Hi all, Is there a way to extract the whole attributes of objects, even hidden attributes, using ldbsearch or any samba tool? Hidden attributes have to be hidden from ldapsearch which can be used through network and so, remotely. ldbsearch can be used only locally by root, which [should] limit who is using it, so perhaps I thought it was possible : )
On 04/07/16 16:16, mathias dufresne wrote:> Hi all, > > Is there a way to extract the whole attributes of objects, even hidden > attributes, using ldbsearch or any samba tool?Don't think you can get the hidden attributes over the wire, but you can get them on the DC by explicitly asking for them.> > Hidden attributes have to be hidden from ldapsearch which can be used > through network and so, remotely. ldbsearch can be used only locally by > root, which [should] limit who is using it, so perhaps I thought it was > possible : )Oh dear, who told you that only root could use ldbsearch and that it only works on a DC ? rowland at devstation:~/programming/git$ ldbsearch -H ldap://dc1 -b 'cn=Users,dc=samdom,dc=example,dc=com' -s sub '(&(objectclass=user)(samaccountname=rowland))' -U rowland Password for [SAMDOM\rowland]: # record 1 dn: CN=Rowland Penny,CN=Users,DC=samdom,DC=example,DC=com cn: Rowland Penny sn: Penny givenName: Rowland instanceType: 4 whenCreated: 20151109093821.0Z displayName: Rowland Penny uSNCreated: 3871 name: Rowland Penny objectGUID: 28103293-9fc9-4681-b19c-ae1150fe2b72 badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 primaryGroupID: 513 objectSid: S-1-5-21-1768301897-3342589593-1064908849-1107 logonCount: 0 sAMAccountName: rowland sAMAccountType: 805306368 userPrincipalName: rowland at samdom.example.com objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=c om pwdLastSet: 130915355010000000 uid: rowland msSFU30Name: rowland msSFU30NisDomain: samdom uidNumber: 10000 unixHomeDirectory: /home/rowland loginShell: /bin/bash userAccountControl: 66048 accountExpires: 0 gidNumber: 10000 objectClass: top objectClass: securityPrincipal objectClass: person objectClass: organizationalPerson objectClass: user gecos: Rowland Penny memberOf: CN=DnsAdmins,CN=Users,DC=samdom,DC=example,DC=com homeDirectory: \\DC1\rowland lastLogonTimestamp: 131120934392797250 whenChanged: 20160704081039.0Z uSNChanged: 245201 lastLogon: 131121071311154780 distinguishedName: CN=Rowland Penny,CN=Users,DC=samdom,DC=example,DC=com Rowland
Any way to extract thelm without knowing all attributes of one given object? 2016-07-04 17:40 GMT+02:00 Rowland penny <rpenny at samba.org>:> On 04/07/16 16:16, mathias dufresne wrote: > >> Hi all, >> >> Is there a way to extract the whole attributes of objects, even hidden >> attributes, using ldbsearch or any samba tool? >> > > Don't think you can get the hidden attributes over the wire, but you can > get them on the DC by explicitly asking for them. > > >> Hidden attributes have to be hidden from ldapsearch which can be used >> through network and so, remotely. ldbsearch can be used only locally by >> root, which [should] limit who is using it, so perhaps I thought it was >> possible : ) >> > > Oh dear, who told you that only root could use ldbsearch and that it only > works on a DC ? > > rowland at devstation:~/programming/git$ ldbsearch -H ldap://dc1 -b > 'cn=Users,dc=samdom,dc=example,dc=com' -s sub > '(&(objectclass=user)(samaccountname=rowland))' -U rowland > Password for [SAMDOM\rowland]: > # record 1 > dn: CN=Rowland Penny,CN=Users,DC=samdom,DC=example,DC=com > cn: Rowland Penny > sn: Penny > givenName: Rowland > instanceType: 4 > whenCreated: 20151109093821.0Z > displayName: Rowland Penny > uSNCreated: 3871 > name: Rowland Penny > objectGUID: 28103293-9fc9-4681-b19c-ae1150fe2b72 > badPwdCount: 0 > codePage: 0 > countryCode: 0 > badPasswordTime: 0 > lastLogoff: 0 > primaryGroupID: 513 > objectSid: S-1-5-21-1768301897-3342589593-1064908849-1107 > logonCount: 0 > sAMAccountName: rowland > sAMAccountType: 805306368 > userPrincipalName: rowland at samdom.example.com > objectCategory: > CN=Person,CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=c > om > pwdLastSet: 130915355010000000 > uid: rowland > msSFU30Name: rowland > msSFU30NisDomain: samdom > uidNumber: 10000 > unixHomeDirectory: /home/rowland > loginShell: /bin/bash > userAccountControl: 66048 > accountExpires: 0 > gidNumber: 10000 > objectClass: top > objectClass: securityPrincipal > objectClass: person > objectClass: organizationalPerson > objectClass: user > gecos: Rowland Penny > memberOf: CN=DnsAdmins,CN=Users,DC=samdom,DC=example,DC=com > homeDirectory: \\DC1\rowland > lastLogonTimestamp: 131120934392797250 > whenChanged: 20160704081039.0Z > uSNChanged: 245201 > lastLogon: 131121071311154780 > distinguishedName: CN=Rowland Penny,CN=Users,DC=samdom,DC=example,DC=com > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >