ℹ️ Every snippet that uses a file can be onelined using cat, like:
cat << EOF | ldapcommand
ldif file content here
EOFCommands
In the snippets below we use some arguments. Here are the arguments per-tool, explained:
ldapadd, ldapmodify, ldapsearch
-D "cn=admin,dc=example,dc=org"is the username, called “Binding DN”-w adminis the password-f filename.ldifspecify which LDIF file to use to add/modify/search
ldapsearch only
-b "dc=example,dc=org"is the base address where to start the search
Snippets
Create a new user
| |
ldapadd -D "cn=admin,dc=example,dc=org" -w admin -f file.ldif
Generate hashed password
slappasswd -g # generates random non hashed password
slappasswd # hashes password with default hash (like SSHA = Salted SHA)
slappasswd -h '{CRYPT}' # generates hashed password with CRYPT hash algorithm
# oneline:
PASSWORD=$(slappasswd -g) && echo $PASSWORD && slappasswd -s "$PASSWORD"
Export all the readable objects
ldapsearch -D "cn=admin,dc=example,dc=org" -w admin -b "dc=example,dc=org"
Allow every authenticated user to read the directory
dnis the selector of the database (you could havehdbinstead ofmdbif your LDAP is older)olcAccess{1}is the priority between all the other rules (can be negative, rules are applied from the smallest number to the higher one)to *is the resource to which the rule applies, could beto dn.base="dc=example,dc=org"or similar, see docs for more infoby anonymous authallows every un-authenticated user to authenticateby users readallows every authenticated user to read the object specified in thetoclause
# config.ldif
dn: olcDatabase={1}mdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {1}to *
by anonymous auth
by users read
ldapmodify -D "cn=admin,cn=config" -w config -f config.ldif