Difference between revisions of "ShanxT-LDAP-CheatSheet"

(Setting the ldap variables)
Line 16: Line 16:
  
 
Or directly open '/opt/zimbra/conf/localconfig.xml', and take the values from there.
 
Or directly open '/opt/zimbra/conf/localconfig.xml', and take the values from there.
 +
 +
  
 
== Parsing through ldap ==
 
== Parsing through ldap ==
Line 36: Line 38:
 
Example using localconfig keys:
 
Example using localconfig keys:
 
  ldapsearch -x -D `zmlocalconfig -m nokey -s zimbra_ldap_userdn` -w `zmlocalconfig -m nokey -s zimbra_ldap_password` -h `hostname -f`
 
  ldapsearch -x -D `zmlocalconfig -m nokey -s zimbra_ldap_userdn` -w `zmlocalconfig -m nokey -s zimbra_ldap_password` -h `hostname -f`
 +
 +
 +
 +
== Quick Debug info ==
 +
 +
ldapsearch -x -h 2d.snx -v -d 7
  
  
Line 61: Line 69:
  
 
  ldapdelete -v -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password "uid=testtest,ou=people,dc=example,dc=shanx"
 
  ldapdelete -v -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password "uid=testtest,ou=people,dc=example,dc=shanx"
 +
 +
  
 
== zmprov sa ==
 
== zmprov sa ==
Line 67: Line 77:
  
 
  zmprov sa -v "zimbraMailHost=8b.snx"  
 
  zmprov sa -v "zimbraMailHost=8b.snx"  
 +
  
  
Line 85: Line 96:
 
Checking LDAP root password. This should match the 'zimbra_ldap_password' entry:
 
Checking LDAP root password. This should match the 'zimbra_ldap_password' entry:
 
  ldapwhoami -x -h `zmhostname` -D "cn=config" -W
 
  ldapwhoami -x -h `zmhostname` -D "cn=config" -W
 +
  
  

Revision as of 11:31, 12 June 2013

Setting the ldap variables

The variables used by LDAP can be set by running:

su - zimbra
source ~/bin/zmshutil
zmsetvars

This will set the values for variables like '$ldap_master_url', '$zimbra_ldap_password', etc.

Alternatively, they can be taken from localconfig.xml as well. To do so, either run:

zmlocalconfig -s | grep 'ldap_' | egrep 'password|url'

Or directly open '/opt/zimbra/conf/localconfig.xml', and take the values from there.


Parsing through ldap

Basic search:

ldapsearch -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password

Specifying the 'people' ou as the search base. 'dc=example' and 'dc=com' will have to be replaced with your domain

ldapsearch -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password -LLL -b 'ou=people,dc=example,dc=com'

Alternatively, using search filters, and also showing all accounts of the object class 'zimbraAccount'

ldapsearch -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password -LLL '(&(objectClass=zimbraAccount)(ou:dn:=people))'

Using search base and showing the uid for admin accounts:

ldapsearch -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password -b 'ou=people,dc=example,dc=com' -LLL '(&(uid=*)(zimbraIsAdminAccount=TRUE))' uid

Listing out all the servers:

ldapsearch -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password -b 'cn=servers,cn=zimbra' 

Example using localconfig keys:

ldapsearch -x -D `zmlocalconfig -m nokey -s zimbra_ldap_userdn` -w `zmlocalconfig -m nokey -s zimbra_ldap_password` -h `hostname -f`


Quick Debug info

ldapsearch -x -h 2d.snx -v -d 7


Modifying ldap

ldapmodify -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password

The cursor will move to the next line, wherein you can enter the modification you wish to make. Make sure to press 'Ctrl+D' after the modifications are over.

Example - To change uid:

ldapmodify -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password
dn: uid=old_user_uid,dc=domain
changetype: modrdn
newrdn: uid=new_user_uid
deleteoldrdn: 1

(Press Ctrl+D)


Deleting an ldap entry

ldapdelete -v -x -H $ldap_master_url -D $zimbra_ldap_userdn -w $zimbra_ldap_password "uid=testtest,ou=people,dc=example,dc=shanx"


zmprov sa

Queries ldap via zmprov. Example:

zmprov sa -v "zimbraMailHost=8b.snx" 


Checking Passwords

This is to check if the passwords stored in localconfig.xml are correct. Get the password and check with the following commands.

The results of the following should simply return the DN of the authenticated user. An 'Invalid Credentials' error message would show something is wrong.

Checking Zimbra Password. This should match the 'zimbra_ldap_password' in localconfig.xml:

ldapwhoami -ZZZ -x -h `zmhostname` -D "uid=zimbra,cn=admins,cn=zimbra" -W

OR

ldapwhoami  -x -h `zmhostname` -D "uid=zimbra,cn=admins,cn=zimbra" -W

The use of '-ZZZ' depends on your TLS settings.


Checking LDAP root password. This should match the 'zimbra_ldap_password' entry:

ldapwhoami -x -h `zmhostname` -D "cn=config" -W


Encoding of entries

Entries are base64 encoded if they are passwords, or if a person's name or entry contains special characters, like the umlaut. To decode, simply run:

echo 'e1NTSEF9Nmc4WDVsR3F6Snl3T21NMTU3NlB2WE4xMFV1L2hTSzU=' | base64 -d

The above is a password, so the output would be:

{SSHA}6g8X5lGqzJywOmM1576PvXN10Uu/hSK5

This shows the password is a salted SHA password.


To encode:

echo 'ThisIsMyPassword' | base64
Verified Against: Zimbra Collaboration Suite 7,8 Date Created: 06/12/2013
Article ID: https://wiki.zimbra.com/index.php?title=ShanxT-LDAP-CheatSheet Date Modified: 2013-06-12



Try Zimbra

Try Zimbra Collaboration with a 60-day free trial.
Get it now »

Want to get involved?

You can contribute in the Community, Wiki, Code, or development of Zimlets.
Find out more. »

Looking for a Video?

Visit our YouTube channel to get the latest webinars, technology news, product overviews, and so much more.
Go to the YouTube channel »

Jump to: navigation, search