OpenLDAP directory to explain:
TOPLDAP installation directory:/USR/LOCAL/TOPLDAP
Topldap
Main program for |-SLAPD directory service
|-SLURPD Directory Service Replication Program
|-slapadd add data to the directory
|-slapcat the entries in the directory into LDIF files
Index of |-slapindex Rebuild directory
|-ldapcompare the properties of the entries for the directory
|-ldapadd add entries to the directory service
|-ldapdelete Delete entries in the directory
|-ldapmodify Update the value of entries in the catalog
|-ldapmodrdn change the DN of entries
|-LDAPPASSWD change the password for the entry
|-ldapsearch a directory query
|-include directory Service C's. h file
Connection files for C of the |-lib directory service
|-man Description Document
|-topldap-data storing data in a directory
|-TOPLDAP-SLURPD files when storing directory for replication
|-topldap
|-slapd.conf Directory Service server-side primary configuration file
|-LDAP.CONF Client's configuration file
To start the directory service:
/USR/LOCAL/TOPLDAP/SLAPD-D 256
Stop service:
/USR/LOCAL/TOPLDAP/STOPSLAPD, if in debug mode, press CTRL + C to terminate the service.
Replication Service for startup directory
/usr/local/topldap/slurpd-d 4
Configuration file:
/usr/local/topldap/topldap/slapd.conf
Introduction to Common commands
Slapd
4 using IPV4 Standard
6 using IPV6 Standard
-D debug mode generally uses -1,1,256
-f Specifies the path to the configuration file
-H can specify the port that initiates the service ldap://:2004 start the service with Port 2004
Slurpd
-D debug mode generally uses 4
-F Specify configuration file
-r Specifies replication
Ldapadd
-X for simple authentication
-D to bind the server's DN
The address of the-H directory service
-W Binding DN Password
-F files added with an LDIF file for entries
Example Ldapadd-x-D "cn=root,dc=starxing,dc=com"-W secret-f/root/test.ldif
Ldapadd-x-D "cn=root,dc=starxing,dc=com"-W Secret (This is to add an entry at the command line)
Ldapsearch
-X for simple authentication
-D to bind the server's DN
-W Binding DN Password
-b Specifies the root node to query
-H develop the server to query
Ldapsearch-x-D "cn=root,dc=starxing,dc=com"-w secret-b "dc=starxing,dc=com"
Using simple authentication, bind with "cn=root,dc=starxing,dc=com",
The root to query is "dc=starxing,dc=com". This will enable the bound user to access the "dc=starxing,dc=com"
All data are displayed.
Ldapdelete
The parameters are about the same as Ldapadd.
Ldapdelete-x-d ' cn=root,dc=it,dc=com '-w secert ' uid=zyx,dc=it,dc=com '
This allows you to delete the ' uid=zyx,dc=it,dc=com ' record, which should be noted if there are members in O or OU that cannot be deleted.
ldappasswd
-X for simple authentication
-D to bind the server's DN
-W Binding DN Password
-S prompt input password
-S pass sets the password
-A pass sets old passwd as pass
-a prompts the set old passwd
-H refers to the server to bind
-I use SASL session mode
#ldappasswd-X-d ' cm=root,dc=it,dc=com '-w secret ' uid=zyx,dc=it,dc=com '-s
New Password:
Re-enter new password:
You can change the password, and if there is no password in the original record, a userpassword will be generated automatically.
Ldapmodify
-a adds a new entry. The default is to modify the existing entry.
-C Automatic Trace reference.
The Execute program does not abort after error-C. The default is to stop immediately. For example, if your LDIF text
An entry in the piece does not exist in the database, and the program exits immediately by default, but if this parameter is used, the process
Preface to ignore the error to continue execution.
-N is used to debug traffic to the server. But does not actually perform the search. When the server shuts down, an error is returned;
When you open, always test with the-v parameter to see if the server is a path.
-V runs in the detail module. Play some more detailed information in the standard output. For example: Connecting to the server
IP address and port number, and so on.
-M[M] Open Manage DSA IT control. -MM this control as important.
-F file reads the modification information of the entry from the file rather than from the standard input.
-X uses simple authentication.
-D BINDDN Specifies the user name for the search (typically a DN value).
-w Specifies the parameter, and the system pops up a prompt into the user's password. It is used relative to the-w parameter.
-W bindpasswd directly specify the user's password. It is used relative to the-w parameter.
-H Ldapuri Specifies the connection to the server URI (IP address and port number, common format
Ldap://hostname:port). If you use-H, you cannot use the-H and-p parameters.
-H ldaphost Specifies the name/IP address of the host to which you want to connect. It is used with P.
-P ldapport Specifies the port number to connect to the directory server. It is used with-H.
The-h parameter cannot be used if the-H and-p parameters are used.
-Z[Z] uses the STARTTLS extension operation. If you use-zz, the command enforces the use of STARTTLS handshake success.
-V Enable certificate authentication, the directory server uses client certificates for authentication, must be forced to be enabled with-zz
TLS is used in conjunction with and is anonymously bound to a directory server.
-E Set client certificate file, example:-E cert/client.crt
-E Set client certificate private key file, example:-E Cert/client.key
#ldapmodify-X-D "cn=root,dc=it,dc=com"-w-f modify.ldif
Updates the records in the Modify.ldif to the original records.
OpenLDAP contains series of tools:
Ldapsearch commands to the LDAP server (using the-l parameter to export data to an LDIF file);
Ldapadd to import data from LDIF to the LDAP server;
Ldapmodify applies a set of changes described in LDIF to the LDAP server (similar to Ldapadd).
Ldapdelete
"Ldapadd" Add Nodes:
-X indicates password validation;
-D <DN> Specifies the DN of the Administrator;
-W <PASSWORD> Specifies the administrator's password;
-W prompts to enter the administrator's password;
-F <FILE> Specify the LDIF file path;
-H <URL> Specify the URL of the LDAP server (for example, Ben for ldap://localhost/);
To manually add information to the LDAP server, first create an LDIF file. It must be noted that LDAP is a tree-like database
"Ldapsearch" Query node:
Ldapsearch-x-B ' dc=hung,dc=mooo,dc=com '-S base ' (objectclass=*) '
"Ldapdelete"
Ldapdelete "cn=manager,dc=hung,dc=mooo,dc=com"-x-w \