Go to main content

Working With Oracle® Solaris 11.4 Directory and Naming Services: LDAP

Exit Print View

Updated: November 2020
 
 

Monitoring LDAP Client Status

This section describes commands that are used to determine the state of the LDAP client environment. For additional information about the command options, see the related man pages.

For information about Service Management Facility (SMF), refer to Managing System Services in Oracle Solaris 11.4. Also refer to the svcadm(8) and svcs(1) man pages for more details.

Verifying the ldap_cachemgr Daemon Status

The ldap_cachemgr daemon must be online and functioning correctly at all times for the system to work. When you set up and start the LDAP client service, svc:/network/ldap/client, the client SMF method automatically starts the ldap_cachemgr daemon.

  • To view the state of the service, use the svcs command.

    # svcs \*ldap\*
    STATE          STIME    FMRI
    disabled       Aug_24   svc:/network/ldap/client:default
  • To view all information about the service, use the –l option.

    # svcs -l network/ldap/client:default
    fmri svc:/network/ldap/client:default
    name LDAP Name Service Client
    enabled false
    state disabled
    next_state none
    state_time Thu Oct 20 23:04:11 2011
    logfile /var/svc/log/network-ldap-client:default.log
    restarter svc:/system/svc/restarter:default
    contract_id
    manifest /lib/svc/manifest/network/ldap/client.xml
    manifest /lib/svc/manifest/milestone/config.xml
    manifest /lib/svc/manifest/network/network-location.xml
    manifest /lib/svc/manifest/system/name-service/upgrade.xml
    dependency optional_all/none svc:/milestone/config (online)
    dependency optional_all/none svc:/network/location:default (online)
    dependency require_all/none svc:/system/filesystem/minimal (online)
    dependency require_all/none svc:/network/initial (online)
    dependency require_all/restart svc:/network/nis/domain (online)
    dependency optional_all/none svc:/system/manifest-import (online)
    dependency require_all/none svc:/milestone/unconfig (online)
    dependency optional_all/none svc:/system/name-service/upgrade (online)
  • To view more extensive status information, which is useful for diagnosing a problem, pass the –g option to ldap_cachemgr.

    # /usr/lib/ldap/ldap_cachemgr -g
    cachemgr configuration:
    server debug level          0
    server log file "/var/ldap/cachemgr.log"
    number of calls to ldapcachemgr         19
    
    cachemgr cache data statistics:
    Configuration refresh information:
    Previous refresh time: 2010/11/16 18:33:28
    Next refresh time:     2010/11/16 18:43:28
    Server information:
    Previous refresh time: 2010/11/16 18:33:28
    Next refresh time:     2010/11/16 18:36:08
    server: 192.0.2.0, status: UP
    server: 192.0.2.1, status: ERROR
    error message: Can't connect to the LDAP server
    Cache data information:
    Maximum cache entries:          256
    Number of cache entries:          2

If the ldap_cachemgr daemon is disabled, use the svcadm enable network/ldap/client command to enable the daemon.

For more information about the ldap_cachemgr daemon, see the ldap_cachemgr(8) man page.

Checking the Client Profile Information

Become a superuser or assume an equivalent role, and use the ldapclient command with the –list option to view the current profile information. In addition to the ldapclient list command, you can also use the svccfg or svcprop commands to obtain current profile information.

# ldapclient list
NS_LDAP_FILE_VERSION= 2.0
NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=west,dc=example,dc=com
NS_LDAP_BINDPASSWD= {NS1}4a3788e8c053424f
NS_LDAP_SERVERS= 192.0.2.1, 192.0.2.10
NS_LDAP_SEARCH_BASEDN= dc=west,dc=example,dc=com
NS_LDAP_AUTH= simple
NS_LDAP_SEARCH_REF= TRUE
NS_LDAP_SEARCH_SCOPE= one
NS_LDAP_SEARCH_TIME= 30
NS_LDAP_SERVER_PREF= 192.0.2.1
NS_LDAP_PROFILE= pit1
NS_LDAP_CREDENTIAL_LEVEL= proxy
NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=people,?sub
NS_LDAP_SERVICE_SEARCH_DESC= group:ou=group,dc=west,dc=example,dc=com?one
NS_LDAP_BIND_TIME= 5

Verifying Basic Client-Server Communication

Use the ldaplist command to verify whether communication exists between the LDAP client and the LDAP server.

  • To display all the containers of the DIT on the server, use the ldaplist command without options .

  • To display the contents of the specific database, use the ldaplist database command, for example, ldaplist passwd username or ldaplist host hostname.

Checking LDAP Server Data From a Non-Client Machine

To check for information on a system that has no existing LDAP client, use the ldapsearch command. The information that is displayed depends on the filter you use for searching. The following example lists all of the containers in the DIT:

# ldapsearch -H ldapuri -b "dc=west,dc=example,dc=com" -s one "objectclass=*" 

For a list of options and filters that you can use with the ldapsearch command, see the ldapsearch(1oldap) man page.