ldap on Mac

Did you ever have to interact with Active Directory on a MAC? If yes, this post might be interesting for you. I am pretty new to the Mac and basic things I know how to do on Windows need some research to figure out. This time around I explore Active Directory interactions.

First, there is the Directory Utility on the Mac which can be quite useful.

Second, there is Apaches - Directory Studio - which is pretty amazing and feature rich.

Third, you might want to write your own tools or scripts. There are ldap commands that allow you to do most tasks in automated fashion.

ldapwhoami -x -Z -H ldaps://[your].[domain].[controller] -D wuzzi@domain.com -W

ldapsearch -v -x -LLL -H ldaps://[your].[domain].[controller] -b OU=Users,OU=Managed,DC=[your],DC=[domain],DC=[controller] -D wuzzi@domain.com -Z -W -s sub "(objectClass=user)" cn givenName sn pwdLastSet

One can pipe this into a file, let's say users.ldif

There is a tool ldap2csv.sh that can be used to convert the output to a csv file - I found this pretty useful.

e.g. cat users.ldif | ./ldap2csv.sh cn givenName sn pwdLastSet samAccountName

Use of search filters: -f searchfilter.filter "(cn=%s)" The filter file itself then just contains a list of names that will be substituted.

June 20th, 2019