The Lightweight Directory Access Protocol (LDAP) is an application protocol for reading and editing directories over an IP network. A directory in this sense is an organized set of records: for example, a telephone directory is an alphabetical list of persons and organizations with, in each "record", address and phone number.


  1. List all entries to find out attributes
  2. List just one user
  3. List all users with these attributes

List All Entries

ldapsearch -x -b "dc=domain,dc=org,dc=uk" "cn=*"

List One User Entry

ldapsearch -x -b "dc=domain,dc=org,dc=uk" "cn=John Smith"

List All Entries But Only Certain Attributes

ldapsearch -x -b "dc=domain,dc=org,dc=uk" "objectclass=*" cn mail clearMailAliases

Add A User

Create a text file for the user called '{userid}.ldif' with the LDIF information...

dn: uid=rc1,dc=domain,dc=ac,dc=uk
objectClass: posixAccount
objectClass: top
objectClass: inetOrgPerson
objectClass: shadowAccount
gidNumber: 9604
givenName: Rick
sn: Caravan
displayName: Rick Caravan
uid: rc1
homeDirectory: /home/rc1
loginShell: /bin/bash
cn: Rick Caravan
uidNumber: 42988

Add the entry from that file...

ldapadd -cxWD cn=root,dc=domain,dc=ac,dc=uk -f rc1.ldif

Add a password for that user...

ldappasswd -xWD cn=root,dc=domain,dc=ac,dc=uk -S uid=rc1,dc=domain,dc=ac,dc=uk

Create the home directories...

mkdir /home/rc1
chown -R 42988:9604 /home/rc1

Search to test...

ldapsearch -x uid=rc1

Delete A User

ldapdelete -v "uid=userid,dc=domain,dc=ac,dc=uk" -D "cn=root,dc=domain,dc=ac,dc=uk" -W

Changing LDAP User Password Via Command Line

server.domain.com ~ $ ldappasswd -D "cn=Manager,dc=domain,dc=com" -W -S "cn=jsmith,ou=users,dc=domain,dc=com"
New password: 
Re-enter new password: 
Enter LDAP Password: 
Result: Success (0)


ERROR: error while loading shared libraries: libltdl.so.3

slapcat: error while loading shared libraries: libltdl.so.3: cannot open shared object file: No such file or directory


cd /usr/lib/
ln -s libltdl.so libltdl.so.3

Log Errors

If you see lines like this in your kernel syslog:-

mysqld: nss_ldap: failed to bind to LDAP server
apache2: nss_ldap: failed to bind to LDAP server
slapd: nss_ldap: failed to bind to LDAP server

Add the following line to the file /etc/ldap.conf:-

nss_initgroups_ignoreusers root,ldap,cron,portage

And tweak this Gentoo Linux startup script /etc/init.d/slapd:-

depend() {
       need net
       before dbus hald avahi-daemon mysql apache dhcpd
       provide ldap



