mercoledì 26 marzo 2008

Ldapsearch and LDIF files in OID

The ldapsearch utility tool comes with every common LDAP library and allows a command-line user to run queries against LDAP directories.

Using Oracle OID ldap you can find the utility under "$OID_HOME/bin/ldapsearch" and the following is the syntax:

ldapsearch -h oid_hostname
-D "binddn"
-w password
[-Y "proxy_dn"]
[-p ldap_port]
[-V ldap_version]
-b "basedn"
{-s base|one|sub}
{"filter_string" [attributes]|-f input_file}
[-A]
[-a never|always|search|find]
[-F separator]
[-S] [-R] [-i 1|0] [-t] [-u] [-L|-X] [-B] [-M] [-v] [-n]
[-l time_limit]
[-z size_limit]
[-O ref_hop_limit]
[-U SSL_auth_mode {-W wallet_location -P wallet_password}]
[-d debug_level]
[-E character_set]


(details here: http://download.oracle.com/docs/cd/B14099_19/idmanage.1012/b15883/syntax_datamngmnt013.htm)


Here some example on using this utility.


[Performing a simple subtree search]

ldapsearch -p 389 -h myhost -b "c=US" -s sub -v "cn=John*"


[The following example retrieves only the distinguished name along with the surname (sn) and description (description) attribute values]

ldapsearch -p 389 -h myhost -b "c=US" -s sub -v "cn=Person*" dn sn description


[search for all_groups starting on a given DN]

ldapsearch \
-h hostname \
-p 3060 \
-D cn=adminuser \
-w password \
-b 'cn=Groups,dc=organizazion,dc=com' \
-s sub objectclass=orclgroup 'cn=*'


[search for users in a given DN]


ldapsearch \
-h hostname \
-p 3060 \
-D cn=adminuser \
-w password \
-b 'cn=GRP_ITA_TPM_VIW,cn=portal.id_install,cn=groups,dc=organization,dc=com' \
-s sub objectclass=orclgroup \
uniquemember



You can generate an LDIF file from an ldapsearch.
The LDAP Data Interchange Format (LDIF) is a standard plain text data interchange format for representing LDAP directory content and update requests.
For example, i can search for all groups with name starting with FBK,DOC,GRP,ORG a generate a file:


ldapsearch \
-h hostname \
-p 3060 \
-D cn=adminuser \
-w password \
-b 'cn=portal.id_install,cn=Groups,dc=organization,dc=com' \
-s sub \
"(&(objectclass=orclgroup)(|(cn=FBK*)(cn=DOC*)(cn=GRP*)(cn=ORG*)))" \
dn > all_grp.ldif

Optionally i can clear the file and consider only the rows i need:

cat all_grp.ldif |grep cn > t1.txt


and then import the LDIF file on a target LDAP:


ldapadd \
-h targethost \
-p 13060 \
-D cn=adminuser \
-w password \
-f ./t1.ldif
Pubblicato da faomac alle 07:17
Etichette:

Nessun commento:

Posta un commento

Iscriviti a: Commenti sul post (Atom)