Skip to main content

ldap cli

  • ldapmodify
  • ldapadd -> ldapmodify -a
  • modifyDN -> rename
  • /etc/openldap/ldap.conf
  • filter - RFC2254
    • attribute/value assertion
    • (k=v)
    • (&(k=v)(k2=v2))
    • (k=*) - 存在 k
    • =,<=,>=,~=
    • !,|,&
    • * 通配符
commonfor
-cignore error
-D binddn
-f file
-h host
-H ldapuri
-ndry run
-p port
-P protocol2,3
-vverbose
-Wask password
-w passwd
-xsimple auth instead of SASL
-y passwdfile
/etc/openldap/ldap.conf
BASE dc=wener,dc=me
URI ldap://ip
TLS_CACERTDIR /etc/openldap/certs
ldapsearchfor
-uoutput dn
-tbinary to file
-ttall values to file
-T pathTMPDIR
-F prefixURL prefix for temporary files
-Aattributes only
-Loutput LDIFv1
-LLoutput LDIFv1 without comment
-LLLoutput LDIFv1 without comment & version
-S sort-attrsort by attr
-b base
-s scopebase,one,sub,children
-a alias-derefnever,always,search,find
-l timelimit
-z sizelimit
-MDSA IT
# 修改密码 - 只能修改自己的
# LDAPv3 Password Modify (RFC 3062)
ldappasswd -x -D uid=admin,ou=users,dc=wener,dc=me -w secret -s new

# namingContexts
ldapsearch -LLL -x -b '' -s base '(objectClass=*)' namingContexts

# 生成密码
# -m module.so
slappasswd -h {SSHA} -s secret

modify

  • changetype
    • modify
      • replace: attr
    • add
      • add: attr
      • 多值属性值不能相同
    • delete
      • delete: attr - 未指定则删除 entry
  • - 分隔 多个操作
dn: cn=ToModify,dc=example,dc=com
changetype: modify
replace: mail
mail: [email protected]
-
changetype: add
add: foo
foo: bar
-
changetype: delete
delete: unneededEntry
  • RFC 4511 LDAP: the protocol
  • RFC 4512 LDAP: directory information models