CSI - LDAP Recipes for Active Directory

Most of the information on this site is intended for our customers' consumption. We do have some process notes intended to guide CSI technical staff through the environments' implementation. In general, these notes assume familiarity with our back-end processes and are not as "user friendly" as we hope to make the rest of the site.
We include these docs here so that they are available in the off chance that they might prove of interest.

Some LDAP Recipes for Wolftech

These are short, hopefully cut-n-pasteable shell commands to do stuff in wolftech. Before you use it, you should set some environmental variables according to weather you wish to operate in the RENV (PCI) domain or not.

The ldap client tools are installed with yum install openldap-clients on RHEL.

If you’re working in RENV

binddn=$USER.re@WOLFTECH.AD.NCSU.EDU      # eg "jaklein.re@WOLFTECH.AD.NCSU.EDU"
base="OU=CSI,OU=ConnectedSystems,OU=PCI-DSS,OU=Regulatory,DC=wolftech,DC=ad,DC=ncsu,DC=edu"

If you are not working in RENV

binddn=$USER.admin@WOLFTECH.AD.NCSU.EDU      # eg "jaklein.admin@WOLFTECH.AD.NCSU.EDU"
base="OU=NIX,OU=Services,OU=OIT,OU=NCSU,DC=wolftech,DC=ad,DC=ncsu,DC=edu"

List all computer objects associated with CSI

ldapsearch -h wolftech.ad.ncsu.edu -LLL -o ldif-wrap=no \
  -D $binddn -x -W -Z \
  -b $base \
  "(objectclass=computer)" \
  cn operatingSystem

All info about one particular computer

# It never hurts to follow the Windows convention of hostnames in
# UPPER CASE, and it may be needed.
# Note that fqdn is NOT used by AD.  Savages.
adcomputer=CSITEST1

ldapsearch -h wolftech.ad.ncsu.edu -LLL -o ldif-wrap=no \
 -D $binddn -x -W -Z \
 -b $base \
 "(&(objectclass=computer)(cn=$adcomputer))"

Delete host completely

adcomputer=CSITEST1

ldapdelete -h wolftech.ad.ncsu.edu \
 -D $binddn -x -W -Z\
  "CN=$adcomputer,$base"
Tags:
Edit me