe following script can be used with the\n*AuthorizedKeysCommand*\noption of\nsshd(8):\n\n\t#!/bin/sh\n\tldap search -D cn=Reader,dc=example,dc=com -w mypass123 \\\n\t\t-b ou=People,dc=example,dc=com \\\n\t\t-H ldapserver -c /etc/ssl/ldapserver.crt -Z \\\n\t\t\"(\u0026(objectClass=bsdAccount)(uid=$1))\" sshPublicKey | \\\n\t\tsed 's/sshPublicKey: //'\n\texit 0\n\nAnd the related configuration in\nsshd\\_config(5):\n\n\tMatch Group ldapusers\n\t\tAuthorizedKeysCommand /etc/ssh/ldap-authorized_keys.sh\n\t\tAuthorizedKeysCommandUser _ldap\n\n# FILES\n\n*/etc/ssl/cert.pem*\n\n\u003e Default CA file.\n\n# SEE ALSO\n\nsshd\\_config(5),\nldapd(8),\nsshd(8)\n\n# STANDARDS\n\nG. Good,\n*The LDAP Data Interchange Format (LDIF) - Technical Specification*,\nRFC 2849,\nJune 2000.\n\nM. Smith, Ed.,\nT. Howes,\n*Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters*,\nRFC 4515,\nJune 2006.\n\nM. Smith, Ed.,\nT. Howes,\n*Lightweight Directory Access Protocol (LDAP): Uniform Resource Locator*,\nRFC 4516,\nJune 2006.\n\n# AUTHORS\n\nThe\n**ldap**\nprogram was written by\nReyk Floeter \u0026lt;[reyk@openbsd.org](mailto:reyk@openbsd.org)\u0026gt;.\n\n# CAVEATS\n\nThe\n**ldap**\ntool does not support SASL authentication;\nauthentication should be performed using simple authentication over a\nTLS connection.\n\nOpenBSD 6.3 - May 17, 2018\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freyk%2Fldapclient","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Freyk%2Fldapclient","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freyk%2Fldapclient/lists"}