Linux Tutorials - Herong's Tutorial Examples - v5.45, by Herong Yang
Use OpenLDAP Client Tools
This section provides a tutorial example on how to install OpenLDAP client tools and use them to access and manage LDAP server remotely.
What Are OpenLDAP Client Tools? OpenLDAP client tools are command line programs that allow you to access and manage LDAP databases remotely.
Here are some commonly used OpenLDAP Client Tools:
1. Install client tools to verify the server installation.
root@TGR ~]# dnf install openldap-clients Installed: openldap-clients.i686 0:2.4.40-16.el6
2. Access a LDAP server remotely using the "-H ldap://host:port" to specify where the server is, "-x" to use simple password authentication. Port 389 is the default, no need to specify it. There is no matching entries, because it search from an empty base <> domain by default.
[herong@mail ldap]$ ldapsearch -H ldap://192.168.1.100:389 -x # extended LDIF # # LDAPv3 # base <> (default) with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 32 No such object # numResponses: 1
3. Search again with a given base domain '-b "dc=herongyang,dc=com"'. It still returns nothing, because there is no entries under the given domain.
[herong@mail ldap]$ ldapsearch -H ldap://192.168.1.100:389 -x \ -b "dc=herongyang,dc=com" | more # extended LDIF # # LDAPv3 # base <dc=herongyang,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL # # search result search: 2 result: 32 No such object
4. Create 2 entries to form an organization unit for the domain in a LDIF file.
herong$ vi org-chart.ldif dn: dc=herongyang,dc=com objectClass: organization dc: herongyang o: HerongYang.com dn: ou=IT,dc=herongyang,dc=com objectClass: organizationalUnit ou: IT
5. Add the entry file remotely to the LDAP server. Now the password needs to be provided as "-w TopSecret".
herong$ sudo ldapadd -x -D "cn=Manager,dc=herongyang,dc=com" \ -w TopSecret -H ldap://192.168.1.100 -f org-chart.ldif adding new entry "dc=herongyang,dc=com" adding new entry "ou=IT,dc=herongyang,dc=com"
6. Create 2 more entries to populate the organization unit.
herong$ vi users.ldif dn: cn=Herong Yang,ou=IT,dc=herongyang,dc=com objectclass: person cn: Herong Yang sn: Yang dn: cn=Joe Doe,ou=IT,dc=herongyang,dc=com objectclass: inetOrgPerson cn: Joe Doe sn: Doe givenName: Joe mail: joe@herongyang.com
7. Add the second entry file remotely to the LDAP server.
herong$ sudo ldapadd -x -D "cn=Manager,dc=herongyang,dc=com" \ -w TopSecret -H ldap://192.168.1.100 -f users.ldif adding new entry "cn=Herong Yang,ou=IT,dc=herongyang,dc=com" adding new entry "cn=Joe Doe,ou=IT,dc=herongyang,dc=com"
8. Get all entries back using the "ldapsearch" command.
herong$ ldapsearch -H ldap://192.168.1.100:389 -x \ -b "dc=herongyang,dc=com" # extended LDIF # # LDAPv3 # base <dc=herongyang,dc=com> with scope subtree # filter: (objectclass=*) # requesting: ALL # # herongyang.com dn: dc=herongyang,dc=com objectClass: organization dc: herongyang o: HerongYang.com # IT, herongyang.com dn: ou=IT,dc=herongyang,dc=com objectClass: organizationalUnit ou: IT # Herong Yang, IT, herongyang.com dn: cn=Herong Yang,ou=IT,dc=herongyang,dc=com objectClass: person cn: Herong Yang sn: Yang # Joe Doe, IT, herongyang.com dn: cn=Joe Doe,ou=IT,dc=herongyang,dc=com objectClass: inetOrgPerson cn: Joe Doe sn: Doe givenName: Joe mail: joe@herongyang.com ...
By the way, if the LDAP server is running locally, you can use the "-H ldapi://" or "-H ldapi:///" to access it.
Table of Contents
Cockpit - Web Portal for Administrator
SELinux - Security-Enhanced Linux
SSH Protocol and ssh/scp Commands
Software Package Manager on CentOS - DNF and YUM
vsftpd - Very Secure FTP Daemon
►LDAP (Lightweight Directory Access Protocol)
Install OpenLDAP Server on CentOS
Configure OpenLDAP Server on CentOS
Hierarchical Structure of LDAP Entries
Install OpenLDAP Server on CentOS 8
Configure Mozilla Thunderbird to Use LDAP
LDAP Attributes Mapping in Mozilla Thunderbird