CINXE.COM
Debian Project -- Direct LDAP Access
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Debian Project -- Direct LDAP Access</title> <link rev="made" href="mailto:webmaster@debian.org"> <meta name="Generator" content="WML 2.12.2"> <meta name="Modified" content="2023-09-21 13:36:51"> <link href="/js/datatables.min.css" rel="stylesheet" type="text/css"> <link href="/debian.css" rel="stylesheet" type="text/css"> <link href="/debdb.css" rel="stylesheet" type="text/css"> <link href="/debian-en.css" rel="stylesheet" type="text/css" media="all"> <script language="javascript" type="text/javascript" src="/js/jquery/jquery.js"></script> <script language="javascript" type="text/javascript" src="/js/datatables.min.js"></script> <script language="javascript" type="text/javascript" src="/js/debdb.js"></script> </head> <body> <div id="header"> <div id="upperheader"> <div id="logo"> <a href="https://www.debian.org/"><img src="/Pics/openlogo-50.png" width="50" height="61" alt=""></a> </div> <!-- end logo --> <p class="section"><a href="/">db</a></p> </div> <!-- end upperheader --> <!--UdmComment--> <div id="navbar"> <p class="hidecss"><a href="#inner">Skip Quicknav</a></p> <ul> <li><a href="https://www.debian.org/intro/about">About Debian</a></li> <li><a href="https://www.debian.org/News/">News</a></li> <li><a href="https://www.debian.org/distrib/">Getting Debian</a></li> <li><a href="https://www.debian.org/support">Support</a></li> <li><a href="https://www.debian.org/devel/">Developers' Corner</a></li> <li><a href="https://www.debian.org/sitemap">Site map</a></li> <li><a href="http://search.debian.org/">Search</a></li> </ul> </div> <!-- end navbar --> <p id="breadcrumbs"><a href="./">db.debian.org</a> /</p> </div> <!-- end header --> <!--/UdmComment--> <div id="content"> <h1 class="h1class">Direct LDAP Access</h1> <div id="second-nav"> <p> <ul class="cdmenu"> <li>General Documenation <ul> <li><a href="machines.cgi">Development machines</a><li> <li><a href="https://www.debian.org/devel/dmup">Machine Usage Policies</a><li> <li><a href="https://dsa.debian.org">DSA Wiki</a><li> </ul> </li> <li>LDAP Documentation <ul> <li><a href="doc-general.html">General LDAP Documentation</a></li> <li><a href="doc-direct.html">Direct LDAP Access</a></li> <li><a href="doc-mail.html">LDAP Mail Gateway</a></li> <li><a href="password.html">Lost or forgotten password instructions</a></li> <li><a href="forward.html">Debian.org Email Forwarding</a></li> </ul> </li> </ul> </p> </div> <p>A restricted subset of information is available to non-developers via LDAP. If you wish relatively unfettered access to the LDAP database, connect to it from a .debian.org machine, such as people.debian.org or master.debian.org. </p> <p> The LDAP utilities package (<a href="https://packages.debian.org/ldap-utils">ldap-utils</a>) provides an utility called ldapsearch that can be used to execute direct queries to the database. This is done by supplying the following arguments to ldapsearch: <strong>-x -H ldaps://db.debian.org -b dc=debian,dc=org</strong>. Alternatively, the <strong>-H</strong> and <strong>-b</strong> options can be put in one's ~/.ldaprc, in the following form: </p><pre> [ dbharris@people: ~/ ]$ cat ~/.ldaprc URI ldaps://db.debian.org BASE dc=debian,dc=org </pre> <p> <strong>-x</strong> tells ldapsearch to use "simple" (non-SASL, non-Kerberos) authentication. There appears to be no ~/.ldaprc option which does the same as <strong>-x</strong>. With these parameters specified, we're ready to begin searching. Here's an example: </p><pre> [ dbharris@people: ~/ ]$ ldapsearch -x uid=dbharris keyfingerprint <snip> dn: uid=dbharris,ou=users,dc=debian,dc=org keyFingerPrint: CC53F12435C07BC258FE7A3C157DDFD959DDCB9F <snip> </pre> <p> The first non-option argument (<strong>uid=dbharris</strong> in this case) is the query to perform, and the rest of the arguments are the attributes to return. If you only specify the query, but don't provide any attributes to return, all readable attributes are returned. While the example was quite simple, complex queries can be performed as well: </p><pre> [ dbharris@people: ~/ ]$ ldapsearch -x -H ldaps://db.debian.org -b dc=debian,dc=org '(&(!(loginshell=/bin/bash))(uid=*))' loginshell </pre> <p> That query shows users that do not use bash as their shell. Some other interesting queries are:</p> <ul> <li>Count the number of developers <tt>(&(keyfingerprint=*)(supplementaryGid=Debian))</tt></li> <li>Show people in a certain group <tt>gidmembership=adm</tt></li> <li>People named james <tt>cn=james</tt></li> <li>Someone whose last name phonetically sounds like 'Ackerma' <tt>sn~=ackerm</tt></li> <li>All the sparcs <tt>host=sparc</tt></li> </ul> <p><a href="http://www.faqs.org/rfcs/rfc2254.html">RFC 2254</a> has more information about the filter expressions.</p> <h1>Other LDAP Browsers</h1> <p> The GQ package has a graphical LDAP browser that can browse the debian.org tree. It is somewhat ungainly with the large number of entries in our directory, but it does work nonetheless. Configuration is similar, use the preferences dialog to add a new host with the information given above. <p> Netscape has a browser for their mailer, but I have never been able to get it to work, please email if you have any luck. <p> To my knowledge there are no interfaces for popular mailers like mutt and gnus. Such an interface would allow using the directory as an enhanced address book. <hr noshade width="100%" size="1"> <small> You can contact us at <a href="mailto:admin@db.debian.org">admin@db.debian.org</a>. </small> <p> <p><small> Last Modified: Mon, Mar 28 15:36:36 UTC 2022 <br> Copyright © 1997-2022 <a href="http://www.spi-inc.org/">SPI</a>; See <a href="https://www.debian.org/license" rel="copyright">license terms</a><br> Debian is a registered trademark of Software in the Public Interest, Inc. </small></p> </body> </html>