Question & Answer
Question
How can I use standard LDAP command line tools such as ldapsearch or common 3rd party GUI tools (such as Apache Directory Studio) to connect to Rational Directory Server version 5.x ?
Cause
It is often useful to quickly ascertain if the IBM Rational Directory Server is operational and if it contains valid data. Similarly, graphic-based tools such as Apache Directory Studio can be useful for visualizing the contents of RDS.
Answer
ldapsearch is a standard command line tool included with many LDAP Directory Servers (including Lotus Notes, IBM Tivoli, OpenDS etc) and also with many distributions of UNIX and Linux including Red Hat ES 5.x
For information on IBM Tivoli Directory Server ldapsearch see...
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.IBMDS.doc/commandref05.htm#ldapsrch.
ldp.exe is a Microsoft Windows LDAP search tool which has the same basic features as ldapsearch. It can be downloaded from Microsoft Website for your version of windows. ldp.exe is included in the Windows Server 2003 CD support tools. For information on using Microsoft Windows ldp command, see: http://support.microsoft.com/kb/224543.
The most general syntax of the ldapsearch command is as follows:
ldapsearch -h host -p port -b basedn -D binddn -w password [other options] filter [attributes]
It is important to be aware that Rational Directory Server allows anonymous binds so you can connect anonymously using something like the following example:
ldapsearch -h <hostname> -p <port> -b <BaseDn> -D "" -s sub <data filter>
Example:
ldapsearch -v -h myhost.mycorp.com -p 1389 -D "" -s sub -b "dc=telelogic, dc=com" uid=*
This example will display all data for all users (uid=*) with a BaseDn dc=telelogic, dc=com (as is used in RDS)
Using the Apache Directory Studio or another GUI based tool, if you set your Authentication Method to "No Authentication", and Set your BaseDn to dc=telelogic, dc=com, this should connect provided your hostname and port are set correctly and that they are visible.
Using an anonymous bind may preclude you from seeing additional admin information. However, you can bind as the tdsadmin (or a different) user using Simple Authentication and a BindDn such as:
uid=tdsadmin, ou=people, dc=telelogic, dc=com with the correct password for tdsadmin, to view additional information including the ou=schema BaseDn and/or the ou=system BaseDn
Notes:
Linux ldapsearch has an additional option -x (no SASL encryption) for Simple authentication.
the -w ? option will prompt for a password for the user specified in the BindDn.
All data can be obtained by setting the filter to objectclass=*
Was this topic helpful?
Document Information
Modified date:
22 December 2020
UID
swg21421189