Use OpenLDAP Client Tools

This section provides a tutorial example on how to install OpenLDAP client tools and use them to access and manage LDAP server remotely.

What Are OpenLDAP Client Tools? OpenLDAP client tools are command line programs that allow you to access and manage LDAP databases remotely.

Here are some commonly used OpenLDAP Client Tools:

1. Install client tools to verify the server installation.

root@TGR ~]# dnf install openldap-clients

Installed:
  openldap-clients.i686 0:2.4.40-16.el6

2. Access a LDAP server remotely using the "-H ldap://host:port" to specify where the server is, "-x" to use simple password authentication. Port 389 is the default, no need to specify it. There is no matching entries, because it search from an empty base <> domain by default.

[herong@mail ldap]$ ldapsearch -H ldap://192.168.1.100:389 -x
# extended LDIF
#
# LDAPv3
# base <> (default) with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

# numResponses: 1

3. Search again with a given base domain '-b "dc=herongyang,dc=com"'. It still returns nothing, because there is no entries under the given domain.

[herong@mail ldap]$ ldapsearch -H ldap://192.168.1.100:389 -x \
  -b "dc=herongyang,dc=com" | more

# extended LDIF
#
# LDAPv3
# base <dc=herongyang,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# search result
search: 2
result: 32 No such object

4. Create 2 entries to form an organization unit for the domain in a LDIF file.

herong$ vi org-chart.ldif

dn: dc=herongyang,dc=com
objectClass: organization
dc: herongyang
o: HerongYang.com

dn: ou=IT,dc=herongyang,dc=com
objectClass: organizationalUnit
ou: IT

5. Add the entry file remotely to the LDAP server. Now the password needs to be provided as "-w TopSecret".

herong$ sudo ldapadd -x -D "cn=Manager,dc=herongyang,dc=com" \
   -w TopSecret -H ldap://192.168.1.100 -f org-chart.ldif

adding new entry "dc=herongyang,dc=com"
adding new entry "ou=IT,dc=herongyang,dc=com"

6. Create 2 more entries to populate the organization unit.

herong$ vi users.ldif

dn: cn=Herong Yang,ou=IT,dc=herongyang,dc=com
objectclass: person
cn: Herong Yang
sn: Yang

dn: cn=Joe Doe,ou=IT,dc=herongyang,dc=com
objectclass: inetOrgPerson
cn: Joe Doe
sn: Doe
givenName: Joe
mail: joe@herongyang.com

7. Add the second entry file remotely to the LDAP server.

herong$ sudo ldapadd -x -D "cn=Manager,dc=herongyang,dc=com" \
   -w TopSecret -H ldap://192.168.1.100 -f users.ldif

adding new entry "cn=Herong Yang,ou=IT,dc=herongyang,dc=com"
adding new entry "cn=Joe Doe,ou=IT,dc=herongyang,dc=com"

8. Get all entries back using the "ldapsearch" command.

herong$ ldapsearch -H ldap://192.168.1.100:389 -x \
   -b "dc=herongyang,dc=com"

# extended LDIF
#
# LDAPv3
# base <dc=herongyang,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# herongyang.com
dn: dc=herongyang,dc=com
objectClass: organization
dc: herongyang
o: HerongYang.com

# IT, herongyang.com
dn: ou=IT,dc=herongyang,dc=com
objectClass: organizationalUnit
ou: IT

# Herong Yang, IT, herongyang.com
dn: cn=Herong Yang,ou=IT,dc=herongyang,dc=com
objectClass: person
cn: Herong Yang
sn: Yang

# Joe Doe, IT, herongyang.com
dn: cn=Joe Doe,ou=IT,dc=herongyang,dc=com
objectClass: inetOrgPerson
cn: Joe Doe
sn: Doe
givenName: Joe
mail: joe@herongyang.com

...

By the way, if the LDAP server is running locally, you can use the "-H ldapi://" or "-H ldapi:///" to access it.

Table of Contents

 About This Book

 Introduction to Linux Systems

 Cockpit - Web Portal for Administrator

 Process Management

 Memory Management

 Files and Directories

 Users and Groups

 File Systems

 Block Devices and Partitions

 LVM (Logical Volume Manager)

 Installing CentOS

 SELinux - Security-Enhanced Linux

 Network Connection on CentOS

 Internet Networking Tools

 SSH Protocol and ssh/scp Commands

 Software Package Manager on CentOS - DNF and YUM

 vsftpd - Very Secure FTP Daemon

LDAP (Lightweight Directory Access Protocol)

 What Is LDAP

 What Is OpenLDAP

 Install OpenLDAP Server on CentOS

 Configure OpenLDAP Server on CentOS

Use OpenLDAP Client Tools

 Delete or Modify LDAP Entries

 LDIF File Format

 Hierarchical Structure of LDAP Entries

 Install OpenLDAP Server on CentOS 8

 Configure Mozilla Thunderbird to Use LDAP

 LDAP Attributes Mapping in Mozilla Thunderbird

 Configure Apple iPhone to Use LDAP

 Administrative Tasks

 References

 Full Version in PDF/EPUB