Topic 7

Date: 3/1/2017
Lightweight Directory Access Protocol (LDAP)
Linux System Administration


Practical exercises: LDAP commands.

  • On the server, master, create a new directory, LDAP_dev, where you will have ldif files.
    mkdir LDAP_dev
    cd LDAP_dev
    

  • Compose a new LDIF file, init.ldif, with the content shown below:
    # Root node
    dn: dc=dom02,dc=linux,dc=class
    objectclass: organization
    objectclass: dcObject
    o: dom02.linux.com
    dc: dom02
    
    # The list branch node
    dn: ou=Consulting, dc=dom02,dc=linux,dc=class
    objectclass: organizationalUnit
    ou: Consulting
    
    # The Super-User's node
    dn: cn=Manager, dc=dom02, dc=linux, dc=class
    objectclass: organizationalRole
    cn: Manager
    
    # A leaf node
    dn: cn=Dennis Ritchie, ou=Consulting, dc=dom02,dc=linux,dc=class
    objectclass: person
    cn: Dennis Ritchie
    sn: Ritchie
    
    # Another leaf node
    dn: cn=Ken Thompson , ou=Consulting, dc=dom02,dc=linux,dc=class
    objectclass: person
    cn: Ken Thompson
    sn: Thompson
    
    The content of the LDIF file, init.ldif, represents the following directory tree:



  • Populate the content of init.ldif into the LDAP by executing command ldapadd with binding as the LDAP manager:
    ldapadd -x -D 'cn=Manager,dc=dom02,dc=linux,dc=class' -W -f init.ldif
    
  • On the client, n01, run ldapsearch commands:
    ldapsearch -x -L -b 'dc=dom02,dc=linux,dc=class'  '(objectclass=*)'
    ldapsearch -x -LL -b 'dc=dom02,dc=linux,dc=class' '(cn=*)'
    ldapsearch -x -LL -b 'dc=dom02,dc=linux,dc=class' '(cn=Ken Thompson)'
    
  • On the server, master, create a new LDIF file, people.ldif:
    dn: ou=passwords, dc=dom02, dc=linux, dc=class
    ou: passwords
    objectclass: organizationalUnit
    
    dn: ou=group, dc=dom02, dc=linux, dc=class
    ou: group
    objectclass: organizationalUnit
    
  • Add it to the LDAP database by using command ldapadd:
    ldapadd -x -D 'cn=Manager,dc=dom02,dc=linux,dc=class' -W -f people.ldif
    

  • Check if the "ou" entries are in the database by running
    ldapsearch -x -LL -b  'dc=dom02,dc=linux,dc=class'
    
  • Delete Organizational Units "passwords" and "group": create a file, delp.txt:
    ou=passwords, dc=dom02, dc=linux, dc=class
    ou=group, dc=dom02, dc=linux, dc=class
    
    Run
    ldapdelete -x -D 'cn=Manager,dc=dom02,dc=linux,dc=class' -W -f delp.txt 
    

  • Modify people.ldif:
    dn: ou=People, dc=dom02, dc=linux, dc=class
    ou: People
    objectclass: organizationalUnit
    
    dn: ou=group, dc=dom02, dc=linux, dc=class
    ou: group
    objectclass: organizationalUnit
    
    Run
    ldapadd -x -D 'cn=Manager,dc=dom02,dc=linux,dc=class' -W -f people.ldif
    
  • Now the LDAP directory looks as follows:





  • Take me to the Course Website