Using OpenLDAP commands

The Centrify OpenLDAP proxy service includes a set of OpenLDAP commands that have been modified to support looking up information in Active Directory domain controllers and the global catalog. The Centrify distribution of OpenLDAP supports most of the standard options and syntax for performing LDAP operations, but the ldap commands in the Centrify distribution of OpenLDAP also support the following options that are not supported in a standard OpenLDAP distribution:

Use this option To do this
-m

Use the local machine credentials from the /etc/krb5.keytab file. This option requires root user access.

-r

Disable line wrapping when printing out LDIF entries.

The Centrify distribution of OpenLDAP also provides extended URL support for Active Directory. With Centrify LDAP commands, you can use the following URLs to connect to Active Directory computers:

Use this To do this
ldap://domain_name

Connect to the appropriate domain controller for the specified domain within the Active Directory site.

ldap://

Connect to the joined domain.

gc://[domain_name]

Connect to the global catalog domain controller for the joined domain. You can use the optional domain_name parameter to specify a domain in a different forest.

The Centrify distribution of OpenLDAP includes the following commands:

  • ldapsearch
  • ldapadd
  • ldapmodify
  • ldapmodrdn
  • ldapcompare
  • ldapdelete

Note:   The ldappasswd and ldapwhoami commands do not work with Active Directory. For more information about using the OpenLDAP commands or the standard options available, see the man page for each command.