LDAP Command Examples

This section explains how to use the LDAP commands ldapdelete, ldapmodify, and ldapsearch to configure the server. Each example describes the LDAP command line options in detail.

Note that a space must appear between each LDAP command option (for example, -p) and its value (for example, 354). Command syntax is case sensitive.

Searching for Records

You can use the ldapsearch command to dump information out of the LDAP tree. The following ldapsearch command dumps out information about all RADIUS clients.

ldapsearch -V 2 -p 354 -D "cn=oper,o=radius"

-w radadmin -s sub -T -b "radiusclass=Client,o=radius" radiusname=*

Table 17. Searching for Records Using the ldapsearch Command

ldapsearch Option

Meaning

 

 

-V 2

LDAP Version 2 is used to communicate with the

 

server.

 

 

 

NOTE: This option is not required, but

 

 

 

specifying it improves the performance of the

 

 

 

transaction.

 

 

 

 

 

 

-p 354

TCP port 354 is used to communicate with the LDAP

 

 

 

interface of the server.

 

 

 

NOTE: This option is not required, but

 

 

 

specifying it improves the performance of the

 

 

 

transaction.

 

 

 

 

 

 

-D "cn=oper,o=radius"

The command is authenticated using an

 

 

 

administrative account called oper.

 

 

 

NOTE: Any administrative account name may

 

 

 

be used in place of oper in this example.

 

 

 

o=radius may not be changed.

 

 

-w radadmin

The command is providing an authentication

 

 

 

password of radadmin.

 

 

 

NOTE: The -wparameter value (in this case,

 

 

 

radadmin) must match the passcode or cached

 

 

 

password of the account named by the -D

 

 

 

parameter.

90

Using the LDAP Configuration Interface

September 2005

Page 102
Image 102
RSA Security 6.1 manual Ldap Command Examples, Searching for Records