Novell Home

My Favorites

Close

Please to see your favorites.

DSfW: How to export an object

This document (7012461) is provided subject to the disclaimer at the end of this document.

Environment

Novell Open Enterprise Server 11.1 (OES 11SP1)
Domain Services for Windows
DSfW

Situation

How to export an object on a DSfW server
How to export a user on a DSfW server
How to export a group on a DSfW server

Resolution

Use ldapsearch to export a user on a DSfW server with either the EXTERNAL, GSS-SPNEGO, or GSSAPI method.
This will return attributes not seen in iManager or other tools.
This ldapsearch is specific to DSfW servers.

To use any of those methods first export the LDAPCONF or SASL_PATH depending on the method used.
The EXTERNAL method uses the LDAPCONF=/etc/opt/novell/xad/openldap/ldap.conf.
The GSS-SPNEGO and GSSAPI use the SASL_PATH=/opt/novell/xad/lib64/sasl2
The GSS-SPNEGO and GSSAPI also need a kerberos ticket for administrator (kinit administrator)

Depending on the method to be used, first export the appropriate patch

Export the LDAP Conf file for external method to path:

  • export LDAPCONF=/etc/opt/novell/xad/openldap/ldap.conf
  • An external method will start with ldapsearch -Y EXTERNAL
Export SASL_PATH for GSS-SPNEGO method to path:
  • kinit administrator@<your_domain.com>   e.g. kinit administrator@novell.com
  • export SASL_PATH=/opt/novell/xad/lib64/sasl2
  • Using the  GSS-SPNEGO method will use ldapsearch -Y GSS-SPNEGO
  • Using the GSSAPI method will be ldapsearch -Y GSSAPI

To export an object using the EXTERNAL method (the easiest way to export an object) do the following

export LDAPCONF=/etc/opt/novell/xad/openldap/ldap.conf
/usr/bin/ldapsearch -Y EXTERNAL -LLL -Q -b "cn=object,ou=container,dc=domain,dc=lan" > object.txt
or send the output to the display instead of the exporting the object to a file called object.txt remove the > object.txt
/usr/bin/ldapsearch -Y EXTERNAL -LLL -Q -b "cn=object,ou=container,dc=domain,dc=lan"

To export and object using the GSS-SPNEGO or GSSAPI methods do the following
kinit administrator
export SASL_PATH=/opt/novell/xad/lib64/sasl2
/usr/bin/ldapsearch -Y GSS-SPNEGO -LLL -Q -b "cn=object,ou=container,dc=domain,dc=lan" > object.txt
/usr/bin/ldapsearch -Y GSSAPI -LLL -Q -b "cn=object,ou=container,dc=domain,dc=lan" > object.txt

If the context of the object is uncertain, but the name or cn is known then do the following search(es).

/usr/bin/ldapsearch -Y EXTERNAL -LLL -Q cn=object > object.txt
/usr/bin/ldapsearch -Y GSS-SPNEGO -LLL -Q cn=object > object.txt
/usr/bin/ldapsearch -Y GSSAPI -LLL -Q cn=object > object.txt

See TID 7003070 for more info on using ldapsearch on a DSfW server.

Additional Information

Once the LDAPCONF or SASL_PATH have been exported, they do not need to be exported again in the same terminal unless they are unset.  To check if they are set do:
echo $LDAPCONF
Should return - /etc/opt/novell/xad/openldap/ldap.conf
echo $SASL_PATH
Should return - /opt/novell/xad/lib64/sasl2
For the kerberos ticket, it only need be issued issued once every 24 hours unless a kdestroy has been issued.

Use the /usr/bin/ldapsearch instead of the /opt/novell/eDirectory/bin/ldapsearch
To see which ldapsearch is being being called if the full patch to ldapsearch is not specified, use the command which
which ldapsearch
If the /usr/bin/ldapsearch is returned then the full path to ldapsearch is not needed.  If the eDirectory version of ldapsearch is returned, use the complete patch for ldapsearch when invoked on a DSfW server.


Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7012461
  • Creation Date:22-MAY-13
  • Modified Date:22-MAY-13
    • NovellOpen Enterprise Server
    • SUSESUSE Linux Enterprise Server
    • NetIQeDirectory

Did this document solve your problem? Provide Feedback