Nethence Newdoc Olddoc Lab Your IP BBDock  

Warning: those guides are mostly obsolete, please have a look at the new documentation.


LDAP client setup
Make sure you've got the ldap-client package installed e.g.,
apt-get install ldap-client
Checking with ldapsearch
Check for suffix in slapd.conf, and see what to use as search base (-b).
Anonymous query,
ldapsearch -x -b "dc=example-int,dc=com" -h ldapsrv
-x Use simple authentication instead of SASL.
-b searchbase
Use searchbase as the starting point for the search instead of
the default.
-h ldaphost
Specify an alternate host on which the ldap server is running.
Deprecated in favor of -H.
Eventually refine your query to search for people or groups only,
ldapsearch -x -b "dc=example,dc=com" -h ldapsrv | grep ^dn
ldapsearch -x -b "ou=people,dc=example-int,dc=com" -h ldapsrv
ldapsearch -x -b "ou=group,dc=example-int,dc=com" -h ldapsrv
Check for rootdn in slapd.conf, and see what to use as Distinguished Name for the LDAP admin.
Authenticated query as LDAP admin,
ldapsearch -D "cn=ldap-admin,dc=example,dc=com" -W -b "ou=people,dc=example,dc=com" -h ldapsrv
==> provide LDAP admin password
-D binddn
Use the Distinguished Name binddn to bind to the LDAP directory.
For SASL binds, the server is expected to ignore this value.
-W Prompt for simple authentication. This is used instead of spec
ifying the password on the command line.
Note. with or without -x
Authenticated query as LDAP user,
ldapsearch -D "uid=USERNAME,ou=people,dc=example-int,dc=com" -W -b "ou=people,dc=example-int,dc=com" -h ldapsrv
==> provide user password
Note. with or without -x
Once the client has been configured, you may also use short form e.g.,
ldapsearch -x uid=*
and to search for emails only,
ldapsearch -x mail=*
Configuring LDAP client on RHEL7
Configure system authentication on RHEL7,
yum install nss-pam-ldapd
[*] Use LDAP
[*] Use LDAP Authentication
[ ] Use TLS
Server: ldap://ldapsrv/
Base DN: dc=example,dc=com
or Base DN: ou=people,dc=example,dc=com
grep ldap /etc/nsswitch.conf
cat /etc/openldap/ldap.conf

(obsolete, see the new doc)