Query CERN LDAP from the shell

Here’s one for the shell nuts:

sudo $EDITOR /etc/ldap/ldap.conf

Add the following line:

TLS_REQCERT never

Warning: This is not completely secure, since it ignores the certificate checks. There are instructions, but it’s not clear which of the two CA certificates I should use, and whichever I try, I get no useful feedback from ldapsearch even with -d 255. If you manage to use the certificates properly, I’d be grateful if you’d let me know how.

Now for the meat (replace $(whoami) with your CERN user name if it’s not the same as your login):

ldapsearch -v -H ldaps://ldap.cern.ch:636 -s sub -b O=CERN,C=CH -D cn=$(whoami),ou=users,o=cern,c=ch -x -W "(uid=$(whoami))"