Archives for : ldap

ldapsearch limit returned results

Problem

You want to perform an ldap search but only receive a limited number of records in return.



Solution

Use -z # to restrict the number of records returned.



Example


Search and return only 5 records.


ldapsearch -x -z 5 -v-D"cn=Manager,dc=demo,dc=net"-w secret
-b"dc=demo,dc=net" "(lastlogin>=99999999)"



Reference

[tags], LDAP Training School[/tags]



ldapsearch greater than

Problem

You want to search for a field greater than a value, in your LDAP search.



Solution

To search for a field with a value greater than a given figure, we use >=. If you try to just use > it chucks out an error.



Example


This is how to perform a greater than LDAP search.


ldapsearch -x -v-D"cn=Manager,dc=demo,dc=net"-w secret
-b"dc=demo,dc=net" "(lastlogin>=99999999)"



Reference

[tags]ldapsearch syntax, openldap ldapsearch, LDAP Training School[/tags]



LDAP LDIF Perl search script

Problem

You want to search an LDIF file for a given dn, or pattern.



Solution

Multi-line pattern search and output – useful for LDIFs! 😉

Written in Perl – see example tab.



Example


Replace pattern to a given name, etc and filename to LDIF output file.

perl -ane '$/="dn" ;

print,"\n\n" if($_ =~/pattern/);' filename

For example:


$ cat user.ldif
dn: cn=user0,dc=subdiv,dc=demo,dc=net
objectClass: person
sn: User
cn: user0
userPassword: today321

dn: cn=user1,dc=subdiv,dc=demo,dc=net
objectClass: person
sn: User
cn: user1
userPassword: today321

$ perl -ane '$/="dn" ;
print,"nn" if($_ =~/user1/);' user.ldif

: cn=user1,dc=subdiv,dc=demo,dc=net
objectClass: person
sn: User
cn: user1
userPassword: today321



Reference

[tags]LDAP LDIF Search, LDAP LDIF extraction, LDAP Training School[/tags]



Modify LDAP records with JNDI

Problem

Need to modify an LDAP record with JNDI, the Java Naming Directory Interface.

Following on from using java to perform LDAP searches, here is a quick demo on modifying records.



Solution

Here I’m using java to modify John Doe’s record, changing the givenname entry to John A.

As you’ll notice all values are hard coded (such as hostname, port, password, etc). These could be read in from a config file, or passed in through command line arguments.



Example



$ cat chLdapDetails.java
import java.util.*;
import java.io.*;
import javax.naming.*;
import javax.naming.directory.*;
import javax.naming.ldap.*;

public class chLdapDetails {

public static void main(String argv[]) {

String url="ldap://127.0.0.1:389";
Hashtable env=new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL,url);
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,
"cn=Manager,dc=demo,dc=net");
env.put(Context.SECURITY_CREDENTIALS,"secret");

try {

DirContext ctx=new InitialDirContext(env);
ModificationItem[] mods = new ModificationItem[1];
mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE,
new BasicAttribute("givenname","John A"));
ctx.modifyAttributes("cn=jdoe,dc=demo,dc=net", mods);
ctx.close();

} catch(NamingException ne) { System.err.println(ne.toString()); }

}
}

Heres a run through:


$ java getLdapDetails Doe
John, Doe - [email protected]

$ java chLdapDetails
$ java getLdapDetails Doe
John A, Doe - [email protected]



Reference

[tags]LDAP updates JNDI, JNDI LDAP, JNDI, LDAP Training School[/tags]



ldapsearch logical NOT

Problem

You want to perform an LDAP search, matching entries which do not match certain criteria.



Solution

To perform a logical NOT we just use the exclamation mark ! – see example.



Example


This is how to perform a logical OR LDAP search.


ldapsearch -x -v-D"cn=Manager,dc=demo,dc=net"-w secret
-b"dc=demo,dc=net" "(!(sn=Doe))"



Reference

[tags]ldapsearch syntax, openldap ldapsearch, LDAP Training School[/tags]



ldapsearch logical AND

Problem

You want to match more than one field, in your LDAP search.



Solution

To match more than one field we use the ampersand – “&” with ldapsearch.



Example


This is how to perform a logical AND LDAP search.


ldapsearch -x -v-D"cn=Manager,dc=demo,dc=net"-w secret
-b"dc=demo,dc=net" "(&(givenname=John)(sn=Smith))"



Reference

[tags]ldapsearch syntax, openldap ldapsearch, LDAP Training School[/tags]



ldapsearch with logical OR

Problem

You want to match more one or another pattern, in your LDAP search.



Solution

To match more one pattern or another we use the pipe symbol “|” .



Example


This is how to perform a logical OR LDAP search.


ldapsearch -x -v-D"cn=Manager,dc=demo,dc=net"-w secret
-b"dc=demo,dc=net" "(|(sn=Doe)(sn=Smith))"



Reference

[tags]ldapsearch syntax, openldap ldapsearch, LDAP Training School[/tags]



Deleting LDAP Record

Problem

You want to delete a LDAP entry.



Solution

In this example, we just use ldapdelete from the command line.

Remember to take a backup. ldapsearch with -L



Example


Here is an example of deleting a record in LDAP:


ldapdelete -v -D'cn=Manager..' -w ${passwd}
-h ${host} -p ${port}<<EOT
cn=….
EOT

Effectively – you just need to supply the full DN. Also be aware you need to delete the lowest branch first, for example:

uid=….
sales=…,uid=….

You need to delete sales first, then uid.



Reference

[tags]ldapdelete, LDAP Training School[/tags]



Modify LDAP record entry

Problem

You want to modify or change a record in LDAP.

Supplanting one value with another.



Solution

Use ldapmodify from the command line.

Again take a backup with -L – just to be sure. 🙂



Example


Here is an example of modifying a record in LDAP, when you need to modify an entry to an existing record:


ldapmodify -x -v-D”cn=Manager,dc=demo,dc=net”-w secret<<EOT
dn: cn=jdoe,dc=demo,dc=net
changetype: modify
replace: mail
mail: [email protected]
EOT



Reference

[tags]ldapmodify, modify ldap record, LDAP Training School[/tags]



Beginning ldap – modify a record

Problem

You want to modify an LDAP record.

For example change telephone number, address, etc.



Solution

Use ldapmodify from command line. I might seem daunting to start with, but it is the best way.

Plus you should perform a search with -L option, to take a backup to file.



Example


Here is an example of modifying a record in LDAP, when you need to add an entry to an existing record:


ldapmodify -x -v-D”cn=Manager,dc=demo,dc=net”-w secret<<EOT
dn: cn=jdoe,dc=demo,dc=net
changetype: modify
add: mail
mail: mail: [email protected]
EOT

Here we are adding the mail field and value.



Reference

[tags]ldapmodify, adding field to ldap record, LDAP Training School[/tags]