1.9 KiB
Basic LDAP operations
These scripts act as shortcuts for frequently used openldap
commands or operations. Specifying the dn
, password, host address, etc. in a script eliminates the need to type them every time you have to do something.
Keep the scripts and credentials away from unauthorized personnel. Use at your own risk.
Common openldap commands and options
It is necessary to understand these basic commands
ldapsearch
: Search for entries in the directoryldapadd
: Add entries to the directoryldapmodify
: Modify entries in the directoryldapvi
: A program to edit enties using your text-editor
You will have to modify these fields in the scripts:
-H
: Host ip-address or url:ldap://192.12.34.123/
,ldaps://ldap.example.com/
-D
: Bind DN:cn=ldapadmin,dc=example,dc=com
-w
: Bind password:-wS3cretP4$$w0rd
or-w S3cretP4$$w0rd
-b
: Search base:dc=example,dc=com
-f
: File: The.ldif
file with theldif
data to add or modify an entry
Command examples:
ldapsearch -D cn=ldapadmin,dc=example,dc=com -w Y0ur4dm!nPwd -H ldap://ldap.example.com/ -b dc=example,dc=com uid=tomsawyer
ldapadd -D cn=ldapadmin,dc=example,dc=com -w Y0ur4dm!nPwd -H ldap://192.12.34.123/ -f testuser.ldif
Refer the openldap man pages or documentations for more information including full lists of options and argumenst for each command, syntax for ldif
files, ldap filters, oid
and attributes, etc.
Script usage
ldapsearch.sh: Search entries by any attribute
bash ldapsearch.sh uid=tomsawyer # Takes any number of arguments
ldapadd.sh: Add entries from ldif file
bash ldapadd.sh filename.ldif # Takes 1 filename as argument
ldapmodify.sh: Modify entries with info from ldif file
bash ldapmodify.sh filename.ldif # Takes 1 filename as argument