Current administration UI does not allow LDAP query test before executing the synchronization. This article describes how to test using
Administrator has following:
- Access to UCP manager node, or administrative access via client bundle
- DN of bind user and credential
- URL for LDAP server
- Certificate for LDAP server if secure connection is required
- baseDN for users
When to Use This Tool
Use this tool when you are about to run synchronize large number of users and groups. It is advisable to test how many users are about to be brought in.
LDAP synchronization is handled by UCP's management container named
ucp-auth-api. In it, a tool named
enzi ldapsearch is bundled for troubleshooting LDAP query issues.
Here are steps:
Connect to UCP manager node via SSH or client bundle.
Log into ucp-auth-api:
docker exec -it ucp-auth-api sh
Set variables so you can easily try out various filters:
# specify URL of LDAP export LDAP_URL='ldap://10.0.0.1' # base DN of where users and groups are lcoated export BASE_DN='OU=NorthAmerica,DC=mycompany,DC=com' # DN for the user used for synchronization export BIND_DN='CN=ldapadmin,OU=NorthAmerica,DC=mycompany,DC=com' # DN password export BIND_PASS='*********************'
Execute the query
using enzi ldapsearchlike this:
# example 1 "number of users on the Base DN" enzi ldapsearch -H $LDAP_URL \ -b $BASE_DN \ --bind-dn $BIND_DN \ --bind-password $BIND_PASS \ (objectClass=person) | grep NumResults: # example 2 "number of users on the Base DN # who are also member of 'CN=Sales,OU=NorthAmerica,DC=mycompany,DC=com'" enzi ldapsearch -H $LDAP_URL \ -b $BASE_DN \ --bind-dn $BIND_DN \ --bind-password $BIND_PASS \ (memberOf='CN=Sales,OU=NorthAmerica,DC=mycompany,DC=com') | grep NumResults: