eDirectory includes the following LDAP tools, stored in /usr/ldaptools/bin (except ice which is stored in /usr/bin), to help you manage the LDAP directory sever.
Tool | Description |
---|---|
ice |
Imports entries from a file to an LDAP directory, modifies the entries in a directory from a file, exports the entries to a file, and adds attribute and class definitions from a file. |
ldapadd |
Adds new entries to an LDAP directory. |
ldapdelete |
Deletes entries from an LDAP directory server. The ldapdelete tool opens a connection to an LDAP server, binds, and deletes one or more entries. |
ldapmodify |
Opens a connection to an LDAP server, binds, and modifies or adds entries. |
ldapmodrdn |
Modifies the relative distinguished name (RDN) of entries in an LDAP directory server. Opens a connection to an LDAP server, binds, and modifies the RDN of entries. |
ldapsearch |
Searches entries in an LDAP directory server. Opens a connection to an LDAP server, binds, and performs a search using the specified filter. The filter should conform to the string representation for LDAP filters as defined in RFC 2254. |
ndsindex |
Creates, lists, suspends, resumes, or deletes indexes. |
For more information, see LDAP Tools in the LDAP Libraries for C Guide.
To perform secure LDAP tools operations, refer to Ensuring Secure eDirectory Operations on Linux, Solaris, AIX, and HP-UX Systems and include the DER file in all command line LDAP operations that establish secure LDAP connections to eDirectory.
The LDAP utilities can be used to delete entries, modify entries, add entries, extend the schema, modify relative distinguished names, move entries to new containers, create search indexes, or perform searches.
The ldapadd utility adds new entries. It has the following syntax:
ldapadd [-c] [-C] [-l] [-M] [-P] [-r] [-n] [-v] [-F] [-l limit] [-M[M]] [-d debuglevel] [-e key filename] [-D binddn] [[-W ]| [-w passwd]] [-h ldaphost] [-p ldapport] [-P version] [-Z[Z]] [-f file]
NOTE: On a NetWare server, this utility is called ladd.
If the -f option is specified, ldapadd reads the modifications from a file. If the -f option is not specified, ldapadd reads the modifications from stdin.
HINT: Output from the ldap utilities is sent to stdout. If the utility exits before you can view the output, redirect the output to a file, for example, ldapadd [options] > out.txt.
There are some options that are common to all ldap tools. These are listed in the following table:
Assume that the file /tmp/entrymods exists and has the following contents:
dn: cn=Modify Me, o=University of Michigan, c=US
changetype: modify
replace: mail
mail: modme@terminator.rs.itd.umich.edu
-
add: title
title: Manager
-
add: jpegPhoto
jpegPhoto: /tmp/modme.jpeg
-
delete: description
-
In this case, the command ldapmodify -b -r -f /tmp/entrymods will replace the contents of the Modify Me entry's mail attribute with the value modme@terminator.rs.itd.umich.edu, add a title of Manager, add the contents of the file /tmp/modme.jpeg as a jpegPhoto, and completely remove the description attribute.
The same modifications as above can be performed using the older ldapmodify input format:
cn=Modify Me, o=University of Michigan, c=US
mail=modme@terminator.rs.itd.umich.edu
+title=Manager
+jpegPhoto=/tmp/modme.jpeg
-description
and the command:
ldapmodify -b -r -f /tmp/entrymods
Assume that the file /tmp/newentry exists and has the following contents:
dn: cn=Barbara Jensen, o=University of Michigan, c=US
objectClass: person
cn: Barbara Jensen
cn: B Jensen
sn: Jensen
title: Manager
mail: bjensen@terminator.rs.itd.umich.edu
uid: bjensen
In this case, the command ldapadd -f /tmp/entrymods will add a new entry for B Jensen, using the values from the file /tmp/newentry.
Assume that the file /tmp/newentry exists and has the following contents:
dn: cn=Barbara Jensen, o=University of Michigan, c=US
changetype: delete
In this case, the command ldapmodify -f /tmp/entrymods will remove B Jensen's entry.
The ldapdelete utility deletes the specified entry. It opens a connection to an LDAP server, binds, and then deletes. It has the following syntax:
ldapdelete [-n] [-v] [-c] [-r] [-l] [-C] [-M] [-d debuglevel] [-e key filename] [-f file] [-D binddn] [[-W]| [-w passwd]] [-h ldaphost] [-p ldapport] [-Z[Z]] [dn]...
NOTE: On a NetWare server, the utility is called ldelete.
The dn parameter is a list of distinguished names of the entries to be deleted.
It interacts with the -f option in the following ways:
HINT: Output from the ldap utilities is sent to stdout. If the utility exits before you can view the output, redirect the output to a file, for example, ldapdelete [options] > out.txt.
NOTE: Refer to Common Options for All LDAP Tools for more details on common options.
The command ldapdelete "cn=Delete Me, o=University of Michigan, c=US" will attempt to delete the entry named with the commonName Delete Me directly below the University of Michigan organizational entry. In this case, it would be necessary to supply a binddn and passwd for the deletion to be allowed (see the -D and -w options).
The ldapmodify utility modifies the attributes of an existing entry or adds new entries. It has the following syntax:
ldapmodify [-a] [-c] [-C] [-M] [-P] [-r] [-n] [-v] [-F] [-l limit] [-M[M]] [-d debuglevel] [-e key filename] [-D binddn] [[-W]|[-w passwd]] [-h ldaphost] [-p ldap-port] [-P version] [-Z[Z]] [-f file]
NOTE: On a NetWare server, the utility is called lmodify.
If the -f option is specified, ldapmodify reads the modifications from a file. If the -f option is not specified, ldapmodify reads the modifications from stdin.
HINT: Output from the ldap utilities is sent to stdout. If the utility exits before you can view the output, redirect the output to a file, for example, ldapmodify [options] > out.txt.
NOTE: Refer to Common Options for All LDAP Tools for more details on common options.
The ldapmodrdn modifies the relative distinguished name of an entry. It can also move the entry to a new container. It has the following syntax:
ldapmodrdn [-r] [-n] [-v] [-c] [-C] [-l] [-M] [-s newsuperior] [-d debuglevel] [-e key filename] [-D binddn] [[-W]|[-w passwd]] [-h ldaphost] [-p ldapport] [-Z[Z]] [-f file] [dn newrdn]
NOTE: On a NetWare server, the utility is called lmodrdn dn <newrdn>).
Output from the ldap utilities is sent to stdout. If the utility exits before you can view the output, redirect the output to a file, for example, ldapmodrdn [options] > out.txt.
NOTE: Refer to Common Options for All LDAP Tools for more details on common options.
The ldapsearch utility searches the directory for specified attributes and object classes. It has the following syntax:
ldapsearch [-n] [-u] [-v] [-t] [-A] [-T] [-C] [-V] [-M] [-P] [-L] [-d debuglevel] [-e key filename] [-f file] [-D binddn] [[-W]| [-w bindpasswd]] [-h ldaphost] [-p ldapport] [-b searchbase] [-s scope] [-a deref] [-l time limit] [-z size limit] [-Z[Z]] filter [attrs....]
NOTE: On a NetWare server, the utility is called lsearch.
The ldapsearch tool opens a connection to an LDAP server, binds, and performs a search using the filter. The filter should conform to the string representation for LDAP filters as defined in RFC 2254.
If ldapsearch finds one or more entries, the attributes specified by attrs are retrieved and the entries and values are printed to standard output. If no attributes are listed, all attributes are returned.
HINT: Output from the ldap utilities is sent to stdout. If the utility exits before you can view the output, redirect the output to a file, for example, ldapsearch [options] filter [attribute list] > out.txt.
NOTE: Refer to Common Options for All LDAP Tools for more details on common options.
The following command:
ldapsearch "cn=mark smith" cn telephoneNumber
will perform a subtree search (using the default search base) for entries with a commonName of mark smith. The commonName and telephoneNumber values will be retrieved and printed to standard output. The output might look like the following if two entries are found:
cn=Mark D Smith, ou="College of Literature, Science, and the Arts", ou=Students, ou=People, o=University of Michigan, c=US
cn=Mark Smith
cn=Mark David Smith
cn=Mark D Smith 1
cn=Mark D Smith
telephoneNumber=+1 313 930-9489
cn=Mark C Smith, ou=Information Technology Division, ou=Faculty and Staff, ou=People,o=University of Michigan, c=US
cn=Mark Smith
cn=Mark C Smith 1
cn=Mark C Smith
telephoneNumber=+1 313 764-2277
The command:
ldapsearch -u -t "uid=mcs" jpegPhoto audio
will perform a subtree search using the default search base for entries with user IDs of mcs. The user-friendly form of the entry's DN will be output after the line that contains the DN itself, and the jpegPhoto and audio values will be retrieved and written to temporary files. The output might look like the following if one entry with one value for each of the requested attributes is found:
cn=Mark C Smith, ou=Information Technology Division, ou=Faculty and Staff, ou=People, o=University of Michigan, c=US
Mark C Smith, Information Technology Division, Faculty and Staff, People, University of Michigan, US
audio=/tmp/ldapsearch-audio-a19924
jpegPhoto=/tmp/ldapsearch-jpegPhoto-a19924
The following command will perform a one-level search at the c=US level for all organizations whose organizationName begins with university.:
ldapsearch -L -s one -b "c=US" "o=university*" o description
Search results will be displayed in the LDIF format. The organizationName and description attribute values will be retrieved and printed to standard output, resulting in output similar to the following:
dn: o=University of Alaska Fairbanks, c=US
o: University of Alaska Fairbanks
description: Preparing Alaska for a brave new yesterday.
description: leaf node only
dn: o=University of Colorado at Boulder, c=US
o: University of Colorado at Boulder
description: No personnel information
description: Institution of education and research
dn: o=University of Colorado at Denver, c=US
o: University of Colorado at D
The ndsindex utility creates, lists, suspends, resumes, or deletes indexes. It has the following syntax:
ndsindex list [-h <hostname>] [-p <port>] -D <bind DN> -W|[-w <password>] [-l limit] -s <eDirectory Server DN> [-Z[Z]] [<indexName1>, <indexName2>.....]
ndsindex add [-h <hostname>] [-p <port>] -D <bind DN> -W|[-w <password>] [-l limit] -s <eDirectory Server DN> [-Z[Z]] <indexDefinintion1> [<indexDefinintion2>.....]
ndsindex delete [-h <hostname>] [-p <port>] -D <bind DN> -W|[-w <password>] [-l limit] -s <eDirectory Server DN> [-Z[Z]] <indexName1> [<indexName2>.....]
ndsindex resume [-h <hostname>] [-p <port>] -D <bind DN> -W|[-w <password>] [-l limit] -s <eDirectory Server DN> [-Z[Z]] <indexName1> [<indexName2>.....]
ndsindex suspend [-h <hostname>] [-p <port>] -D <bind DN> -W|[-w <password>] [-l limit] -s <eDirectory Server DN> [-Z[Z]] <indexName1> [<indexName2>.....]
NOTE: On a NetWare server, the utility is called nindex.
NOTE: Refer to Common Options for All LDAP Tools for more details on common options.
To list the indexes on the server MyHost, enter the following command:
ndsindex list -h MyHost -D cn=admin, o=mycompany -w password -s cn=MyHost, o=novell
To create a substring index with the name MyIndex on the email address attribute, enter the following command:
ndsindex add -h myhost -D cn=admin, o=mycompany -w password -s cn=myhost, o=novell "MyIndex;email address;substring"
To create a value index with the name MyIndex on the city attribute, enter the following command:
ndsindex add -h myhost -D cn=admin, o=mycompany -w password -s cn=myhost, o=novell "MyIndex;city;value"
To create a presence index with the name MyIndex on the homephone attribute, enter the following command:
ndsindex add -h myhost -D cn=admin, o=mycompany -w password -s cn=myhost, o=novell "MyIndex;homephone;presence"
To delete the index named MyIndex, enter the following command:
ndsindex delete -h myhost -D cn=admin, o=mycompany -w password -s cn=myhost,o=novell MyIndex
To suspend the index named MyIndex, enter the following command:
ndsindex suspend -h myhost -D cn=admin, o=mycompany -w password -s cn=myhost, o=novell MyIndex
To resume the index named MyIndex, enter the following command:
ndsindex resume -h myhost -D cn=admin, o=mycompany -w password -s cn=myhost, o=novell MyIndex