Notes/tips/lessons learned on use of ldapsearch¶
In its simplest form:
# ldapsearch -x # extended LDIF # # LDAPv3 # base <dc=example,dc=com> (default) with scope subtree # filter: (objectclass=*) # requesting: ALL #
# example.com dn: dc=example,dc=com objectClass: dcObject objectClass: organization o: Example Company dc: example
# admin, example.com dn: cn=admin,dc=example,dc=com objectClass: organizationalRole cn: admin
# search result search: 2 result: 0 Success
# numResponses: 3 # numEntries: 2
Notice, no config section:
# ldapsearch -D cn=admin,cn=config -w mypwd -b cn=config[[ HUGE amount snipped ]] # search result search: 2 result: 0 Success
# numResponses: 19 # numEntries: 18
So, need to trim that down a bit. The format is
ldapsearch [ -x | -D ... ] -b ${base} ${filter} ${subfilter}For instance:# ldapsearch -D cn=admin,cn=config -w 3pizda -b cn=config dn | grep ^dndn: cn=config dn: cn=schema,cn=config dn: cn={0}corba,cn=schema,cn=config dn: cn={1}core,cn=schema,cn=config dn: cn={2}cosine,cn=schema,cn=config dn: cn={3}duaconf,cn=schema,cn=config dn: cn={4}dyngroup,cn=schema,cn=config dn: cn={5}inetorgperson,cn=schema,cn=config dn: cn={6}java,cn=schema,cn=config dn: cn={7}misc,cn=schema,cn=config dn: cn={8}nis,cn=schema,cn=config dn: cn={9}openldap,cn=schema,cn=config dn: cn={10}ppolicy,cn=schema,cn=config dn: cn={11}collective,cn=schema,cn=config dn: olcDatabase={-1}frontend,cn=config dn: olcDatabase={0}config,cn=config dn: olcDatabase={1}monitor,cn=config dn: olcDatabase={2}bdb,cn=config
Now, if you wanted to find out what’s in the bdb database config. Notice that you use the RDN, not the full one:
# ldapsearch -D cn=admin,cn=config -w 3pizda -b cn=config 'olcDatabase={2}bdb' # extended LDIF # # LDAPv3 # base <cn=config> with scope subtree # filter: olcDatabase={2}bdb # requesting: ALL #
# {2}bdb, config dn: olcDatabase={2}bdb,cn=config objectClass: olcDatabaseConfig objectClass: olcBdbConfig olcDatabase: {2}bdb olcDbDirectory: /var/lib/ldap olcSuffix: dc=example,dc=com olcAddContentAcl: FALSE olcLastMod: TRUE olcMaxDerefDepth: 15 olcReadOnly: FALSE [[snip]]
OK, so that’s still alot of crap. What if you want just the dbdirectory:
# ldapsearch -D cn=admin,cn=config -w 3pizda -b cn=config 'olcDatabase={2}bdb' olcdbdirectory # extended LDIF # # LDAPv3 # base <cn=config> with scope subtree # filter: olcDatabase={2}bdb # requesting: olcdbdirectory #
# {2}bdb, config dn: olcDatabase={2}bdb,cn=config olcDbDirectory: /var/lib/ldap
# search result search: 2 result: 0 Success
# numResponses: 2 # numEntries: 1