Now that you know how LDAP works, it's time to put it intopractice. In this article, find out how to compile, install and configurethe OpenLDAP software suite, create an LDAP directory for your organization,and add entries to it. Also included: a detailed discussion of how to searchthe database using both the UNIX client tools supplied with OpenLDAP, andthe LDAP client built into Qualcomm Eudora.
Now that you've put data in, it's time to get it out - which is where the "ldapsearch" command comes in.
The "ldapsearch" command allows you to query the LDAP database from a specific segment of the directory tree, and look for records matching certain characteristics. These characteristics could be attributes ("fetch me all records containing email addresses beginning with a J"), object classes ("fetch me all records of class 'person'") or any other criteria that you may choose.
Consider the following example, which demonstrates:
A different search criteria this time, this one using wildcards to search for users with an email address beginning with "root". The "-LLL" parameter tells the client to display the output in LDIF format, without the additional comments.
Here's the output:
Too much information? You can limit
the attributes displayed of each entry by specifying them at the end of your command:
[root@olympus] $ /usr/local/openldap/bin/ldapsearch -LLL -b
'dc=melonfire,dc=com' '(mail=root*)' cn sn
In this case, only the
"cn" and "sn" attributes of the entry will be displayed:
If you have a large database, you can limit the number
of entries returned via the "-z" parameter, which specifies the number of results to display.
Obviously, there are innumerable ways to search the database, and I don't plan to get into all of them here. The examples above should give you a taste of what is possible - try experimenting on your own, or check out the manual pages for more.