title: error checking with standard LDAP tools link: https://onemoretech.wordpress.com/2011/01/06/error-checking-with-standard-ldap-tools/ author: lembobro description: post_id: 84 created: 2011/01/06 14:37:37 created_gmt: 2011/01/06 14:37:37 comment_status: open post_name: error-checking-with-standard-ldap-tools status: publish post_type: post

error checking with standard LDAP tools

The standard LDAP utilities from the OpenLDAP project include some options that are useful in checking for operations errors. Here are some practical examples.

Say you want to add (or modify) a bunch of entries to your directory, but that after a few tries it’s clear things aren’t going as expected.

One approach to troubleshooting is to perform the op with the standard OpenLDAP utility for the purpose with the appropriate options enabled to see and record any error messages coming across. These options are common across the OpenLDAP toolset, so they’ll work for ldapadd as well as ldapmodify.

For example, to capture errors when trying to add entries use ldapadd with the following options:

ldapadd -x -h ldap.example.com -D "cn=manager,dc=example,dc=com" -W -v -S messages.txt -c -f data.ldif

This command string will cause the utility to perform the op in verbose mode (”-v”) and write any messages to the named file (the -S option works differently in ldapsearch, where it is used to indicate the output should be sorted on a specified attribute).

(in the above “-x” tells the utility to not use SASL auth, “-h” sets the server host name, “-D” is the user dn, “-W” causes a prompt for the user’s password, “-c” has the script continue on error and “-f” is the name of the input file)

Copyright 2004-2019 Phil Lembo