On 04.08.2016 18:43, Sean Hogan wrote:

Thanks Ben.. appreciated.. will give it a go. Do you guys recommend any specific ldap viewer to view the internals? I was looking at apache dir studio I think it was... but needs java and I don't want to add java to a server that does not have it increasing the mitigation/vulnerability factor of the box.

I ran ipa host-find --all
and noticed this setting in the list
Keytab: True

I am thinking Keytab entry = enroll true

Sean Hogan

You can use also --raw option together with --all to see raw LDAP values

I use apache directory studio and ldapsearch


Inactive hide details for Ben Lipton ---08/04/2016 09:08:40 AM---On 08/04/2016 11:31 AM, Sean Hogan wrote: >Ben Lipton ---08/04/2016 09:08:40 AM---On 08/04/2016 11:31 AM, Sean Hogan wrote: >

From: Ben Lipton <blip...@redhat.com>
To: Sean Hogan/Durham/IBM@IBMUS, freeipa-users <freeipa-users@redhat.com>
Date: 08/04/2016 09:08 AM
Subject: Re: [Freeipa-users] Querying the dir srv


On 08/04/2016 11:31 AM, Sean Hogan wrote:
> Hi All,
> Where can I find information about the IPA schema as in what = what in
> the dir srv? I do not have a ldap viewer.
> I am looking to pull specific info from it such as a list of servers
> that have enrolled = true and have been playing with ldapsearch to no
> avail.

You could try something like 'ipa <objecttype>-show --all <object>' to
see the dn of the associated LDAP object for a particular IPA entity.
This would give you a sense of what tree to ldapsearch. You could try
adding the --raw flag as well to see the LDAP attributes of the object.

# ipa user-show --all admin
  dn: uid=admin,cn=users,cn=accounts,dc=example,dc=domain
# ldapsearch -xLLL -D cn='Directory manager' -w <directory manager pw>
-b 'cn=users,cn=accounts,dc=example,dc=domain' '(objectClass=*)' '*' |
perl -p0e 's/\n //g' | less

You can also take a look at
for a list of LDAP entities that act as containers for IPA objects
(subtrees to search under).

Someone else may have some better ideas, but maybe this can get you started.


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to