Changing Things Around - Administration

Now that you know how LDAP works, it's time to put it intopractice. In this article, find out how to compile, install and configurethe OpenLDAP software suite, create an LDAP directory for your organization,and add entries to it. Also included: a detailed discussion of how to searchthe database using both the UNIX client tools supplied with OpenLDAP, andthe LDAP client built into Qualcomm Eudora.

TABLE OF CONTENTS:

By: icarus, (c) Melonfire

Poor Best

Rating:

/ 15

March 05, 2003

print this article

SEARCH DEV SHED

TOOLS YOU CAN USE

Now, how about editing entries in the database? LDAP allows you to do this via the "ldapmodify" command, as demonstrated in the following example:


[root@olympus] $ /usr/local/openldap/bin/ldapmodify -x -D
"cn=root,dc=melonfire,dc=com" -W

You'll be prompted for the password - enter it, and then enter the DN for the record being edited, followed by the new attribute-value pairs:


dn: mail=sarah@melonfire-mail.com, dc=melonfire, dc=com
sn: Jones
modifying entry "mail=sarah@melonfire-mail.com,dc=melonfire,dc=com"

Now, when you check the database again with "ldapsearch"


[root@olympus] $ /usr/local/openldap/bin/ldapsearch -b 'dc=melonfire,dc=com''(cn=Sarah)'

you'll see the revised entry:


# extended LDIF## LDAPv3# base <dc=melonfire,dc=com> with scope sub# filter: (cn=Sarah)# requesting: ALL## sarah@melonfire-mail.com, melonfire.comdn: mail=sarah@melonfire-mail.com,dc=melonfire,dc=comobjectClass: inetOrgPersoncn: Sarahmail: sarah@melonfire-mail.comtelephoneNumber: 23 67 128 5639sn: Nobody# search resultsearch: 1result: 0 Success# numResponses: 2# numEntries: 1

In a similar manner, you can even add a new attribute to an existing entry - here's how:


[root@olympus] $ /usr/local/openldap/bin/ldapmodify -x -D
"cn=root,dc=melonfire,dc=com" -W Enter LDAP Password: ****
dn: mail=sarah@melonfire-mail.com, dc=melonfire, dc=com
carLicense: MFC 437458
modifying entry "mail=sarah@melonfire-mail.com, dc=melonfire, dc=com"

And now, when you run the same search, you'll see that the entry contains your newly-added attribute:


# extended LDIF
#
# LDAPv3
# base <dc=melonfire,dc=com> with scope sub
# filter: (cn=Sarah)
# requesting: ALL
#
# sarah@melonfire-mail.com, melonfire.com
dn: mail=sarah@melonfire-mail.com,dc=melonfire,dc=com
objectClass: inetOrgPerson
cn: Sarah
mail: sarah@melonfire-mail.com
telephoneNumber: 23 67 128 5639
sn: Jones
carLicense: MFC 437458
# search result
search: 1
result: 0 Success
# numResponses: 2
# numEntries: 1

Finally, you can easily remove existing entries from the database via the "ldapdelete" command - simply provide the DN of the entry to be deleted:


[root@olympus] $ /usr/local/openldap/bin/ldapdelete -x -D
"cn=root,dc=melonfire,dc=com" -W Enter LDAP Password: ****
mail=rita@melonfire-mail.com, dc=melonfire, dc=com

Next: You Have Mail >>