Use OpenLDAP Client Tools

Provides a tutorial example on how to install OpenLDAP client tools and use them to access and manage LDAP server remotely.

What Are OpenLDAP Client Tools? OpenLDAP client tools are command line programs that allow you to access and manage LDAP databases remotely.

Here are some commonly used OpenLDAP Client Tools:

1. Install client tools to verify the server installation.

root@TGR ~]# dnf install openldap-clients

Installed:
  openldap-clients.i686 0:2.4.40-16.el6

2. Access a LDAP server remotely using the "-H ldap://host:port" to specify where the server is, "-x" to use simple password authentication. Port 389 is the default, no need to specify it. There is no matching entries, because it search from an empty base <> domain by default.

[herong@mail ldap]$ ldapsearch -H ldap://192.168.1.100:389 -x
# extended LDIF
#
# LDAPv3
# base <> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1

3. Search again with a given base domain '-b "dc=herongyang,dc=com"'. It still returns nothing, because there is no entries under the given domain.

[herong@mail ldap]$ ldapsearch -H ldap://192.168.1.100:389 -x \
  -b "dc=herongyang,dc=com" | more

# extended LDIF
#
# LDAPv3
# base <dc=herongyang,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

4. Create 2 entries to form an organization unit for the domain in a LDIF file.

herong$ vi org-chart.ldif

dn: dc=herongyang,dc=com
objectClass: organization
dc: herongyang
o: HerongYang.com

dn: ou=IT,dc=herongyang,dc=com
objectClass: organizationalUnit
ou: IT

5. Add the entry file remotely to the LDAP server. Now the password needs to be provided as "-w TopSecret".

herong$ sudo ldapadd -x -D "cn=Manager,dc=herongyang,dc=com" \
   -w TopSecret -H ldap://192.168.1.100 -f org-chart.ldif

adding new entry "dc=herongyang,dc=com"
adding new entry "ou=IT,dc=herongyang,dc=com"

6. Create 2 more entries to populate the organization unit.

herong$ vi users.ldif

dn: cn=Herong Yang,ou=IT,dc=herongyang,dc=com
objectclass: person
cn: Herong Yang
sn: Yang

dn: cn=Joe Doe,ou=IT,dc=herongyang,dc=com
objectclass: inetOrgPerson
cn: Joe Doe
sn: Doe
givenName: Joe
mail: joe@herongyang.com

7. Add the second entry file remotely to the LDAP server.

herong$ sudo ldapadd -x -D "cn=Manager,dc=herongyang,dc=com" \
   -w TopSecret -H ldap://192.168.1.100 -f users.ldif

adding new entry "cn=Herong Yang,ou=IT,dc=herongyang,dc=com"
adding new entry "cn=Joe Doe,ou=IT,dc=herongyang,dc=com"

8. Get all entries back using the "ldapsearch" command.

[herong@mail ldap]$ ldapsearch -H ldap://192.168.1.202:389 -x \
   -b "dc=herongyang,dc=com"

# extended LDIF
#
# LDAPv3
# base <dc=herongyang,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# herongyang.com
dn: dc=herongyang,dc=com
objectClass: organization
dc: herongyang
o: HerongYang.com

# IT, herongyang.com
dn: ou=IT,dc=herongyang,dc=com
objectClass: organizationalUnit
ou: IT

# Herong Yang, IT, herongyang.com
dn: cn=Herong Yang,ou=IT,dc=herongyang,dc=com
objectClass: person
cn: Herong Yang
sn: Yang

# Joe Doe, IT, herongyang.com
dn: cn=Joe Doe,ou=IT,dc=herongyang,dc=com
objectClass: inetOrgPerson
cn: Joe Doe
sn: Doe
givenName: Joe
mail: joe@herongyang.com

...

By the way, if the LDAP server is running locally, you can use the "-H ldapi://" or "-H ldapi:///" to access it.

Table of Contents

 About This Book

 Introduction to Linux Systems

 Cockpit - Web Portal for Administrator

 Process Management

 Files and Directories

 Users and Groups

 File Systems

 Block Devices and Partitions

 LVM (Logical Volume Manager)

 Installing CentOS

 SELinux - Security-Enhanced Linux

 Network Connection on CentOS

 Software Package Manager on CentOS - DNF and YUM

 Running Apache Web Server (httpd) on Linux Systems

 Running PHP Scripts on Linux Systems

 Running MySQL Database Server on Linux Systems

 Running Python Scripts on Linux Systems

 vsftpd - Very Secure FTP Daemon

 Postfix - Mail Transport Agent (MTA)

 Dovecot - IMAP and POP3 Server

 Email Client Tools - Mail User Agents (MUA)

LDAP (Lightweight Directory Access Protocol)

 What Is LDAP

 What Is OpenLDAP

 Install OpenLDAP Server on CentOS

 Configure OpenLDAP Server on CentOS

Use OpenLDAP Client Tools

 Delete or Modify LDAP Entries

 LDIF File Format

 Hierarchical Structure of LDAP Entries

 Install OpenLDAP Server on CentOS 8

 GCC - C/C++ Compiler

 Graphics Environments on Linux

 Conda - Environment and Package Manager

 Tools and Utilities

 Administrative Tasks

 References

 Full Version in PDF/EPUB