Specifications
Chapter 9 Maintaining Open Directory Services 201
If this parameter doesn’t exist in the DSLDAPv3PlugInCong.plist le, add it near
<key>OpenClose Timeout in seconds<\key>.
Searching the LDAP Server
The ldapsearch tool connects to an LDAP server, authenticates, nds entries, and
returns attributes of the entries found.
To query the LDAP server for a user’s information:
Enter the following command, replacing the example search base (cn=users, m
dc=example, dc=com) with an actual search base:
$ ldapsearch -H ldap://127.0.0.1 -b cn=users,dc=example,dc=com
By default, ldapsearch tries to connect to the LDAP server using the Simple
Authentication and Security Layer (SASL) method. If the server doesn’t support this
method, you see this error message:
ldap_sasl_interactive_bind_s: No such attribute (16)
To avoid this error, include the -x option when you enter the command. For example:
$ ldapsearch -h 192.168.100.1 -b "dc=example,dc=com" -x
The -x option forces ldapsearch to use simple authentication instead of SASL. The -x
option also works on other LDAP tools.
You can also use ldapsearch for debugging issues with LDAP, independent of the
directory services LDAPv3 plug-in.
For example, you can read the root directory server entry (DSE) like this (-LLL omits
some output, -x means no SASL, -h species the hostname, -b species the search
base and -s species the type of search):
$ ldapsearch -LLL -x -h ldap.psu.edu -b "" -s base
dn:
namingcontexts: CN=SCHEMA
namingcontexts: CN=LOCALHOST
namingcontexts: CN=PWDPOLICY
namingcontexts: CN=IBMPOLICIES
namingcontexts: DC=PSU,DC=EDU
subschemasubentry: cn=schema
supportedextension: 1.3.18.0.2.12.1
supportedextension: 1.3.18.0.2.12.3
supportedextension: 1.3.18.0.2.12.5
supportedextension: 1.3.18.0.2.12.6
supportedextension: 1.3.18.0.2.12.15
supportedextension: 1.3.18.0.2.12.16
supportedextension: 1.3.18.0.2.12.17
supportedextension: 1.3.18.0.2.12.19