 |
» |
|
|
|
This section provides information for the ldapmodify, ldapsearch and ldapdelete tools. These LDAP directory tools are bundled with the LDAP-UX Integration product (J4269AA) and are available in the /opt/ldapux/bin directory. This section includes only those options that are useful for managing the HP CIFS users when using the LDAP Directory Server as the datastore backend. For a complete description of how to use these commands, refer to the "Creating Directory Entries" chapter in "Part 1, Administering Red Hat Directory Server" of the Netscape/Red Hat Directory Server Administrator's Guide. For a complete description of all the options available for these commands, refer to the "Command-Line Utilities" chapter in the Netscape/Red Hat Directory Server Configuration, Command, File Reference". These manuals are available in the Internet and Security Solutions on the HP Technical Documentation web site at the following URL: http://docs.hp.com/en/internet.html ldapmodify | |
You use the ldapmodify command-line utility to add, delete or modify POSIX user entries in an existing LDAP directory. ldapmodify opens a connection to the specified server using the distinguished name and password you supply, and adds or modifies the entries based on the LDIF update statements contained in a specified file.
ldapmodify [optional_options] |
where - optional_options
Specifies a series of command-line options.
The section lists the most commonly used ldapmodify options. - -a
Allows you to add LDIF entries to the directory without requiring the changetype:add LDIF update statement. This provides a simplified method of adding entries to the directory. - -B
Specifies the suffix under which the new entries will be added. - -D
Specifies the distinguished name (DN) with which to authenticate to the server. If specified, this value must be a DN recognized by the Directory Server, and it must also have the authority to search for the entries. - -f
This option specifies the file containing the LDIF update statements used to define the directory modification. If you do not supply this option, the update statements are read from stdin. - -h
Specifies the hostname or IP address of the Directory Server. If not specified, ldapmodify uses the local host. - -p
Specifies the TCP port number that the Directory Server uses. The default is 389. - -q
Causes each add operation to be performed silently as opposed to being echoed to the screen individually. - -w
Specifies the password associated with the distinguished name that is specified in the -D option.
The following commands add the entries to the LDAP directory server: $ /opt/ldapux/ldamodify -a -D "cn=Directory Manager, dc=hp,dc=com" -w dmpasswd -h ldaphostA \
-p 389 -f new.ldif |
Where the entries specified in the new.ldif file will be added to the directory server. As an example, the following LDIF update file, new.ldif, contains update statements to create the user account, user1, to the LDAP directory server: dn: uid=user1,ou=Pepole,dc=example,dc=hp,dc=com
objectclass: top
objectclass: account
objectclass: posixAccount
memberuid: user1
homedirectory: /home/user1
loginshell: /usr/bin/krh
gecos: User1 Hu, 40N-20 |
ldapsearch | |
You can use the ldapsearch command-line utility to locate and retrieve LDAP directory entries. This utility opens a connection to the specified server using the specified distinguished name and password, and locates entries based on the specified search filter. Search results are returned in LDIF format.
ldapsearch -b basedn [optional_options][filter]
[optional_list_of_attributes] |
where - filterfilter
Specifies an LDAP search filter. Do not specify a search filter if you supply search filters in a file using the -f option. - optional_options
Specifies a series of command-line options. These must be specified before the search filter, if used. - optional_list_of_attributes
are spaces-separaed attributes that reduct the scope of the attributes returned in the search results. This list of attributes must appear after the search filter. Refer to the Red Hat Directory Server Administrator's Guide for details.
This section lists the most commonly used ldapsearch command-line options. - -b
Specifies the starting point for the search. The value specified here must be a distinguished name that currently exits in the database. - -D
Specifies the distinguished name (DN) with which to authenticate to the server. If specified, this value must be a DN recognized by the Directory Server, and it must also have the authority to search for the entries. - -h
Specifies the hostname or IP address of the Directory Server. If you do not specify a host, ldapsearch uses the local host. - -l
Specifies the maximum number of seconds to wait for a search request to complete. - -P
Specifies the TCP port number that the Directory Server uses. The default is 389. - -s
Specifies the scope of the search. The scope can be one of the following: base: Search only the entry specified in the -b option or defined by the LDAP_BASEDN environment variable. one: Search only the immediate children of the entry specified in the -b option. sub: Search the entry specified in the -b option and all of its descendants. Perform a subtree search starting at the point identified in the -b option. This is the default.
- -w
Specifies the password associated with the distinguished name that is specified in the -D option. - -x
Specifies that the search results are sorted on the server rather than on the client. In general, it is faster to sort on the server rather than on the client. - -f
Specifies the file containing the search filter(s) to be used in the search. Omit this option if you want to supply a search filter directly to the command-line.
For example, run the following command to search the user entry Dave in the LDAP directory server, ldaphostA. The ldapsearch tool performs a subtree search starting at “dc=example, dc=hp, dc=com”. $ /opt/ldapux/ldapsearch -b "dc=example,dc=hp,dc=com" -s sub \
-D "cn=Directory Manager,dc=hp,dc=com" -w dmpasswd -h ldaphostA "uid=Dave" |
ldapdelete | |
You use the ldapdelete command-line utility to delete entries from an existing LDAP directory. ldapdelete opens a connection to the specified server using the distinguished name and password you provide, and deletes the entry or entries.
ldapdelete [optional_options] |
where - optional_options
Specifies a series of command-line options.
The section lists ldapdelete options most commonly used. - -D
Specifies the distinguished name (DN) with which to authenticate to the server. If specified, this value must be a DN recognized by the Directory Server, and it must also have the authority to delete the entries. - -h
Specifies the name of the host on which the Directory Server is running. If you do not specify a host, ldapdelete uses the local host. - -P
Specifies the TCP port number that the Directory Server uses. The default is 389. - -dn
Specifies the DN of the entry to be deleted. - -w
Specifies the password associated with the distinguished name that is specified in the -D option.
For example, the following command deletes the entry for user John in the LDAP directory server, ldaphostA: $ /opt/ldapux/ldapdelete -D "cn=Directory Manager,dc=example,dc=hp,dc=com" -w dmpasswd \
-h ldaphostA "uid=John,ou=People,dc=hp,dc=com" |
|
Printable version
