Samba-tool ldapcmp

Revision as of 22:16, 9 November 2014 by Mmuehlfeld (talk | contribs) (Refresh ldapcmp page. It's meanwhile integrated in samba-tool)

Introduction

samba-tool provides a subcommand for testing LDAP replication between Domain Controllers - regarless if they are running Samba or Windows or mixed.



Restrictions

  • The comparisation works via LDAP. So the LDAP server must be up and accessible at port 389.
  • It compares values of attributes of objects returned only by wild-card search so no hidden attributes are processed.
  • There are certain amount of attributes being ignored explicitly in the script source that have always different values on corresponding objects in two separate DCs.



How to use?

  • Compare the entire directory on Domain Controller DC1 and DC2:
# samba-tool ldapcmp ldap://DC1 ldap://DC2 -Uadministrator
  • Compare single AD partitions on Domain Controller DC1 and DC2:
# samba-tool ldapcmp ldap://DC1 ldap://DC2 -Uadministrator domain
# samba-tool ldapcmp ldap://DC1 ldap://DC2 -Uadministrator configuration
# samba-tool ldapcmp ldap://DC1 ldap://DC2 -Uadministrator schema
# samba-tool ldapcmp ldap://DC1 ldap://DC2 -Uadministrator dnsdomain
# samba-tool ldapcmp ldap://DC1 ldap://DC2 -Uadministrator dnsforest