on Jun 14, 2016Article Content
| Article Number | 000029270 |
| Applies To | Identity Management and Governance |
| Issue | It can be helpful to try an alternative means of accessing LDAP-based data when troubleshooting issues with Active Directory collectors, connectors, and/or authentication sources |
| Resolution | Supported versions of Red Hat and SUSE Linux include the command line ldapsearch utility. For example, to test retrieving users from an Active Directory server, SSH to the IMG server and execute ldapsearch: oracle@acm-690:~> ldapsearch -h 192.168.26.120 -p 389 -D administrator@2k8r2-vcloud.local -w password1 -z 1 -b 'ou=us,ou=vcloud users,dc=2k8r2-vcloud,dc=local' '(&(objectClass=User)(objectcategory=person))' CN=Felicia\, Radi,OU=US,OU=vcloud Users,DC=2k8r2-vcloud,DC=local objectClass=top objectClass=person objectClass=organizationalPerson objectClass=user cn=Felicia, Radi sn=Felicia c=US l=Pittsfield st=NH title=Captain postalCode=11111 telephoneNumber=555-555-5555 givenName=Radi distinguishedName=CN=Felicia\, Radi,OU=US,OU=vcloud Users,DC=2k8r2-vcloud,DC=local ... where: -h host ldap server -p port port on ldap server -D binddn bind dn -w passwd bind passwd (for simple authentication) -z size lim size limit (in entries) for search -b basedn base dn for search |
| Notes | The full list of ldapsearch options can be seen by typing ldapsearch with no options: oracle@acm-690:~> ldapsearch usage: ldapsearch [options] filter [attributes...] where: filter RFC-1558 compliant LDAP search filter attributes whitespace-separated list of attributes to retrieve (if no attribute list is given, all are retrieved) options: -n show what would be done but don't actually search -v run in verbose mode (diagnostics to standard output) -t write values to files in /tmp -u include User Friendly entry names in the output -A retrieve attribute names only (no values) -B do not suppress printing of non-ASCII values -L print entries in LDIF format (-B is implied) -X print entries in XML format -R do not automatically follow referrals -d level set LDAP debugging level to `level' -F sep print `sep' instead of `=' between attribute names and values -S attr sort the results by attribute `attr' -f file perform sequence of searches listed in `file' -b basedn base dn for search -s scope one of base, one, or sub (search scope) -a deref one of never, always, search, or find (alias dereferencing) -l time lim time limit (in seconds) for search -z size lim size limit (in entries) for search -D binddn bind dn -w passwd bind passwd (for simple authentication) -h host ldap server -p port port on ldap server -W Wallet Wallet location -P Wpasswd Wallet Password -U SSLAuth SSL Authentication Mode -q prompt for simple bind password -Q prompt for SSL wallet password -E charset Character Set Encoding -M send ManageDsaIT control to server -G send RequiredAttribute control to server -C send connectBy control to server -T [-]sort_attr send serverSort control to server -j page_size send Paging control to server |