LDAP-UX Client Services B.05.01 Administrator Guide for HP directory servers and Windows ADS
In this command example, servername is the name of the directory server, baseDN is the
base distinguished name of where to start searching, userDN is the DN of the user who cannot
log in, and username is the login name of the user.
Determining the policy management status for a Windows ADS user
Similarly, for Windows ADS, enter the following commands:
cd /opt/ldapux/bin
./ldapsearch -h servername -b "baseDN" \
unixName=username -D userDN -w passwd
./ldapsearch -h servername -b "baseDN" -D "userDN" -w passwd unixName=username
where servername is the name of the server, baseDN is the base distinguished name of
where to start searching (such as CN=Users,DC=accounting-dept,DC=acme,DC=com),
userDN is the DN of the user who cannot log in, and username is the login name of the
user.
• Display the current configuration profile and ensure that all the values are as you expect:
cd /opt/ldapux/config
./display_profile_cache
In particular, examine the values for the directory server host and port, the default search base
DN, and the credential level. Also, if you have remapped any standard attributes to alternate
attributes, or defined any custom search descriptors, make sure these are correct and exist in
your database. If any of these are incorrect, correct them as described in Section 7.10.2
(page 245).
• If you are using a proxy user, verify the proxy user configuration, as described in Section 7.9.2
(page 242).
• Make sure the client system can authenticate to the directory and find a user in the directory
by searching a user's information in the directory. Use the ldapsearch command and
information from the current profile.
If you are using a proxy user (determined by the credentialLevel attribute in the
configuration profile), try searching as the proxy user for a user's information in the directory.
Searching as the proxy user for an HP directory server user's information
For an HP directory server, use a command similar to the following:
cd /opt/ldapux/bin
./ldapsearch -h servername -b "baseDN" -D "proxyuser" -w passwd uid=username
where servername is the name of your directory server (from display_profile_cache),
baseDN is the search base DN (from display_profile_cache), proxyuser is the proxy
user (from ldap_proxy_config -p), and username is a name of a user in the directory.
For example:
cd /opt/ldapux/bin
./ldapsearch -h sys001.hp.com -b "ou=people, o=hp.com" \
-D "uid=proxyuser,ou=special users,o=hp.com" -w passwd uid=steves
You should get output similar to the following:
dn: uid=steves,ou=people o=hp.com
uid: steves
cn: Steve Sy
objectclass: top
objectclass: account
objectclass: posixAccount
loginshell: /bin/ksh
uidnumber: 2875
gidnumber: 191
homedirectory: /home/steves
gecos: Steve Sy, building 5, x50
254 Administering LDAP-UX Client Services