Tests LDAP filter, GUID, users, groups and organizational units as configured in sso/ldap.cf. Configuration options are described in the Configuration Guide.
ldaptest filter
ldaptest guid
ldaptest groups
ldaptest organizationalUnits
ldaptest users
ldaptest orphansAllows you to test the installed filter and prints the results.
If the -a flag is entered, requests and displays additional LDAP attributes. These must be separated by semicolon (;).
E.g., in order to display the mail, member and ou attribute values of each entry, you can enter the following:
ldaptest filter -a mail;member;ou
Use: ldaptest filter [-a]
Allows you to test the installed GUID and prints the results.
Additionally this command also scans your usertree for duplicate uses of the same GUID. If duplicates are detected you resolve them before importing users using ldapimport.
Use: ldaptest guid
Allows you to show the LDAP groups together with their attributes (in the sso/ldap.cf configuration file) that would be imported in an ldapimport execution.
If the -s (schema) flag is entered, the schema of the groups' object class is shown. This may be useful for finding out other group properties that can be entered into the ldap.cf configuration file. You can also use the ldapschema command for further exploring your object class attributes (refer to 19.37. ldapschema).
If the -a flag is entered, requests and displays additional LDAP attributes. These must be separated by semicolon (;).
E.g., in order to display the instanceType and groupType attribute values of each group, you can enter the following:
ldaptest groups -a instanceType;groupType
Use: ldaptest groups [-s] [-a]
Allows you to show the LDAP organizational units together with their attributes (in the sso/ldap.cf configuration file) that would be imported in an ldapimport execution.
If the -s (schema) flag is entered, the schema of the organizational units' object class is shown. This may be useful for finding out other organizational unit properties that can be entered into the ldap.cf configuration file. You can also use the ldapschema command for further exploring your object class attributes (refer to 19.37. ldapschema).
If the -a flag is entered, requests and displays additional LDAP attributes. These must be separated by semicolon (;).
E.g., in order to display the distinguishedName and commonName attribute values of each group, you can enter the following:
ldaptest groups -a distinguishedName;commonName
Use: ldaptest organizationalUnits [-s] [-a]
Allows you to show the LDAP users together with their attributes (in the sso/ldap.cf configuration file) that would be imported in an ldapimport execution.
If the -s (schema) flag is entered, the schema of the users' object class is shown. This may be useful for finding out other user properties that can be entered into the ldap.cf configuration file. You can also use the ldapschema command for further exploring your object class attributes (refer to 19.37. ldapschema).
If the -a flag is entered, requests and displays additional LDAP attributes. These must be separated by semicolon (;).
E.g., in order to display the memberOf and nickname attribute values of each user, you can enter the following:
ldaptest user -a memberOf;nickname
Use: ldaptest users [-s] [-a]
Your LDAP filter should return all (and only!) your users, groups and organizational units. If more nodes are returned, or if the mappings in ldap.cf are not correct, nodes are returned that can not be mapped to a user, a group or an organizational unit. These are called LDAP orphans. In a correct installation and configuration, there should not be any LDAP orphans. Thus, you get LDAP orphans when you return ''too much'' from your LDAP filter. You can easily list all LDAP orphans with this terminal command.
If the -a flag is entered, requests and displays additional LDAP attributes. These must be separated by semicolon (;).
Use: ldaptest orphans [-a]