分类:
2008-07-20 22:57:42
下面都是好早以前学习LDAP的一些笔记,粘一下,让太阳晒晒,别潮了.
下面是一个添加的LDIF文件的例子
dn: dc=myhome,dc=com
objectClass: dcObject
objectClass: organization
o: myhome
dc: myhome
description: this is myhome domain
dn: cn=aaa,dc=myhome,dc=com
objectClass: Person
objectClass: inetOrgPerson
uid: aaa
sn: aaa
cn: aaa
userpassword: 123456
telephoneNumber: 111-111-111
mail: aaa@market.myhome.com
description: this is user is market domain
dn: cn=bbb,dc=myhome,dc=com
objectClass: Person
objectClass: inetOrgPerson
uid: bbb
sn: bbb
cn: bbb
userpassword: 123456
telephoneNumber: 222-222-222
mail: bbb@market.myhome.com
description: this is user is market domain
dn: cn=ddd,dc=myhome,dc=com
objectClass: Person
objectClass: inetOrgPerson
uid: ddd
sn: ddd
cn: ddd
userpassword: 123456
telephoneNumber: 111-111-111
mail: ddd@market.myhome.com
description: this is user is market domain
dn: cn=eee,dc=myhome,dc=com
objectClass: Person
objectClass: inetOrgPerson
uid: eee
sn: eee
cn: eee
userpassword: 123456
telephoneNumber: 222-222-222
mail: eee@market.myhome.com
description: this is user is market domain
1对一个DN添加一个属性
dn: cn=bbb,dc=myhome,dc=com
changetype: modify
add: homePhone
homePhone: 112-233
#bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x
add homePhone:
112-233
modifying entry "cn=bbb,dc=myhome,dc=com"
modify complete
2再对另一个DN进行操作
dn: cn=eee,dc=myhome,dc=com
changetype: modify
add: mobile
mobile: 323-113-223
# bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x
modifying entry "cn=eee,dc=myhome,dc=com"
3数据cn=eee,dc=myhome,dc=com的进行查询
# bin/ldapsearch -D "cn=root,dc=myhome,dc=com" -b "cn=eee,dc=myhome,dc=com" -w secret -x -s sub -LLL
dn: cn=eee,dc=myhome,dc=com
objectClass: person
objectClass: inetOrgPerson
uid: eee
sn: eee
cn: eee
userPassword:: MTIzNDU2
telephoneNumber: 222-222-222
mail: eee@market.myhome.com
mail: asdfaf223@163.com
description: this is user is market domain
mobile: 323-113-223
# bin/ldapsearch -D "cn=root,dc=myhome,dc=com" -b "dc=myhome,dc=com" -w secret -x -LLL cn sn uid
dn: dc=myhome,dc=com
dn: cn=aaa,dc=myhome,dc=com
uid: aaa
sn: aaa
cn: aaa
dn: cn=bbb,dc=myhome,dc=com
uid: bbb
sn: bbb
cn: bbb
dn: cn=ddd,dc=myhome,dc=com
uid: ddd
sn: ddd
cn: ddd
dn: cn=eee,dc=myhome,dc=com
uid: eee
sn: eee
cn: eee
# bin/ldapsearch -D "cn=root,dc=myhome,dc=com" -b "dc=myhome,dc=com" -w secret -x -LLL -s sub uid=aaa sn cn uid
上面的uid=aaa就查不出来什么,但下面uid=*aaa却可以
# bin/ldapsearch -D "cn=root,dc=myhome,dc=com" -b "dc=myhome,dc=com" -w secret -x -LLL -s sub uid=*aaa sn cn uid
dn: cn=aaa,dc=myhome,dc=com
uid: aaa
sn: aaa
cn: aaa
下面是这两上查询的输出日志,为什么结果却不一样,不是很清楚.:(
Mar 12 05:01:26 linuxas3 slapd[1763]: conn=70 fd=7 ACCEPT from IP=127.0.0.1:32846 (IP=0.0.0.0:389)
Mar 12 05:01:26 linuxas3 slapd[1763]: conn=70 op=0 BIND dn="cn=root,dc=myhome,dc=com" method=128
Mar 12 05:01:26 linuxas3 slapd[1763]: conn=70 op=0 BIND dn="cn=root,dc=myhome,dc=com" mech=SIMPLE ssf=0
Mar 12 05:01:26 linuxas3 slapd[1763]: conn=70 op=0 RESULT tag=97 err=0 text=
Mar 12 05:01:26 linuxas3 slapd[1763]: conn=70 op=1 SRCH base="dc=myhome,dc=com" scope=2 deref=0 filter="(uid=aaa)"
Mar 12 05:01:26 linuxas3 slapd[1763]: conn=70 op=1 SRCH attr=sn cn uid
Mar 12 05:01:26 linuxas3 slapd[1763]: conn=70 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=
Mar 12 05:01:26 linuxas3 slapd[1763]: conn=70 op=2 UNBIND
Mar 12 05:01:26 linuxas3 slapd[1763]: conn=70 fd=7 closed
Mar 12 05:01:30 linuxas3 slapd[1763]: conn=71 fd=7 ACCEPT from IP=127.0.0.1:32847 (IP=0.0.0.0:389)
Mar 12 05:01:30 linuxas3 slapd[1763]: conn=71 op=0 BIND dn="cn=root,dc=myhome,dc=com" method=128
Mar 12 05:01:30 linuxas3 slapd[1763]: conn=71 op=0 BIND dn="cn=root,dc=myhome,dc=com" mech=SIMPLE ssf=0
Mar 12 05:01:30 linuxas3 slapd[1763]: conn=71 op=0 RESULT tag=97 err=0 text=
Mar 12 05:01:30 linuxas3 slapd[1763]: conn=71 op=1 SRCH base="dc=myhome,dc=com" scope=2 deref=0 filter="(uid=*aaa)"
Mar 12 05:01:30 linuxas3 slapd[1763]: conn=71 op=1 SRCH attr=sn cn uid
Mar 12 05:01:30 linuxas3 slapd[1763]: conn=71 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text=
Mar 12 05:01:30 linuxas3 slapd[1763]: conn=71 op=2 UNBIND
Mar 12 05:01:30 linuxas3 slapd[1763]: conn=71 fd=7 closed
4下面是一个例子,操作步骤比较多,右侧是对应的每次操作的输出的日志:
[root@linuxas3 openldap2.2.18]# vi tt.ldif
dn: cn=eee,dc=myhome,dc=com
changetype: add
cn: eeee1
sn: eeee1
~
~
~
~
"tt.ldif" 4L, 64C written
[root@linuxas3 openldap2.2.18]# bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x
adding new entry "cn=eee,dc=myhome,dc=com"
ldap_add: Object class violation (65)
additional info: entry has no objectClass attribute
[root@linuxas3 openldap2.2.18]# vi tt.ldif
dn: cn=eee,dc=myhome,dc=com
changetype: add
cn: eeee1
sn: eeee1
objectclass: inetOrgPerson
~
~
"tt.ldif" 5L, 91C written
[root@linuxas3 openldap2.2.18]# bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x
adding new entry "cn=eee,dc=myhome,dc=com"
ldap_add: Naming violation (64)
additional info: value of naming attribute 'cn' is not present in entry
[root@linuxas3 openldap2.2.18]# vi tt.ldif
dn: cn=eee,dc=myhome,dc=com
changetype: add
cn: eeee1
sn: eeee1
objectclass: person
objectclass: inetOrgPerson
~
~
"tt.ldif" 6L, 111C written
[root@linuxas3 openldap2.2.18]# bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x
adding new entry "cn=eee,dc=myhome,dc=com"
ldap_add: Naming violation (64)
additional info: value of naming attribute 'cn' is not present in entry
[root@linuxas3 openldap2.2.18]# vi tt.ldif
dn: cn=eee,dc=myhome,dc=com
objectclass: person
objectclass: inetOrgPerson
changetype: add
cn: eeee1
sn: eeee1
~
~
~
"tt.ldif" 6L, 111C written
[root@linuxas3 openldap2.2.18]# bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x
modifying entry "cn=eee,dc=myhome,dc=com"
ldap_modify: Undefined attribute type (17)
additional info: changetype: attribute type undefined
[root@linuxas3 openldap2.2.18]# vi tt.ldif
dn: cn=eee,dc=myhome,dc=com
objectclass: person
objectclass: inetOrgPerson
changetype: modify
add: cn sn
cn: eeee1
sn: eeee1
~
~
"tt.ldif" 7L, 125C written
[root@linuxas3 openldap2.2.18]# bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x
modifying entry "cn=eee,dc=myhome,dc=com"
ldap_modify: Undefined attribute type (17)
additional info: changetype: attribute type undefined
[root@linuxas3 openldap2.2.18]# vi tt.ldif
dn: cn=eee,dc=myhome,dc=com
objectclass: person
objectclass: inetOrgPerson
changetype: modify
add: cn,sn
cn: eeee1
sn: eeee1
~
~
~
"tt.ldif" 7L, 125C written
[root@linuxas3 openldap2.2.18]# bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x
modifying entry "cn=eee,dc=myhome,dc=com"
ldap_modify: Undefined attribute type (17)
additional info: changetype: attribute type undefined
[root@linuxas3 openldap2.2.18]# vi tt.ldif
dn: cn=eee,dc=myhome,dc=com
objectclass: person
objectclass: inetOrgPerson
changetype: modify
add: sn
sn: eeee1
~
~
~
"tt.ldif" 6L, 112C written
[root@linuxas3 openldap2.2.18]# bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x
modifying entry "cn=eee,dc=myhome,dc=com"
ldap_modify: Undefined attribute type (17)
additional info: changetype: attribute type undefined
[root@linuxas3 openldap2.2.18]# vi tt.ldif
objectclass: person
objectclass: inetOrgPerson
dn: cn=eee,dc=myhome,dc=com
changetype: modify
add: sn
sn: eeee1
~
~
~
"tt.ldif" 4L, 65C written
[root@linuxas3 openldap2.2.18]# bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x
modifying entry "cn=eee,dc=myhome,dc=com"
[root@linuxas3 openldap2.2.18]# vi tt.ldif
dn: cn=eee,dc=myhome,dc=com
changetype: modify
add: sn,cn
sn: eeee1
cn: eee2
~
~
"tt.ldif" 5L, 77C written
[root@linuxas3 openldap2.2.18]# bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x
modifying entry "cn=eee,dc=myhome,dc=com"
ldap_modify: Type or value exists (20)
additional info: modify/add: sn: value #0 already exists
[root@linuxas3 openldap2.2.18]# vi tt.ldif
dn: cn=eee,dc=myhome,dc=com
changetype: modify
add: sn,cn
sn: eee1
cn: eee2
~
~
"tt.ldif" 5L, 76C written
[root@linuxas3 openldap2.2.18]# bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x
modifying entry "cn=eee,dc=myhome,dc=com"
[root@linuxas3 openldap2.2.18]#
下在是再次查询cn=eee这个entry的全部属性,得到的结果如下所示:
# bin/ldapsearch -D "cn=root,dc=myhome,dc=com" -b "dc=myhome,dc=com" -w secret -x -LLL -s sub uid=*eee
dn: cn=eee,dc=myhome,dc=com
objectClass: person
objectClass: inetOrgPerson
uid: eee
sn: eee
sn: eeee1
sn: eee1
cn: eee
cn: eee2
userPassword:: MTIzNDU2
telephoneNumber: 222-222-222
mail: eee@market.myhome.com
mail: asdfaf223@163.com
description: this is user is market domain
mobile: 323-113-223
这一侧是对应的日志:
Mar 12 05:06:17 linuxas3 slapd[1763]: conn=72 fd=7 ACCEPT from IP=127.0.0.1:32848 (IP=0.0.0.0:389)
Mar 12 05:06:17 linuxas3 slapd[1763]: conn=72 op=0 BIND dn="cn=root,dc=myhome,dc=com" method=128
Mar 12 05:06:17 linuxas3 slapd[1763]: conn=72 op=0 BIND dn="cn=root,dc=myhome,dc=com" mech=SIMPLE ssf=0
Mar 12 05:06:17 linuxas3 slapd[1763]: conn=72 op=0 RESULT tag=97 err=0 text=
Mar 12 05:06:17 linuxas3 slapd[1763]: conn=72 op=1 ADD dn="cn=eee,dc=myhome,dc=com"
Mar 12 05:06:17 linuxas3 slapd[1763]: conn=72 op=1 RESULT tag=105 err=65 text=entry has no objectClass attribute
Mar 12 05:06:17 linuxas3 slapd[1763]: conn=72 op=2 UNBIND
Mar 12 05:06:17 linuxas3 slapd[1763]: conn=72 fd=7 closed
Mar 12 05:06:32 linuxas3 slapd[1763]: conn=73 fd=7 ACCEPT from IP=127.0.0.1:32849 (IP=0.0.0.0:389)
Mar 12 05:06:32 linuxas3 slapd[1763]: conn=73 op=0 BIND dn="cn=root,dc=myhome,dc=com" method=128
Mar 12 05:06:32 linuxas3 slapd[1763]: conn=73 op=0 BIND dn="cn=root,dc=myhome,dc=com" mech=SIMPLE ssf=0
Mar 12 05:06:32 linuxas3 slapd[1763]: conn=73 op=0 RESULT tag=97 err=0 text=
Mar 12 05:06:32 linuxas3 slapd[1763]: conn=73 op=1 ADD dn="cn=eee,dc=myhome,dc=com"
Mar 12 05:06:32 linuxas3 slapd[1763]: conn=73 op=1 RESULT tag=105 err=64 text=value of naming attribute 'cn' is not present in entry
Mar 12 05:06:32 linuxas3 slapd[1763]: conn=73 op=2 UNBIND
Mar 12 05:06:32 linuxas3 slapd[1763]: conn=73 fd=7 closed
Mar 12 05:07:04 linuxas3 slapd[1763]: conn=74 fd=7 ACCEPT from IP=127.0.0.1:32850 (IP=0.0.0.0:389)
Mar 12 05:07:04 linuxas3 slapd[1763]: conn=74 op=0 BIND dn="cn=root,dc=myhome,dc=com" method=128
Mar 12 05:07:04 linuxas3 slapd[1763]: conn=74 op=0 BIND dn="cn=root,dc=myhome,dc=com" mech=SIMPLE ssf=0
Mar 12 05:07:04 linuxas3 slapd[1763]: conn=74 op=0 RESULT tag=97 err=0 text=
Mar 12 05:07:04 linuxas3 slapd[1763]: conn=74 op=1 ADD dn="cn=eee,dc=myhome,dc=com"
Mar 12 05:07:04 linuxas3 slapd[1763]: conn=74 op=1 RESULT tag=105 err=64 text=value of naming attribute 'cn' is not present in entry
Mar 12 05:07:04 linuxas3 slapd[1763]: conn=74 op=2 UNBIND
Mar 12 05:07:04 linuxas3 slapd[1763]: conn=74 fd=7 closed
Mar 12 05:07:17 linuxas3 slapd[1763]: conn=75 fd=7 ACCEPT from IP=127.0.0.1:32851 (IP=0.0.0.0:389)
Mar 12 05:07:17 linuxas3 slapd[1763]: conn=75 op=0 BIND dn="cn=root,dc=myhome,dc=com" method=128
Mar 12 05:07:17 linuxas3 slapd[1763]: conn=75 op=0 BIND dn="cn=root,dc=myhome,dc=com" mech=SIMPLE ssf=0
Mar 12 05:07:17 linuxas3 slapd[1763]: conn=75 op=0 RESULT tag=97 err=0 text=
Mar 12 05:07:17 linuxas3 slapd[1763]: conn=75 op=1 MOD dn="cn=eee,dc=myhome,dc=com"
Mar 12 05:07:17 linuxas3 slapd[1763]: conn=75 op=1 MOD attr=objectclass changetype cn sn
Mar 12 05:07:17 linuxas3 slapd[1763]: conn=75 op=1 RESULT tag=103 err=17 text=changetype: attribute type undefined
Mar 12 05:07:17 linuxas3 slapd[1763]: conn=75 op=2 UNBIND
Mar 12 05:07:17 linuxas3 slapd[1763]: conn=75 fd=7 closed
Mar 12 05:07:46 linuxas3 slapd[1763]: conn=76 fd=7 ACCEPT from IP=127.0.0.1:32852 (IP=0.0.0.0:389)
Mar 12 05:07:46 linuxas3 slapd[1763]: conn=76 op=0 BIND dn="cn=root,dc=myhome,dc=com" method=128
Mar 12 05:07:46 linuxas3 slapd[1763]: conn=76 op=0 BIND dn="cn=root,dc=myhome,dc=com" mech=SIMPLE ssf=0
Mar 12 05:07:46 linuxas3 slapd[1763]: conn=76 op=0 RESULT tag=97 err=0 text=
Mar 12 05:07:46 linuxas3 slapd[1763]: conn=76 op=1 MOD dn="cn=eee,dc=myhome,dc=com"
Mar 12 05:07:46 linuxas3 slapd[1763]: conn=76 op=1 MOD attr=objectclass changetype add cn sn
Mar 12 05:07:46 linuxas3 slapd[1763]: conn=76 op=1 RESULT tag=103 err=17 text=changetype: attribute type undefined
Mar 12 05:07:46 linuxas3 slapd[1763]: conn=76 op=2 UNBIND
Mar 12 05:07:46 linuxas3 slapd[1763]: conn=76 fd=7 closed
Mar 12 05:08:05 linuxas3 slapd[1763]: conn=77 fd=7 ACCEPT from IP=127.0.0.1:32853 (IP=0.0.0.0:389)
Mar 12 05:08:05 linuxas3 slapd[1763]: conn=77 op=0 BIND dn="cn=root,dc=myhome,dc=com" method=128
Mar 12 05:08:05 linuxas3 slapd[1763]: conn=77 op=0 BIND dn="cn=root,dc=myhome,dc=com" mech=SIMPLE ssf=0
Mar 12 05:08:05 linuxas3 slapd[1763]: conn=77 op=0 RESULT tag=97 err=0 text=
Mar 12 05:08:05 linuxas3 slapd[1763]: conn=77 op=1 MOD dn="cn=eee,dc=myhome,dc=com"
Mar 12 05:08:05 linuxas3 slapd[1763]: conn=77 op=1 MOD attr=objectclass changetype add cn sn
Mar 12 05:08:05 linuxas3 slapd[1763]: conn=77 op=1 RESULT tag=103 err=17 text=changetype: attribute type undefined
Mar 12 05:08:05 linuxas3 slapd[1763]: conn=77 op=2 UNBIND
Mar 12 05:08:05 linuxas3 slapd[1763]: conn=77 fd=7 closed
Mar 12 05:08:35 linuxas3 slapd[1763]: conn=78 fd=7 ACCEPT from IP=127.0.0.1:32854 (IP=0.0.0.0:389)
Mar 12 05:08:35 linuxas3 slapd[1763]: conn=78 op=0 BIND dn="cn=root,dc=myhome,dc=com" method=128
Mar 12 05:08:35 linuxas3 slapd[1763]: conn=78 op=0 BIND dn="cn=root,dc=myhome,dc=com" mech=SIMPLE ssf=0
Mar 12 05:08:35 linuxas3 slapd[1763]: conn=78 op=0 RESULT tag=97 err=0 text=
Mar 12 05:08:35 linuxas3 slapd[1763]: conn=78 op=1 MOD dn="cn=eee,dc=myhome,dc=com"
Mar 12 05:08:35 linuxas3 slapd[1763]: conn=78 op=1 MOD attr=objectclass changetype add sn
Mar 12 05:08:35 linuxas3 slapd[1763]: conn=78 op=1 RESULT tag=103 err=17 text=changetype: attribute type undefined
Mar 12 05:08:35 linuxas3 slapd[1763]: conn=78 op=2 UNBIND
Mar 12 05:08:35 linuxas3 slapd[1763]: conn=78 fd=7 closed
Mar 12 05:08:48 linuxas3 slapd[1763]: conn=79 fd=7 ACCEPT from IP=127.0.0.1:32855 (IP=0.0.0.0:389)
Mar 12 05:08:48 linuxas3 slapd[1763]: conn=79 op=0 BIND dn="cn=root,dc=myhome,dc=com" method=128
Mar 12 05:08:48 linuxas3 slapd[1763]: conn=79 op=0 BIND dn="cn=root,dc=myhome,dc=com" mech=SIMPLE ssf=0
Mar 12 05:08:48 linuxas3 slapd[1763]: conn=79 op=0 RESULT tag=97 err=0 text=
Mar 12 05:08:48 linuxas3 slapd[1763]: conn=79 op=1 MOD dn="cn=eee,dc=myhome,dc=com"
Mar 12 05:08:48 linuxas3 slapd[1763]: conn=79 op=1 MOD attr=sn
Mar 12 05:08:48 linuxas3 slapd[1763]: conn=79 op=1 RESULT tag=103 err=0 text=
Mar 12 05:08:48 linuxas3 slapd[1763]: conn=79 op=2 UNBIND
Mar 12 05:08:48 linuxas3 slapd[1763]: conn=79 fd=7 closed
Mar 12 05:09:12 linuxas3 slapd[1763]: conn=80 fd=7 ACCEPT from IP=127.0.0.1:32856 (IP=0.0.0.0:389)
Mar 12 05:09:12 linuxas3 slapd[1763]: conn=80 op=0 BIND dn="cn=root,dc=myhome,dc=com" method=128
Mar 12 05:09:12 linuxas3 slapd[1763]: conn=80 op=0 BIND dn="cn=root,dc=myhome,dc=com" mech=SIMPLE ssf=0
Mar 12 05:09:12 linuxas3 slapd[1763]: conn=80 op=0 RESULT tag=97 err=0 text=
Mar 12 05:09:12 linuxas3 slapd[1763]: conn=80 op=1 MOD dn="cn=eee,dc=myhome,dc=com"
Mar 12 05:09:12 linuxas3 slapd[1763]: conn=80 op=1 MOD attr=sn cn
Mar 12 05:09:12 linuxas3 slapd[1763]: conn=80 op=1 RESULT tag=103 err=20 text=modify/add: sn: value #0 already exists
Mar 12 05:09:12 linuxas3 slapd[1763]: conn=80 op=2 UNBIND
Mar 12 05:09:12 linuxas3 slapd[1763]: conn=80 fd=7 closed
Mar 12 05:09:24 linuxas3 slapd[1763]: conn=81 fd=7 ACCEPT from IP=127.0.0.1:32857 (IP=0.0.0.0:389)
Mar 12 05:09:24 linuxas3 slapd[1763]: conn=81 op=0 BIND dn="cn=root,dc=myhome,dc=com" method=128
Mar 12 05:09:24 linuxas3 slapd[1763]: conn=81 op=0 BIND dn="cn=root,dc=myhome,dc=com" mech=SIMPLE ssf=0
Mar 12 05:09:24 linuxas3 slapd[1763]: conn=81 op=0 RESULT tag=97 err=0 text=
Mar 12 05:09:24 linuxas3 slapd[1763]: conn=81 op=1 MOD dn="cn=eee,dc=myhome,dc=com"
Mar 12 05:09:24 linuxas3 slapd[1763]: conn=81 op=1 MOD attr=sn cn
Mar 12 05:09:24 linuxas3 slapd[1763]: conn=81 op=1 RESULT tag=103 err=0 text=
Mar 12 05:09:24 linuxas3 slapd[1763]: conn=81 op=2 UNBIND
Mar 12 05:09:24 linuxas3 slapd[1763]: conn=81 fd=7 closed
下面将要查询的是对cn=eee,dc=myhome,dc=com进行一些修改操作:
下是在要操作的tt.ldif文件的内容:
dn: cn=eee,dc=myhome,dc=com
changetype: modify
replace: telephoneNumber
telephoneNumber: 999-999-999
# bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x
modifying entry "cn=eee,dc=myhome,dc=com"
# bin/ldapsearch -D "cn=root,dc=myhome,dc=com" -b "dc=myhome,dc=com" -w secret -x -LLL -s sub uid=*eee
dn: cn=eee,dc=myhome,dc=com
objectClass: person
objectClass: inetOrgPerson
uid: eee
sn: eee
sn: eeee1
sn: eee1
cn: eee
cn: eee2
userPassword:: MTIzNDU2
mail: eee@market.myhome.com
mail: asdfaf223@163.com
description: this is user is market domain
mobile: 323-113-223
telephoneNumber: 999-999-999
上面反红的地方说明已经修改成功
要修改的ldif文件如下所示:
dn: cn=eee,dc=myhome,dc=com
changetype: modify
replace: sn,cn
sn: replace1
cn: replace2
# bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x
modifying entry "cn=eee,dc=myhome,dc=com"
ldap_modify: Undefined attribute type (17)
additional info: sn,cn: AttributeDescription contains inappropriate characters
这个操作
修改ldif文件为
dn: cn=eee,dc=myhome,dc=com
changetype: modify
replace: mail
mail: asf3322@gmail.com
# bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x
modifying entry "cn=eee,dc=myhome,dc=com"
# bin/ldapsearch -D "cn=root,dc=myhome,dc=com" -b "dc=myhome,dc=com" -w secret -x -LLL -s sub uid=*eee
dn: cn=eee,dc=myhome,dc=com
objectClass: person
objectClass: inetOrgPerson
uid: eee
sn: eee
sn: eeee1
sn: eee1
cn: eee
cn: eee2
userPassword:: MTIzNDU2
description: this is user is market domain
mobile: 323-113-223
telephoneNumber: 999-999-999
mail: asf3322@gmail.com
这里面发生了奇怪的事情,原来cn=eee有两个mail属性,从上一个例子的查询结果就知道了.分别是
mail: eee@market.myhome.com
mail: asdfaf223@163.com
而tt.ldif文件里面
dn: cn=eee,dc=myhome,dc=com
changetype: modify
replace: mail
mail: asf3322@gmail.com
只替换了一个mail属性,侧从上面的查询结果来看,这个ldif文件的一个mail属性把原来的entry里面的两上mail属性都给覆盖成一个了.
下面是对sn的属性进行替换的一个例子
# bin/ldapsearch -D "cn=root,dc=myhome,dc=com" -b "dc=myhome,dc=com" -w secret -x -LLL -s sub uid=*eee
dn: cn=eee,dc=myhome,dc=com
objectClass: person
objectClass: inetOrgPerson
uid: eee
sn: eee
sn: eeee1
sn: eee1
cn: eee
cn: eee2
userPassword:: MTIzNDU2
description: this is user is market domain
mobile: 323-113-223
telephoneNumber: 999-999-999
mail: asf3322@gmail.com
# more tt.ldif
dn: cn=eee,dc=myhome,dc=com
changetype: modify
replace: sn
sn: test2
[root@linuxas3 openldap2.2.18]# bin/ldapmodify -f tt.ldif -D "cn=root,dc=myhome,dc=com" -w secret -x
modifying entry "cn=eee,dc=myhome,dc=com"
[root@linuxas3 openldap2.2.18]# bin/ldapsearch -D "cn=root,dc=myhome,dc=com" -b "dc=myhome,dc=com" -w secret -x -LLL -s sub uid=*eee
dn: cn=eee,dc=myhome,dc=com
objectClass: person
objectClass: inetOrgPerson
uid: eee
cn: eee
cn: eee2
userPassword:: MTIzNDU2
description: this is user is market domain
mobile: 323-113-223
telephoneNumber: 999-999-999
mail: asf3322@gmail.com
sn: test2
这个替换也出现上一个mail同样的情况.替换一个sn的值,却把已经存在的两个属性都替换没了.
[root@linuxas3 openldap2.2.18]# bin/ldapsearch -D "cn=root,dc=myhome,dc=com" -b "dc=myhome,dc=com" -w secret -x -LLL -s sub uid=*eee
dn: cn=eee,dc=myhome,dc=com
objectClass: person
objectClass: inetOrgPerson
uid: eee
cn: eee
cn: eee2
userPassword:: MTIzNDU2
