Red Hat ENTERPRISE LINUX 3 Reference Manual

Also see for ENTERPRISE LINUX 3 - SECURITY GUIDE: Tuning guide Installation guide Installation guide Installation guide Manual

Contents

Chapter 13. Lightweight Directory Access Protocol (LDAP) 203There are two servers contained in the openldap-servers package: the StandaloneLDAP Daemon (/usr/sbin/slapd) and the Standalone LDAP Update Replication Daemon(/usr/sbin/slurpd).The slapd daemon is the standalone LDAP server while the slurpd daemon is used to synchronizechanges from one LDAP server to other LDAP servers on the network. The slurpd daemon is onlyused when dealing with multiple LDAP servers.To perform administrative tasks, the openldap-servers package installs the following utilities intothe /usr/sbin/ directory:• slapadd — Adds entries from an LDIF file to an LDAP directory. For example, the command/usr/sbin/slapadd -l ldif-input reads in the LDIF file, ldif-input, containing the newentries.• slapcat — Pulls entries out of an LDAP directory in the default format, Berkeley DB, and savesthem in an LDIF file. For example, the command /usr/sbin/slapcat -l ldif-output out-puts an LDIF file called ldif-output containing the entries from the LDAP directory. This com-mand works for directories created under Red Hat Enterprise Linux 3 and Red Hat Linux 9.• slapcat-gdbm — Pulls entries out of an LDAP directory in the gdbm format (the default in earlierversions of OpenLDAP) and saves them in an LDIF file. This command is provided solely as ameans for migrating a directory from OpenLDAP implemented under Red Hat Enterprise Linux2.1 and Red Hat Linux versions 7.x through 8. Refer to Section 13.8 Migrating Directories fromEarlier Releases for information on how to use this command.• slapindex — Re-indexes the slapd directory based on the current content. This tool should berun whenever indexing options within /etc/openldap/slapd.conf are changed.• slappasswd — Generates an encrypted user password value for use with ldapmodify or therootpw value in the slapd configuration file, /etc/openldap/slapd.conf. Execute the/usr/sbin/slappasswd command to create the password.WarningBe sure to stop slapd by issuing /sbin/service ldap stop before using slapadd, slapcat orslapindex. Otherwise, the integrity of the LDAP directory is at risk.For more information about how to use these utilities, refer to their respective man pages.The openldap-clients package installs tools into /usr/bin/ which are used to add, modify, anddelete entries in an LDAP directory. These tools include the following:• ldapadd — Adds entries to an LDAP directory by accepting input via a file or standard input;ldapadd is actually a hard link to ldapmodify -a.• ldapdelete — Deletes entries from an LDAP directory by accepting input via user input at a shellprompt or via a file.• ldapmodify — Modifies entries in an LDAP directory, accepting input via a file or standard input.• ldappasswd — Sets the password for an LDAP user.• ldapsearch — Searches for entries in an LDAP directory using a shell prompt.With the exception of ldapsearch, each of these utilities is more easily used by referencing a filecontaining the changes to be made rather than typing a command for each entry to be changed withinan LDAP directory. The format of such a file is outlined in the man page for each utility.