Securing-Optimizing-RH-Linux-1_2_326
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
326
Step 2
Once the file newentry have been created, we must add the entry in the LDAP directory server.
·
To actually create the entry on-line in the backend database, use the following command:
[root@deep /]# ldapadd -f /tmp/newentry -D "cn=admin, o=openarch, c=com" -W
Enter LDAP Password :
The above command assumes that you have set rootdn to "cn=admin, o=openarch, c=com" and
rootpw to "secret". You will be prompted to enter the password.
NOTE: It is important to note that the slapd daemon of LDAP is started in this mode of creation.
ldapmodify
Contrarily to relational databases where data are constantly changed, directory server contains
information that is rarely modified once inserted. But some time you need to modify information
and the ldapmodify tool will help you in your tasks. The ldapmodify command allows you to
adds or modifies entries on the backend directory server.
Assuming that we want to replace the contents of the Europe Mourani entrys mail attribute with
the new value emourani@new.com, the following steps will be require:
Step 1
Create the modifyentry file (touch /tmp/modifyentry) and add in this file the contents:
cn=Europe Mourani, o=openarch, c=com
- mail=emourani@old.com
# will delete the old mail address for Europe Mourani in the database.
+mail=emourani@new.com
# will add the new mail address for Europe Mourani in the database.
Step 2
Once the modifyentry file have been created, we must replace the entry in the LDAP directory
server with the one contained in this file (modifyentry).
·
To modify the contents of backend database, use the following command:
[root@deep /]# ladpmodify -D cn=Admin, o=openarch, c=com -W -f <inputfile>
[root@deep /]# ladpmodify -D cn=Admin, o=openarch, c=com -W -f modifyentry
Where <inputfile> is the name of the file modifyentry we have created in step 1 above.
OpenLDAP Users Tools
Search on LDAP directory server for entries
The ldapsearch utility search through the backend database of LDAP directory for information you
have requested.
·
To search on LDAP directory for entries, use the following command:
[root@deep /]# ldapsearch -b dn attrs
[root@deep /]# ldapsearch -b o=openarch, c=com cn=europe*
cn=Europe Mourani, o=openarch, c=com
cn=Europe Mourani
sn=Mourani
mail=emourani@old.com
description=Marketing relation
objectClass=person