Novell Home

Getting Started with LDAP

Novell Cool Solutions: Feature

Digg This - Slashdot This

Posted: 13 Oct 2004
 

LDAP is an Internet standard protocol for accessing directory information. LDAP stands for Lightweight Directory Access Protocol. LDAP is an Internet standard protocol for accessing directory information. LDAP stands for Lightweight Directory Access Protocol. RFCs 2251-2256 and 2829-2830 comprise the "core" of the LDAPv3 standard. RFCs can be found at: http://www.ietf.org/rfc

(You can download the recent BrainShare presentation on LDAP Tools (TUT157) at: http://www.novell.com/brainshare/catalog/controller/catalog). Next week, a companion article will focus on the basics of using LDIF files with LDAP.

Basic LDAP Tools

Basic LDAP tools, such as ldapsearch.exe and ldapmodify.exe, are included in the developers kit and can be run at the command line. You can download them at: http://developer.novell.com/ndk/ You will also need an LDAP browser, many of which can be found on the Internet.

The Import Convert Export (ICE) utility is an iManager/ConsoleOne snap-in. You can run it at the command line, through the iManager interface, or through the ConsoleOne GUI.

LDAP Request Examples

Search Request

  • Host/Port (-h, -p)
  • User DN/Password used to bind (-d, -w)
  • Base DN / Scope (-b)(
  • Search Filter - RFC 2254 compliant (-s)
  • Attribute list to retrieve

Example:

ldapsearch -h hostname -p 389 -D cn=admin,o=novell -w password -b ou=provo,ou=users,o=novell -s sub (objectclass=user) cn sn title

Search Tips:

  • To read an entry, set the base DN to the desired DN and filter to (objectclass=*).
  • To view all the entries in a subtree, set the filter to (objectclass=*). Use verbose mode (-v) to find the number of entries returned.
  • To view an entry without any attributes, specify either 1.1 or "dn" as the attribute list.

Modify Request

  • Host/Port (-h, -p)
  • User DN/Password used to bind (-D, -w)
  • Change Operation File (-F)

Example:

ldapmodify -h hostname -p 390 -D cn=admin,o=novell -w password -F changefilename

Delete Request

  • Host/Port (-h, -p)
  • User DN/Password for bind (-D, -w)
  • DN of object to be deleted

Example:

ldapdelete -h hostname -D cn=admin,o=novell -w password cn=johndoe,ou=provo,ou=users,o=novell

Modify RDN Request

  • Host/Port (-h, -p)
  • User DN/Password for bind (-D, -w)
  • DN of object to be modified
  • New DN of object

Example:

ldapmodrdn -h hostname -p 390 -D cn=admin,o=novell -w password cn=jdoe,o=novell cn=jdoe,ou=provo,ou=users,o=novell

About ICE

ICE was designed to import and export from/to different sources/destinations. This provides more flexibility than traditional tools that understand only LDIF files.

ICE knows how to use information from LDAP directories, LDIF files, and delimited text files. ICE can be used to migrate between LDAP directories, export a directory to a file or import to a directory from a file. The ?file? in this case may be an LDIF file or some type of delimited text file. Furthermore ICE knows how to use the LBURP protocol which can make bulk loading a less time intensive task.

ICE Elements

  • Host/Port
  • User DN/Password for bind
  • Source handler followed by Source options
  • Destination handler followed by Destination options

Ice Syntax and Examples

ice -S LDAP -s hostname -d cn=admin,o=novell -w password -F "(objectclass=user)" -b o=novell -a mail -D LDIF -F results.ldif

Example 1: Retrieve the list of Distinguished Names for all users under the container O=novell

ldapsearch -h hostname -b o=novell objectclass=user 1.1

Example 2: Retrieve the list of Distinguished Names for all users and their e-mail address under the container O=novell

ice -S LDAP -s hostname -p 389 -w password -d "cn=admin,o=novell" -F "(objectclass=user)" -b o=novell -a mail -D LDIF -F output.ldif -v

Example 3: Retrieve the list of Distinguished Names for users with processed Identity Manager (DirXML) associations to a particular driver under the container O=Novell

ldapsearch -h hostname -b o=novell "dirxml-associations=cn=NDSToNDS-flat,cn=driver-set,ou=servers,o=novell#1#*" "dirxml-associations"

Example 4: Import a set of users contained within an LDIF file into a LDAP directory.

ice -S LDIF -F import.ldif -v -D LDAP -s hostname -p 389 -d cn=admin,o=novell -w password -v


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell