AUDIT LDAPDIRECTORY (Audit an LDAP directory server)

Nodes and administrator user IDs that do not authenticate their passwords with the LDAP directory server are deleted with the AUDIT LDAPDIRECTORY FIX=YES command. Nodes or administrator user IDs that no longer exist in the IBM Spectrum Protect database are also deleted.

Before you issue this command, ensure that the LDAPURL option is specified in the dsmserv.opt file. See the LDAPURL option for more information. If you specified more than one LDAPURL option in the dsmserv.opt file, each option is validated in the order in which they are placed. If the LDAPURL option is not specified, the command fails.

Privilege class

You must have system privileges to issue this command.

                        .-Fix--=--No------.   
>>-AUDIT LDAPdirectory--+-----------------+--------------------->
                        '-Fix--=--+-No--+-'   
                                  '-Yes-'     

   .-Wait--=--No------.   
>--+------------------+----------------------------------------><
   '-Wait--=--+-No--+-'   
              '-Yes-'     

Parameters

Fix

This optional parameter specifies how the IBM Spectrum Protect server resolves inconsistencies between the database and the external directory. The default is NO. You can specify the following values:

No

The server reports all inconsistencies but does not change the external directory.

Yes

The server resolves any inconsistencies that it can and suggests further actions, if needed.

Important: If there are LDAP entries that are shared with other IBM Spectrum Protect servers, choosing YES might cause those servers to become out-of-sync.

Wait

This optional parameter specifies whether to wait for the IBM Spectrum Protect server to complete processing this command in the foreground. The default is NO. You can specify the following values:

No

The server processes this command in the background and you can continue with other tasks while the command is processing. Messages related to the background process are shown either in the activity log file or the server console, depending on where the messages are logged.

Yes

The server processes this command in the foreground. The operation must complete before you can continue with other tasks. Messages are shown either in the activity log file or the server console, or both, depending on where the messages are logged.

Restriction: You cannot specify WAIT=YES from the server console.

audit ldapdirectory fix=yes


ANR2749W Admin ADMIN1 was located in the LDAP directory server but not in the database.
ANR2749W Admin ADMIN2 was located in the LDAP directory server but not in the database.
ANR2749W Admin NODE1 was located in the LDAP directory server but not in the database.
ANR2749W Admin NODE2 was located in the LDAP directory server but not in the database.
ANR2748W Node NODE1 was located in the LDAP directory server but not in the database.
ANR2748W Node NODE2 was located in the LDAP directory server but not in the database.
ANR2745I AUDIT LDAPDIRECTORY command completed: 4 administrator entries are only in the
LDAP directory server (not in the IBM Spectrum Protect server), 0 administrator entries
are only in the IBM Spectrum Protect server (not in the LDAP directory server), 2 node
entries are only in the LDAP directory server (not in the IBM Spectrum Protect server),
0 node entries are only in the IBM Spectrum Protect server, (not in the LDAP directory
server), 6 entries were deleted from the LDAP server in total.

Related commands