Using LdapSearch and LDAPModify with OID

Oracle Internet Directory (OID) LdapSearch and LdapModify examples:

To use the ldap utilities that come with OID, set ORACLE_HOME to the OID installation directory. For example,

export ORACLE_HOME=/opt/app/middleware/Oracle_IDM1

Various options commonly used:

-h hostname of the OID server
-p OID LDAP port
-D BindDN. You can use the default admin account, cn=orcladmin or any other account with proper privileges
-w Specify password for Bind DN. Alternatively, use -q to prompt for the password.

#Eg 1:

All entries on host ldap.ziontech.net using port 3060, and return all attributes and values

$ORACLE_HOME/bin/ldapsearch -h ldap.ziontech.net -p 3060 -D "cn=orcladmin" -w "password" "objectClass=*"

#Eg 2:
All entries on host ldap.ziontech.net using port 3060, and return only attributes names. Same as above, but return only attribute names

$ORACLE_HOME/bin/ldapsearch -A -h ldap.ziontech.net -p 3060 -D "cn=orcladmin" -w "password" "objectClass=*"

#Eg 3:
All entries on host ldap.ziontech.net using port 3060, return all attributes, and de-reference any aliases found

$ORACLE_HOME/bin/ldapsearch -a always -h ldap.ziontech.net -p 3060 -D "cn=orcladmin" -w "password" "objectClass=*"

#Eg 4:
All entries on host ldap.ziontech.net using port 3060 under base dc=ziontech,dc=net, and return all attributes and values. Same as Eg 1, but under specified base using -b

$ORACLE_HOME/bin/ldapsearch -h ldap.ziontech.net -p 3060 -D "cn=orcladmin" -w "password" -b "dc=ziontech,dc=net" "objectClass=*"

#Eg 5:

Same as Eg4, except return only specified attributes mail, cn, sn, givenname

$ORACLE_HOME/bin/ldapsearch -h ldap.ziontech.net -p 3060 -D "cn=orcladmin" -w "password" -b "dc=ziontech,dc=net" "objectClass=*" mail cn sn givenname

#Eg 6:
Same as Eg 4, but start using option -s to limit the scope to base, or one. Default is sub.

$ORACLE_HOME/bin/ldapsearch -h ldap.ziontech.net -p 3060 -D "cn=orcladmin" -w "password" "objectClass=*" -b "dc=ziontech,dc=net"
$ORACLE_HOME/bin/ldapsearch -h ldap.ziontech.net -p 3060 -D "cn=orcladmin" -w "password" -b "dc=ziontech,dc=net" -s sub "objectClass=*"
$ORACLE_HOME/bin/ldapsearch -h ldap.ziontech.net -p 3060 -D "cn=orcladmin" -w "password" -b "dc=ziontech,dc=net" -s base "objectClass=*"
$ORACLE_HOME/bin/ldapsearch -h ldap.ziontech.net -p 3060 -D "cn=orcladmin" -w "password" -b "dc=ziontech,dc=net" -s one "objectClass=*"

#Eg 7:
Same as Eg5, but limit base to “cn=users,dc=ziontech,dc=net”

$ORACLE_HOME/bin/ldapsearch -h ldap.ziontech.net -p 3060 -D "cn=orcladmin" -w "password" -b "cn=users,dc=ziontech,dc=net" "objectClass=*" mail cn sn givenname

#Eg 8:
Add a user using ldap modify

$ORACLE_HOME/bin/ldapmodify -c -h ldap.ziontech.net -p 3060 -D "cn=orcladmin" -w "password" -f user.ldif

#Contents of user.ldif
dn: cn=testuser,cn=Users, dc=ziontech,dc=net
changetype: add
uid: testuser
mail: testuser
givenName: testuser
cn: testuser
sn: testuser
userPassword: Password1
description: Test User
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: orcluser
objectClass: orcluserV2

#Eg 9:
Add users (more than one) using ldap modify

$ORACLE_HOME/bin/ldapmodify -c -h ldap.ziontech.net -p 3060 -D "cn=orcladmin" -w "password" -f users.ldif

#Contents of users.ldif
dn: cn=testuser1,cn=Users, dc=ziontech,dc=net
changetype: add
uid: testuser1
mail: testuser1
givenName: testuser1
cn: testuser1
sn: testuser1
userPassword: Welcome123
description: testuser1
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: orcluser
objectClass: orcluserV2

dn: cn=testuser2,cn=Users, dc=ziontech,dc=net
changetype: add
uid: testuser2
mail: testuser2
givenName: testuser2
cn: testuser2
sn: testuser2
userPassword: Welcome123
description: testuser2
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: orcluser
objectClass: orcluserV2

dn: cn=testuser3,cn=Users, dc=ziontech,dc=net
changetype: add
uid: testuser3
mail: testuser3
givenName: testuser3
cn: testuser3
sn: testuser3
userPassword: Welcome123
description: testuser3
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: orcluser
objectClass: orcluserV2

#Eg 10
Search for users added above.

$ORACLE_HOME/bin/ldapsearch -h ldap.ziontech.net -p 3060 -D "cn=orcladmin" -w "password" -b "cn=users,dc=ziontech,dc=net" "objectClass=*" cn

#Eg 11
Remove a user

$ORACLE_HOME/bin/ldapmodify -c -h ldap.ziontech.net -p 3060 -D "cn=orcladmin" -w "password" -f removeUser.ldif

# Contents of removeUser.ldif
dn: cn=testuser,cn=Users, dc=ziontech,dc=net
changetype: delete

#Eg 12
Disable a user in OID

$ORACLE_HOME/bin/ldapmodify -c -h ldap.ziontech.net -p 3060 -D "cn=orcladmin" -w "password" -f disableUser.ldif

# Contents of disableUser.ldif
dn: cn=testuser3,cn=Users,dc=ziontech,dc=net
changetype: modify
replace: orclisenabled
orclisenabled: DISABLED

Enable user back
$ORACLE_HOME/bin/ldapmodify -c -h ldap.ziontech.net -p 3060 -D “cn=orcladmin” -w “password” -f enableUser.ldif
# Contents of enableUser.ldif
dn: cn=testuser3,cn=Users,dc=ziontech,dc=net
changetype: modify
replace: orclisenabled
orclisenabled: ENABLED

#Eg 13
Add a group

$ORACLE_HOME/bin/ldapmodify -c -h ldap.ziontech.net -p 3060 -D "cn=orcladmin" -w "password" -f addGroup.ldif

# Contents of addGroup.ldif
dn: cn=testGroup,cn=groups,dc=ziontech,dc=net
changetype: add
cn: testGroup
objectclass: top
objectclass: orclGroup
objectclass: groupOfUniqueNames
owner: cn=orcladmin
displayname: testGroup
description: Group for testing
orclisvisible: true

#Eg 14
Add a member to a group

$ORACLE_HOME/bin/ldapmodify -c -h ldap.ziontech.net -p 3060 -D "cn=orcladmin" -w "password" -f addmemGroup.ldif

# Contents of addmemGroup.ldif
dn: cn=testGroup,cn=groups,dc=ziontech,dc=net
changetype: modify
add: uniquemember
uniquemember: cn=testuser1,cn=Users, dc=ziontech,dc=net
uniquemember: cn=testuser2,cn=Users, dc=ziontech,dc=net

#Eg 15
Search for all groups and its members in OID

$ORACLE_HOME/bin/ldapsearch -h ldap.ziontech.net -p 3060 -D "cn=orcladmin" -w "password" -b "cn=groups,dc=ziontech,dc=net" "objectClass=*"

#Eg 16
Search under base and return all cn and mail matching pattern testuser*

$ORACLE_HOME/bin/ldapsearch -h ldap.ziontech.net -p 3060 -D "cn=orcladmin" -w "password" -b "cn=users,dc=ziontech,dc=net" "(cn=testuser*)" cn mail

#Eg 17
Do a subtree search in the base DN for any object type of Person who also has an attribute that matches any one of the attributes found in the OR filter. Only the DN (default) and CN will be returned.

$ORACLE_HOME/bin/ldapsearch -h ldap.ziontech.net -p 3060 -D "cn=orcladmin" -w "password" -b "dc=ziontech,dc=net" "(&(objectclass=Person)(|(cn=testuser*)(givenname=testuser*)(sn=testuser*)(mail=testuser*)))" cn

#Eg 18
Search the group testGroup to find all its members

$ORACLE_HOME/bin/ldapsearch -h ldap.ziontech.net -p 3060 -D "cn=orcladmin" -w "password" -b "cn=testGroup,cn=Groups,dc=ziontech,dc=net" -s sub "(objectclass=*)" uniquemember
  

One Comment

  1. Pradeep-Reply
    July 17, 2014 at 9:24 pm

    excellent article Phani

Leave A Comment