Installation guide

ManualsBrandsPythonQ ManualsIndustrial248-8XX

251

252

253

254

255

256

257

258

259

260

258 Chapter 18. Lightweight Directory Access Protocol (LDAP)

• Updated C API — Improves the way programmers can connect to and use the application.

• LDIFv1 Support — Full compliance with the LDAP Data Interchange Format (LDIF) version 1.

• Enhanced Stand-Alone LDAP Server — Includes an updated access control system, thread pooling,

better tools and much more.

18.2. OpenLDAP Daemons and Utilities

The suite of OpenLDAP libraries and tools is spread out over the following packages:

• openldap — Contains the libraries necessary to run the openldap server and client applications.

• openldap-clients — Contains command-line tools for viewing and modifying directories on

an LDAP server.

• openldap-server — Contains the servers and other utilities necessary to conﬁgure and run an

LDAP server.

There are two servers contained in the openldap-servers package: the Standalone

LDAP Daemon (/usr/sbin/slapd) and the Standalone LDAP Update Replication Daemon

(/usr/sbin/slurpd).

The slapd daemon is the standalone LDAP server while the slurpd daemon is used to synchronize

changes from one LDAP server to other LDAP servers on the network. The slurpd daemon is only

necessary when dealing with multiple LDAP servers.

To perform administrative tasks, the openldap-server package installs the following utilities into

the /usr/sbin/ directory:

• slapadd — Adds entries from an LDIF ﬁle to an LDAP directory. For example,

/usr/sbin/slapadd -l ldif-input will read in the LDIF ﬁle, ldif-input, containing the

new entries.

• slapcat — Pulls entries out of an LDAP directory in the default format — Berkeley DB — and

saves them in an LDIF ﬁle. For example, the command /usr/sbin/slapcat -l ldif-output

will output an LDIF ﬁle called ldif-output containing the entries from the LDAP directory.

• slapindex — Re-indexes the slapd directory based on the current content.

• slappasswd — Generates an encrypted user password value for use with ldapmodify or

the rootpw value in the slapd conﬁguration ﬁle, /etc/openldap/slapd.conf. Execute

/usr/sbin/slappasswd to create the password.

Warning

Be sure to stop slapd by issuing /usr/sbin/service slapd stop before using slapadd, slapcat

or slapindex. Otherwise, the consistency of the LDAP directory is at risk.

See the man pages for each of these utilities for more information about how to use them.

The openldap-clients package installs tools used to add, modify, and delete entries in an LDAP

directory into /usr/bin/. These tools include the following:

• ldapmodify — Modiﬁes entries in an LDAP directory, accepting input via a ﬁle or standard input.

• ldapadd — Adds entries to your directory by accepting input via a ﬁle or standard input; ldapadd

is actually a hard link to ldapmodify -a.