7

I'm using openldap-server-2.4.38_1 on FreeBSD 9.1-RELEASE-p5.

1) can I get list of active (connected) schemes without viewing slapd.conf file?

2) how can I get description of obectClasses and/or it's attributes in this schemes whiout viewing scheme file?

So - it there any pre-builded utils (I mean utils like ldapsearch etc), or - something external scripts like ldapscripts? Or may be I can obtain this info directly from ldapshell or phpldapadmin (but I don't like use utils with web-interface...)?

Braiam
  • 35,380
  • 25
  • 108
  • 167
setevoy
  • 894
  • 4
  • 15
  • 28
  • List schemas in use: `ldapsearch -A -x -h localhost -D "cn=admin,cn=config" -w -b "cn=config" objectClass="olcSchemaConfig" | egrep "# {" | egrep ", schema, config" | sed -e 's/.*}\(.*\), schema.*/\1/'`! Thanks! – Eduardo Lucio May 17 '18 at 18:56

2 Answers2

6

Yes to both. 

ldapsearch -H ldap://ldap.mydomain.com -x -s base -b "" +
# the + returns operational attributes

will give a list of supported features. You may want to look up the meaning of the IOD's that get returned here.

More interesting stuff is in the cn=Subschema section:

ldapsearch -H ldap://ldap.mydomain.com -x -s base -b "cn=subschema" objectclasses

which will list all supported ObjectClasses.

Note that unlike other LDAP servers you can't use LDAP commands to extend the scheme in the live server and must edit the files and restart your openldap server to modify the schema.

HBruijn
  • 7,233
  • 23
  • 32
  • 1
    And - how I can get description of objectclass directly from LDAP? For example - I want to see all attributes (and/or description) of objectClass: dcObject. I tried use ldapsearch with filters - but without result... – setevoy Jan 04 '14 at 14:22
1

To do this is in more systematic filtered way ...

If you just (initially) want a list of the schemas that have been installed (to answer the question has a particular schema been installed) the following works with more recent openldap slapd setup with the internal config facility (so there is no slapd.conf to look at)

ldapsearch -b "cn=schema,cn=config" -H ldapi:/// -LLL -Q -Y EXTERNAL dn

dn: cn=schema,cn=config

dn: cn={0}core,cn=schema,cn=config

dn: cn={1}cosine,cn=schema,cn=config

dn: cn={2}nis,cn=schema,cn=config

dn: cn={3}inetorgperson,cn=schema,cn=config

dn: cn={4}openssh,cn=schema,cn=config

dn: cn={5}samba,cn=schema,cn=config

dn: cn={6}ldapns,cn=schema,cn=config

Then to see the details of the schema (including objectClasses), prepend the name of the schema to the query base, eg to see the openssh schema (which happened to be the fourth one added to the server), and omit the dn filter parameter

ldapsearch -b "cn={4}openssh,cn=schema,cn=config" -H ldapi:/// -LLL -Q -Y EXTERNAL
  
dn: cn={4}openssh,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {4}openssh
olcAttributeTypes: {0}( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME      'sshPublicKey' DES
C 'MANDATORY: OpenSSH Public key' EQUALITY octetStringMatch    SYNTAX 1.3.6.1.4. 
1.1466.115.121.1.40 )
olcObjectClasses: {0}( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' DESC
'MANDATORY: OpenSSH LPK objectclass' SUP top AUXILIARY MAY (sshPublicKey $ 
uid ) )
Benedict Arnold
  • 11
  • 2