Testing the LDAP Server

When the initial slapd.conf configuration has taken place, you need to start the LDAP server with rcldap:

bible:/etc/openldap # rcldap start

Starting ldap-server done

When started, you can use the ldapsearch command to bind (connect to) the LDAP server with the administrator account (see Listing 25-1). Unlike an anonymous bind, we are authenticating to the LDAP server.

To start OpenLDAP automatically when the system boots, use chkconfig: â– MMbSAfM^Kchkconfig -a ldap.

You can connect to the LDAP server with an anonymous bind, which means you have not presented authentication credentials to the LDAP server, and you are limited in what you can read and write to the server based on the default access control list (ACL) settings.

LISTING 25-1

Authenticating to the LDAP Server bible:/etc/openldap # ldapsearch -x -D "cn=admin,o=Acme,c=UK" -W Enter LDAP Password:

# extended LDIF

# LDAPv3

# requesting: ALL

# search result search: 2

result: 32 No such object

# numResponses: 1

As you do not have anything in the LDAP server, you will not receive any responses.

The ldapsearch command is extremely powerful, not only for diagnostic purposes, but also for viewing data in the LDAP server. In Listing 25-1, we used the -D option to specify the bindDN with which to connect to the LDAP server, as well as the -W option to tell ldapsearch to ask us for the bind password.

A J\j"S/iJ^^H We also used the -x option to tell ldapsearch to do a simple bind to the LDAP

server. If you do not specify -x, you need to bind using a Simple Authentication and Security Layer (SASL) mechanism. We will not discuss SASL authentication in this chapter because this is just an introduction to LDAP. For more information on configuring OpenLDAP with SASL, refer to the OpenLDAP documentation in /usr/share/doc/packages/openldap2.

Was this article helpful?

0 0

Post a comment