Anonymous_User Absent Member.
Absent Member.
714 views

how to use ldapsearch?


We wan't to use ldapmodify to correct some entries in the database.

First I use

ldapsearch -LLL -x 'cn=username'

to see what entries are in the database. But I seams this command don't
show all entries. (I see much more informations with the imanager.)

How can I get/set all this Informations with a commandline tool?

We want to create users without using massuser, because this is a
windows tool, and all other things can be done with linuxscipts
(nambulkadd, set rigths, create homedirs for Windows and Linux, set
password...)

There are only some things missing. Most important the "home Directory"
(volume/path)) Information for windows, (if possible, set owner for the
homedir)
But there are also some other entries like Name, fullname, department...
they are not shown with ldapsearch.

System: SLES10 SP4 x86_64, OES2 SP3 x86_64 (ZCM11)

btw: Is there a good documentation somewhere I found only Novell
developer kit "ldap tool" from feb. 2007


--
Alix
------------------------------------------------------------------------
Alix's Profile: https://forums.netiq.com/member.php?userid=8490
View this thread: https://forums.netiq.com/showthread.php?t=52176

Labels (1)
0 Likes
1 Reply
Anonymous_User Absent Member.
Absent Member.

Re: how to use ldapsearch?

On 11/12/2014 08:16 AM, Alix wrote:
>
> We wan't to use ldapmodify to correct some entries in the database.
>
> First I use
>
> ldapsearch -LLL -x 'cn=username'


This command explicitly tells the server to only return the objects with a
CN attribute set to 'username'. Seeing all objects in the tree can be
done by removing this last section. The default filter used by most
applications to dump everything is 'objectClass=*' which means find any
object with an objectClass.

> to see what entries are in the database. But I seams this command don't
> show all entries. (I see much more informations with the imanager.)
>
> How can I get/set all this Informations with a commandline tool?


See above.

> We want to create users without using massuser, because this is a
> windows tool, and all other things can be done with linuxscipts
> (nambulkadd, set rigths, create homedirs for Windows and Linux, set
> password...)
>
> There are only some things missing. Most important the "home Directory"
> (volume/path)) Information for windows, (if possible, set owner for the
> homedir)


I'm not sure what this means; attributes within the directory can be set
via LDAP, but if the ownership of a file/directory is needed, that will
need to be done some other way I believe, as the directory (meaning
eDir/LDAP) does not include filesystem rights that granularly.

> But there are also some other entries like Name, fullname, department...
> they are not shown with ldapsearch.


They are if you have rights to read them. You ldapsearch command above is
likely binding anonymously, meaning you only see things that the [Public]
trustee (or a proxy user on your LDAP Group object) can see, which is very
little in terms of available attributes. To add a bind DN try this:


ldapsearch -LLL -x -D cn=bind,ou=user,o=goes,dc=here -W


The '-W' prompts for a password; specifying '-w' will let you put the
password on the command line, though I'd avoid that if possible.


man ldapsearch


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.