Now we're ready to verify the added entries are in your directory. We can use the ldapsearch tool.

The following command will search for and retrieve every entry in the database.

% $OPENLDAP_HOME/bin/ldapsearch -x -b 'dc=pdsdev,dc=jpl,dc=nasa,dc=gov' '(objectClass=*)'

The following command will search for and retrieve PDSPerson entry in the database.

% $OPENLDAP_HOME/bin/ldapsearch -x -b 'dc=pdsdev,dc=jpl,dc=nasa,dc=gov' '(objectClass=PDSPerson)'

Change Your Own User Password

We can use the ldappasswd tool to modify user account password. To change your password, you will need to bind to an LDAP user entry and authenticate with the current password. This follows the same general syntax as the other OpenLDAP tools.

% $OPENLDAP_HOME/bin/ldappasswd -H ldap://server_domain_or_IP -x -D "user_dn" -w [old_passwd] -a [old_passwd] -s [new_passwd]
  • server_domain_or_IP: the ldap server domain, eg. pdsdev.jpl.nasa.gov:1636
  • user_dn: bind DN, eg. "uid=hlee,ou=people,dc=pdsdev,dc=jpl,dc=nasa,dc=gov".

The following command demonstrates that the user dn 'uid=hlee,ou=people,dc=pdsdev,dc=jpl,dc=nasa,dc=gov' changes the password from 'changeMe' to 'test'.

% $OPENLDAP_HOME/bin/ldappasswd -H ldap://pdsdev.jpl.nasa.gov:1636 -x -D "uid=hlee,ou=people,dc=pdsdev,dc=jpl,dc=nasa,dc=gov" \
-w changeMe -a changeMe -s test

Check Your User Authentication

We can use the ldapsearch tool to check the authentication.

% $OPENLDAP_HOME/bin/ldapsearch -x -D "user_dn" -W '(search_filter)'
  • -D - bind DN
  • -W - Prompt for password
  • -x - Simple authentication
  • Finally the search filter as a non-option argument.

The following command demonstrates checking the authentication with the user dn 'uid=hlee,ou=people,dc=pdsdev,dc=jpl,dc=nasa,dc=gov' to search for the uid of 'pdsmc'.

% $OPENLDAP_HOME/bin/ldapsearch -x -D "uid=hlee,ou=people,dc=pdsdev,dc=jpl,dc=nasa,dc=gov" -W '(uid=pdsmc)'