Table: ldap_organizational_unit - Query LDAP Organizational Units using SQL

An LDAP Organizational Unit represents a container that can hold users, groups, and other organizational units within an LDAP directory. It is a crucial component in creating an organized structure in LDAP directories, allowing for efficient user and resource management. Organizational units can be nested within each other, creating a hierarchical structure that reflects the organization's structure.

Table Usage Guide

The ldap_organizational_unit table provides insights into the structure and hierarchy of LDAP directories. As a system administrator, explore details about organizational units through this table, including their distinguished names, attributes, and associated metadata. Utilize it to understand the organization's structure, manage resources efficiently, and implement access control effectively.

Important Notes

• This table supports optional quals. Queries with optional quals in a where clause are optimised to use LDAP search filters.
• If filter is provided, other optional quals will not be used when searching.
• Optional quals are supported for the following columns:
  • description
  • filter - Allows use of an explicit filter. Please refer to LDAP filter language.
  • ou
  • when_changed
  • when_created

Examples

Basic info

Explore the organizational units within your network, including when they were created and who manages them. This can help you understand your network's structure and identify areas for potential reorganization or management changes.

select
  dn,
  ou,
  when_created,
  managed_by
from
  ldap_organizational_unit;

select
  dn,
  ou,
  when_created,
  managed_by
from
  ldap_organizational_unit;

List organizational units that have been created in the last 30 days

Discover the segments that have been recently added to your organization within the past month. This can help keep track of organizational growth and changes.

select
  dn,
  ou,
  when_created
from
  ldap_organizational_unit
where
  when_created > current_timestamp - interval '30 days';

select
  dn,
  ou,
  when_created
from
  ldap_organizational_unit
where
  when_created > datetime('now', '-30 days');

Filter Examples

List organizational units that are critical system objects

Determine the areas in which organizational units are deemed as critical system objects. This can be used to identify key system components that require special attention or stricter security measures.

select
  dn,
  ou,
  managed_by,
  attributes -> 'isCriticalSystemObject' as is_critical_system_object
from
  ldap_organizational_unit
where
  filter = '(isCriticalSystemObject=TRUE)';

select
  dn,
  ou,
  managed_by,
  json_extract(attributes, '$.isCriticalSystemObject') as is_critical_system_object
from
  ldap_organizational_unit
where
  json_extract(attributes, '$.isCriticalSystemObject') = 'TRUE';

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- ldap

You can pass the configuration to the command with the --config argument:

steampipe_export_ldap --config '<your_config>' ldap_organizational_unit