Example LDAP commands
From Brandonhutchinson.com
(Difference between revisions)
| Line 7: | Line 7: | ||
* To test the ''proxyagent'' password: | * To test the ''proxyagent'' password: | ||
$ '''ldapsearch -D "cn=proxyagent,ou=profile,dc=example,dc=com" -w ''password'' -b dc=example,dc=com objectclass=\*''' | $ '''ldapsearch -D "cn=proxyagent,ou=profile,dc=example,dc=com" -w ''password'' -b dc=example,dc=com objectclass=\*''' | ||
| + | |||
| + | * To display the ''userPassword'' attribute with ''pam_ldap'' authentication for ''uid=hutchib'': | ||
| + | $ '''ldapsearch -D "cn=Directory Manager" -w ''Directory_Manager_password -h ''LDAP_server'' -b ou=people,dc=example,dc=com uid=hutchib userPassword''' | ||
* Two ways to delete an LDAP client profile named ''cn=default,ou=profile,dc=example,dc=com'': | * Two ways to delete an LDAP client profile named ''cn=default,ou=profile,dc=example,dc=com'': | ||
Revision as of 18:14, 14 December 2007
- To list the password policy on Sun Directory Server 5.2 and later:
$ ldapsearch -h LDAP_server -D "cn=Directory Manager" -b "cn=Password Policy,cn=config" "objectClass=*"
- To list LDAP client profiles on LDAP server:
$ ldapsearch -h LDAP_server -D "cn=Directory Manager" -b "ou=profile,dc=example,dc=com" "objectClass=*"
- To test the proxyagent password:
$ ldapsearch -D "cn=proxyagent,ou=profile,dc=example,dc=com" -w password -b dc=example,dc=com objectclass=\*
- To display the userPassword attribute with pam_ldap authentication for uid=hutchib:
$ ldapsearch -D "cn=Directory Manager" -w Directory_Manager_password -h LDAP_server -b ou=people,dc=example,dc=com uid=hutchib userPassword
- Two ways to delete an LDAP client profile named cn=default,ou=profile,dc=example,dc=com:
$ /usr/bin/printf "cn=default,ou=profile,dc=example,dc=com\n" | ldapdelete -h LDAP_server -D "cn=Directory Manager" $ /usr/bin/printf "dn: cn=default,ou=profile,dc=example,dc=com\nchangetype: delete" | ldapmodify -h LDAP_server -D "cn=Directory Manager"
- Modifying the defaultServerList attribute in the simple LDAP client profile:
$ /usr/bin/printf "dn: cn=simple,ou=profile,dc=example,dc=com\nchangetype: modify\nreplace: defaultServerList\ndefaultServerList: 192.168.1.100 192.168.1.101\n" | ldapmodify -h LDAP_server -D "cn=Directory Manager"
- When does my proxyagent user password expire?
$ ldapsearch -h LDAP_server -D "cn=Directory Manager" -b ou=profile,dc=example,dc=com cn=proxyagent passwordExpirationTime
Changing an LDAP UID
Changing an LDAP UID entails changing uid, cn, and homeDirectory. Because we are changing the cn RDN, we have to use ldapmodrdn instead of ldapmodify.
$ ldapmodify -h LDAP_server -D "cn=Directory Manager" dn: uid=old_uid,ou=people,dc=example,dc=com changetype: modify replace: uid uid: new_uid - replace: cn cn: new_uid - replace: homeDirectory homeDirectory: /home/new_uid <Ctrl-D> ldap_modify_s: Operation not allowed on RDN
ldapmodrdn takes as its arguments the DN of the entry to rename and the new RDN. The -r flag removes the old RDN, which would have been kept by default.
$ ldapmodrdn -r -h LDAP_server -D "cn=Directory Manager" uid=old_uid,ou=people,dc=example,dc=com uid=new_uid <Ctrl-D>
Next, change the cn and homeDirectory using ldapmodify.
$ ldapmodify -h LDAP_server -D "cn=Directory Manager" dn: uid=new_uid,ou=people,dc=example,dc=com changetype: modify replace: cn cn: new_uid - replace: homeDirectory homeDirectory: /home/new_uid <Ctrl-D>
