Filter
Top Products
254 Chapter 15 Working with Open Directory
The slapd_macosx.conf file contains an entry for the root user of the LDAP database,
the directive rootdn. This root user is not the same as the root user in the local NetInfo
database, but rather it is a user who has total control over all data inside the LDAP
database—access controls do not apply to the root user.
An example value for rootdn is uid=root,cn=users,dc=example,dc=com.
An administrator user on the computer can edit the slapd_macosxserver.conf file to
add a new password hash, or plain-text password, to the file, at which point that
administrator user would be able to administrator the LDAP database. This is especially
useful when your LDAP database has become damaged or the passwords have been
lost or forgotten.
Configuring slapd and slurpd Daemons
You can use the slapconfig tool to configure the slapd and slurpd LDAP daemons
and related search policies. See the slapconfig man page for more information.
Standard Distribution Tools
Two types of tools come with OpenLDAP:
 Tools that operate directly on the LDAP databases—These tools begin with slap.
 Tools that go through the LDAP protocol—These tools begin with ldap.
The slap tools must be run directly on the computer hosting the LDAP database.
You should shut down the LDAP service when using the slap tools, or else your
database may become out of sync.
These tools are included in the standard OpenLDAP distribution.
Tool Used to
/usr/bin/ldapadd Add entries to the LDAP directory.
/usr/bin/ldapcompare Compare a directory entry’s actual attributes with known
attributes.
/usr/bin/ldapdelete Delete entries from the LDAP directory.
/usr/bin/ldapmodify Change an entry’s attributes.
/usr/bin/ldapmodrdn Change an entry’s relative distinguished name (RDN).
/usr/bin/ldappasswd Set the password for an LDAP user.
Apple recommends using
passwd instead of ldappasswd. See the
passwd man page for more information.
/usr/bin/ldapsearch Search the LDAP directory. See the usage note under “Searching
the LDAP Server” on page 255.
/usr/bin/ldapwhoami Obtain the primary authorization identity associated with a user.
/usr/sbin/slapadd Add entries to the LDAP directory.
/usr/sbin/slapcat Export LDAP Directory Interchange Format files.