Example LDAP commands

From Brandonhutchinson.com

Revision as of 18:00, 25 September 2007 by Hutch (Talk | contribs)
Jump to: navigation, search

To list the password policy on Sun Directory Server 5.2 and later:

$ ldapsearch -h LDAP_server -D "cn=Directory Manager" -b "cn=Password Policy,cn=config" "objectClass=*"

To list LDAP client profiles on LDAP server:

$ ldapsearch -h LDAP_server -D "cn=Directory Manager" -b "ou=profile,dc=example,dc=com" "objectClass=*"

Two ways to delete an LDAP client profile named cn=default,ou=profile,dc=example,dc=com:

$ /usr/bin/printf "cn=default,ou=profile,dc=example,dc=com\n" | ldapdelete -h LDAP_server -D "cn=Directory Manager"
$ /usr/bin/printf "dn: cn=default,ou=profile,dc=example,dc=com\nchangetype: delete" | ldapmodify -h LDAP_server -D "cn=Directory Manager"

Modifying the defaultServerList attribute in the simple LDAP client profile:

$ /usr/bin/printf "dn: cn=simple,ou=profile,dc=example,dc=com\nchangetype: modify\nreplace: defaultServerList\ndefaultServerList:\n" | ldapmodify -h LDAP_server -D "cn=Directory Manager"

When does my proxyagent user password expire?

$ ldapsearch -h LDAP_server -D "cn=Directory Manager" -b ou=profile,dc=example,dc=com cn=proxyagent passwordExpirationTime

Changing an LDAP UID

Changing an LDAP UID entails changing uid, cn, and homeDirectory. Because we are changing the cn RDN, we have to use ldapmodrdn instead of ldapmodify.

$ /usr/bin/printf "dn: uid=old_uid,ou=people,dc=example,dc=com\nchangetype: modify\nreplace: uid\nuid: new_uid\n-\nreplace: cn\ncn: new_uid\n-\nreplace: homeDirectory\nhomeDirectory: /home/new_uid\n" | ldapmodify -h LDAP_server -D "cn=Directory Manager"
ldap_modify_s: Operation not allowed on RDN

ldapmodrdn takes as its arguments the DN of the entry to rename and the new RDN. The -r flag removes the old RDN, which would have been kept by default.

$ /usr/bin/printf "dn: uid=old_uid,ou=people,dc=example,dc=com\nuid=new_uid | ldapmodrdn -r -h LDAP_server -D "cn=Directory Manager"

Next, change the cn and homeDirectory using ldapmodify.

$ /usr/bin/printf "dn: uid=new_uid,ou=people,dc=example,dc=com\nchangetype: modify\nreplace: cn\ncn: new_uid\n-\nreplace: homeDirectory\nhomeDirectory: /home/new_uid\n" | ldapmodify -h LDAP_server -D "cn=Directory Manager"
Personal tools