Process format:/usr/sbin/slapd-G openldap-u openldap-F/etc/ldap/slapd. conf
Directory description:
Topldap installation directory:/usr/local/topldap
Topldap
|-Main program of slapd Directory Service
|-The program that the slurpd Directory Service copies
|-Slapadd: add data to the directory
|-Slapcat exports entries in the directory to an ldif File
|-Slapindex: re-creates a Directory Index.
|-Ldapcompare compares the attributes of directory entries.
|-Ldapadd add entries to the Directory Service
|-Ldapdelete: delete entries in the directory
|-Ldapmodify: update the value of entries in the directory
|-Ldapmodrdn
|-Ldappasswd: change the password of the Entry
|-Ldapsearch queries the Directory
| --- Include the. h file of C in the Directory Service
| --- Lib directory service's c connection file
| --- Man instructions
| --- Data stored in the topldap-data directory
| --- Topldap-slurpd
| --- Topldap
|-Main configuration files on the server side of the server under the Server Load balancer. conf directory
|-Configuration file of the LDAP. conf Client
Start Directory Service:
/Usr/local/topldap/slapd-D 256
Stop Service:
/Usr/local/topldap/stopslapd. In debug mode, press Ctrl + C to terminate the service.
Start directory replication service
/Usr/local/topldap/slurpd-D 4
Configuration file:
/Usr/local/topldap/slapd. conf
Common commands
Slapd
4. Use the IPv4 Standard
6. Use IPv6 standards
-D debug mode is generally used-256
-F specifies the path of the configuration file
-H: You can specify the port used to start the service LDAP: //: 2004 to start the service with port 2004.
In addition, it can be used to export all user information/usr/sbin/slapd-T cat-L/tmp/dump. ldif
If you want to export back, you only need to copy the/tmp/dump. ldif file to the directory in use by the system, such as/var/PS/mgmtd/ldapdump. ldif.
Slurpd
-D debug mode generally uses 4
-F specifies the configuration file
-R indicates Replication
Ldapadd
-X for simple Authentication
-D is used to bind the server's DN
-H directory service address
-W: the password for binding the DN
-F: The file that uses the ldif file to add entries
Example ldapadd-X-d "cn = root, Dc = starxing, Dc = com"-W secret-F/root/test. ldif
Ldapadd-X-d "cn = root, Dc = starxing, Dc = com"-W secret (in this way, add entries in the command line)
Ldapsearch
-X for simple Authentication
-D is used to bind the server's DN
-W: the password for binding the DN
-B: Specify the root node to be queried.
-H: Specify the server to be queried.
Ldapsearch-X-d "cn = root, Dc = starxing, Dc = com"-W secret-B "DC = starxing, Dc = com"
Simple authentication, binding with "cn = root, Dc = starxing, Dc = com,
The root of the query is "DC = starxing, Dc = com ". In this way, the bound user can access
All data is displayed.
Ldapdelete
The parameter is similar to ldapadd.
Ldapdelete-X-D 'cn = root, Dc = it, Dc = com'-W secert 'uid = ZYX, Dc = it, Dc = com'
In this way, the 'uid = ZYX, Dc = it, Dc = com 'records can be deleted. Note that if there are Members in O or Ou, they cannot be deleted.
Ldappasswd
-X for simple Authentication
-D is used to bind the server's DN
-W: the password for binding the DN
-S indicates the input password.
-S Pass: Set the password to pass
-A Pass: Set old passwd to pass
-Set the old passwd as prompted by
-H indicates the server to be bound.
-I use SASL session Mode
# Ldappasswd-X-D 'cm = root, Dc = it, Dc = com '-W secret' uid = ZYX, Dc = it, Dc = com '-S
New password:
Re-enter new password:
You can change the password. If there is no password in the original record, a userpassword is automatically generated.
Ldapmodify
-A: Add a new entry. The existing entry is modified by default.
-C: automatically tracks references.
-C continues to execute the program after an error and does not stop. By default, the program stops immediately when an error occurs. For example, if your ldif File
An entry does not exist in the Database. By default, the program exits immediately. However, if this parameter is used
Ignore this error in sequence and continue execution.
-N is used to debug the communication to the server. but does not actually execute the search. When the server is closed, an error is returned. The server
When it is enabled, it is often used together with the-V parameter to test whether the server is a channel.
-V runs in the detailed module. Some detailed information is displayed in the standard output. For example,
IP address and port number.
-M [m] Open manage DSA it control.-Mm sets this control as important.
-F file: Read the modification information of the entry from the file instead of the standard input.
-X simple authentication.
-D binddn specifies the user name to be searched (generally a DN value ).
-W specifies this parameter, and the system will pop up a prompt indicating the user's password. It is used relative to the-W parameter.
-W bindpasswd directly specifies the user's password. It is used relative to the-W parameter.
-H ldapuri: Specify the IP address and port number used to connect to the server URI. The common format is
LDAP: // hostname: Port). If-H is used, the-H and-P parameters cannot be used.
-H ldaphost specifies the name/IP address of the host to be connected. It is used with-P.
-P ldapport specifies the port number of the Directory Server to be connected. It is used with-H.
If the-H and-P parameters are used, the-H parameters cannot be used.
-Z [Z] uses the starttls extension. If-ZZ is used, the Command forces the starttls handshake to succeed.
-V enables the certificate authentication function. The directory server uses the client certificate for authentication and must be forcibly enabled with-zz.
TLS is used in combination and anonymously bound to the Directory Server.
-E: Set the client certificate file, for example,-e Cert/client. CRT.
-E: Set the private key file of the client certificate, for example,-e Cert/client. Key.
# Ldapmodify-X-d "cn = root, Dc = it, Dc = com"-w-F modify. ldif
Update the record in modify. ldif to the original record. Leah Dizon