http://jasonmun.blogspot.my/2017/01/linux-openldap.html
1. 设置
$ gedit /etc/openldap/ldap.conf
BASE dc=dlinkddns,dc=com
BINDDN cn=Manager,dc=dlinkddns,dc=com
URI ldaps://member.dlinkddns.com:636
TLS_REQCERT never
TLS_CIPHER_SUITE ALL:!TLSv1.1:TLSv1.2:!SSLv2:!aNULL:!eNULL:!MD5:!MEDIUM:!LOW
TLS_CACERTDIR /etc/letsencrypt/live/member.dlinkddns.com
ldap_version 3
# Turning this off breaks GSSAPI used with krb5 when rdns = false
SASL_NOCANON on
2. 应用
搜索
$ ldapsearch -H ldap://member.dlinkddns.com -x -b "ou=People,dc=dlinkddns,dc=com"
$ ldapsearch -H ldaps://member.dlinkddns.com -x -b "ou=People,dc=dlinkddns,dc=com"
$ ldapsearch -H ldap://member.dlinkddns.com -D "cn=Manager,dc=dlinkddns,dc=com" -w 123 -x -b "ou=People,dc=dlinkddns,dc=com"
$ ldapsearch -H ldaps://member.dlinkddns.com -D "cn=Manager,dc=dlinkddns,dc=com" -w 123 -x -b "ou=People,dc=dlinkddns,dc=com"
$ ldapsearch -H ldaps://member.dlinkddns.com -x -b "ou=People,dc=dlinkddns,dc=com"
$ ldapsearch -H ldap://member.dlinkddns.com -D "cn=Manager,dc=dlinkddns,dc=com" -w 123 -x -b "ou=People,dc=dlinkddns,dc=com"
$ ldapsearch -H ldaps://member.dlinkddns.com -D "cn=Manager,dc=dlinkddns,dc=com" -w 123 -x -b "ou=People,dc=dlinkddns,dc=com"
导入数据
$ ldapadd -xWD "cn=Manager,dc=dlinkddns,dc=com" -f demo.ldif
撤除
$ ldapdelete -x -D 'cn=Manager,dc=dlinkddns,dc=com' -w 123 'uid=jlive,dc=dlinkddns,dc=com'
修改密码
$ ldappasswd -x -D 'cn=Manager,dc=dlinkddns,dc=com' -W 'uid=jlive,dc=dlinkddns,dc=com' -S
身份确认
$ ldapwhoami -x -D 'cn=Manager,dc=dlinkddns,dc=com' -w 123
$ gedit modify.ldif
dn: uid=jlive,dc=dlinkddns,dc=com
changetype: modify
replace: sn
sn: liu
$ ldapmodify -x -D 'cn=Manager,dc=dlinkddns,dc=com' -w 123 -f modify.ldif