testldapserver

Use the testldapserver command to test a Lightweight Directory Access Protocol (LDAP) server.

Syntax

testldapserver -delimdelimiter [ -usernameuser_name [ { -password | password } ] ] [ { ldap_server_id | ldap_server_name } ]

Parameters

-delimdelimiter
(Optional) By default, in a concise view all columns of data are space-separated, with the width of each column set to the maximum possible width of each item of data. In a detailed view, each item of data is an individual row, and if displaying headers, the data is separated from the header by a space. The -delim parameter overrides this behavior. Valid input for the -delim parameter is a one-byte character. Enter -delim : on the command line, and the colon character (:) separates all items of data in a concise view (for example, the spacing of columns does not occur); in a detailed view, the specified delimiter separates the data from its header
-usernameuser_name
(Optional) Specifies the user name to test.
-passwordpassword
(Optional) Specifies the password to test. You can optionally specify the password with this parameter. If you do not specify the password, the system prompts you for it before running the command and does not display the password that you type.
Note: The -password parameter is only valid if -username is specified. The actual password does not need to be supplied.
ldap_server_id|ldap_server_name
(Optional) Specifies the LDAP server ID or name to test.

Description

The testldapserver command allows three levels of testing:
  • Server connection test (issue testldapserver without supplying username or password). This verifies that a
    Draft comment:
    secure
    connection can be established with the server while authenticating using the configured administrator credentials according to the LDAP configuration.
  • Server connection, LDAP configuration, and user authorization test (issue testldapserver with a username). This verifies that:
    • A
      Draft comment:
      secure
      connection can be established with the server while authenticating using the configured administrator credentials.
    • The LDAP attributes are correctly configured on the system.
    • The user has been assigned a role.
  • Server connection, LDAP configuration, and user authentication test (issue testldapserver with a username and password). This verifies that:
    • A connection can be established with the server while authenticating using the configured administrator credentials.
    • The user authenticates with the supplied password

No specific server errors indicates success.

Important: This command works whether or not LDAP authentication is selected or enabled with the chauthservice command.
Table 1 provides the attribute values that can be displayed as output view data.
Table 1. testldapserver attribute values
Attribute Value
id LDAP server ID
name LDAP server name
error Critical server error (or success, depending on situation) encountered

An invocation example with one LDAP server and no specific user information

testldapserver -delim ":" ldapserver1

The resulting output: 

id:name:error
1:ldapserver1:CMMVC7075I The LDAP task completed successfully

An invocation example with all LDAP servers using a UPN

testldapserver -username bloggs@company.com -delim ":"

The resulting output: 

id:name:error
0:ldapserver0:CMMVC6518E The task has failed because no roles 
                         are defined for the current user on the system.
1:ldapserver1:CMMVC7075I The LDAP task completed successfully.
2:ldapserver2:CMMVC7075I The LDAP task completed successfully.
Parent topic: User management commands