You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
101 lines
4.6 KiB
101 lines
4.6 KiB
[ldapsearch-command]
|
|
syntax = ldapsearch \
|
|
search=<string> \
|
|
(domain=<string>)? \
|
|
(attrs=<string>)? \
|
|
(basedn=<string>)? \
|
|
(scope=base|one|sub)? \
|
|
(decode=<bool>)? \
|
|
(limit=<int>)? \
|
|
(debug=<bool>|logging_level=critical|error|warning|info|debug)?
|
|
shortdesc = Opens a connection to an ldap server, binds, and performs a search using specified options.
|
|
description = This command opens a connection to an ldap server. It then performs a search using the specified \
|
|
options and generates one event per result entry. The ldapsearch command must appear at the beginning of a search \
|
|
pipeline.
|
|
comment1 = Get all attributes of all users in the default domain.
|
|
example1 = | ldapsearch search="(&(objectClass=user)(!(objectClass=computer)))"
|
|
comment2 = Get the common name (cn) and telephone number (telephoneNumber) for the Administrator (samAccountName) of the \
|
|
default domain.
|
|
example2 = | ldapsearch search="(samAccountName=Administrator)" attrs="cn,telephoneNumber"
|
|
usage = public
|
|
appears-in = SA-ldapsearch 1.0
|
|
tags = SA-ldapsearch ldap ldapsearch
|
|
maintainer = microsoft@splunk.com
|
|
category = generating
|
|
related = ldapfetch, ldapfilter, ldapgroup, ldaptestconnection
|
|
|
|
[ldapfetch-command]
|
|
syntax = ldapfetch \
|
|
(dn=<field>)? \
|
|
(domain=<string>)? \
|
|
(attrs=<string>)? \
|
|
(decode=<bool>)? \
|
|
(debug=<bool>|logging_level="critical"|"error"|"warning"|"info"|"debug")?
|
|
shortdesc = Augments each input event record with information for a directory object.
|
|
description = This command augments each input record with information from a directory object. The directory object \
|
|
is identified by a specified distinguished name field.
|
|
comment1 = Get the description of any group that is a member of another group.
|
|
example1 = | ldapsearch search="(objectClass=group)" attrs="memberOf" | ldapfetch dn=memberOf attrs="cn,description"
|
|
usage = public
|
|
appears-in = SA-ldapsearch 1.0
|
|
tags = SA-ldapsearch ldap ldapfetch
|
|
maintainer = microsoft@splunk.com
|
|
category = reporting
|
|
related = ldapsearch, ldapfilter, ldapgroup, ldaptestconnection
|
|
|
|
[ldapfilter-command]
|
|
syntax = ldapfilter \
|
|
search=<string> \
|
|
(domain=<string>)? \
|
|
(attrs=<string>)? \
|
|
(basedn=<string>)? \
|
|
(scope=base|one|sub)? \
|
|
(decode=<bool>)? \
|
|
(limit=<int>)? \
|
|
(debug=<bool>|logging_level=critical|error|warning|info|debug)?
|
|
shortdesc = Joins each input event record with the results of an ldap search.
|
|
description = This command executes one ldap search per input event record, generating one output event record for \
|
|
for each result returned. Each output event record is joined with the corresponding input event record.
|
|
comment1 = Add the telephoneNumber for all failed logons (where the logon ID is in the field cn and the domain is in the \
|
|
field src_nt_domain).
|
|
example1 = eventtype=failed-logons | stats count by cn,src_nt_domain | ldapfilter domain=$src_nt_domain$ \
|
|
search="(cn=$cn$)" attrs="telephoneNumber" | table count,cn,src_nt_domain,telephoneNumber
|
|
usage = public
|
|
appears-in = SA-ldapsearch 1.0
|
|
tags = SA-ldapsearch ldap ldapsearch
|
|
maintainer = microsoft@splunk.com
|
|
category = reporting
|
|
related = ldapsearch, ldapfetch, ldapgroup, ldaptestconnection
|
|
|
|
[ldapgroup-command]
|
|
syntax = ldapgroup \
|
|
(groupdn=<field>)? \
|
|
(domain=<string>)? \
|
|
(decode=<bool>)? \
|
|
(debug=<bool>|logging_level=critical|error|warning|info|debug)?
|
|
shortdesc = Augments input event records with fields containing group membership information.
|
|
description = This command adds group membership information to each input event record. The group is identified by \
|
|
a specified distinguished name field.
|
|
comment1 = Expand all groups in the domain splunk.com and display the group name and members.
|
|
example1 = | ldapsearch domain=splunk.com search="(objectClass=group)" attrs="cn,distinguishedName" | ldapgroup | \
|
|
table cn, member_dn, member_type
|
|
usage = public
|
|
appears-in = SA-ldapsearch 1.0
|
|
tags = SA-ldapsearch ldap ldapgroup
|
|
maintainer = microsoft@splunk.com
|
|
category = reporting
|
|
related = ldapsearch, ldapfetch, ldapfilter, ldaptestconnection
|
|
|
|
[ldaptestconnection-command]
|
|
syntax = | ldaptestconnection (domain=<string>)? (debug=<bool>|logging_level=critical|error|warning|info|debug)?
|
|
shortdesc = Tests the connection to the directory service for a domain.
|
|
description = This command tests the connection to each of the hosts servicing the ldap directory identified by domain.\
|
|
It must be placed at the beginning of a search pipeline.
|
|
example1 = | ldaptestconnection domain="splunk.com"
|
|
usage = public
|
|
appears-in = SA-ldapsearch 2.0.1
|
|
tags = SA-ldapsearch ldap ldaptestconnection
|
|
maintainer = microsoft@splunk.com
|
|
category = generating
|
|
related = ldapsearch, ldapfetch, ldapfilter, ldapgroup
|