Administration
  Home arrow Administration arrow Page 6 - Understanding LDAP (part 2)
Dev Shed Forums 
Administration  
Apache  
BrainDump  
DHTML  
Flash  
Java  
JavaScript  
Multimedia  
MySQL  
Oracle  
Perl  
PHP  
Practices  
Python  
Reviews  
Security  
Style-Sheets  
Web Services  
XML  
Zend  
Zope  
Forums Sitemap 
IBM® developerWorks 
Dedicated Servers 
E-Commerce Hosting 
Linux Web Hosting 
Managed Hosting 
Small Business Hosting 
Download TestComplete 
VPS Hosting 
Weekly Newsletter

 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
ADMINISTRATION

Understanding LDAP (part 2)
By: icarus, (c) Melonfire
  • Search For More Articles!
  • Disclaimer
  • Author Terms
    		•
    Rating: 5 stars5 stars5 stars5 stars5 stars / 9
    2003-03-05

    Table of Contents:
  • Understanding LDAP (part 2)
  • Opening Up
  • Building Blocks
  • The Root Of All Evil
  • A Little Black Book Is Born
  • Digging Deep
  • Changing Things Around
  • You Have Mail
  • Link Zone
    		•

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
    		 
     
    FaxWave - Free Trial.
     
    ADVERTISEMENT

    Route your faxes to your email inbox. Private, secure fax numbers available from CallWave. Choose your fax number.

    Understanding LDAP (part 2) - Digging Deep
    (Page 6 of 9 )

    Now that you've put data in, it's time to get it out - which is where the "ldapsearch" command comes in.

    The "ldapsearch" command allows you to query the LDAP database from a specific segment of the directory tree, and look for records matching certain characteristics. These characteristics could be attributes ("fetch me all records containing email addresses beginning with a J"), object classes ("fetch me all records of class 'person'") or any other criteria that you may choose.

    Consider the following example, which demonstrates: 
    [root@olympus] $ /usr/local/openldap/bin/ldapsearch -b 'dc=melonfire,dc=com'
    This is a very simple catch-all query - it returns all the records in the database. The "-b" parameter tells the query engine the base at which to begin searching.

    Here's the output: 
    # extended LDIF
#
# LDAPv3
# base <dc=melonfire,dc=com> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#
# melonfire.com
dn: dc=melonfire,dc=com
objectClass: dcObject
objectClass: organization
o: Melonfire
dc: melonfire.com
# root@melonfire-mail.com, melonfire.com
dn: mail=root@melonfire-mail.com,dc=melonfire,dc=com
objectClass: inetOrgPerson
cn: Keith
sn: Richards
mail: root@melonfire-mail.com
# joe@melonfire-mail.com, melonfire.com
dn: mail=joe@melonfire-mail.com,dc=melonfire,dc=com
objectClass: inetOrgPerson
cn: Joe
sn: Somebody
mail: joe@melonfire-mail.com
# sarah@melonfire-mail.com, melonfire.com
dn: mail=sarah@melonfire-mail.com,dc=melonfire,dc=com
objectClass: inetOrgPerson
cn: Sarah
sn: Nobody
mail: sarah@melonfire-mail.com
telephoneNumber: 23 67 128 5639
# numResponses: 5
# numEntries: 4
    Let's try another search, this one a little more focused: 
    [root@olympus] $ /usr/local/openldap/bin/ldapsearch -u -b
'dc=melonfire,dc=com' '(cn=Joe)'
    In this case, I've specified an additional search filter - return only those entries that have a "cn" attribute with the value "Joe". Here's the output: 
    # extended LDIF
#
# LDAPv3
# base <dc=melonfire,dc=com> with scope sub
# filter: (cn=Joe)
# requesting: ALL
#
# joe@melonfire-mail.com, melonfire.com
dn: mail=joe@melonfire-mail.com,dc=melonfire,dc=com
ufn: joe@melonfire-mail.com, melonfire.com
objectClass: inetOrgPerson
cn: Joe
sn: Somebody
mail: joe@melonfire-mail.com
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
    How about another one? 
    [root@olympus] $ /usr/local/openldap/bin/ldapsearch -LLL -b
'dc=melonfire,dc=com' '(mail=root*)'
    A different search criteria this time, this one using wildcards to search for users with an email address beginning with "root". The "-LLL" parameter tells the client to display the output in LDIF format, without the additional comments.

    Here's the output: 
    dn: mail=root@melonfire-mail.com,dc=melonfire,dc=com
objectClass: inetOrgPerson
cn: Keith
sn: Richards
mail: root@melonfire-mail.com
    Too much information? You can limit the attributes displayed of each entry by specifying them at the end of your command: 
    [root@olympus] $ /usr/local/openldap/bin/ldapsearch -LLL -b
'dc=melonfire,dc=com' '(mail=root*)' cn sn
    In this case, only the "cn" and "sn" attributes of the entry will be displayed: 
    dn: mail=root@melonfire-mail.com,dc=melonfire,dc=com
cn: Keith
sn: Richards
    If you have a large database, you can limit the number of entries returned via the "-z" parameter, which specifies the number of results to display. 
    [root@olympus] $ /usr/local/openldap/bin/ldapsearch -b 'dc=melonfire,dc=com'
-z 2
    Here's the output: 
    # extended LDIF
## LDAPv3# base <dc=melonfire,dc=com> with scope sub# filter: (objectclass=*)# requesting: ALL## melonfire.comdn: dc=melonfire,dc=comobjectClass: dcObjectobjectClass: organizationo: Melonfiredc: melonfire.com# root@melonfire-mail.com, melonfire.comdn: mail=root@melonfire-mail.com,dc=melonfire,dc=comobjectClass: inetOrgPersoncn: Keithsn: Richardsmail: root@melonfire-mail.com# search resultsearch: 2result: 4 Size limit exceeded# numResponses: 3# numEntries: 2
    Obviously, there are innumerable ways to search the database, and I don't plan to get into all of them here. The examples above should give you a taste of what is possible - try experimenting on your own, or check out the manual pages for more.

    Next: Changing Things Around >>
     

    More Administration Articles
    More By icarus, (c) Melonfire


     
    >>> Be the FIRST to comment on this article!

       

    ADMINISTRATION ARTICLES

    - Configuring Load-Balanced Clusters
    - Load-Balanced Clusters
    - UNIX Time Format Demystified
    - Making Changes in the CVS
    - Building Your First CVS Repository
    - CVS Quickstart Guide
    - Authorizing Users in Samba
    - Handling User Accounts in Samba
    - Authentication in Samba
    - Accounts, Authentication, and Authorization
    - Advanced Concepts on Dealing with Files and ...
    - Dealing with Files and Filesystems
    - More Hacks for the User Environment in BSD
    - Personalizing the User Environment in BSD
    - Customizing the User Environment in BSD
    Find More Administration Articles
     
    Accelerating Trading Partner Performance
     
    Competing on Analytics
     
    Cost Effective Scaling with Virtualization and Coyote Point Systems
     
    Five Checkpoints to Implementing IP Telephony
     
    Hosted Email Security: Staying Ahead of New Threats
     




    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 1 hosted by Hostway