Software, Photography, Madness.

LDAPShell
LDAPShell is a set of Bourne shell functions that makes command line LDAP editing much easier. You can cd around the LDAP tree, inspect entries and make changes. Since everything is an extension to the Bourne shell, you can also pipe, redirect, backtick, and use every other dirty shell trick you can think of.

It's actually quite cool, if I may say so myself.

You will need OpenLDAP 2.X installed and in the path on the system, but there are no other requirements other than that. You might even get it to work on Win32, if you have a Bourne shell installed, YMMV.

Running
Simply type ldapsh at the command prompt and you will see a prompt like the following: 

dc=com>
You are now in ldapshell. See below for all the neat things it does.

Installation
Grab a copy of ldapshell here.

Sigle User Installation
Place both .ldapsh.conf and .ldapsh.funcs in your home directory. Place ldapsh in your path (usually ~/bin). You will need to edit .ldapsh.conf and add your default username and default dn.

System wide installation
Copy .ldapsh.conf to /usr/local/etc/ldapsh.conf
Copy .ldapsh.funcs to /usr/local/etc/ldapsh.funcs
(note the system versions do not start with a dot)
Copy ldapsh to /usr/local/bin

Edit /usr/local/etc/ldapsh.conf to add your own default dn and admin username.

Sample session 

%ldapsh
dc=com> ls
dc=testdomain,dc=com
dc=testdomain2,dc=com
dc=testdomain3,dc=com
dc=testdomain4,dc=com

dc=com> cd dc=testdomain4

dc=testdomain4,dc=com> ls

cn=lynx,dc=testdomain4,dc=com
cn=eternityrose,dc=testdomain4,dc=com
cn=outlaw,dc=testdomain4,dc=com
cn=irene,dc=testdomain4,dc=com

dc=testdomain4,dc=com> cd cn=irene

cn=irene,dc=testdomain4,dc=com> show

dn: cn=irene,dc=testdomain4,dc=com
objectClass: top
objectClass: person
objectClass: inetLocalMailRecipient
objectClass: iimsUser
objectClass: radiusprofile
objectClass: wirelessUser
iimsusername: irene
mailHost: mail.testdomain4.com
sn: irene
cn: irene
mailLocalAddress: irene@testdomain4.com
uidNumber: 11304
iimsaccountStatus: Full Access
iimsLocation: A Location
iimsaccountType: Dialin
iimsfullname: Irene Testcustomer
iimschargeCodes: WLR1

cn=irene,dc=testdomain4,dc=com> modify iimsfullname "Irene Testcustomer"
modifying entry "cn=irene,dc=testdomain4,dc=com"

cn=irene,dc=testdomain4,dc=com> cd dc=com

dc=com> cdu irene

cn=irene,dc=testdomain4,dc=com> exit
%

file: ldapsh
This is the script file that starts ldapsh. Put it in your path somewhere. It should be chmod a+x

file: .ldapsh.funcs
This is the file that does most of the work. There's nothing that should need changing in here, though this is where you would add new features, if you're feeling generous.

file: .ldapsh.conf
Place .ldapsh.conf in your home directory. It contains a few defaults that should be set, and should be self-explanitory.

Command: cd
cd is like the usual file system cd, except it traverses the LDAP tree instead of the filesystem tree. When ldapsh first starts, it's default base dn is controlled by the variable BASE in ldapsh.conf. cd is smart enough to know if you are providing a fully qualified dn or a relative dn. 

cd dc=mydomain
or
cd dc=mydomain,dc=com
or
cd ..

Command: cdu
cdu is a shortcut to cd'ing to a given username. In ldapsh.conf you can set what attribute is assumed to hold the username by changing the value of the USERATTR variable. 

cdu testuser

Command: cdf
cdf is a shortcut to "find node and cd to it". Following cdf is the search filter (without the outer parens) you wish to search for. 

cdf serialNumber=00098768

Command: setuser
In ldapsh.conf you can set a default user that is used to bind to the directory after the setpass command is issued.

If you wish to bind as a different user, you can issue the setuser command. 

setuser cn=me,dc=mydomain,dc=com

Command: setpass
setpass sets the current password for access to the directory. If you do not issue the setpass command, you can still view anything you have anonymous access to. To make any modifications or view any protected attributes, you will need to provide a password with setpass. 

setpass xxxxxxx

Command: remove
remove removes an attribute from the current default dn. 

remove homePhoneNumber

Command: show
Show will show all atttributes of the current default dn, or will show a particular attribute: 

show sn
or
show

Dirty tricks: pipes
Since LDAPShell is really the plain old Bourne shell, you can, of course, pipe any command to any standard UNIX command.

ls | sort
or
show | lpr

Modification commands
To modifications, make sure you are logged in by typing "setpass xxxxx" where xxxxx is the password of the admin user (see "setuser").

To modify a single attribute, use: 

modify [atttributename] [attributevalue]

To edit all the attributes, you can use edit which loads teh current LDIF into your default editor.

Also, see the remove command above.

All content (c) 2002 J.Childs
jeremyc@ssimicro.com