Go back ⮌

LDAP and how to use it

We have LDAP installed and somehow configured, but what now? How do we exactly use it? There are two major ways for managing directory. First one is using some kind of GUI client. An open and popular one is Apache Directory Studio, based on Eclipse it is good, it does its job, I guess. Second way is to use command line utilities we have installed along with slapd and which we have already used.

Most of the mentioned utilities use a lot of common options, some of them are:

We can set some defaults in rc file in home directory ~/.ldaprc:

BASE dc=example,dc=com
BINDN cn=admin,dc=example,dc=com

And basic usage:

ldapsearch -x -W -D cn=admin,dc=example,dc=com -b dc=example,dc=com -LLL
ldapadd -W -D "cn=admin,dc=example,dc=com" -f add_ou.ldif

If you want to generate password for use in ldif files then you can use slappasswd (simply run it). Permissions or rather Access Control Lists are configured inside slapd.conf file and they may look like this:

access to dn.sub="dc=example,dc=com" attrs=userPassword
	by anonymous auth

access to dn.sub="ou=people,dc=example,dc=com"
	by dn.exact="cn=mailReader,ou=Manager,dc=example,dc=com" read