6

I have non-sudo ssh access to a server of which I want to know the list of users, I think the server is using ldap because:

-bash-4.2$ cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd: files ldap
group: files ldap
shadow: files ldap

hosts: files dns
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

netgroup: nis

but:

-bash-4.2$ cd /etc/sssd/
-bash: cd: /etc/sssd/: No such file or directory

Please note neither of /etc/passwd, ls -lsa /varor getent passwd is giving the list I want (they don't even include my own username)

So, does anyone have any idea on how I can get the list of usernames and ids of this server?

-bash-4.2$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 7.11 (wheezy)
Release:    7.11
Codename:   wheezy
Rui F Ribeiro
  • 56,709
  • 26
  • 150
  • 232
yukashima huksay
  • 1,154
  • 1
    Does getent passwd {0..65535} work for you? See also How can I list all user names and/or home directories? – Stéphane Chazelas Dec 15 '17 at 11:08
  • @StéphaneChazelas it certainly does help a lot and gives a much better result than what I had already tried but it still doesn't include my own name but it includes some names from the users that had been created probably 18 years ago in the system:))! I didn't actually know this system is from that long ago:)) Would you be so kind to explain to me what that command does!? what does getent passwd 5 do for example? I mean know the seq thing;) – yukashima huksay Dec 15 '17 at 11:33
  • 1
    I vote to repoen, on my suse 12.1 getent passwd will list entry from /etc/passwd, not Active directory on which can be listed by wbinfo -u – Archemar Dec 18 '17 at 11:54
  • @Archemar did you try getent passwd {0..65535}? – yukashima huksay Dec 18 '17 at 12:52
  • @Archemar maybe your system is using ids larger than 65535 for example my system was using 88113657 for my id – yukashima huksay Dec 18 '17 at 12:53
  • If getent passwd doesn't show your own user, try getent passwd $(whoami). If that works, then your LDAP is not being enumerated (a very unfriendly configuration). You might be able to fix that in, e.g. /etc/sssd/sssd.conf by setting enumerate = true – jrw32982 Mar 06 '19 at 19:34

1 Answers1

7

Most probably the ldap configuration doesn't allow enumeration.

If you know the range of user ids, you could try and get a user list by querying every possible user id:

getent passwd {0..65535}

Here assuming a shell with support for the {x..y} form of brace expansion (zsh, bash, ksh93, tcsh, yash -o braceexpand).

Note that on Linux, uids are no longer limited to 16 bits, and some Microsoft AD or samba based directory servers at least often use values greater than 65535. Querying {0..2147483647} would be out of the question though.

Your network admins are probably not going to like that, as it means doing a lot of LDAP queries to the directory server.

Note that since the primary key in the passwd database is the user name, not id, there may be more than one id for each user name, an getent passwd <id> returns only one entry, so you may be missing some users.

If users are generally in at least one group beside their primary group, one way to get a list of users could be to query a list of groups with the same methods and look at their members:

getent group {0..65535} | cut -d: -f4 | tr , '\n' | sort -u

Here sss is not used. You'd have sss instead of ldap in the nsswitch.conf.

That would be libnss-ldap (or possibly libnss-ldapd, check with dpkg -l | grep ldap) handling queries for ldap. Configuration is possibly in /etc/libnss-ldap.conf or /etc/ldap.conf or /etc/ldap/ldap.conf.

If you can read those, then you'd find out the server name and details of where the users are in the directory tree, and you may be able to use ldapsearch to get the relevant information (provided you're granted access).

Stéphane Chazelas
  • 544,893
  • Is it possible to get the userids within a gid?! because I have most of the gids. Also I'd like to know if it is possible to get all the gids. – yukashima huksay Dec 15 '17 at 12:01
  • 1
    Again, getent group {0..65535} might help (and provide you with a way to find out more user names). – Stéphane Chazelas Dec 15 '17 at 12:03
  • won't ldap/active directory users and group comme with id far above 65535 ? (I know active directory is not mentionned here, but I never seen ldap not being active directory, if OP is ldap only this should be fine) – Archemar Dec 15 '17 at 13:38
  • @Archemar, I've never come across MSAD, but I can confirm a samba equivalent of MSAD having uids above 65535, so I've changed the text. – Stéphane Chazelas Dec 15 '17 at 15:48
  • There is probably a reason why the ldap doesn't support enumeration, it could be bad for performance if 1000+ machines enumerate 5000+ users all the time. This probably means it is also very bad to enumereate them like this in a script. – Jens Timmerman Mar 21 '18 at 14:00