[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Frustrated LDAP beginner



Adam,  here are some example LDAP commands which you could enter at the
command prompt.  Obviously you will have to modify the command to reflect
the IP and domains used by your servers.

******************************************************************************************************************
{to list entire remote database}
ldapsearch -h 10.0.25.1 -p 389  -C -x -s sub -b ""

{to list all CNs in entire remote database }
ldapsearch -h 10.0.25.1 -p 389  -C -x -s sub -b "" cn

{to list just the "orgname" organization part}
ldapsearch -h 10.0.25.1 -p 389 -vvv -C -x -s sub -b "o=orgname"

{to list a specific person from "orgname"}
ldapsearch -h 10.0.25.1 -p 389 -vvv -C -x -s sub -b "o=orgname"
"(SN=persons_last_name)"

{to list one or more specific attributes on local machine using a class
filter}
("\" indicates line continuation)

ldapsearch -h 127.0.0.1 -p 389 -vvv -x -s sub -b "dc=com"  \
"
(&(objectClass=inetLocalMailRecipient)(mailLocalAddress=john.doe@fictitiousdomain.com))"

 \
mailHost mailRoutingAddress mailLocalAddress

{commands to add, modify, or delete entries in local LDAP}
ldapadd -c -D "cn=Manager,dc=com" -w secret -x -h 127.0.0.1 -p 389 -f
/tmp/addme.ldif
ldapmodify -c -D "cn=Manager,dc=com" -w secret -x -h 127.0.0.1 -p 389 -f
/tmp/modifyme.ldif
ldapdelete -c -D "cn=Manager,dc=com" -w secret -x -h 127.0.0.1 -p 389 -f
/tmp/deleteme.ldif

{ Contents of /tmp/???.ldif } ( for the deleteme.ldif you just need the dn:
line)

dn: cn=John Doe, dc=fictitiousdomain, dc=com
objectClass: person
cn: John Doe
cn: JDoe
sn: Doe

*************************************************************************************************************************




                                                                                                                                               
                      Adam Williams                                                                                                            
                      <awilliam@whitemice.org>         To:       Douglas Phillipson <dougp@intermind.net>                                      
                      Sent by:                         cc:       "OpenLDAP.org" <openldap-software@OpenLDAP.org>                               
                      owner-openldap-software@O        Subject:  Re: Frustrated LDAP beginner                                                  
                      penLDAP.org                                                                                                              
                                                                                                                                               
                                                                                                                                               
                      10/16/02 07:18 PM                                                                                                        
                                                                                                                                               
                                                                                                                                               




>I'm trying to start an LDAP effort in my company and am just not having
>any luck.  I'm using SuSE 8.0's openldap2 and using "Directory
>Administrator" (http://diradmin.open-it.org/index.php) which seems to be
>a great OpenSOurce tool.

Yes, DA is a great tool.

>Some of the "suffix's" I see on the web use o=my-domain  rather than
>dc=my-domain and they also use c=US
>I obviously am missing something here how do you know which to use and
why.

See ftp://kalamazoolinux.org/pub/pdf/ldapv3.pdf

domain component bases are the preffered these days as you can use DNS
SRV to auto config

>I can "connect" to my new LDAP server with this tool, but when
>attempting to create a group or a user I get:  "Invalid DN syntax"

You probably haven't create the ou.

>Also how do I get create organizational units to select from?

>Should a "ou" be in slapd.conf?

No, see ftp://kalamazoolinux.org/pub/pdf/ldapv3.pdf

>Do I have to do that from outside the tool?

You could use gq.

>Are they even required?

Yes, see ftp://kalamazoolinux.org/pub/pdf/ldapv3.pdf

>Does anyone  have some good detailed examples of ldap config files and
>command usage?

Use the migration skips, it is a simple-step-by-step, there is nothing
to example.  See ftp://kalamazoolinux.org/pub/pdf/ldapv3.pdf

>All the stuff on the web is terrible.

I disagree, there are lots of good docs.  Your trying to LDAP without
acquiring any UNDERSTANDING of the data model.  You will fail.

>Need lots of examples!  After I figure all this out I'm posting my
>experiences to the openldap listserver...

The OpenLDAP administrators manual has config file examples.  slapd.conf
is actually a very simple config file & format.