Use the testldapserver command to test
a Lightweight Directory Access Protocol (LDAP) server.
Syntax
testldapserver -delim delimiter [ -username user_name [ { -password | password } ] ] [ { ldap_server_id | ldap_server_name } ]
Parameters
- -delimdelimiter
- (Optional) By default, in a concise view all columns of data are space-separated, with the width
of each column set to the maximum possible width of each item of data. In a detailed view, each item
of data is an individual row, and if displaying headers, the data is separated from the header by a
space. The -delim parameter overrides this behavior. Valid input for the
-delim parameter is a one-byte character. Enter -delim
: on the command line, and the colon character (:) separates all
items of data in a concise view (for example, the spacing of columns does not occur); in a detailed
view, the specified delimiter separates the data from its header
- -usernameuser_name
- (Optional) Specifies the user name to test.
- -passwordpassword
- (Optional) Specifies the password to test. You can optionally
specify the password with this parameter. If you do not specify the
password, the system prompts you for it before running the command
and does not display the password that you type.
Note: The -password parameter
is only valid if -username is specified. The
actual password does not need to be supplied.
- ldap_server_id|ldap_server_name
- (Optional) Specifies the LDAP server ID or name
to test.
Description
The
testldapserver command
allows three levels of testing:
- Server connection test (issue testldapserver without
supplying username or password). This verifies that a
connection
can be established with the server while authenticating using the
configured administrator credentials according to the LDAP configuration.
- Server connection, LDAP configuration, and user authorization
test (issue testldapserver with a username). This
verifies that:
- A
connection can be established
with the server while authenticating using the configured administrator
credentials.
- The LDAP attributes are correctly configured on the system.
- The user has been assigned a role.
- Server connection, LDAP configuration, and user authentication
test (issue testldapserver with a username and
password). This verifies that:
- A connection can be established with the server while authenticating
using the configured administrator credentials.
- The user authenticates with the supplied password
No specific server errors indicates success.
Important: This command works whether or not LDAP authentication
is selected or enabled with the chauthservice command.
testldapserver attribute values provides
the attribute values that can be displayed as output view data.
Table 1. testldapserver attribute
valuesAttribute |
Value |
id |
LDAP server ID |
name |
LDAP server name |
error |
Critical server error (or success, depending
on situation) encountered |
An invocation example with one LDAP server and no
specific user information
testldapserver -delim ":" ldapserver1
The resulting output:
id:name:error
1:ldapserver1:CMMVC7075I The LDAP task completed successfully
An invocation example with all LDAP servers using
a UPN
testldapserver -username bloggs@company.com -delim ":"
The resulting output:
id:name:error
0:ldapserver0:CMMVC6518E The task has failed because no roles
are defined for the current user on the system.
1:ldapserver1:CMMVC7075I The LDAP task completed successfully.
2:ldapserver2:CMMVC7075I The LDAP task completed successfully.
secure