Example LDAP commands

From Brandonhutchinson.com

(Difference between revisions)
Jump to: navigation, search
m
m
Line 22: Line 22:
$ '''ldapsearch -h ''LDAP_server'' -D "cn=Directory Manager" -b ou=profile,dc=example,dc=com cn=proxyagent passwordExpirationTime'''
$ '''ldapsearch -h ''LDAP_server'' -D "cn=Directory Manager" -b ou=profile,dc=example,dc=com cn=proxyagent passwordExpirationTime'''
 +
 +
* View the default root level ACIs.
 +
$ '''ldapsearch -h ''LDAP_server'' -D "cn=Directory Manager" -b "" -s base "(objectClass=*)" aci'''
=== Changing an LDAP UID ===
=== Changing an LDAP UID ===

Revision as of 17:21, 25 January 2008

  • To list the password policy on Sun Directory Server 5.2 and later:
$ ldapsearch -h LDAP_server -D "cn=Directory Manager" -b "cn=Password Policy,cn=config" "objectClass=*"
  • To list LDAP client profiles on LDAP server:
$ ldapsearch -h LDAP_server -D "cn=Directory Manager" -b "ou=profile,dc=example,dc=com" "objectClass=*"
  • To test the proxyagent password:
$ ldapsearch -D "cn=proxyagent,ou=profile,dc=example,dc=com" -w password -b dc=example,dc=com objectclass=\*
  • To display the userPassword attribute with pam_ldap authentication for uid=hutchib:
$ ldapsearch -D "cn=Directory Manager" -w Directory_Manager_password -h LDAP_server -b ou=people,dc=example,dc=com uid=hutchib userPassword
  • Two ways to delete an LDAP client profile named cn=default,ou=profile,dc=example,dc=com:
$ /usr/bin/printf "cn=default,ou=profile,dc=example,dc=com\n" | ldapdelete -h LDAP_server -D "cn=Directory Manager"
$ /usr/bin/printf "dn: cn=default,ou=profile,dc=example,dc=com\nchangetype: delete" | ldapmodify -h LDAP_server -D "cn=Directory Manager"
  • Modifying the defaultServerList attribute in the simple LDAP client profile:
$ /usr/bin/printf "dn: cn=simple,ou=profile,dc=example,dc=com\nchangetype: modify\nreplace: defaultServerList\ndefaultServerList: 192.168.1.100 192.168.1.101\n" | ldapmodify -h LDAP_server -D "cn=Directory Manager"
  • When does my proxyagent user password expire?
$ ldapsearch -h LDAP_server -D "cn=Directory Manager" -b ou=profile,dc=example,dc=com cn=proxyagent passwordExpirationTime
  • View the default root level ACIs.
$ ldapsearch -h LDAP_server -D "cn=Directory Manager" -b "" -s base "(objectClass=*)" aci

Changing an LDAP UID

Changing an LDAP UID entails changing uid, cn, and homeDirectory. Because we are changing the cn RDN, we have to use ldapmodrdn instead of ldapmodify.

$ ldapmodify -h LDAP_server -D "cn=Directory Manager"
dn: uid=old_uid,ou=people,dc=example,dc=com
changetype: modify
replace: uid
uid: new_uid
-
replace: cn
cn: new_uid
-
replace: homeDirectory
homeDirectory: /home/new_uid
<Ctrl-D>
ldap_modify_s: Operation not allowed on RDN

ldapmodrdn takes as its arguments the DN of the entry to rename and the new RDN. The -r flag removes the old RDN, which would have been kept by default.

$ ldapmodrdn -r -h LDAP_server -D "cn=Directory Manager"
uid=old_uid,ou=people,dc=example,dc=com
uid=new_uid
<Ctrl-D>

Next, change the cn and homeDirectory using ldapmodify.

$ ldapmodify -h LDAP_server -D "cn=Directory Manager"
dn: uid=new_uid,ou=people,dc=example,dc=com
changetype: modify
replace: cn
cn: new_uid
-
replace: homeDirectory
homeDirectory: /home/new_uid
<Ctrl-D>
Personal tools