LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/HOWTO/LDAP-HOWTO/utilities.html

503 lines
9.5 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML
><HEAD
><TITLE
>The ldapsearch, ldapdelete and ldapmodify utilities</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="LDAP Linux HOWTO"
HREF="index.html"><LINK
REL="UP"
TITLE="Database Creation and Maintenance"
HREF="dbcreation.html"><LINK
REL="PREVIOUS"
TITLE="More on the LDIF Format"
HREF="moreonldif.html"><LINK
REL="NEXT"
TITLE="Additional Information and Features"
HREF="additional.html"></HEAD
><BODY
CLASS="section"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>LDAP Linux HOWTO</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="moreonldif.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 5. Database Creation and Maintenance</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="additional.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="section"
><H1
CLASS="section"
><A
NAME="Utilities"
></A
>5.4. The ldapsearch, ldapdelete and ldapmodify utilities</H1
><P
><B
CLASS="command"
>ldapsearch</B
> - ldapsearch is a shell accessible interface to the ldap_search(3)
library call. Use this utility to search for entries on your LDAP database backend. </P
><P
>The synopsis to call ldapsearch is the following (take a look at the ldapsearch
man page to see what each option means): </P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>&#13;ldapsearch [-n] [-u] [-v] [-k]
[-K] [-t] [-A] [-B] [-L]
[-R] [-d debuglevel] [-F sep] [-f file]
[-x] [-D binddn] [-W] [-w bindpasswd]
[-h ldaphost] [-p ldapport] [-b searchbase]
[-s base|one|sub]
[-a never|always|search|find] [-l timelimit]
[-z sizelimit] filter [attrs...]
</PRE
></FONT
></TD
></TR
></TABLE
><P
><B
CLASS="command"
>ldapsearch</B
> opens a connection to an LDAP server, binds, and performs a
search using the filter <EM
>filter</EM
>. The filter should conform to the string
representation for LDAP filters as defined in RFC 1558. If ldapsearch finds one
or more entries, the attributes specified by <EM
>attrs</EM
> are retrieved and the
entries and values are printed to standard output. If no attrs are listed, all
attributes are returned.</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>&#13;ldapsearch -x -b 'o=TUDelft,c=NL' 'objectclass=*'
ldapsearch -b 'o=TUDelft,c=NL' 'cn=Rene van Leuken'
ldasearch -u -b 'o=TUDelft,c=NL' 'cn=Luiz Malere' sn mail
</PRE
></FONT
></TD
></TR
></TABLE
><P
>The -b option stands for searchbase (initial search point), the -u option
stands for userfriendly output information and the -x option is used to specify
simple authentication.</P
><P
><B
CLASS="command"
>ldapdelete - </B
>ldapdelete is a shell accessible interface to the ldap_delete(3)
library call. Use this utility to delete entries on our LDAP database backend.</P
><P
>The synopsis to call ldapdelete is the following (take a look at the ldapdelete
man page to see what each option means): </P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>&#13;ldapdelete [-n] [-v] [-k] [-K]
[-c] [-d debuglevel] [-f file] [-D binddn]
[-W] [-w passwd] [-h ldaphost] [-p ldapport]
[dn]...
</PRE
></FONT
></TD
></TR
></TABLE
><P
><B
CLASS="command"
>ldapdelete</B
> opens a connection to an LDAP server, binds, and deletes one or more
entries. If one or more dn arguments are provided, entries with those
Distinguished Names are deleted. Each dn should be a string-represented DN as
defined in RFC 1779. If no dn arguments are provided, a list of DNs is read
from standard input (or from file if the -f flag is used). </P
><P
>Here are some examples of the use of ldapdelete: </P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>&#13;ldapdelete 'cn=Luiz Malere,o=TUDelft,c=NL'
ldapdelete -v 'cn=Rene van Leuken,o=TUDelft,c=NL' -D 'cn=Luiz Malere,o=TUDelft,c=NL' -W
</PRE
></FONT
></TD
></TR
></TABLE
><P
>The -v option stands for verbose mode, the -D option stands for Binddn (the dn
to authenticate against) and the -W option stands for password prompt. </P
><P
><B
CLASS="command"
>ldapmodify - </B
>ldapmodify is a shell accessible interface to the
ldap_modify(3) and ldap_add(3) library calls. Use this utility to modify entries on our LDAP
database backend. </P
><P
>The synopsis to call ldapmodify is the following (take a look at the ldapmodify
man page to see what each option mean): </P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>&#13;ldapmodify [-a] [-b] [-c] [-r]
[-n] [-v] [-k] [-d debuglevel]
[-D binddn] [-W] [-w passwd]
[-h ldaphost] [-p ldapport] [-f file]
ldapadd [-b] [-c] [-r] [-n]
[-v] [-k] [-K] [-d debuglevel]
[-D binddn] [-w passwd] [-h ldaphost]
[-p ldapport] [-f file]
</PRE
></FONT
></TD
></TR
></TABLE
><P
><B
CLASS="command"
>ldapadd</B
> is implemented as a hard link to the ldapmodify tool. When invoked as
ldapadd the -a (add new entry) flag of ldapmodify is turned on automatically.
ldapmodify opens a connection to an LDAP server, binds, and modifies or
adds entries. The entry information is read from standard input or from file
through the use of the -f option. </P
><P
>Here are some examples of the use of ldapmodify: </P
><P
>Assuming that the file /tmp/entrymods exists and has the contents: </P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>&#13;dn: cn=Modify Me, o=University of Michigan, c=US
changetype: modify
replace: mail
mail: modme@terminator.rs.itd.umich.edu
-
add: title
title: Grand Poobah
-
add: jpegPhoto
jpegPhoto: /tmp/modme.jpeg
-
delete: description
-
</PRE
></FONT
></TD
></TR
></TABLE
><P
>The command: </P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>ldapmodify -b -r -f /tmp/entrymods </PRE
></FONT
></TD
></TR
></TABLE
><P
>will replace the contents of the "Modify Me" entry's mail attribute with
the value "modme@terminator.rs.itd.umich.edu", add a title of "Grand Poobah",
and the contents of the file /tmp/modme.jpeg as a jpegPhoto, and completely
remove the description attribute. </P
><P
>The same modifications as above can be performed using the older ldapmodify
input format: </P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>&#13;cn=Modify Me, o=University of Michigan, c=US
mail=modme@terminator.rs.itd.umich.edu
+title=Grand Poobah
+jpegPhoto=/tmp/modme.jpeg
-description
</PRE
></FONT
></TD
></TR
></TABLE
><P
>And plus the command bellow: </P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>ldapmodify -b -r -f /tmp/entrymods </PRE
></FONT
></TD
></TR
></TABLE
><P
>Assuming that the file /tmp/newentry exists and has the contents: </P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>&#13;dn: cn=Barbara Jensen, o=University of Michigan, c=US
objectClass: person
cn: Barbara Jensen
cn: Babs Jensen
sn: Jensen
title: the world's most famous manager
mail: bjensen@terminator.rs.itd.umich.edu
uid: bjensen
</PRE
></FONT
></TD
></TR
></TABLE
><P
>The command: </P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>ldapadd -f /tmp/entrymods </PRE
></FONT
></TD
></TR
></TABLE
><P
>will add the entry with dn: cn=Barbara Jensen, o=University of Michigan, c=US
if it's not already present. If an entry with this dn already exists, the
command will point out the error and will not overwrite the entry.</P
><P
>Assuming that the file /tmp/newentry exists and has the contents: </P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>&#13;dn: cn=Barbara Jensen, o=University of Michigan, c=US
changetype: delete
</PRE
></FONT
></TD
></TR
></TABLE
><P
>The command: </P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>ldapmodify -f /tmp/entrymods </PRE
></FONT
></TD
></TR
></TABLE
><P
>will remove Babs Jensen's entry. </P
><P
>The -f option stands for file (read the modification information from a file
instead of standard input), the -b option stands for binary (any values
starting with a '/' on the input file are interpreted as binaries), the -r
stands for replace (replace existing values by default). </P
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="moreonldif.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="additional.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>More on the LDIF Format</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="dbcreation.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Additional Information and Features</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink