Systems and Network Management LDAP Operations 1 Aims • Make simple searches of an ldap directory, understanding the basic search parameters base, scope and attribute list; • Understand how the ldap bind operation works, and • Be able to apply the bind operation to modifying your own directory entry; • Modify your directory entry using correct ldif together with the ldapmodify ldap utility • Begin to understand ldap filters. After you’ve successfully completed this workshop activity you will be able to: 2 Procedure 1. First, let’s set up yum to use local software rather than download updates from the United States. This will speed up yum many times. (a) Get a copy of the yum.conf file on our web site: $ cd /tmp $ unset http_proxy $ wget -nH -nd http://ictlab/snm/lab/yum.conf-rh9 or just shift click on the link in the subject web site and save to the /tmp directory, (b) . . . and copy it to the /etc directory: $ sudo cp /tmp/yum.conf-rh9 /etc/yum.conf 2. Now install the ldap utilities if they are not already installed: $ sudo yum -y install openldap\* While you’re at it, it’s a good idea to apply all the updates, and make sure your computer updates them itself in the future: $ sudo chkconfig yum on $ sudo yum -y update Leave that running in the background while you get on with the other activities. 3. Search for your entry in the local ldap server, ldap.tyict.vtc.edu.hk. Note that your Linux system should search this by default. You can do that with a command like: Nick Urbanik ver. 1.2 LDAP Operations Systems and Network Management 2 $ ldapsearch -x ’(uid= user id )’ Note that this is equivalent to: $ ldapsearch -x -b ’dc=tyict,dc=vtc,dc=edu,dc=hk’ ’(uid= user id )’ 4. What scope did you use in the last search? Now write a suitable command to search for your own entry using a: (a) base level scope i (b) one level scope i (c) subtree scope i 5. Search for your ldap entry in the vtc’s ldap server in Wood Road. The base for your search can be dc=vtc.edu.hk. The name of the server is ldap.vtc.edu.hk. Write down the ldapsearch command you used, and the dn of your entry: i 6. Read slide §33 in the lecture notes, and read man ldapmodify. Then bind to the ldap server vtc.edu.hk, using your own distinguished name (found in question 5) and password. Of course, you will need to use the password for that directory (the one you access your email by). (a) First, add an attribute description. Write your ldapmodify command and the ldif you used. I will be checking who has done this exercise! i (b) Next, modify the attribute you just added, and change its value to some different text. Write the ldif you used: i Nick Urbanik ver. 1.2