z/OS IBM Tivoli Directory Server Administration and Use for z/OS
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Verifying the LDAP server

z/OS IBM Tivoli Directory Server Administration and Use for z/OS
SC23-6788-00

The following examples show how you can verify your LDAP server by using the ldapsearch utility. Note you can use any LDAP client to do this.

  • Verifying TDBM and LDBM

    In the command below, substitute the suffix value from your LDAP server configuration file for the -b parameter. The command can be run multiple times to verify each suffix defined in the configuration file.

    ldapsearch -h 127.0.0.1 -s base -b "o=Your Company" "objectclass=*"
    Note:
    1. If allowAnonymousBinds off is specified in the LDAP server configuration file, you must specify a distinguished name to bind with using the -D and -w options on the ldapsearch utility.
    2. The LDAP search returns the message "No such object" if the suffix entries have not been loaded into the directory. The TDBM or LDBM suffix entries can be added by using the steps outlined in Finalizing setup of LDAP backends and then this LDAP search can be tried again to verify that the entry is correctly added.
  • Verifying SDBM

    For SDBM, you must bind with a valid RACF® style DN to perform the search. Substitute a RACF ID of your choice in the racfid portion of the DN on the -D and the -b parameters below. Also, replace cn=myRacf with your SDBM suffix in the DN on the -D and -b parameters. The RACF password for the user ID used in the -D parameter must be specified in the -w parameter.

    ldapsearch -h 127.0.0.1 -D racfid=IBMUSER,profiletype=user,cn=myRacf
  -w password_for_IBMUSER -b racfid=IBMUSER,profiletype=user,cn=myRacf "objectclass=*"
  • Verifying GDBM
    For GDBM, you must bind with the LDAP root administrator DN or another DN authorized to search the change log.
    ldapsearch -h 127.0.0.1 -D binddn -w passwd -s base -b cn=changelog "objectclass=*"
  • Verifying CDBM
    For CDBM, you must bind with the LDAP root administrator DN or another DN authorized to search the cn=ibmpolicies and cn=configuration CDBM suffixes.
    ldapsearch -h 127.0.0.1 -D binddn -w passwd -s base -b cn=ibmpolicies "objectclass=*"
ldapsearch -h 127.0.0.1 -D binddn -w passwd -s base -b cn=configuration "objectclass=*"

The previous ldapsearch examples assume a default port of 389. If your port is not 389, use the -p parameter to specify the correct port.

Be sure to substitute the correct TCP/IP host name or TCP/IP address for the 127.0.0.1 after the -h parameter. The -b parameter specifies the starting point for the search. The use of the quotation marks around the filter prevents the asterisk (*) from being interpreted by the shell.

Note this can be done from TSO as well, substituting LDAPSRCH for ldapsearch.

See z/OS IBM Tivoli Directory Server Client Programming for z/OS for more information about ldapsearch.

Parent topic: Running the LDAP server

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014