...
SSH into your openLDAP server and create a new 'ldif' file. Example:
dn: cn=JoeSmith,ou=people,dc=6connect,dc=com
cn: JoeSmith
sn: JoeSmith
objectclass: top
objectclass: person
objectclass: sixConnectPermissionsV2
sixConnGroup: "Global Admins"
sixConnGroup: "bonk"
sixConnGroup: "poof"
sixConnGroup: "grood"
userPassword: testpass
To create a new user, make a new ldif file and change all instances of "JoeSmith" to whatever username you wish to create and update the password. Keep all of the object class definitions as listed above. Add a sixConnGroup declaration for each ProVision user group a user is in.
...
To query the LDAP server, punch this line into run the following command on any server which has openLDAP enabled, which is almost all of them.:
ldapsearch -h [IPADDRESS] -D [DOMAIN] -w [PASSWORD] [USER]
The "-h" flag is straightforward, indicating the IP of the server. Don't even try getting this to accept IPv6 addresses -- every site mentions a different format; none of them work.
The "-w" flag indicates the password.
The "-D" flag marks the descent into crazypants wackytown. This is the "domain" of the LDAP search, which I don't understand one bit, but is apparently super-important. I guess its analogous to the database selector when querying off a MySQL server? I dunno. You should not need to modify this field.
And at the end you add in the User (or users, or groups, or whatever) you want to query the LDAP server on, again in that fun fun LDAP format.
Here is a practical example of an LDAP query:
Note: We have not been able to use a v6 address at with this tool, even though multiple sources say it should work.
At the end of the command where [USER] is specified, user or groups can be used (in LDAP format) to query.
Example:
ldapsearch -h 50.240.195.129 -D "cn=MayorJoeSmith,ou=people,dc=6connect,dc=com" -w testpass "cn=MajorMinerJoeSmith"
Configure ProVision for LDAP Authentication
...