Example LDAP commands

From Brandonhutchinson.com

(Difference between revisions)
Jump to: navigation, search
m (Changing an LDAP UID)
Line 19: Line 19:
=== Changing an LDAP UID ===
=== Changing an LDAP UID ===
-
Changing an LDAP UID entails changing ''uid'', ''cn'', and ''homeDirectory''.
+
Changing an LDAP UID entails changing ''uid'', ''cn'', and ''homeDirectory''. Because we are changing the RDN, we have to use ''ldapmodrdn'' instead of ''ldapmodify''.
$ '''/usr/bin/printf "dn: uid=old_uid,ou=people,dc=example,dc=com\nchangetype: modify\nreplace: uid\nuid: new_uid\n-\nreplace: cn\ncn: new_uid\n-\nreplace: homeDirectory\nhomeDirectory: /home/new_uid\n" | ldapmodify -h ''LDAP_server'' -D "cn=Directory Manager"'''
$ '''/usr/bin/printf "dn: uid=old_uid,ou=people,dc=example,dc=com\nchangetype: modify\nreplace: uid\nuid: new_uid\n-\nreplace: cn\ncn: new_uid\n-\nreplace: homeDirectory\nhomeDirectory: /home/new_uid\n" | ldapmodify -h ''LDAP_server'' -D "cn=Directory Manager"'''
ldap_modify_s: Operation not allowed on RDN
ldap_modify_s: Operation not allowed on RDN
- 
-
Meaning of this error message:
 
-
The operation you are trying to perform would change the RDN. If you want to change the value of an attribute used in an RDN, use ldapmodrdn and not ldapmodify.
 

Revision as of 16:50, 25 September 2007

To list the password policy on Sun Directory Server 5.2 and later:

$ ldapsearch -h LDAP_server -D "cn=Directory Manager" -b "cn=Password Policy,cn=config" "objectClass=*"

To list LDAP client profiles on LDAP server:

$ ldapsearch -h LDAP_server -D "cn=Directory Manager" -b "ou=profile,dc=example,dc=com" "objectClass=*"

Two ways to delete an LDAP client profile named cn=default,ou=profile,dc=example,dc=com:

$ /usr/bin/printf "cn=default,ou=profile,dc=example,dc=com\n" | ldapdelete -h LDAP_server -D "cn=Directory Manager"
$ /usr/bin/printf "dn: cn=default,ou=profile,dc=example,dc=com\nchangetype: delete" | ldapmodify -h LDAP_server -D "cn=Directory Manager"

Modifying the defaultServerList attribute in the simple LDAP client profile:

$ /usr/bin/printf "dn: cn=simple,ou=profile,dc=example,dc=com\nchangetype: modify\nreplace: defaultServerList\ndefaultServerList: 192.168.1.100 192.168.1.101\n" | ldapmodify -h LDAP_server -D "cn=Directory Manager"

When does my proxyagent user password expire?

$ ldapsearch -h LDAP_server -D "cn=Directory Manager" -b ou=profile,dc=example,dc=com cn=proxyagent passwordExpirationTime

Changing an LDAP UID

Changing an LDAP UID entails changing uid, cn, and homeDirectory. Because we are changing the RDN, we have to use ldapmodrdn instead of ldapmodify.

$ /usr/bin/printf "dn: uid=old_uid,ou=people,dc=example,dc=com\nchangetype: modify\nreplace: uid\nuid: new_uid\n-\nreplace: cn\ncn: new_uid\n-\nreplace: homeDirectory\nhomeDirectory: /home/new_uid\n" | ldapmodify -h LDAP_server -D "cn=Directory Manager"
ldap_modify_s: Operation not allowed on RDN
Personal tools