How to test access to Active Directory and LDAP endpoints using 'ldapsearch' in RSA Identity Governance & Lifecycle
RSA Product Set: RSA Identity Governance & Lifecycle RSA Version/Condition: All Platform: SUSE Linux, Red Hat Enterprise Linux (RHEL)
The ldapsearch utility available on SUSE Linux and Red Hat Enterprise Linux (RHEL) systems is a command-line tool that can be useful for testing/trouble-shooting connectivity issues with.RSA Identity Governance & Lifecycle Active Directory/LDAP collectors, connectors and/or authentication sources. The ldapsearch command connects to an LDAP server, authenticates (binds) to the server, and searches and returns records based on filter criteria.
Supported versions of SUSE Linux and RHEL include the ldapsearch utility. To see a list of options to the ldapsearch command, type ldapsearch with no options at the command line prompt as in the following example:
usage: ldapsearch [options] filter [attributes...]
filter RFC-1558 compliant LDAP search filter
attributes whitespace-separated list of attributes to retrieve
(if no attribute list is given, all are retrieved)
-n show what would be done but don't actually search
-v run in verbose mode (diagnostics to standard output)
-t write values to files in /tmp
-u include User Friendly entry names in the output
-A retrieve attribute names only (no values)
-B do not suppress printing of non-ASCII values
-L print entries in LDIF format (-B is implied)
-X print entries in XML format
-R do not automatically follow referrals
-d level set LDAP debugging level to `level'
-F sep print `sep' instead of `=' between attribute names and values
-S attr sort the results by attribute `attr'
-f file perform sequence of searches listed in `file'
-b basedn base dn for search
-s scope one of base, one, or sub (search scope)
-a deref one of never, always, search, or find (alias dereferencing)
-l time lim time limit (in seconds) for search
-z size lim size limit (in entries) for search
-D binddn bind dn
-w passwd bind passwd (for simple authentication)
-h host ldap server
-p port port on ldap server
-W Wallet Wallet location
-P Wpasswd Wallet Password
-U SSLAuth SSL Authentication Mode
-q prompt for simple bind password
-Q prompt for SSL wallet password
-E charset Character Set Encoding
-M send ManageDsaIT control to server
-G send RequiredAttribute control to server
-C send connectBy control to server
-T [-]sort_attr send serverSort control to server
-j page_size send Paging control to server
For more complete documentation on ldapsearch, type the following at the command line prompt:
$ man ldapsearch
The following example illustrates retrieving a single record from an Active Directory server.
Login to the RSA Identity Governance & Lifecycle server as either the root user or oracle user.