Manualshelf

Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS
919293949596979899100
Chapter 2 Troubleshooting LDAP Servers and the AMC Debugging LDAP
Advanced Technical Reference Guide 4.1 • June 2000 94
fw ldapsearch
Using this function you can access the LDAP server, and get all the information it contains— including the
CRL (Certificate Revocation List).
Syntax
ldapsearch [options] filter [attributes...]
where:
Filter RFC-1558 compliant LDAP search filter
attributes whitespace-separated list of attributes to retrieve
(if no attribute list is given, all are retrieved)
Table 3: fw ldapsearch attributes
Attribute Meaning
-A Retrieve attribute names only (no values)
-B Do not suppress printing of non-ASCII values
-b basedn Base dn for search
-D binddn Bind dn
-d level Set LDAP debugging level to `level'
-f file Perform sequence of searches listed in `file'
-F sep Print `sep' instead of `=' between attribute names and values
-h host LDAP server
-l time lim Server Side time limit (in seconds) for search
-p port Port on LDAP server
-S attr Sort the results by attribute `attr'
-s scope One of base, one, or sub (search scope)
-t Write values to files in /tmp
-T Timeout Client side timeout for all operations. (in milli-seconds)
-u Include User Friendly entry names in the output
-w passwd Bind passwd (for simple authentication)
-Z Encrypt with SSL
-z size lim Server Side size limit (in entries) for search
Examples
On Windows NT machines, if the DN referred to is the DN of the CRL (cn=CRL1 if CA is Entrust).
fw ldapsearch -h host -b "cn=CRL1, o=check point, c=IL"
certificaterevocationlist=* certificaterevocationlist
With a CA other than Entrust, you should mention the DN of the CA object if non-Distribution Points are
mentioned.