[Ltb-changes] [LDAP Tool Box (LTB)] page added: documentation:openldap-noopsrch

[webmaster]

A page in your DokuWiki was added or changed. Here are the details:

Date        : 2016/11/02 20:36
Browser     : Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 
Firefox/45.0
IP-Address  : 90.90.81.122
Hostname    : LFbn-1-12781-122.w90-90.abo.wanadoo.fr
Old Revision: ---
New Revision: http://ltb-project.org/wiki/documentation/openldap-noopsrch
Edit Summary: created
User        : dcoutadeur

====== Installation ======

apt-get install openldap-ltb-contrib-overlays
(or whatever package manager / OS you use)

====== Configuration ======

Add these directives to /usr/local/openldap/etc/openldap/slapd.conf:

<code>
include         /usr/local/openldap/etc/openldap/schema/core.schema
include         /usr/local/openldap/etc/openldap/schema/cosine.schema
include         /usr/local/openldap/etc/openldap/schema/inetorgperson.schema

modulepath      /usr/local/openldap/libexec/openldap
moduleload noopsrch.so
</code>

Restart OpenLDAP:
<code>
/etc/init.d/slapd restart
</code>

Then populate some entries:

vim base.ldif

<code>
dn: dc=my-domain,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
o: my-domain
dc: my-domain

dn: ou=users,dc=my-domain,dc=com
objectClass: top
objectClass: organizationalUnit
ou: users

dn: ou=groups,dc=my-domain,dc=com
objectClass: top
objectClass: organizationalUnit
ou: groups

dn: uid=test1,ou=users,dc=my-domain,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: test1
sn: test1
uid: test1
userPassword: secret

dn: uid=test2,ou=users,dc=my-domain,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
cn: test2
sn: test2
uid: test2
userPassword: secret
</code>

Finally, add these entries into OpenLDAP:
<code>
ldapadd -H 'ldap://localhost:389' -D 'cn=Manager,dc=my-domain,dc=com' -w secret 
-f base.ldif
</code>

h1. Usage

Search for all entries:

<code>
ldapsearch -x -H 'ldap://localhost:389' -D 'cn=Manager,dc=my-domain,dc=com' -w 
secret -b 'dc=my-domain,dc=com' '(objectClass=*)' -e 
'!1.3.6.1.4.1.4203.666.5.18'

search: 2
result: 0 Success
control: 1.3.6.1.4.1.4203.666.5.18 false MAkCAQACAQUCAQA=
</code>



Search for branch entries :

<code>
ldapsearch -x -H 'ldap://localhost:389' -D 'cn=Manager,dc=my-domain,dc=com' -w 
secret -b 'dc=my-domain,dc=com' '(objectClass=organizationalUnit)' -e 
'!1.3.6.1.4.1.4203.666.5.18'

search: 2
result: 0 Success
control: 1.3.6.1.4.1.4203.666.5.18 false MAkCAQACAQICAQA=
</code>


Some explanation:
- no operation is done,
- instead, the number of operation is displayed, on the "control" line
- how to verify the number of operations ?

<code>
echo -n 'MAkCAQACAQUCAQA=' | base64 -d | od -x --endian=big
0000000 3009 0201 0002 0105 0201 0000

0x30 ber sequence
0x09 length (9 bytes)

0x02 ber int
0x01 length (1 byte)
0x00 "0" (value of would be search result code)

0x02 ber int
0x01 length (1 byte)
0x05 "5" (number of would be returned entries) --> Ok, there are 5 entries 
returned

0x02 ber int
0x01 length (1 byte)
0x00 "0" (number of would be returned search refs)
</code>

<code>
echo -n 'MAkCAQACAQICAQA=' | base64 -d | od -x --endian=big
0000000 3009 0201 0002 0102 0201 0000


0x30 ber sequence
0x09 length (9 bytes)

0x02 ber int
0x01 length (1 byte)
0x00 "0" (value of would be search result code)

0x02 ber int
0x01 length (1 byte)
0x02 "2" (number of would be returned entries) --> Ok, there are 2 
organizational entries returned

0x02 ber int
0x01 length (1 byte)
0x00 "0" (number of would be returned search refs)
</code>


-- 
This mail was generated by DokuWiki at
http://ltb-project.org/wiki/

_______________________________________________
ltb-changes mailing list
ltb-changes@lists.ltb-project.org
http://lists.ltb-project.org/listinfo/ltb-changes