[PATCH] Enhancements to the 'ldapcmp' tool

Zahari Zahariev zahari.zahariev at postpath.com
Wed May 5 05:16:38 MDT 2010


* What is it?

This is my latest improvements to the already committed in Samba4 LDAP comparison tool that is meant to be used for testing LDAP replicating DCs no matter if they are Samba4, Windows AD or mixed. However it had the capacity to compare attributed of objects in DCs which are in different domains.

* What are the restrictions?

1. It works only via LDAP (for now) so you must have LDAP servers that are up and accessible at port 389. This will be improved by having it connect to Ldb file or export/use LDIF file instead of live LDAP connection. 

2. It compares values of attributes of objects returned only by wild-card search so no hidden attributes are processed.

3. There are certain amount of attributes being ignored explicitly in the script source that have always different values on corresponding objects in two separate DCs. This will be improved by additional switch for including all attributes no matter which they are and reporting excluded by default.
* How to use?

1. Compare all attributes for all objects in the Default Naming Context:

# ./scripting/devel/ldapcmp --host=10.x.x.x --username=administrator at test.domain --password=secretXX \
                            --host2=10.x.x.x --username2=administrator at test1.domain --password2=XsecretXX DOMAIN

A neat trick (working for now on Samba4) is that you can do searches anonymously so if DCs are Samba4 it looks like:

# ./scripting/devel/ldapcmp --host=10.x.x.x --host2=10.x.x.x DOMAIN
Zahari Zahariev,
Software Engineer, Cisco Systems,
PPD & Installer team  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s4-scripting-Enhancements-for-ldapcmp-tool.patch
Type: text/x-patch
Size: 24568 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20100505/29895f52/attachment.bin>

More information about the samba-technical mailing list