Tests LDAP filter, GUID, users, groups and organizational units as configured in sso/ldap.cf. Configuration options are described in the Configuration Guide.
ldaptest filter
ldaptest guid
ldaptest groups
ldaptest organizationalUnits
ldaptest users
ldaptest orphansAllows you to test the installed filter and prints the results.
If the -a flag is entered, requests and displays additional LDAP attributes. These must be separated by semicolon (;).
E.g., in order to display the mail, member and ou attribute values of each entry, you can enter the following:
ldaptest filter -a mail;member;ou
Use: ldaptest filter [-a]
Allows you to test the installed GUID and prints the results.
Additionally this command also scans your usertree for duplicate uses of the same GUID. If duplicates are detected you resolve them before importing users using ldapimport.
Use: ldaptest guid
Allows you to show the LDAP groups together with their attributes (in the sso/ldap.cf configuration file) that would be imported in an ldapimport execution.
If the -s (schema) flag is entered, the schema of the groups' object class is shown. This may be useful for finding out other group properties that can be entered into the ldap.cf configuration file. You can also use the ldapschema command for further exploring your object class attributes (refer to 20.37. ldapschema).
If the -a flag is entered, requests and displays additional LDAP attributes. These must be separated by semicolon (;).
E.g., in order to display the instanceType and groupType attribute values of each group, you can enter the following:
ldaptest groups -a instanceType;groupType
Use: ldaptest groups [-s] [-a]
Allows you to show the LDAP organizational units together with their attributes (in the sso/ldap.cf configuration file) that would be imported in an ldapimport execution.
If the -s (schema) flag is entered, the schema of the organizational units' object class is shown. This may be useful for finding out other organizational unit properties that can be entered into the ldap.cf configuration file. You can also use the ldapschema command for further exploring your object class attributes (refer to 20.37. ldapschema).
If the -a flag is entered, requests and displays additional LDAP attributes. These must be separated by semicolon (;).
E.g., in order to display the distinguishedName and commonName attribute values of each group, you can enter the following:
ldaptest groups -a distinguishedName;commonName
Use: ldaptest organizationalUnits [-s] [-a]
Allows you to show the LDAP users together with their attributes (in the sso/ldap.cf configuration file) that would be imported in an ldapimport execution.
If the -s (schema) flag is entered, the schema of the users' object class is shown. This may be useful for finding out other user properties that can be entered into the ldap.cf configuration file. You can also use the ldapschema command for further exploring your object class attributes (refer to 20.37. ldapschema).
If the -a flag is entered, requests and displays additional LDAP attributes. These must be separated by semicolon (;).
E.g., in order to display the memberOf and nickname attribute values of each user, you can enter the following:
ldaptest user -a memberOf;nickname
Use: ldaptest users [-s] [-a]
Your LDAP filter should exclusively retrieve all users, groups, and organizational units. If additional nodes are returned, or if the mappings in ldap.cf are incorrect, nodes may be retrieved that cannot be mapped to a user, group, or organizational unit. These are referred to as LDAP orphans. In a properly installed and configured system, LDAP orphans should not exist. Therefore, LDAP orphans occur when your LDAP filter returns too much data. You can easily list all LDAP orphans using this terminal command.
If the -a flag is entered, requests and displays additional LDAP attributes. These must be separated by semicolon (;).
Use: ldaptest orphans [-a]