ldapsearch queries

ldap searches, always fun and powerful, but I so often spend too much time figuring out the syntax. Without further ado:

dump all users, the -E handles the pagination of requests when limited to 1000 results

ldapsearch -E pr=1000/noprompt -x -D "CN=serviceuser,OU=exampleorg,DC=example,DC=ad" -w PASSWORD -H "ldaps://example.com:636" -b "OU=Users,OU=ExampleOrg,DC=example,DC=ad" | tee -a /tmp/LDAP-DUMP-USERS.txt

-W will prompt for password instead of entering it on command line

and just for fun this will return the users thumbnail photo into /tmp

ldapsearch -E pr=1000/noprompt -x -D "CN=serviceuser,OU=exampleorg,DC=example,DC=ad" -w PASSWORD -H "ldaps://example.com:636" -s sub -b "CN=MY USER,OU=Users,OU=ExampleOrg,DC=example,DC=ad" -t thumbnailPhoto=* thumbnailPhoto| while read line ; do echo $line | egrep -q "^dn:" && name=`echo $line | sed 's/.*CN=\([^,]\+\).*/\1/'`; echo $line | egrep file && file=`echo $line | sed 's/.*file:\/\///'` && mv $file /tmp/$name.jpg ; done