Adding LDAP record

Problem

You want to add an LDAP record. Effectively create a record.



Solution

To add a record to LDAP, you simply run an ldapmodify with the -a flag.



Example



ldapmodify -x -a -v-D”cn=Manager,dc=demo,dc=net”-w secret < ldifFile

Where ldifFile is a file either hand crafted or generated with ldapsearch -L.



Reference

[tags]ldapadd, ldapmodify, LDAP Training School[/tags]



LDAP to SQL Perl code

Problem

Whilst working on the automatic production of web statistics – came across the following problem:

“How do I get relational data from an Hierarchical structure?”



Solution

It didn’t take long to realize – I’d have to use PHP to talk to LDAP, pull off records & upload into a series of tables, using the cn as primary key. Which then could be queried relationally. Pulling off large, queries and repeatedly transcending LDAP trees is pretty slow – so I built my LDAP to SQL engine, by flattening dns into table names. Then used PHP scripts to query produce
daily snap shots.

This is the Perl port of the PHP version. Requires some setting up on db side, but invaluable once implemented.

Please leave a comment if you want help with this.



Example


Perl LDAP to SQL
[freeware]

UNIX

Traverses LDAP trees and spits out SQL.


Windows



Reference

[tags]LDAP, SQL, Perl, PHP[/tags]



ldapsearch syntax part three

Problem

Looking for a given user, searching on 2 fields – first name and surname.



Solution

Here is an example of searching against 2 fields, effectively a logical AND.



Example


Searching on two fields and returning those fields, plus email.


ldapsearch -x -v-D"cn=Manager,dc=demo,dc=net"-w secret
-b'dc=demo,dc=net' -s sub '(&(givenname=John)(sn=Doe))'
givenname sn mail



Reference

[tags]ldapsearch syntax, openldap ldapsearch, LDAP Training School[/tags]



ldapsearch syntax part two

Problem

Looking for a given user, searching my first name.



Solution

ldapsearch can match on any field, within the LDAP record and perform wildcard matches.



Example


Here are some more examples:

ldapsearch -L -x -v -D’cn=Manager,dc=demo,dc=net’ -w secret -b’dc=demo,dc=net’ -s sub ‘givenname=*' givenname sn mail

Basic LDAP syntax demo part2



Reference

[tags]ldapsearch syntax, openldap ldapsearch, LDAP Training School[/tags]



Java JNDI talk to LDAP

Problem

You want to talk to LDAP from Java.



Solution

Java as well as Perl, PHP and plain old Shell have APIs to be able to talk to LDAP.

The Java API is probably most complex one to use – I have provided some demos on how to use the others on this site.

More will be added in time.



Example


Here is a full example of using Java's JNDI to talk to LDAP, performing a search and supplying results:

import java.util.*;
import java.io.*;
import javax.naming.*;
import javax.naming.directory.*;
import javax.naming.ldap.*;

public class getLdapDetails {

public static void main(String argv[]) {

String url="ldap://127.0.0.1:389";
Hashtable env=new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL,url);
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,
"cn=Manager,dc=demo,dc=net");
env.put(Context.SECURITY_CREDENTIALS,"secret");

try {

DirContext ctx=new InitialDirContext(env);

String[] attrIDs = { "givenname","sn","mail" } ;
Attributes matchAttrs = new BasicAttributes(true); //ignore case
matchAttrs.put(new BasicAttribute("sn",argv[0]));
NamingEnumeration myenum =
ctx.search("dc=demo,dc=net",matchAttrs, attrIDs);

while( myenum.hasMore()) {

String PersonRecord="";

SearchResult result = (SearchResult)myenum.next();
Attributes attributes = result.getAttributes();

Attribute attr = attributes.get( "givenname" );
NamingEnumeration values = attr.getAll();

while( values.hasMore()) {
PersonRecord += values.next().toString();
PersonRecord += ", ";
}

attr = attributes.get( "sn" );
values = attr.getAll();

while( values.hasMore()) {
PersonRecord += values.next().toString();
PersonRecord += " - ";
}

attr = attributes.get( "mail" );
values = attr.getAll();

while( values.hasMore()) {
PersonRecord += values.next().toString();
}

System.out.println(PersonRecord);

}

ctx.close();

} catch(NamingException ne) { System.err.println(ne.toString()); }

}
}

Then a run through:


$ java getLdapDetails Doe
John, Doe - john.doe@demo.net



Reference

[tags]Java JNDI to LDAP, JNDI LDAP, LDAP Training School[/tags]



ldapsearch syntax

Problem

You want to perform an LDAP search



Solution

Starting this topic slowly, by giving practical tips on LDAP commands.

Predominately LDAP has a couple of main commands: ldapsearch and ldapmodify. With openLDAP there is additionally ldapadd, with netscape this is just ldapmodify -a.



Example



ldapsearch [ -v ] -x -D'user' -w'password'
[ -h host -p port ] -b base
-s depth 'criteria' [ attribs ]

User – ldap user, quite often directory manager, so usually you can get away with cn=Manager,your_tree.

Password – is LDAP password for user. If using the manager, password configured in the LDAP configs. If not user password it is set within LDAP itself.

Host and port – self-explanatory (default localhost on port 389).

Base – starting point within LDAP tree. Remember LDAP is hierarchal, so search will traverse down from this point.

Depth – can just be base (only show the the base level, do not transcend the tree) – specify sub to transcend.

Criteria – requirements for fields equaling a specific value, more on this shortly.

Attribs – fields to return, the dn is normally returned by default.

Demo:

ldapsearch -x -v -D'cn=Manager,dc=users,dc=net' -w secret -b'dc=users,dc=net' -s sub 'objectclass=*'

Basic LDAP syntax demo



Reference

[tags]ldapsearch syntax, ldapsearch demo, LDAP Training School[/tags]



Ldap reference – ldap result codes

Problem

Getting errors in LDAP



Solution

Click on LDAP error number below to see LDAP error description.



Example


0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,16,
17,18,19,20,21,32,
33,34,35,36,48,
49,50,51,52,53,54,64,
65,66,67,68,69,70,71,76

NumberMeaning
0Success
1Operations error
2Protocol error
3Timelimit exceeded
4Sizelimit exceeded
5Compare false
6Compare true
7Authentication method not supported
8Strong authentication required
9Parital results and referral received
10Referral received
11Administrative limit exceeded
12Unavailable critical extension
13Confidentiality required
14SASL bind in progress
16No such attribute
17Undefined attribute type
18Inappropriate matching
19Constraint violation
20Type or value exists
21Invalid syntax
32No such object
33Alias problem
34Invalid DN syntax
35Object is a leaf
36Alias deferenencing problem
48Inappropriate authentication
49Invalid credentials
50Insufficient access
51Server is busy
52Server is unavailable
53Server is unwilling to perform
54Loop detected
64Naming violation
65Object class violation
66Operation not permitted on non-leaf entry
67Operation not permitted on a RDN
68Entry already exists
69Cannot modify object class
70Results too large
71Affects multiple servers
76Virtual list view error


Reference