https://support.google.com/a/answer/9048516?hl=en
https://support.google.com/a/answer/9089736?hl=en&ref_topic=9173976
export LDAPTLS_CERT=Google_2024_04_01_53965.crt
export LDAPTLS_KEY=Google_2024_04_01_53965.keyuid=user10
ldapsearch -LLL -v -H ldaps://ldap.google.com -b dc=esodemoapp2,dc=com '(uid=user1)'
$ more /etc/ldap/ldap.conf
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
TLS_REQCERT allow
ldapsearch -x -W -LLL -v -H ldaps://ldap.google.com -D 'uid=user10,ou=Users,dc=esodemoapp2,dc=com' -b ou=Users,dc=esodemoapp2,dc=com -s sub '(objectClass=*)' '(uid=user10)'
$ ldapsearch -LLL -v -H ldaps://ldap.google.com -b dc=esodemoapp2,dc=com '(uid=user1)'
ldap_initialize( ldaps://ldap.google.com:636/??base )
SASL/EXTERNAL authentication started
SASL username: st=California,c=US,ou=GSuite,cn=LDAP Client,l=Mountain View,o=Google Inc.
SASL SSF: 0
filter: (uid=user1)
requesting: All userApplication attributes
dn: uid=user1,ou=Users,dc=esodemoapp2,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: posixAccount
uid: user1
googleUid: user1
posixUid: user1_esodemoapp2_com
cn: user1
cn: user1 user1
sn: user1
displayName: user1 user1
givenName: user1
mail: user1@esodemoapp2.com
uidNumber: 1795327063
gidNumber: 1795327063
homeDirectory: /home/user1_esodemoapp2_com
loginShell: /bin/bash
gecos:
apple-generateduid: 4E71C400-745E-4D01-A1A0-F477D339B34F
memberOf: cn=group1_3,ou=Groups,dc=esodemoapp2,dc=com
memberOf: cn=group8_10,ou=Groups,dc=esodemoapp2,dc=com
memberOf: cn=group_external_mixed1,ou=Groups,dc=esodemoapp2,dc=com
memberOf: cn=my-group,ou=Groups,dc=esodemoapp2,dc=com
memberOf: cn=subgroup1,ou=Groups,dc=esodemoapp2,dc=com