Samba-tool ldapcmp

Revision as of 22:04, 9 November 2014 by Mmuehlfeld (talk | contribs) (Mmuehlfeld moved page Samba4/ldapcmp to Samba-tool ldapcmp: ldapcmp is meanwhile integrated iin samba-tool)

ldapcmp

  Location: source4/scripting/devel/ldapcmp

What is it?

Latest improvements to the already committed in Samba4 LDAP comparison tool that is meant to be used for testing LDAP replicating DCs no matter if they are Samba4, Windows AD or mixed. However it had the capacity to compare attributed of objects in DCs which are in different domains.

What are the restrictions?

1. It works only via LDAP (for now) so you must have LDAP servers that are up and accessible at port 389. This will be improved by having it connect to Ldb file or export/use LDIF file instead of live LDAP connection.

2. It compares values of attributes of objects returned only by wild-card search so no hidden attributes are processed.

3. There are certain amount of attributes being ignored explicitly in the script source that have always different values on corresponding objects in two separate DCs. This will be improved by additional switch for including all attributes no matter which they are and reporting excluded by default.

  • How to use?

1. Compare all attributes for all objects in the Default Naming Context:

# ./scripting/devel/ldapcmp --host=10.x.x.x --username=administrator@test.domain --password=secretXX \
                            --host2=10.x.x.x --username2=administrator@test1.domain --password2=XsecretXX DOMAIN

A neat trick (working for now on Samba4) is that you can do searches anonymously so if DCs are Samba4 it looks like:

# ./scripting/devel/ldapcmp --host=10.x.x.x --host2=10.x.x.x DOMAIN