this is obsolete doc -- see instead

LDAP client setup 



Make sure you've got the ldap-client package installed e.g., 

  apt-get install ldap-client 


Checking with ldapsearch 

Check for suffix in slapd.conf, and see what to use as search base (-b). 


Anonymous query, 

ldapsearch -x -b "dc=example-int,dc=com" -h ldapsrv 


-x Use simple authentication instead of SASL. 


-b searchbase 

Use searchbase as the starting point for the search instead of 

the default. 


-h ldaphost 

Specify an alternate host on which the ldap server is running. 

Deprecated in favor of -H. 


Eventually refine your query to search for people or groups only, 

ldapsearch -x -b "dc=example,dc=com" -h ldapsrv | grep ^dn 

ldapsearch -x -b "ou=people,dc=example-int,dc=com" -h ldapsrv 

ldapsearch -x -b "ou=group,dc=example-int,dc=com" -h ldapsrv 


Check for rootdn in slapd.conf, and see what to use as Distinguished Name for the LDAP admin. 


Authenticated query as LDAP admin, 

ldapsearch -D "cn=ldap-admin,dc=example,dc=com" -W -b "ou=people,dc=example,dc=com" -h ldapsrv 

==> provide LDAP admin password 


-D binddn 

Use the Distinguished Name binddn to bind to the LDAP directory. 

For SASL binds, the server is expected to ignore this value. 


-W Prompt for simple authentication. This is used instead of spec 

ifying the password on the command line. 

Note. with or without -x 


Authenticated query as LDAP user, 

ldapsearch -D "uid=USERNAME,ou=people,dc=example-int,dc=com" -W -b "ou=people,dc=example-int,dc=com" -h ldapsrv 

==> provide user password 

Note. with or without -x 


Once the client has been configured, you may also use short form e.g., 

  ldapsearch -x uid=* 

and to search for emails only, 

  ldapsearch -x mail=* 


Configuring LDAP client on RHEL7 

Configure system authentication on RHEL7, 

yum install nss-pam-ldapd 


[*] Use LDAP 

[*] Use LDAP Authentication 

[ ] Use TLS 

Server: ldap://ldapsrv/ 

Base DN: dc=example,dc=com 

or Base DN: ou=people,dc=example,dc=com 


  grep ldap /etc/nsswitch.conf 

  cat /etc/openldap/ldap.conf