LDAP
Configuring LDAP
The following tools are available for configuring LDAP. For more information, see the man page for each tool.
slapconfig
You can use the slapconfig utility to configure the slapd and slurpd LDAP daemons and related search policies. For more information, type man slapconfig to see the man page.
Standard Distribution Tools
These tools are included in the standard LDAP distribution.
Program | Used to |
/usr/bin/ldapadd | Add entries to the LDAP directory. |
|
|
/usr/bin/ldapcompare | Compare a directory entry’s actual attributes with known |
| attributes. |
|
|
/usr/bin/ldapdelete | Delete entries from the LDAP directory. |
|
|
/usr/bin/ldapmodify | Change an entry’s attributes. |
|
|
/usr/bin/ldapmodrdn | Change an entry’s relative distinguished name (RDN). |
|
|
/usr/bin/ldappasswd | Set the password for an LDAP user. |
| Apple recommends using passwd instead of ldappasswd. For |
| more information, type man passwd. |
|
|
/usr/bin/ldapsearch | Search the LDAP directory. See the usage note under “A Note on |
| Using ldapsearch” on this page. |
|
|
/usr/bin/ldapwhoami | Obtain the primary authorization identity associated with a user. |
|
|
/usr/sbin/slapadd | Add entries to the LDAP directory. |
|
|
/usr/sbin/slapcat | Export LDAP Directory Interchange Format files. |
|
|
/usr/sbin/slapindex | Regenerate directory indexes. |
|
|
/usr/sbin/slappasswd | Generate user password. hashes. |
|
|
A Note on Using ldapsearch
The ldapsearch tool connects to an LDAP server, binds to it, finds entries, and returns attributes of the entries found.
By default, ldapsearch tries to connect to the LDAP server using the Simple Authentication and Security Layer (SASL) method. If the server doesn’t support this method, you see this error message:
ldap_sasl_interactive_bind_s: No such attribute (16)
To avoid this, include the
ldapsearch
Chapter 14 Working With Open Directory
157
