OpenLDAP common operation and common keyword explanation

Source: Internet
Author: User
Tags ldap ldapsearch starttls openldap

With the table to explain the common LDAP keyword, feel the form of convenient memory and contrast, but also easy to find later, so it turned over, the original address: http://blog.csdn.net/reblue520/article/details/51804162

LDAP Common name Interpretation

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M02/87/16/wKioL1fT02Lg3UmmAAIUJHaIC60641.jpg "title=" 2016. JPG "alt=" wkiol1ft02lg3ummaaiujhaic60641.jpg "/>

The following is a summary of openldap commonly used commands, the feeling is quite full, so take to make records, the original is seen in: http://blog.csdn.net/zouahaijun/article/details/4503330


Common command introduction
slapd 
       4 using the IPV4 standard
      6 using IPV6 standard
    -D Debug mode     general use -1,1,256
    -F to specify the path to the configuration file        
    -H can specify the port to start the service     ldap://:2004   start the service with Port 2004


SLURPD
     -D Debug Mode     General 4
    -F Specify configuration file
     -R Specify copy

ldapadd
     -x   for simple authentication
      -d   used to bind the server's DN
     -h   directory service address
     -w   password for bind DN
     -f   File added using LDIF file
      example Ldapadd-x-D "cn=root,dc=starxing,dc=com"-W secret-f/root/ Test.ldif
              Ldapadd-x-D "cn=root,dc=starxing,dc=com"-W Secret (this is written in Command line add entry)


Ldapsearch
     -x   for simple authentication
     -d   The DN used to bind the server
     -w   password for bound DN
     -b   Specify the root node to query
     -h   The server you want to query
              Example:  ldapsearch-x-D "cn=root,dc=starxing,dc=com"-w secret-b "dc=starxing,dc=com"
   & nbsp;   use simple authentication, bind with "cn=root,dc=starxing,dc=com",
       the root to query is "dc= Starxing,dc=com ". This will give the bound user access to the
       all data displayed under "Dc=starxing,dc=com".

Example: Ldapsearch-x-w-d "CN=ADMINISTRATOR,CN=USERS,DC=OSDN,DC=ZZTI,DC=EDU,DC=CN"-B "cn=administrator,cn=users,dc= OSDN,DC=ZZTI,DC=EDU,DC=CN "-H troy.osdn.zzti.edu.cn

Ldapsearch-b "DC=CANON-IS,DC=JP"-H ldaps://192.168.0.92:636

(You need to modify the configuration file for the OpenLDAP client ldap.conf, refer to: http://ms.ntcb.edu.tw/~steven/l-penguin.s/article/ldap-5.htm)

Ldapdelete
./ldapdelete-x-D "cn=manager,dc=test,dc=com"-W Secret "uid=test1,ou=people,dc=test,dc=com"
Ldapdelete-x-d ' cn=root,dc=it,dc=com '-w secert ' uid=zyx,dc=it,dc=com '
This allows you to delete the ' uid=zyx,dc=it,dc=com ' record, and you should be aware that if there are members in the O or OU that cannot be deleted.

ldappasswd
-X for simple authentication
-D to bind the server's DN
-W bind DN Password
-S prompt input password
-S pass set the password to pass
-a pass set old passwd to pass
-A hints for setting old passwd
-H refers to the server to bind to
-I use SASL session mode
Example: Ldappasswd-x-d ' cm=root,dc=it,dc=com '-w secret ' uid=zyx,dc=it,dc=com '-s
New Password:
Re-enter new password:
Can change the password, if there is no password in the original record, will automatically generate a userpassword.


ldapmodify
-a adds a new entry. The default is to modify the existing entries.
-C auto-trace reference.
-C continue executing the program after an error does not abort. By default, an error is stopped immediately. Like if your LDIF
Item does not exist within the database, the program exits by default, but if the parameter is used, the process
The error is ignored and continues execution.
-N is used to debug traffic to the server. But does not actually perform the search. When the server shuts down, returns an error;
When on, always test with the-v parameter to see if the server is a path.
-V runs in the detailed module. Some more detailed information is typed in the standard output. For example, a server-attached
IP address, port number, and so on.
-M[M] Open Manage DSA IT control. -MM set this control to be important.
-F file reads the entry's modification information from within the file instead of reading from the standard input.
-X uses simple authentication.
-D BINDDN Specifies the user name for the search (typically a DN value).
-w Specifies the parameter, and the system pops a prompt into the user's password. It is used relative to the-w parameter.
-W BINDPASSWD directly specifies the user's password. It is used relative to the-w parameter.
-H Ldapuri Specifies the connection to the server URI (IP address and port number, the common format is
Ldap://hostname:port). If you use-H, you cannot use the-H and-p parameters.
-H ldaphost Specifies the name/IP address of the host to which you want to connect. It is used with-p.
-P ldapport Specifies the port number to connect to the directory server. It is used with-H.
If you use the-H and-p parameters, you cannot use the-h parameter.
-Z[Z] Use STARTTLS to extend the operation. If you use-zz, the command forces the use of the STARTTLS handshake to succeed.
-V Enables the certificate authentication feature, which is used by the directory server to authenticate with the client certificate and must be enabled with-zz
TLS is used in conjunction with, and is anonymously bound to, a directory server.
-E Setting client certificate file, example:-E cert/client.crt
-e Setting the client certificate private key file, for example:-E Cert/client.key
Example: Ldapmodify-x-D "cn=root,dc=it,dc=com"-w-f modify.ldif
Update the records in the Modify.ldif to the original records.


This article is from "it Little two lang" blog, please make sure to keep this source http://jerry12356.blog.51cto.com/4308715/1851428

OpenLDAP common operation and common keyword explanation

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.