Nethence Documentation Lab Webmail Your IP BBDock  


Those documents are obsolete, please use the Nethence Documentation instead.

HomeUnixWindowsOracleObsoleteHardwareDIYMechanicsScriptsConfigsPrivate

LDAP client setup
 
Introduction
Make sure you've got the ldap-client package installed e.g.,
apt-get install ldap-client
 
Checking with ldapsearch
Check for suffix in slapd.conf, and see what to use as search base (-b).
 
Anonymous query,
ldapsearch -x -b "dc=example-int,dc=com" -h ldapsrv

-x Use simple authentication instead of SASL.

-b searchbase
Use searchbase as the starting point for the search instead of
the default.

-h ldaphost
Specify an alternate host on which the ldap server is running.
Deprecated in favor of -H.
 
Eventually refine your query to search for people or groups only,
ldapsearch -x -b "dc=example,dc=com" -h ldapsrv | grep ^dn
ldapsearch -x -b "ou=people,dc=example-int,dc=com" -h ldapsrv
ldapsearch -x -b "ou=group,dc=example-int,dc=com" -h ldapsrv
 
Check for rootdn in slapd.conf, and see what to use as Distinguished Name for the LDAP admin.
 
Authenticated query as LDAP admin,
ldapsearch -D "cn=ldap-admin,dc=example,dc=com" -W -b "ou=people,dc=example,dc=com" -h ldapsrv
==> provide LDAP admin password

-D binddn
Use the Distinguished Name binddn to bind to the LDAP directory.
For SASL binds, the server is expected to ignore this value.

-W Prompt for simple authentication. This is used instead of spec
ifying the password on the command line.
Note. with or without -x
 
Authenticated query as LDAP user,
ldapsearch -D "uid=USERNAME,ou=people,dc=example-int,dc=com" -W -b "ou=people,dc=example-int,dc=com" -h ldapsrv
==> provide user password
Note. with or without -x
 
Once the client has been configured, you may also use short form e.g.,
ldapsearch -x uid=*
and to search for emails only,
ldapsearch -x mail=*
 
Configuring LDAP client on RHEL7
Configure system authentication on RHEL7,
yum install nss-pam-ldapd
authconfig-tui
[*] Use LDAP
[*] Use LDAP Authentication
[ ] Use TLS
Server: ldap://ldapsrv/
Base DN: dc=example,dc=com
or Base DN: ou=people,dc=example,dc=com
check,
grep ldap /etc/nsswitch.conf
cat /etc/openldap/ldap.conf
 

Last update: Jan 07, 2016