ldapsearch limit returned results

[problem]

You want to perform an ldap search but only receive a limited number of records in return.

[/problem]

[solution]

Use -z # to restrict the number of records returned.

[/solution]

[example]

Search and return only 5 records.


ldapsearch -x -z 5 -v-D"cn=Manager,dc=demo,dc=net"-w secret
-b"dc=demo,dc=net" "(lastlogin>=99999999)"

[/example]

[reference]

[tags], LDAP Training School[/tags]

[/reference]

ldapsearch greater than

[problem]

You want to search for a field greater than a value, in your LDAP search.

[/problem]

[solution]

To search for a field with a value greater than a given figure, we use >=. If you try to just use > it chucks out an error.

[/solution]

[example]

This is how to perform a greater than LDAP search.


ldapsearch -x -v-D"cn=Manager,dc=demo,dc=net"-w secret
-b"dc=demo,dc=net" "(lastlogin>=99999999)"

[/example]

[reference]

[tags]ldapsearch syntax, openldap ldapsearch, LDAP Training School[/tags]

[/reference]

LDAP LDIF Perl search script

[problem]

You want to search an LDIF file for a given dn, or pattern.

[/problem]

[solution]

Multi-line pattern search and output – useful for LDIFs! 😉

Written in Perl – see example tab.

[/solution]

[example]

Replace pattern to a given name, etc and filename to LDIF output file.

perl -ane '$/="dn" ;

print,"\n\n" if($_ =~/pattern/);' filename

For example:


$ cat user.ldif
dn: cn=user0,dc=subdiv,dc=demo,dc=net
objectClass: person
sn: User
cn: user0
userPassword: today321

dn: cn=user1,dc=subdiv,dc=demo,dc=net
objectClass: person
sn: User
cn: user1
userPassword: today321

$ perl -ane '$/="dn" ;
print,"nn" if($_ =~/user1/);' user.ldif

: cn=user1,dc=subdiv,dc=demo,dc=net
objectClass: person
sn: User
cn: user1
userPassword: today321

[/example]

[reference]

[tags]LDAP LDIF Search, LDAP LDIF extraction, LDAP Training School[/tags]

[/reference]

Modify LDAP records with JNDI

[problem]

Need to modify an LDAP record with JNDI, the Java Naming Directory Interface.

Following on from using java to perform LDAP searches, here is a quick demo on modifying records.

[/problem]

[solution]

Here I’m using java to modify John Doe’s record, changing the givenname entry to John A.

As you’ll notice all values are hard coded (such as hostname, port, password, etc). These could be read in from a config file, or passed in through command line arguments.

[/solution]

[example]


$ cat chLdapDetails.java
import java.util.*;
import java.io.*;
import javax.naming.*;
import javax.naming.directory.*;
import javax.naming.ldap.*;

public class chLdapDetails {

public static void main(String argv[]) {

String url="ldap://127.0.0.1:389";
Hashtable env=new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL,url);
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,
"cn=Manager,dc=demo,dc=net");
env.put(Context.SECURITY_CREDENTIALS,"secret");

try {

DirContext ctx=new InitialDirContext(env);
ModificationItem[] mods = new ModificationItem[1];
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("givenname","John A"));
ctx.modifyAttributes("cn=jdoe,dc=demo,dc=net", mods);
ctx.close();

} catch(NamingException ne) { System.err.println(ne.toString()); }

}
}

Heres a run through:


$ java getLdapDetails Doe
John, Doe - [email protected]

$ java chLdapDetails
$ java getLdapDetails Doe
John A, Doe - [email protected]

[/example]

[reference]

[tags]LDAP updates JNDI, JNDI LDAP, JNDI, LDAP Training School[/tags]

[/reference]

ldapsearch logical NOT

[problem]

You want to perform an LDAP search, matching entries which do not match certain criteria.

[/problem]

[solution]

To perform a logical NOT we just use the exclamation mark ! – see example.

[/solution]

[example]

This is how to perform a logical OR LDAP search.


ldapsearch -x -v-D"cn=Manager,dc=demo,dc=net"-w secret
-b"dc=demo,dc=net" "(!(sn=Doe))"

[/example]

[reference]

[tags]ldapsearch syntax, openldap ldapsearch, LDAP Training School[/tags]

[/reference]

ldapsearch logical AND

[problem]

You want to match more than one field, in your LDAP search.

[/problem]

[solution]

To match more than one field we use the ampersand – “&” with ldapsearch.

[/solution]

[example]

This is how to perform a logical AND LDAP search.


ldapsearch -x -v-D"cn=Manager,dc=demo,dc=net"-w secret
-b"dc=demo,dc=net" "(&(givenname=John)(sn=Smith))"

[/example]

[reference]

[tags]ldapsearch syntax, openldap ldapsearch, LDAP Training School[/tags]

[/reference]

ldapsearch with logical OR

[problem]

You want to match more one or another pattern, in your LDAP search.

[/problem]

[solution]

To match more one pattern or another we use the pipe symbol “|” .

[/solution]

[example]

This is how to perform a logical OR LDAP search.


ldapsearch -x -v-D"cn=Manager,dc=demo,dc=net"-w secret
-b"dc=demo,dc=net" "(|(sn=Doe)(sn=Smith))"

[/example]

[reference]

[tags]ldapsearch syntax, openldap ldapsearch, LDAP Training School[/tags]

[/reference]

Deleting LDAP Record

[problem]

You want to delete a LDAP entry.

[/problem]

[solution]

In this example, we just use ldapdelete from the command line.

Remember to take a backup. ldapsearch with -L

[/solution]

[example]

Here is an example of deleting a record in LDAP:


ldapdelete -v -D'cn=Manager..' -w ${passwd}
-h ${host} -p ${port}<<EOT
cn=….
EOT

Effectively – you just need to supply the full DN. Also be aware you need to delete the lowest branch first, for example:

uid=….
sales=…,uid=….

You need to delete sales first, then uid.

[/example]

[reference]

[tags]ldapdelete, LDAP Training School[/tags]

[/reference]

Modify LDAP record entry

[problem]

You want to modify or change a record in LDAP.

Supplanting one value with another.

[/problem]

[solution]

Use ldapmodify from the command line.

Again take a backup with -L – just to be sure. 🙂

[/solution]

[example]

Here is an example of modifying a record in LDAP, when you need to modify an entry to an existing record:


ldapmodify -x -v-D”cn=Manager,dc=demo,dc=net”-w secret<<EOT
dn: cn=jdoe,dc=demo,dc=net
changetype: modify
replace: mail
mail: [email protected]
EOT

[/example]

[reference]

[tags]ldapmodify, modify ldap record, LDAP Training School[/tags]

[/reference]

Beginning ldap – modify a record

[problem]

You want to modify an LDAP record.

For example change telephone number, address, etc.

[/problem]

[solution]

Use ldapmodify from command line. I might seem daunting to start with, but it is the best way.

Plus you should perform a search with -L option, to take a backup to file.

[/solution]

[example]

Here is an example of modifying a record in LDAP, when you need to add an entry to an existing record:


ldapmodify -x -v-D”cn=Manager,dc=demo,dc=net”-w secret<<EOT
dn: cn=jdoe,dc=demo,dc=net
changetype: modify
add: mail
mail: mail: [email protected]
EOT

Here we are adding the mail field and value.

[/example]

[reference]

[tags]ldapmodify, adding field to ldap record, LDAP Training School[/tags]

[/reference]