Specifications
256 Chapter 15 Configuring and Managing Open Directory
An example value for rootdn is uid=root,cn=users,dc=example,dc=com.
An administrator can edit the /etc/openldap/slapd_macosxserver.conf file to add a
password hash, or plain-text password, to the file, at which point that administrator
user could administer the LDAP database. This is especially useful when your LDAP
database is damaged or the passwords are lost or forgotten.
Configuring slapd and slurpd Daemons
To configure the slapd and slurpd LDAP daemons and related search policies, use the
slapconfig tool. For more information, see the slapconfig man page.
Standard Distribution Tools
Two types of tools come with OpenLDAP:
 Tools that operate directly on the LDAP databases—These tools begin with slap.
 Tools that go through the LDAP protocol—These tools begin with ldap.
You must run the slap tools on the computer hosting the LDAP database. When using
the slap tools, shut down the LDAP service. If you don’t, your database can get out
of sync.
These tools are included in the standard OpenLDAP distribution.
Tool Used to
/usr/bin/ldapadd Add entries to the LDAP directory.
/usr/bin/ldapcompare Compare a directory entry’s actual attributes with known
attributes.
/usr/bin/ldapdelete Delete entries from the LDAP directory.
/usr/bin/ldapmodify Change an entry’s attributes.
/usr/bin/ldapmodrdn Change an entry’s relative distinguished name (RDN).
/usr/bin/ldappasswd Set the password for an LDAP user.
Apple recommends using
passwd instead of ldappasswd.
For more information, see the
passwd man page.
/usr/bin/ldapsearch Search the LDAP directory. See the usage note under “Searching
the LDAP Server” on page 257.
/usr/bin/ldapwhoami Obtain the primary authorization identity associated with a user.
/usr/sbin/slapadd Add entries to the LDAP directory.
/usr/sbin/slapcat Export LDAP Directory Interchange Format files.
/usr/sbin/slapindex Regenerate directory indexes.
/usr/sbin/slappasswd Generate user password hashes.