Command line tools
This sections describes how to connect to ApacheDS with command line tools, which are not part of the distribution, but present on many operating systems.
A powerful alternative to UI tools
An alternative to UI tools for connecting to your directory and perform operations are command line tools. The traditional commands are part of many applications (for instance Lotus notes, many LDAP servers) and even operating systems (e.g. Sun Solaris 8 ff.). The following table lists the names and functions of common commands. All of them open a connection to an LDAP server, bind, and perform one or more LDAP operations.
Command |
short description from man page |
|---|---|
ldapsearch |
Performs a search using specified parameters. |
ldapmodify and ldapadd |
Modifies or adds entries. When invoked as ldapadd the -a (add new entry) flag is turned on automatically. |
ldapmodrdn |
Modifies the RDN of entries. |
ldapdelete |
Deletes one or more entries. |
Open a shell and type "ldapsearch" to see whether these tools are already available on your system. This may be true on UNIX systems, or LINUX systems (with OpenLDAP client tools installed). If not (especially if you are using Windows, this is probably the case), you have different options to get such tools. One is to download the Sun ONE Directory SDK for C, which is available for many platforms (among them Windows). It also contains executables of the command line tools (ldapsearch etc.).
A simple search example
Here is an example for a search command, which displays the o=sevenSeas entry of our tutorial partition. You will learn more about LDAP searches lateron.
$ ldapsearch -h zanzibar -p 10389 -b "o=sevenSeas" -D "uid=admin,ou=system" -w ****** "(objectClass=*)" o=sevenSeas description=Contains Apache Directory Tutorial example data objectClass=organization objectClass=top o=sevenSeas $
One big advantage of command line tools is that you can use them within scripts. It is also much easier if you have to document changes to the directory (configuration, for instance). Therfore administrators like them a lot. We will use them within this tutorial as well, but always as an alternative to UI tools (which LDAP newbies normally prefer).
Not all command line tools are equal
Although the command line tools of different operating systems and LDAP clients (shipped with LDAP servers) normally have the same name, there are often differences in the command line options. If any problems arise if you try out examples from this tutorial (e.g. "illegal option"), consult the man pages or documentation of your tools.
Import sample data using a command line tool
Here is an example usage of ldapmodify.
$ ldapmodify -h zanzibar -p 10389 -D "uid=admin,ou=system" -w ****** -a -f apache_ds_tutorial.ldif adding new entry ou=people,o=sevenSeas adding new entry ou=groups,o=sevenSeas adding new entry ou=crews,ou=groups,o=sevenSeas adding new entry ou=ranks,ou=groups,o=sevenSeas adding new entry cn=Horatio Hornblower,ou=people,o=sevenSeas ... adding new entry cn=John Fryer,ou=people,o=sevenSeas adding new entry cn=John Hallett,ou=people,o=sevenSeas adding new entry cn=HMS Bounty,ou=crews,ou=groups,o=sevenSeas $
The following table contains descriptions for the options used. See the manpage of ldapmodify for details.
Option |
Meaning |
|---|---|
-h zanzibar |
Hostname |
-p 10389 |
Port |
-D "uid=admin,ou=system" |
Distinguished name to bind (user with appropriate privileges needed) |
-w ****** |
Password of bind user |
-a |
add new entries |
-f apache_ds_tutorial.ldif |
Name of LDIF file to load |
The following operation demonstrates that your directory now contains the sample data. It searches for all entries below o=sevenSeas (-b = search base, -s = search scope), which have an attribute occurence of givenName with value "William". The output contains the distinguished names (dn) of the result entries and their common name (cn) values.
$ ldapsearch -h zanzibar -p 10389 -D "uid=admin,ou=system" -w ****** -b "o=sevenSeas" -s sub "(givenName=William)" cn version: 1 dn: cn=William Bligh,ou=people,o=sevenSeas cn: William Bligh dn: cn=William Bush,ou=people,o=sevenSeas cn: William Bush $