Ldapsearch Networkaddress


NOTE: Specific to EDirectory

Networkaddress Anomalies#

Before you get too excited, you should see what we have learned on Networkaddress Anomalies


For some more information on EDirectory NetworkAddress

LDAPSearch for a NetworkAddress#

Given an IP address of, how we can locate the entry in eDirectory that is connected on that address?

This can be performed by:

Convert each octet of the IP address into Hex:#

  • 192 = c0
  • 168 = a8
  • 1 = 01
  • 121 = 79

Concatenate the hex values into a string like "c0 a8 01 79". As LDAPSearch requires hex values to be escaped it must look like: "\c0\a8\01\79"

Since we are looking for an IP address type the filter would be: "1#\c0\a8\01\79"

The complete LDAPSearch string and results are shown below.

ldapsearch -h -b ou=butler,ou=people,DC=willeke,DC=com -D cn=admin,ou=administration,dc=willeke,dc=com -W (networkAddress=1#\c0\a8\01\79) networkaddress cn uid
version: 1

# filter: (networkAddress=1#\c0\a8\01\79)
# requesting: networkaddress cn uid

# jim,butler,people,willeke,com
dn: cn=jim,ou=butler,ou=people,dc=willeke,dc=com
uid: w39821
cn: jim
networkaddress:: MSPAqAF5

# search result
# search: 2
# result: 0 Success

# numResponses: 2
# numEntries: 1

The response for the network address is encoded in base64.

Edirectory NetworkAddress#

So, you know someone's IP address and you want to determine who they are. Assuming they are logged into eDirectory, you can do an LDAP search to determine who is logged into eDirectory from that address.

First you need to understand the LDAPSyntaxes of networkAddress.

NetworkAddress is of the SYN_NET_ADDRESS, "1" means its an IP address; "#" is used by eDirectory to delimit fields of different data types.

So if you are given an IP Address, you would have you would need to do an LDAP search as


So if we only have to worry about IP, and we have the ip address, then we can do searches as:

1# always indicates it is IP. If we take the IP address of and convert each octet to Hex we have: c0 a8 01 64

We can then do a LDAP search using the following:

ldapsearch -h xxx.xxx.xxx.xxx -b ou=people,DC=willeke,DC=com -D cn=jim,ou=butler,ou=people,dc=willeke,dc=com -W networkAddress=1#\C0\A8\01\64) networkaddress
Enter LDAP Password: version: 1

NOTE: "\" is an escape character for [Hex].
# filter: (networkAddress=\31\23\C0\A8\01\64)
# requesting: networkaddress

# jim,butler,people,willeke,com
dn: cn=jim,ou=butler,ou=people,dc=willeke,dc=com
networkaddress:: MSPAqAFk

# search result
# search: 2
# result: 0 Success

# numResponses: 2
# numEntries: 1

If we decode the base64 value it shows up as 31 23 c0 a8 01 64

More Information#

There might be more information for this subject on one of the following: