Home arrow Site Administration arrow Page 6 - Understanding LDAP (part 2)

Digging Deep - Administration

Now that you know how LDAP works, it's time to put it intopractice. In this article, find out how to compile, install and configurethe OpenLDAP software suite, create an LDAP directory for your organization,and add entries to it. Also included: a detailed discussion of how to searchthe database using both the UNIX client tools supplied with OpenLDAP, andthe LDAP client built into Qualcomm Eudora.

TABLE OF CONTENTS:
  1. Understanding LDAP (part 2)
  2. Opening Up
  3. Building Blocks
  4. The Root Of All Evil
  5. A Little Black Book Is Born
  6. Digging Deep
  7. Changing Things Around
  8. You Have Mail
  9. Link Zone
By: icarus, (c) Melonfire
Poor Best
Rating: starstarstarstarstar / 15
March 05, 2003

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement
Now that you've put data in, it's time to get it out - which is where the "ldapsearch" command comes in.

The "ldapsearch" command allows you to query the LDAP database from a specific segment of the directory tree, and look for records matching certain characteristics. These characteristics could be attributes ("fetch me all records containing email addresses beginning with a J"), object classes ("fetch me all records of class 'person'") or any other criteria that you may choose.

Consider the following example, which demonstrates: 
[root@olympus] $ /usr/local/openldap/bin/ldapsearch -b 'dc=melonfire,dc=com'
This is a very simple catch-all query - it returns all the records in the database. The "-b" parameter tells the query engine the base at which to begin searching.

Here's the output: 
# extended LDIF
#
# LDAPv3
# base <dc=melonfire,dc=com> with scope sub
# filter: (objectclass=*)
# requesting: ALL
#
# melonfire.com
dn: dc=melonfire,dc=com
objectClass: dcObject
objectClass: organization
o: Melonfire
dc: melonfire.com
# root@melonfire-mail.com, melonfire.com
dn: mail=root@melonfire-mail.com,dc=melonfire,dc=com
objectClass: inetOrgPerson
cn: Keith
sn: Richards
mail: root@melonfire-mail.com
# joe@melonfire-mail.com, melonfire.com
dn: mail=joe@melonfire-mail.com,dc=melonfire,dc=com
objectClass: inetOrgPerson
cn: Joe
sn: Somebody
mail: joe@melonfire-mail.com
# sarah@melonfire-mail.com, melonfire.com
dn: mail=sarah@melonfire-mail.com,dc=melonfire,dc=com
objectClass: inetOrgPerson
cn: Sarah
sn: Nobody
mail: sarah@melonfire-mail.com
telephoneNumber: 23 67 128 5639
# numResponses: 5
# numEntries: 4
Let's try another search, this one a little more focused: 
[root@olympus] $ /usr/local/openldap/bin/ldapsearch -u -b
'dc=melonfire,dc=com' '(cn=Joe)'
In this case, I've specified an additional search filter - return only those entries that have a "cn" attribute with the value "Joe". Here's the output: 
# extended LDIF
#
# LDAPv3
# base <dc=melonfire,dc=com> with scope sub
# filter: (cn=Joe)
# requesting: ALL
#
# joe@melonfire-mail.com, melonfire.com
dn: mail=joe@melonfire-mail.com,dc=melonfire,dc=com
ufn: joe@melonfire-mail.com, melonfire.com
objectClass: inetOrgPerson
cn: Joe
sn: Somebody
mail: joe@melonfire-mail.com
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
How about another one? 
[root@olympus] $ /usr/local/openldap/bin/ldapsearch -LLL -b
'dc=melonfire,dc=com' '(mail=root*)'
A different search criteria this time, this one using wildcards to search for users with an email address beginning with "root". The "-LLL" parameter tells the client to display the output in LDIF format, without the additional comments.

Here's the output: 
dn: mail=root@melonfire-mail.com,dc=melonfire,dc=com
objectClass: inetOrgPerson
cn: Keith
sn: Richards
mail: root@melonfire-mail.com
Too much information? You can limit the attributes displayed of each entry by specifying them at the end of your command: 
[root@olympus] $ /usr/local/openldap/bin/ldapsearch -LLL -b
'dc=melonfire,dc=com' '(mail=root*)' cn sn
In this case, only the "cn" and "sn" attributes of the entry will be displayed: 
dn: mail=root@melonfire-mail.com,dc=melonfire,dc=com
cn: Keith
sn: Richards
If you have a large database, you can limit the number of entries returned via the "-z" parameter, which specifies the number of results to display. 
[root@olympus] $ /usr/local/openldap/bin/ldapsearch -b 'dc=melonfire,dc=com'
-z 2
Here's the output: 
# extended LDIF
## LDAPv3# base <dc=melonfire,dc=com> with scope sub# filter: (objectclass=*)# requesting: ALL## melonfire.comdn: dc=melonfire,dc=comobjectClass: dcObjectobjectClass: organizationo: Melonfiredc: melonfire.com# root@melonfire-mail.com, melonfire.comdn: mail=root@melonfire-mail.com,dc=melonfire,dc=comobjectClass: inetOrgPersoncn: Keithsn: Richardsmail: root@melonfire-mail.com# search resultsearch: 2result: 4 Size limit exceeded# numResponses: 3# numEntries: 2
Obviously, there are innumerable ways to search the database, and I don't plan to get into all of them here. The examples above should give you a taste of what is possible - try experimenting on your own, or check out the manual pages for more.


 
 
>>> More Site Administration Articles          >>> More By icarus, (c) Melonfire
 

blog comments powered by Disqus
   

SITE ADMINISTRATION ARTICLES

- Coding: Not Just for Developers
- To Support or Not Support IE?
- Administration: Networking OSX and Win 7
- DotNetNuke Gets Social
- Integrating MailChimp with Joomla: Creating ...
- Integrating MailChimp with Joomla: List Mana...
- Integrating MailChimp with Joomla: Building ...
- Integrating MailChimp with Joomla
- More Top WordPress Plugins for Social Media
- Optimizing Security: SSH Public Key Authenti...
- Patches and Rejects in Software Configuratio...
- Configuring a CVS Server
- Managing Code and Teams for Cross-Platform S...
- Software Configuration Management
- Back Up a Joomla Site with Akeeba Backup
Find More Site Administration Articles

Developer Shed Affiliates

 

© 2003-2013 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap

Dev Shed Tutorial Topics: