LDAP 測試工具
LDAP Test Tool (draft)
目的
· 使用 LDAP 進行帳密登入時,若無法確定登入問題,期望可以使用此工具幫助理解問題所在。
· 在新客戶環境可以先測試登入與取得屬性,作為 OSM 設定的參考。
· 方便嘗試不同的參數組合。
· 期望能得到更多更細的除錯資訊。
啟動範例
java -Dfile.encoding=UTF-8 /tmp/ldap-test-tool-1.0.0-SNAPSHOT-all.jar /tmp/ldap.properties
測試
AD129.omnistorpoc.com
· 設定檔
· 連不到 server
javax.naming.CommunicationException: 192.168.10.129:389 [Root exception is java.net.SocketTimeoutException: connect timed out]
· 錯誤的 LDAP server port
javax.naming.CommunicationException: 192.168.1.129:3890 [Root exception is java.net.ConnectException: Connection refused: connect]
· Searcher 帳號錯誤
· Searcher 密碼錯誤
AD206
· 設定檔
· 用戶 test1_LDAP 可正常登入,輸出 log 如下:
o 說明
§ Searcher 的 DN(ldap.searcher.dn
) + 密碼(ldap.searcher.password
)可正常登入:
§ Searcher 在 base DN(ldap.search.base.dn
)下 + 搜尋範圍(ldap.user.userId.filter
),可找到指定用戶(ldap.user.userId
)的指定回傳屬性(ldap.user.dn.attr
)與 user DN:
§ 使用指定用戶(ldap.user.userId
)的 user DN with name space + 用戶密碼(ldap.user.password
) 可正常登入:
§ 使用指定用戶(ldap.user.userId
)的 user DN without name space + 用戶密碼(ldap.user.password
) 無法登入:
Reference
· Novel eDirectory 9.2
o Download (需先建立帳號並login)
o Guide
backlog
docker run -it --name eDir-container-1 --stop-timeout 180 --restart on-failure:5 --memory="700M" --cpuset-cpus="1" --pids-limit="300" --volume /mnt/d/temp/eDirectory/config:/config --network=host edirectory:9.2.0 new -t docker-tree1 -n novell -S m1 -o 1028 -O 1030 -L 1389 -l 1636 --configure-eba-now yes -a cn=admin,o=sysview
docker run -it --name eDir-container-1 --stop-timeout 180 --restart on-failure:5 --memory="700M" --cpuset-cpus="1" --pids-limit="300" --volume /mnt/d/temp/eDirectory/config:/config --network=host edirectory:9.2.0 new -t docker-tree1 -n novell -S m1 -o 80 -L 389 -O 1030 -l 1636 --configure-eba-now no -a cn=admin,o=sysview
new: new a tree
-t tree name
-n server context
-S server name
-a admin FDN
-w password
-B ip_address1|interface1@port1,ip_address2|interface2@port2....
-L ldap port
-l SSL port
-P <LDAP URLs>
-o http port
-O https port
anderson@PC-Anderson:/mnt/c/Users/anderson$ docker run -it --name eDir-container-1 --stop-timeout 180 --restart on-failure:5 --memory="700M" --cpuset-cpus="1" --pids-limit="300" --volume /mnt/d/temp/eDirectory/config:/config --network=host edirectory:9.2.0 new -t docker-tree1 -n novell -S m1 -o 1028 -O 1030 -L 1389 -l 1636 --configure-eba-now no -a cn=admin,o=sysview
Setting trap...done
Checking for upgrade...Version File not found. Not an upgrade.
Persisting eDirectory data and configurations...done
Configuring NICI...
Initializing NICI ... done.
Initializing NICI ... done.
set_server_mode: NICI set in server mode
done
Configuring eDirectory tree...
Command to execute:
/opt/novell/eDirectory/bin//ndsconfig new -t docker-tree1 -n novell -S m1 -o 1028 -O 1030 -L 1389 -l 1636 --configure-eba-now no -a cn=admin,o=sysview -D /config/eDirectory/inst/data --config-file /config/eDirectory/inst/conf/nds.conf -d /config/eDirectory/inst/data/data/dib
Enter the password for cn=admin,o=sysview:
Re-enter the password for cn=admin,o=sysview:
Configuring the NDAP interfaces...
Enter NCP port no. [Range: 1 - 65535]: 524
The following are the IP addresses bound to this host.
Please indicate your choice for NCP/HTTP/HTTPS listeners at the prompt.
[1] 172.31.30.59
[2] 172.17.0.1
[3] All
Select IP address from 1 - 2.
To select more than one IP address, separate the selections with a comma(,): 3
Done
Configuring the HTTP interfaces... Done
Configuring the LDAP interfaces... Done
Configuring NetIQ eDirectory server with the following parameters, Please wait...
Tree Name : docker-tree1
Server DN : m1.novell
Admin DN : cn=admin,o=sysview
NCP Interface(s) : 172.31.30.59@524,172.17.0.1@524
HTTP Interface(s) : 172.31.30.59@1028,172.17.0.1@1028
HTTPS Interface(s) : 172.31.30.59@1030,172.17.0.1@1030
LDAP TCP Port : 1389
LDAP TLS Port : 1636
LDAP TLS Required : Yes
Duplicate Tree Lookup : Yes
Configuration File : /config/eDirectory/inst/conf/nds.conf
Instance Location : /config/eDirectory/inst/data/data
DIB Location : /config/eDirectory/inst/data/data/dib
Starting the service 'ndsd'... Done.
Checking if server is ready to service requests... Command socket error: No such file or directory. ErrorCode=2
Apr 21 01:34:17 n4u_send_command failed with error code=-1
Server down. Please check /config/eDirectory/inst/data/log/ndsd.log for details.
ERROR: /opt/novell/eDirectory/bin//ndsconfig return value = 12.
Creating version file...done
done
Press ctrl+p ctrl+q to continue. This would detach you from the container.