Differences

This shows you the differences between two versions of the page.

--- docs:tips_n_tricks:ldap.html [10.07.2018 17:47 CEST] – peter
+++ docs:tips_n_tricks:ldap.html [27.02.2024 23:32 CET] (current) – [Write olcAccess.ldif in "human readable" format from actual config] peter
@@ Line 11: / Line 11: @@
  --- //Courtesy of Oliver D. 2010/05/04 15:04//
+===== Read cn=config =====
+  ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config -o ldif-wrap=no '(objectclass=*)' \
+  | sed -e '/^olcAccess: /s/ by /\n  by /gi' -e '/olcSyncrepl/s/ \([a-zA-Z0-9_-]\+\)=/\n  \1=/gi' \
+  | less -S
+===== Get DIT =====
+  ldapsearch -Y EXTERNAL -H ldapi:/// (objectclass=*) dn \
+  | sed -ne 's/^dn: [a-zA-Z0-9_]\+=[^,]\+,\(.*\)$/\1/gp'\
+  | sort -u
 ===== Use OpenLDAP and phpldapadmin on Ubuntu 14.04 =====
 ==== Server ====
@@ Line 133: / Line 144: @@
 </code>
-:!: I assume this depends on where your LDAP tree data is stored - this example assumes it to be in //lcDatabase={1}hdb,cn=config//. You check it with
+:!: I assume this depends on where your LDAP tree data is stored - this example assumes it to be in //olcDatabase={1}hdb,cn=config//. You can list all database objects with their respective suffix by calling
-  ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config" '(olcSuffix=*)' dn
+  ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config" '(olcSuffix=*)' dn olcSuffix
 as //root//.
@@ Line 142: / Line 153: @@
   * https://technicalnotes.wordpress.com/2014/04/19/openldap-setup-with-memberof-overlay/
+=== Write olcAccess.ldif in "human readable" format from actual config  ===
+  ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config -o ldif-wrap=no -L '(objectclass=*)' \
+  | sed -e '/^dn: /{s/^\(.*\)$/\n\1\nchangetype: modify\nreplace: olcAccess/;h;d};/^olcAccess/{s/ by /\n  by /gi;H;s/^.*$//;x;s/^\nolcAccess/olcAccess/g;p;d};d'
+or
+  ldapsearch -Y EXTERNAL -H ldapi:/// -b cn=config -o ldif-wrap=no -L '(objectclass=*)' | ./olcAcces.sed
+<file sed olcAccess.sed>
+#!/bin/sed -f
+/^dn: /{
+s/^\(.*\)$/\n\1\nchangetype: modify\nreplace: olcAccess/
+h
+d
+}
+/^olcAccess/{
+s/ by /\n  by /gi
+H
+s/^.*$//
+x
+s/^\nolcAccess/olcAccess/g
+p
+d
+}
+d
+</file>
+[[docs:tips_n_tricks:ldap.html?rev=1709050872#read_olcaccess_anc_convert_it_into_human_readable_format|Read olcAccess and convert it into "human readable" format]]
 ==== Client ====
 === Configure nsswitch ===
@@ Line 170: / Line 210: @@
 (Found [[http://ubuntuforums.org/showthread.php?t=1766427|here]])
-===== Password Self Service on Ubuntu 14.10 =====
 ===== Self Service Password on Ubuntu 14.10 =====
@@ Line 219: / Line 259: @@
 </code>
+===== Adding indexes =====
+Find out what is the right suffix for your tree by either of the following lines((The first one works only by the local root account, the second one will require a password)):
+  ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config" '(olcSuffix=*)' olcDbIndex olcSuffix
+  ldapsearch -D cn=config -W          -b "cn=config" '(olcSuffix=*)' olcDbIndex olcSuffix
+This will also show you the indices already existing. Now create a file in //LDIF// format, using the database found out in the previous step for the dn:
+<code ldif add_indices.ldif>
+dn: olcDatabase={1}hdb,cn=config
+changetype: modify
+add: olcDbIndex
+olcDbIndex: uid eq
+-
+add: olcDbIndex
+olcDbIndex: cn eq
+</code>
+Apply it with either of the following commands((The first one works only by the local root account, the second one will require a password)):
+  ldapmodify -Y EXTERNAL -H ldapi:/// -f add_indices.ldif
+  ldapmodify -D cn=config -W          -f add_indices.ldif
 ===== References & Credits =====