wiki

User Tools

Site Tools

Trace: itds_ldapsearch
ldap:itds_ldapsearch

IBM Directory Server ldapsearch samples

List all LDAP objects

root@ldap1 - /home/ldapdb2/idsslapd-ldapdb2/etc > ldapsearch -D cn=root -w password -b  " " objectclass=*

List default configuration

root@ldap1 - /home/ldapdb2/idsslapd-ldapdb2/etc > ldapsearch -D cn=root -w password -b "cn=Directory, cn=RDBM Backends, cn=IBM Directory,cn=Schemas, cn=Configuration" objectclass=*
cn=Directory, cn=RDBM Backends, cn=IBM Directory, cn=Schemas, cn=Configuration
cn=Directory
ibm-slapdDbAlias=ldapdb2b
ibm-slapdDbConnections=15
ibm-slapdDbInstance=ldapdb2
ibm-slapdDbLocation=/home/ldapdb2
ibm-slapdDbName=ldapdb2
ibm-slapdDbUserID=ldapdb2
ibm-slapdDbUserPW={AES256}Z6NG/uS9F3kH2Bok+tW4uQ==
ibm-slapdEnableRemotePWPExOps=TRUE
ibm-slapdGroupMembersCacheBypassLimit=25000
ibm-slapdGroupMembersCacheSize=25
ibm-slapdLanguageTagsEnabled=FALSE
ibm-slapdNumRetry=5
ibm-slapdPagedResAllowNonAdmin=TRUE
ibm-slapdPagedResLmt=3
ibm-slapdPlugin=database    libback-rdbm.a rdbm_backend_init
ibm-slapdPlugin=replication libldaprepl.a  replInit
ibm-slapdPlugin=preoperation libdelref.a DeleteReferenceInit file=/home/ldapdb2/idsslapd-ldapdb2/etc/tdsdelref.conf dn=o=sample
ibm-slapdReadOnly=FALSE
ibm-slapdReferentialIntegrityPlugin=FALSE
ibm-slapdSortKeyLimit=3
ibm-slapdSortSrchAllowNonAdmin=TRUE
ibm-slapdSuffix=cn=localhost
ibm-slapdSuffix=cn=ibmpolicies
ibm-slapdSuffix=cn=Deleted Objects
ibm-slapdSuffix=o=mydomain.org
ibm-slapdTombstoneEnabled=FALSE
ibm-slapdTombstoneLifetime=168
objectclass=top
objectclass=ibm-slapdConfigEntry
objectclass=ibm-slapdRdbmBackend

Default Password Policy

root@ldap1 - /home/ldapdb2/idsslapd-ldapdb2/etc > ldapsearch -D cn=root -w password -b "cn=pwdpolicy,cn=ibmpolicies" objectclass=*
cn=pwdpolicy,cn=ibmpolicies
objectclass=container
objectclass=pwdPolicy
objectclass=ibm-pwdPolicyExt
objectclass=ibm-pwdGroupAndIndividualPolicies
objectclass=top
cn=pwdPolicy
pwdAttribute=userPassword
pwdLockout=false
ibm-pwdGroupAndIndividualEnabled=true
pwdMaxAge=90
pwdMinAge=21
pwdMinLength=8
pwdMaxFailure=5
pwdInHistory=8
pwdGraceLoginLimit=0
passwordMinAlphaChars=2
passwordMinOtherChars=1
passwordMaxRepeatedChars=0
pwdLockoutDuration=0
pwdCheckSyntax=0
pwdFailureCountInterval=0
passwordMaxConsecutiveRepeatedChars=0
pwdExpireWarning=0
passwordMinDiffChars=0
pwdAllowUserChange=true
pwdMustChange=true
pwdSafeModify=false
ibm-pwdPolicy=true
ibm-pwdPolicyStartTime=20140829071649Z

Effective Password Policy

root@ldap1 - /home/ldapdb2/idsslapd-ldapdb2/etc > ldapexop -h localhost -D cn=root -w password -op effectpwdpolicy -d "uid=testuser,ou=People,ou=aix,o=mydomain.org"

The effective password policy is calculated based on the following entries:
cn=pwdpolicy,cn=ibmpolicies

The effective password policy is:
ibm-pwdPolicyStartTime=20140829071649Z
pwdInHistory=8
pwdCheckSyntax=0
pwdGraceLoginLimit=0
pwdLockoutDuration=0
pwdMaxFailure=5
pwdFailureCountInterval=0
passwordMaxRepeatedChars=0
passwordMaxConsecutiveRepeatedChars=0
pwdMaxAge=90
pwdMinAge=21
pwdExpireWarning=0
pwdMinLength=8
passwordMinAlphaChars=2
passwordMinOtherChars=1
passwordMinDiffChars=0
ibm-pwdPolicy=true
pwdLockout=false
pwdAllowUserChange=true
pwdMustChange=true
pwdSafeModify=false
ibm-pwdGroupAndIndividualEnabled=true

LDAP V3 schema

To access the schema, you must first determine the subschemasubentry DN 

root@ldap1 - /home/ldapdb2/idsslapd-ldapdb2/etc > ldapsearch -h hostname -p 389 -b "" -s base "objectclass=*"
namingcontexts=CN=SCHEMA
namingcontexts=CN=CONFIGURATION
namingcontexts=CN=LOCALHOST
namingcontexts=CN=IBMPOLICIES
namingcontexts=O=MYDOMAIN.ORG
ibm-configurationnamingcontext=CN=CONFIGURATION
subschemasubentry=cn=schema
supportedextension=1.3.18.0.2.12.1
supportedextension=1.3.18.0.2.12.3
.....

Using the subschemasubentry DN returned by searching the root DSE, schema information can be accessed with the following command-line search: 

root@ldap1 - /home/ldapdb2/idsslapd-ldapdb2/etc > ldapsearch -h hostname -b cn=schema -s base objectclass=subschema
ldapSyntaxes=( 1.3.6.1.4.1.1466.115.121.1.9 DESC 'Certificate List' )
matchingRules=( 1.3.18.0.2.22.2 NAME 'ibm-entryUuidMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
matchingRules=( 1.3.18.0.2.4.405 NAME 'distinguishedNameOrderingMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
matchingRules=( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
matchingRules=( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
matchingRules=( 1.3.6.1.4.1.1466.109.114.3 NAME 'caseIgnoreIA5SubstringsMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
matchingRules=( 2.5.13.0 NAME 'objectIdentifierMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
....
ldap/itds_ldapsearch.txt · Last modified: 2021/01/01 21:25 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki