--- /dev/null
+#use wml::db.d.o title="Direct LDAP Access"
+
+<p>Since the
+<a href="http://lists.debian.org/debian-announce/debian-announce-2003/msg00001.html">compromise</a>,
+the information available to non-developers via the LDAP interface has been
+limited a great deal. However, as always, the full database is accessible from
+any .debian.org machine. If you wish relatively unfettered access to the LDAP
+database, connect to it from a .debian.org machine, such as gluck.debian.org
+(which is recommended for general shell usage anyhow).
+</p>
+
+<p>
+The LDAP utilities package (<a href="http://packages.debian.org/ldap-utils">\
+ldap-utils</a>) provides an utility called ldapsearch that can be used
+to execute direct queries to the database. This is done by supplying
+the following arguments to ldapsearch: <strong>-x -H
+ldap://db.debian.org -b dc=debian,dc=org</strong>. Alternatively, the
+<strong>-H</strong> and <strong>-b</strong> options can be put in
+one's ~/.ldaprc, in the following form:
+</p><pre>
+[ dbharris@gluck: ~/ ]$ cat ~/.ldaprc
+HOST db.debian.org
+BASE dc=debian,dc=org
+</pre>
+
+<p>
+<strong>-x</strong> tells ldapsearch to use "simple" (non-SASL, non-Kerberos)
+authentication. There appears to be no ~/.ldaprc option which does the same as
+<strong>-x</strong>. With these parameters specified, we're ready to begin
+searching. Here's an example:
+</p><pre>
+[ dbharris@gluck: ~/ ]$ ldapsearch -x uid=dbharris keyfingerprint
+<snip>
+# dbharris, users, debian, org
+dn: uid=dbharris,ou=users,dc=debian,dc=org
+keyFingerPrint: CC53F12435C07BC258FE7A3C157DDFD959DDCB9F
+<snip>
+</pre>
+
+<p>
+The first non-option argument (<strong>uid=dbharris</strong> in this case) is
+the query to perform, and the rest of the arguments are the attributes to
+return. If you only specify the query, but don't provide any attributes to
+return, all readable attributes are returned. While the example was quite
+simple, complex queries can be performed as well:
+</p><pre>
+[ dbharris@gluck: ~/ ]$ ldapsearch -x -H ldap://db.debian.org -b dc=debian,dc=org '(&(!(loginshell=/bin/bash))(uid=*))' loginshell
+</pre>
+
+<p>
+That query shows users that do not use bash as their shell. Some other
+interesting queries are:</p>
+<ul>
+<li>Count the number of developers
+<tt>(&(keyfingerprint=*)(gidnumber=800))</tt></li>
+<li>Show people in a certain group <tt>gidmembership=adm</tt></li>
+<li>People named james <tt>cn=james</tt></li>
+<li>Someone whos last name phonetically sounds like 'Ackerma'
+<tt>sn~=ackerm</tt></li>
+<li>All the sparcs <tt>host=sparc</tt></li>
+</ul>
+
+<p><a href="http://www.faqs.org/rfcs/rfc2254.html">RFC 2254</a>
+has more information about the filter expressions.</p>
+
+
+<h1>Other LDAP Browsers</h1>
+<p>
+The GQ package has a graphical LDAP browser that can browse the debian.org
+tree. It is somewhat ungainly with the large number of entries in our
+directory, but it does work nonetheless. Configuration is similar, use the
+preferences dialog to add a new host with the information given above.
+<p>
+Netscape has a browser for their mailer, but I have never been able to get
+it to work, please email if you have any luck.
+<p>
+To my knowledge there are no interfaces for popular mailers like mutt and
+gnus. Such an interface would allow using the directory as an enhanced address
+book.
projects / mirror / userdir-ldap-cgi.git / blobdiff