LDAP notes

From Wiki
Jump to: navigation, search

ldapsearch commands

ldapsearch -b "dc=unixville,dc=com" -h ldapsvr "uidNumber=5001" 

ldapsearch -b "dc=unixville,dc=com" -h ldapsvr "gidNumber=5001" 
	# find entry with a given uid or gid number.

ldapsearch -b "dc=unixville,dc=com" -h ldapsvr "uid=tin*" dn cn uidNumber
	# find all username starting with tin, display only the fields dn, cn, uidNumber.

ldapsearch -b "ou=us,dc=unixville,dc=com" -h ldapsvr "givenName=*tin*" dn givenName uidNumber
	# find all user real name containing tin anywhere, case insensitive

ldapsearch -b "ou=us,dc=unixville,dc=com" -h ldapsvr -D "cn=Directory Manager" "givenName=tin" userPassword
	# certain attributes such as shadow password can only be retrieved by
	# priviledged user.
	# Finally, some info is only available on the Directory Server (eg via
	# export) but not as ldapsearch at all.  eg attributes for Person entry: 
	# creatorsName, modifiersName, modifyTimestamp, nsUniqueId

ldapsearch -b "cn=config" -h ldapsvr -D "cn=Directory Manager" "objectClass=*"
	# retrieve config info, objectClass=* serve as wildcart for "all"

ldapsearch -b "cn=config" -h ldapsvr -D "cn=Directory Manager" "objectClass=*" | grep  passwordStorageScheme
	# grep for the password encryption scheme (crypt, ssha, etc).  
	# aix 5.3 only supports crypt
	# solaris and linux support both crypt, ssha.

ldapsearch  -b "cn=schema" -h ldapsvr -D "cn=Directory Manager" "objectClass=*" 
	# retrieve all info on the schema of the directory tree

ldapsearch -h ldapsvr  -b "o=NetscapeRoot" -D "cn=directory manager" "objectClass=*" 
	# retrieve fedora directory server internal config info
	# NetscapeRoot cuz fedora/redhat ds is based off the old netscape directory server 

ldapsearch -h ldapsvr -L -b automountMapName=auto_master,l=sf,l=ca,c=us,dc=element50,dc=com objectclass=*
	# something similar to "ypcat auto.master"

ldapsearch -h ldapsvr -T -b automountMapName=auto_home,ou=us,dc=unixville,dc=com  objectClass=*  dn                   | grep -v ^$ 

ldapsearch -h ldapsvr -T -b "ou=us,dc=unixville,dc=com"                          automountkey=*  automountInformation | grep home
	# list automount maps entries for auto_home, similar to "ypcat auto.home"

ldapsearch -h ldapsvr -T -b dc=unixville,dc=com  automountkey=/home
	# find out where /home is refered and how it is defined (auto.master, auto_master, which domain/ou)

Import an LDIF file.

ldapmodify -a -WZx -D'cn=root,dc=example,dc=com' -f dump.ldif