503 lines
9.5 KiB
HTML
503 lines
9.5 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
|
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>The ldapsearch, ldapdelete and ldapmodify utilities</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
|
|
REL="HOME"
|
|
TITLE="LDAP Linux HOWTO"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="Database Creation and Maintenance"
|
|
HREF="dbcreation.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="More on the LDIF Format"
|
|
HREF="moreonldif.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Additional Information and Features"
|
|
HREF="additional.html"></HEAD
|
|
><BODY
|
|
CLASS="section"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
SUMMARY="Header navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>LDAP Linux HOWTO</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="moreonldif.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 5. Database Creation and Maintenance</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="additional.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="section"
|
|
><H1
|
|
CLASS="section"
|
|
><A
|
|
NAME="Utilities"
|
|
></A
|
|
>5.4. The ldapsearch, ldapdelete and ldapmodify utilities</H1
|
|
><P
|
|
><B
|
|
CLASS="command"
|
|
>ldapsearch</B
|
|
> - ldapsearch is a shell accessible interface to the ldap_search(3)
|
|
library call. Use this utility to search for entries on your LDAP database backend. </P
|
|
><P
|
|
>The synopsis to call ldapsearch is the following (take a look at the ldapsearch
|
|
man page to see what each option means): </P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
> ldapsearch [-n] [-u] [-v] [-k]
|
|
[-K] [-t] [-A] [-B] [-L]
|
|
[-R] [-d debuglevel] [-F sep] [-f file]
|
|
[-x] [-D binddn] [-W] [-w bindpasswd]
|
|
[-h ldaphost] [-p ldapport] [-b searchbase]
|
|
[-s base|one|sub]
|
|
[-a never|always|search|find] [-l timelimit]
|
|
[-z sizelimit] filter [attrs...]
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
><B
|
|
CLASS="command"
|
|
>ldapsearch</B
|
|
> opens a connection to an LDAP server, binds, and performs a
|
|
search using the filter <EM
|
|
>filter</EM
|
|
>. The filter should conform to the string
|
|
representation for LDAP filters as defined in RFC 1558. If ldapsearch finds one
|
|
or more entries, the attributes specified by <EM
|
|
>attrs</EM
|
|
> are retrieved and the
|
|
entries and values are printed to standard output. If no attrs are listed, all
|
|
attributes are returned.</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
> ldapsearch -x -b 'o=TUDelft,c=NL' 'objectclass=*'
|
|
|
|
ldapsearch -b 'o=TUDelft,c=NL' 'cn=Rene van Leuken'
|
|
|
|
ldasearch -u -b 'o=TUDelft,c=NL' 'cn=Luiz Malere' sn mail
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>The -b option stands for searchbase (initial search point), the -u option
|
|
stands for userfriendly output information and the -x option is used to specify
|
|
simple authentication.</P
|
|
><P
|
|
><B
|
|
CLASS="command"
|
|
>ldapdelete - </B
|
|
>ldapdelete is a shell accessible interface to the ldap_delete(3)
|
|
library call. Use this utility to delete entries on our LDAP database backend.</P
|
|
><P
|
|
>The synopsis to call ldapdelete is the following (take a look at the ldapdelete
|
|
man page to see what each option means): </P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
> ldapdelete [-n] [-v] [-k] [-K]
|
|
[-c] [-d debuglevel] [-f file] [-D binddn]
|
|
[-W] [-w passwd] [-h ldaphost] [-p ldapport]
|
|
[dn]...
|
|
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
><B
|
|
CLASS="command"
|
|
>ldapdelete</B
|
|
> opens a connection to an LDAP server, binds, and deletes one or more
|
|
entries. If one or more dn arguments are provided, entries with those
|
|
Distinguished Names are deleted. Each dn should be a string-represented DN as
|
|
defined in RFC 1779. If no dn arguments are provided, a list of DNs is read
|
|
from standard input (or from file if the -f flag is used). </P
|
|
><P
|
|
>Here are some examples of the use of ldapdelete: </P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
> ldapdelete 'cn=Luiz Malere,o=TUDelft,c=NL'
|
|
|
|
ldapdelete -v 'cn=Rene van Leuken,o=TUDelft,c=NL' -D 'cn=Luiz Malere,o=TUDelft,c=NL' -W
|
|
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>The -v option stands for verbose mode, the -D option stands for Binddn (the dn
|
|
to authenticate against) and the -W option stands for password prompt. </P
|
|
><P
|
|
><B
|
|
CLASS="command"
|
|
>ldapmodify - </B
|
|
>ldapmodify is a shell accessible interface to the
|
|
ldap_modify(3) and ldap_add(3) library calls. Use this utility to modify entries on our LDAP
|
|
database backend. </P
|
|
><P
|
|
>The synopsis to call ldapmodify is the following (take a look at the ldapmodify
|
|
man page to see what each option mean): </P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
> ldapmodify [-a] [-b] [-c] [-r]
|
|
[-n] [-v] [-k] [-d debuglevel]
|
|
[-D binddn] [-W] [-w passwd]
|
|
[-h ldaphost] [-p ldapport] [-f file]
|
|
|
|
ldapadd [-b] [-c] [-r] [-n]
|
|
[-v] [-k] [-K] [-d debuglevel]
|
|
[-D binddn] [-w passwd] [-h ldaphost]
|
|
[-p ldapport] [-f file]
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
><B
|
|
CLASS="command"
|
|
>ldapadd</B
|
|
> is implemented as a hard link to the ldapmodify tool. When invoked as
|
|
ldapadd the -a (add new entry) flag of ldapmodify is turned on automatically.
|
|
|
|
ldapmodify opens a connection to an LDAP server, binds, and modifies or
|
|
adds entries. The entry information is read from standard input or from file
|
|
through the use of the -f option. </P
|
|
><P
|
|
>Here are some examples of the use of ldapmodify: </P
|
|
><P
|
|
>Assuming that the file /tmp/entrymods exists and has the contents: </P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
> dn: cn=Modify Me, o=University of Michigan, c=US
|
|
changetype: modify
|
|
replace: mail
|
|
mail: modme@terminator.rs.itd.umich.edu
|
|
-
|
|
add: title
|
|
title: Grand Poobah
|
|
-
|
|
add: jpegPhoto
|
|
jpegPhoto: /tmp/modme.jpeg
|
|
-
|
|
delete: description
|
|
-
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>The command: </P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>ldapmodify -b -r -f /tmp/entrymods </PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>will replace the contents of the "Modify Me" entry's mail attribute with
|
|
the value "modme@terminator.rs.itd.umich.edu", add a title of "Grand Poobah",
|
|
and the contents of the file /tmp/modme.jpeg as a jpegPhoto, and completely
|
|
remove the description attribute. </P
|
|
><P
|
|
>The same modifications as above can be performed using the older ldapmodify
|
|
input format: </P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
> cn=Modify Me, o=University of Michigan, c=US
|
|
mail=modme@terminator.rs.itd.umich.edu
|
|
+title=Grand Poobah
|
|
+jpegPhoto=/tmp/modme.jpeg
|
|
-description
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>And plus the command bellow: </P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>ldapmodify -b -r -f /tmp/entrymods </PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>Assuming that the file /tmp/newentry exists and has the contents: </P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
> dn: cn=Barbara Jensen, o=University of Michigan, c=US
|
|
objectClass: person
|
|
cn: Barbara Jensen
|
|
cn: Babs Jensen
|
|
sn: Jensen
|
|
title: the world's most famous manager
|
|
mail: bjensen@terminator.rs.itd.umich.edu
|
|
uid: bjensen
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>The command: </P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>ldapadd -f /tmp/entrymods </PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>will add the entry with dn: cn=Barbara Jensen, o=University of Michigan, c=US
|
|
if it's not already present. If an entry with this dn already exists, the
|
|
command will point out the error and will not overwrite the entry.</P
|
|
><P
|
|
>Assuming that the file /tmp/newentry exists and has the contents: </P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
> dn: cn=Barbara Jensen, o=University of Michigan, c=US
|
|
changetype: delete
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>The command: </P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
>ldapmodify -f /tmp/entrymods </PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
>will remove Babs Jensen's entry. </P
|
|
><P
|
|
>The -f option stands for file (read the modification information from a file
|
|
instead of standard input), the -b option stands for binary (any values
|
|
starting with a '/' on the input file are interpreted as binaries), the -r
|
|
stands for replace (replace existing values by default). </P
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
SUMMARY="Footer navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="moreonldif.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
ACCESSKEY="H"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="additional.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>More on the LDIF Format</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="dbcreation.html"
|
|
ACCESSKEY="U"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Additional Information and Features</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |