Hi Everyone,
I am looking at using ldapsearch / ldapfilter in a search I am launching, and I wish to change at which location the ldapsearch will look for specific objects and attributes.
using this syntax from inside the search page :
|ldapsearch domain=internal search="(objectCategory=computer)" attrs="cn,userAccountControl" | table cn userAccountControl
I get a list of computer objects and their userAccountControl values.
However I wish to only search for objects that reside in specific OU's in the AD structure.
I cannot seem to find the command reference for all parameters for "ldapsearch" within splunk that would indicate how to select parts of a domain structure.
Or can you use the full ldapsearch with command line parameters inside the search bar like "ldapsearch -h hostname.domain -b ou=myou,dc=mydomain1,dc=mydomain2,dc=mydomaintld objectCategory=computer attrs="cn,userAccountControl" and so forth? I tried this maybe inproperly and got nothing but errors.
Many thanks for any information or guidance
David.
Hi dmcinnis,
Take a look at this app http://apps.splunk.com/app/1852/ it can be used like the *nix ldapsearch
command.
cheers, MuS
I found a way of restricting it somehow by adding a | search "ou=XYZ ABC " as a second search afterwards. Possibly there is a better method of accomplishing this however.