LDAP

From Indie IT Wiki

The Lightweight Directory Access Protocol (LDAP) is an application protocol for reading and editing directories over an IP network. A directory in this sense is an organized set of records: for example, a telephone directory is an alphabetical list of persons and organizations with, in each "record", address and phone number.

HOWTO: SEARCH

  1. List all entries to find out attributes
  2. List just one user
  3. List all users with these attributes

List All Entries

ldapsearch -x -b "dc=domain,dc=org,dc=uk" "cn=*"

List One User Entry

ldapsearch -x -b "dc=domain,dc=org,dc=uk" "cn=John Smith"

List All Entries But Only Certain Attributes

ldapsearch -x -b "dc=domain,dc=org,dc=uk" "objectclass=*" cn mail clearMailAliases

Thanks - https://www.centos.org/docs/5/html/CDS/ag/8.0/Finding_Directory_Entries-Using_ldapsearch.html

HOWTO: USERS:

Add A User

Create a text file for the user called '{userid}.ldif' with the LDIF information...

dn: uid=rc1,dc=domain,dc=ac,dc=uk
objectClass: posixAccount
objectClass: top
objectClass: inetOrgPerson
objectClass: shadowAccount
gidNumber: 9604
givenName: Rick
sn: Caravan
displayName: Rick Caravan
uid: rc1
homeDirectory: /home/rc1
loginShell: /bin/bash
cn: Rick Caravan
uidNumber: 42988

Add the entry from that file...

ldapadd -cxWD cn=root,dc=domain,dc=ac,dc=uk -f rc1.ldif

Add a password for that user...

ldappasswd -xWD cn=root,dc=domain,dc=ac,dc=uk -S uid=rc1,dc=domain,dc=ac,dc=uk

Create the home directories...

mkdir /home/rc1
chown -R 42988:9604 /home/rc1

Search to test...

ldapsearch -x uid=rc1

Delete A User

ldapdelete -v "uid=userid,dc=domain,dc=ac,dc=uk" -D "cn=root,dc=domain,dc=ac,dc=uk" -W

Changing LDAP User Password Via Command Line

server.domain.com ~ $ ldappasswd -D "cn=Manager,dc=domain,dc=com" -W -S "cn=jsmith,ou=users,dc=domain,dc=com"
New password: 
Re-enter new password: 
Enter LDAP Password: 
Result: Success (0)

HOWTO: FIX:

ERROR: error while loading shared libraries: libltdl.so.3

slapcat: error while loading shared libraries: libltdl.so.3: cannot open shared object file: No such file or directory

Fix...

cd /usr/lib/
ln -s libltdl.so libltdl.so.3
ldconfig

Log Errors

If you see lines like this in your kernel syslog:-

mysqld: nss_ldap: failed to bind to LDAP server
apache2: nss_ldap: failed to bind to LDAP server
slapd: nss_ldap: failed to bind to LDAP server

Add the following line to the file /etc/ldap.conf:-

nss_initgroups_ignoreusers root,ldap,cron,portage

And tweak this Gentoo Linux startup script /etc/init.d/slapd:-

depend() {
       need net
       before dbus hald avahi-daemon mysql apache dhcpd
       provide ldap
}

HOWTO: CONFIGURATION:

Thunderbird

Outlook 2007