Example LDAP commands

From Brandonhutchinson.com

Revision as of 16:49, 25 September 2007

To list the password policy on Sun Directory Server 5.2 and later:

$ ldapsearch -h LDAP_server -D "cn=Directory Manager" -b "cn=Password Policy,cn=config" "objectClass=*"

To list LDAP client profiles on LDAP server:

$ ldapsearch -h LDAP_server -D "cn=Directory Manager" -b "ou=profile,dc=example,dc=com" "objectClass=*"

Two ways to delete an LDAP client profile named cn=default,ou=profile,dc=example,dc=com:

$ /usr/bin/printf "cn=default,ou=profile,dc=example,dc=com\n" | ldapdelete -h LDAP_server -D "cn=Directory Manager"
$ /usr/bin/printf "dn: cn=default,ou=profile,dc=example,dc=com\nchangetype: delete" | ldapmodify -h LDAP_server -D "cn=Directory Manager"

Modifying the defaultServerList attribute in the simple LDAP client profile:

$ /usr/bin/printf "dn: cn=simple,ou=profile,dc=example,dc=com\nchangetype: modify\nreplace: defaultServerList\ndefaultServerList: 192.168.1.100 192.168.1.101\n" | ldapmodify -h LDAP_server -D "cn=Directory Manager"

When does my proxyagent user password expire?

$ ldapsearch -h LDAP_server -D "cn=Directory Manager" -b ou=profile,dc=example,dc=com cn=proxyagent passwordExpirationTime

Changing an LDAP UID

Changing an LDAP UID entails changing uid, cn, and homeDirectory.

$ /usr/bin/printf "dn: uid=old_uid,ou=people,dc=example,dc=com\nchangetype: modify\nreplace: uid\nuid: new_uid\n-\nreplace: cn\ncn: new_uid\n-\nreplace: homeDirectory\nhomeDirectory: /home/new_uid\n" | ldapmodify -h LDAP_server -D "cn=Directory Manager"
ldap_modify_s: Operation not allowed on RDN

Meaning of this error message:

The operation you are trying to perform would change the RDN. If you want to change the value of an attribute used in an RDN, use ldapmodrdn and not ldapmodify.