LDAP Commands

There are several basic commands to run LDAP. Each of these commands is installed in the /usr/sbin directory and must be run as root.

Lesson 2 / Lesson 4

Important: The slap commands need to be run when the directory is off, so be sure to shut down LDAP before you run those commands.  If you want to use commands while the directory is online use the ldap commands.

slapd - this is the LDAP server daemon

slurpd - the daemon that synchronizes with other LDAP servers

slapadd - this program is used to add ldif files into LDAP

Example:
# slapadd -l users.ldif

slappasswd - it will create a password that can be used with ldapmodify, or rootpw.   You have to copy and paste the password into your file.

# slappasswd
New password:
Re-enter new password:
{SSHA}6i0fOQCvnjtbPi47I+1RWcRsOoLjUDNR

slapcat – retrieves entries from LDAP directory
slapindex – reindexes the slapd directory

ldapadd – adds entries to LDAP

Example:
ldapadd -x -D "cn=admin,dc=linux,dc=local" -W -f users.ldif

ldapdelete – deletes entries
ldapmodify – modifies LDAP entries
The "-W" is an option that will request your password.

Example:
 ldapmodify -D "cn=admin,dc=linux,dc=local" -W -x -v -f /etc/openldap/users.ldif


ldapsearch – search for entries
This example will search for all entries.

Example:
# ldapsearch -x -b "dc=linux,dc=local" "(objectclass=*)"

ldapcompare – create comparison parameters
ldapwhoami – run whoami
ldapmodrdn – modifies RDN entries

ldap Command s
Options        Description
-d integer    debugging level
-D binddn    the DN to use for binding to the LDAP server
-f filename    point to file that had LDIF entries
-H URI        points to LDAP URI
-I        interactive mode for SASL
-k        enable Kerberos 4 authentication
-K        eanble only first stop of Kerberos 4 authentication
-M        enable Manager DSA IT control
-n        does not perform search
-O security_properties    defines SASL security properties
-P [2\3]    protocol version
-Q        suppress SASl messages
-R sasl_realm    define realm
-U username    username for SASL authentication
-v        verbose
-w password    specify password
-W        prompt for password
-x    simple authentication
-Xid        define SASL authorization identity
-y passwdfile    read password for simple bind from filename
-Y sasl_mechanism    SASL mechanisim to use
-Z        issue StartTLS request

Options Specific to ldapsearch
-a[never\always\search\find]    how to handle aliases
-A                return attribute names but not values
-b basedn            define base DN
-F prefix            URL prefix
-l limit            time limit (seconds) for search
-L                print resultin LDIF format
-LL                print without comments
-LLL                print without comments or version
-s [sub\base\one]        define scope
-S attribute            sort resutls by value
-u                include user-friendly names
-z limit            max entries to return