Running ldapsearch utility

Use the ldap_search command to run ldapsearch utility.

ldap_search  user=UserName fqdn=Fqdn [ second_cmd=<yes|no> password=Password ]

Parameters

Name Type Description Mandatory Default
user Object name Name of user to search. Y N/A
password N/A Password of user to search. N empty
second_cmd Boolean Run the second lsearch command N no
fqdn N/A FQDN of LDAP server to query. Y N/A

There are two LDAP search commands executed in the authentication process. The second command can be selected by setting the second_cmd to yes.

Example: 

ldap_search fqdn user password

Output: 


Name           Index   Value
-------------- ------- ------------------------------------------------------
command_line   0       ldapsearch -H ldap://ldapwin2003.xivldap2.com:389...
returncode     0       0
stderr         0
stdout         0       dn: CN=employee,CN=Users,DC=xivldap2,DC=com
stdout         1       description: Group One
stdout         2       objectSid:: AQUAAAAAAAUVAAAAYcKhSnhmt01IPSuAbQQAAA==
stdout         3
stdout         4
ID Name Default Position
name Name 1
index Index 2
value Value 3

Access control

User Category Permission
Storage administrator Allowed
Application administrator Disallowed
Security administrator Disallowed
Read-only users Disallowed
Operations administrator Disallowed
Host side accelerator client Disallowed

Return codes

  • LOGIN_FAILURE_USER_NOT_AUTHENTICATED_BY_LDAP_SERVER

    User User Name was not authenticated by LDAP server 'Server FQDN'.

  • LOGIN_FAILURE_USER_MISSING_GROUP_ATTRIBUTE

    User User Name is missing the group attribute 'Attribute'.

  • LDAP_SERVER_NOT_FOUND

    LDAP server with specified FQDN is not defined in the system.

  • LOGIN_FAILURE_LDAP_SERVER_UNREACHABLE

    No LDAP server can be reached.

  • LDAP_SERVER_NOT_DEFINED

    LDAP server Server FQDN is not defined in the system.

  • LDAP_ROLE_UNRECOGNIZED

    LDAP role for user is not recognized in the system.

  • LOGIN_FAILURE_USER_HAS_NO_RECOGNIZED_ROLE

    User User Name has no recognized LDAP role.

  • LOGIN_FAILURE_USER_CANNOT_BE_UNIQUELY_AUTHENTICATED_BY_LDAP_
    SERVER

    User User Name was not uniquely authenticated by LDAP server 'Server FQDN'.

  • LOGIN_FAILURE_XIV_USER_NOT_AUTHENTICATED_BY_LDAP_SERVER

    XIV User 'XIV User' was not authenticated by LDAP server 'Server FQDN'.

  • LOGIN_FAILURE_USER_HAS_MORE_THAN_ONE_RECOGNIZED_ROLE

    User User Name has more than one recognized LDAP role.

  • LOGIN_FAILURE_USER_MISSING_ID_ATTRIBUTE

    User User Name is missing the LDAP ID attribute 'Attribute'.

  • USER_IS_PREDEFINED_IN_THE_SYSTEM

    User is predefined in the system.

  • LOGIN_FAILURE_INVALID_BASE_DN

    The base dn of server 'Server FQDN' is invalid.

  • LDAP_AUTHENTICATION_IS_NOT_ACTIVE

    LDAP authentication is not active