LDAP 測試工具

Owned by Owen Huang (Unlicensed)
8月 09, 2021
5 min read

LDAP Test Tool (draft)

目的

·        使用 LDAP 進行帳密登入時,若無法確定登入問題,期望可以使用此工具幫助理解問題所在。

·        在新客戶環境可以先測試登入與取得屬性,作為 OSM 設定的參考。

·        方便嘗試不同的參數組合。

·        期望能得到更多更細的除錯資訊。

啟動範例

java -Dfile.encoding=UTF-8 /tmp/ldap-test-tool-1.0.0-SNAPSHOT-all.jar /tmp/ldap.properties

測試

AD129.omnistorpoc.com

·        設定檔

·        連不到 server

javax.naming.CommunicationException: 192.168.10.129:389 [Root exception is java.net.SocketTimeoutException: connect timed out]

·        錯誤的 LDAP server port

javax.naming.CommunicationException: 192.168.1.129:3890 [Root exception is java.net.ConnectException: Connection refused: connect]

·        Searcher 帳號錯誤

·        Searcher 密碼錯誤

AD206

·        設定檔

·        用戶 test1_LDAP 可正常登入,輸出 log 如下:

o   說明

§  Searcher 的 DN(ldap.searcher.dn) + 密碼(ldap.searcher.password)可正常登入:

§  Searcher 在 base DN(ldap.search.base.dn)下 + 搜尋範圍(ldap.user.userId.filter),可找到指定用戶(ldap.user.userId)的指定回傳屬性(ldap.user.dn.attr)與 user DN:

§  使用指定用戶(ldap.user.userId)的 user DN with name space + 用戶密碼(ldap.user.password) 可正常登入:

§  使用指定用戶(ldap.user.userId)的 user DN without name space + 用戶密碼(ldap.user.password) 無法登入:

Reference

·        Novel eDirectory 9.2

o   Download (需先建立帳號並login)

 

o   Guide

§  Installation Guide

backlog

docker run -it --name eDir-container-1 --stop-timeout 180 --restart on-failure:5 --memory="700M" --cpuset-cpus="1" --pids-limit="300" --volume /mnt/d/temp/eDirectory/config:/config --network=host edirectory:9.2.0 new -t docker-tree1 -n novell -S m1 -o 1028 -O 1030 -L 1389 -l 1636 --configure-eba-now yes -a cn=admin,o=sysview

docker run -it --name eDir-container-1 --stop-timeout 180 --restart on-failure:5 --memory="700M" --cpuset-cpus="1" --pids-limit="300" --volume /mnt/d/temp/eDirectory/config:/config --network=host edirectory:9.2.0 new -t docker-tree1 -n novell -S m1 -o 80 -L 389 -O 1030 -l 1636 --configure-eba-now no -a cn=admin,o=sysview

new: new a tree
-t tree name
-n server context
-S server name
-a admin FDN
-w password
-B ip_address1|interface1@port1,ip_address2|interface2@port2....
-L ldap port
-l SSL port
-P <LDAP URLs>
-o http port
-O https port

anderson@PC-Anderson:/mnt/c/Users/anderson$ docker run -it --name eDir-container-1 --stop-timeout 180 --restart on-failure:5 --memory="700M" --cpuset-cpus="1" --pids-limit="300" --volume /mnt/d/temp/eDirectory/config:/config --network=host edirectory:9.2.0 new -t docker-tree1 -n novell -S m1 -o 1028 -O 1030 -L 1389 -l 1636 --configure-eba-now no -a cn=admin,o=sysview
Setting trap...done
Checking for upgrade...Version File not found. Not an upgrade.
Persisting eDirectory data and configurations...done
Configuring NICI...
Initializing NICI ... done.
Initializing NICI ... done.
set_server_mode: NICI set in server mode
done
Configuring eDirectory tree...
Command to execute:
/opt/novell/eDirectory/bin//ndsconfig new -t docker-tree1 -n novell -S m1 -o 1028 -O 1030 -L 1389 -l 1636 --configure-eba-now no -a cn=admin,o=sysview -D /config/eDirectory/inst/data --config-file /config/eDirectory/inst/conf/nds.conf -d /config/eDirectory/inst/data/data/dib

Enter the password for cn=admin,o=sysview:
Re-enter the password for cn=admin,o=sysview:

Configuring the NDAP interfaces...
Enter NCP port no. [Range: 1 - 65535]: 524

The following are the IP addresses bound to this host.
Please indicate your choice for NCP/HTTP/HTTPS listeners at the prompt.
[1] 172.31.30.59
[2] 172.17.0.1
[3] All
Select IP address from 1 - 2.
To select more than one IP address, separate the selections with a comma(,): 3
Done
Configuring the HTTP interfaces... Done
Configuring the LDAP interfaces... Done

Configuring NetIQ eDirectory server with the following parameters, Please wait...
Tree Name : docker-tree1
Server DN : m1.novell
Admin DN : cn=admin,o=sysview
NCP Interface(s) : 172.31.30.59@524,172.17.0.1@524
HTTP Interface(s) : 172.31.30.59@1028,172.17.0.1@1028
HTTPS Interface(s) : 172.31.30.59@1030,172.17.0.1@1030
LDAP TCP Port : 1389
LDAP TLS Port : 1636
LDAP TLS Required : Yes
Duplicate Tree Lookup : Yes

Configuration File : /config/eDirectory/inst/conf/nds.conf
Instance Location : /config/eDirectory/inst/data/data
DIB Location : /config/eDirectory/inst/data/data/dib

Starting the service 'ndsd'... Done.

Checking if server is ready to service requests... Command socket error: No such file or directory. ErrorCode=2
Apr 21 01:34:17 n4u_send_command failed with error code=-1
Server down. Please check /config/eDirectory/inst/data/log/ndsd.log for details.

ERROR: /opt/novell/eDirectory/bin//ndsconfig return value = 12.
Creating version file...done
done
Press ctrl+p ctrl+q to continue. This would detach you from the container.