čtvrtek 22. května 2008

SSL LDAP Search

ssl ldap search without a base (eg. to get a base):

$ ldapsearch -h servername -p port_number -b "" -s base -D "uid=proxy" -Z -P /opt/DSRK6.3/etc/cert7.db -K /opt/DSRK6.3/etc/key3.d objectclass=* | grep ldap:

netscapemdsuffix: cn=ldap://dc=servername,dc=some_ds,dc=some_dc:389

ldapsearch 
 -h [server name]   
 
 myserver.mydomain.org

 -p [server port]   
 
  123

 -b [base name]  

 ou=people,ou=common,c=cz,o=mydomain,o=org

 -s [Specify the scope of a search. The scope parameter 
     may have one of the following values:

            # base - For searching only the base entry.
     # one - For searching only the children of the base entry.
            # sub - For searching the base entry and all its descendants (default)]

 one 
  
 -D [account which performs a search] 

 "uid=proxy"
 
 -w [password for the account] 

 blabla

 -Z [make an SSL-encrypted connection]

 -P [path to cert] 

  /opt/DSRK6.3/etc/cert7.db
 
 -K [path to key] 

 /opt/DSRK6.3/etc/key3.db] 
 
 -v [run in verbose mode (diagnostics to standard output)]
 
 -T [don't fold (wrap) long lines (default is to fold)]
 
 -e [minimize base-64 encoding of values]

 -1 [omit leading "version: 1" line in LDIF output]

 [filter expression]  

 "(&(objectclass=posixaccount)(uid=username))"] 

 [which fields values] 

 "uid cn uidNumber gidNumber homeDirectory loginShell"



ssl ldap modify

cat > /tmp/change_shell

dn: uid=username,ou=people,ou=Common,l=***,c=***,o=***
changetype: modify
replace: loginShell
loginShell: /bin/bash

[ctrl+d]

ldapmodify -h servername -p ssl_port_number -D uid=some_user_or_proxy,ou=***,l=***,c=***,o=***k -w password \
   -Z -P  -K  -f /tmp/change_shell


*A DN is typically composed of an ordered set of attribute type/attribute value pairs. Most DNs are composed of pairs in the following order:

* common name (cn)
* organization (o) or organizational unit (ou)
* country (c)

The following string-type attributes represent the set of standardized attribute types for accessing an LDAP directory. A DN can be composed of attributes with an LDAP syntax of Directory String, including the following:

* CN - CommonName
* L - LocalityName
* ST - StateOrProvinceName
* O - OrganizationName
* OU - OrganizationalUnitName
* C - CountryName
* STREET - StreetAddress

*(from IBM: http://publib.boulder.ibm.com/infocente ... gref11.htm)

syntax explained in more detail:

http://docs.sun.com/source/816-6400-10/lsearch.html

linux ldap basics (Czech)

http://hps.mallat.cz/view.php?cisloclanku=2004101401
Vystavil v

Žádné komentáře:

Okomentovat

Přihlásit se k odběru: Komentáře k příspěvku (Atom)