How to access / modify the eDirectory data over the terminal by using ldapvi
The Novell eDirectory supports LDAP (Light Weight Directory Access Protocol) and provides number of utilities, applications and APIs to communicate with it. But the ldapvi can be useful in some different scenarios, lets discuss about that.
The LDAPVI, name itself says everything about this utility. If you are a NIX user and familiar with VI editor, you will be able to use this utility( Basic knowledge of VI editor is required to use this utility). This utility supports almost VI functionalities which is the main benefit of it.
Now let me focus on some obvious questions...
What is LDAPVI?
The LDAPVI is not simply an editor. Its an utility which will take parameters to communicate with LDAP supported directory server and make a query to it. After querying the directory server, it will get some results which will be displayed in LDIF kind of format in editor. Where you can directly edit the resulted data and submit back to the server. Its really easy to do different LDAP operations by using LDAPVI and because of that its known as an interactive LDAP client for NIX terminals.
Why/When should we use LDAPVI?
I think there are only two ways to communicate with any directory server, 1st Server APIs and 2nd Command Line utils(which will also use same APIs). There are number of other applications which are designed by using these APIs and provide same functionalities ex. Web based utile, stand alone software etc. The ldapvi is one of them only, but it will be very useful in situations like Low-End hardware, Low network / Internet speed, Operating System without X(GUI) support, Bulk update etc.
Let me give you the brief about some situations...
- Low-End hardware, Low Network / Internet speed
Nowadays network speed is not the issue, but if you are using some Low-End hardware or Low speed wireless network or network with lots of traffic. May be this will become the issue for you. In this situation ldapvi can be very useful for you. Like other GUI based applications, it doesn't put much load on hardware and if we compare it with web application, it requests only for data no any other HTML content or images.
- Operating System without X (Graphical User Interface) Support
If you are running Operating System without X and you want to do some operations with Directory Server. You will have only one option command line utilities(like ldapsearch/add/modify/delete, nds utils, ldapvi and others). Most of the utilities in previous list need little bit more efforts, knowledge & time as compare with ldapvi, but we can do it in very less time with basic knowledge of LDAP, LDIF & VI editor by using ldapvi.
- Bulk updates
If you are using tools / applications like web application, standalone, command line utilities to communicate with directory server and want to modify multiple records with different values. You will have to use iterative way, but ldapvi makes this possible in single iteration. The ldapvi loads all queried data into editor and provide the provision to use editor's functionalities like search and replace, regex etc to modify the data.
How to install and configure LDAPVI with eDirectory on SLES10?
There are two ways to install it, 1st Source and 2nd rpm package. To download & install it from source you can follow this link...
But if you want to install it from rpm package, you can search on openSUSE software site http://software.opensuse.org/search for particular distribution.
For example, Use this link to download package for SLES10 - i586 architecture...
Once it has been installed, you can simply use it like any normal command.
This command will give you the list of available command line options for ldapvi.
Here it will try to connect with default port(389) on localhost as anonymous user. In eDirectory by default anonymous search is allowed, so you will get all the records from the directory tree root in editor. Be careful if your tree size is very large, then you should use ldapvi with base -b command line option to specify search base. Otherwise it will take some time to load all the data. But by default eDirectory will not allow you to do any modifications as an anonymous user, so you will have to provide your identity with -D option to make any modifications.
user@novell:~>ldapvi -D cn=admin,o=novell -b o=novell
This command will try to connect as an admin user and will prompt you for admin password. Once you provide password, you will get all the records from the base o=novell. Here you may get some error like...
ldap_bind: Confidentiality required (13)
Because by default TLS option is enabled for simple bind with password. Its one of the encryption mechanism like SSL which will be discussed in second part. Lets first see how can we do this in plain text. To check the 'Require TLS for Simple Binds with Password' option is enabled or not you can use...
Here you will have to find 'Require TLS for Simple Binds with Password' option, by default it is enabled on eDirectory with value 'yes'. If this option is enabled, you will have to disable it by setting up value "no".
user@novell:~>ldapconfig set "Require TLS for Simple Binds with Password=no"<enter>
user@novell:~>ldapconfig set "Require TLS for Simple Binds with Password=no" localhost:389<enter>
Once this option will be disabled, you can do all other ldap operations by using ldapvi. Be careful your whole communication is being done in plain text format and you should not use this method from the outside of your network (preferable on the server network only). To use it from the outside of your network, you should use encrypted method which will be covered in next part.
For more information about ldapvi usage, you can go through the man pages or documentation...