This preview shows page 105 - 107 out of 145 pages.
•Restart the LDAP server. •Create the branch into which the users will be imported, either by using Create Tree Objectin the Account Management Client or with the ldapmodifycommand: ldapmodify -a -h <host> -p <port> -D <LDAPadminDN> -w <LDAPadminPassword> dn: o=myOrg,c=US objectclass: organization o:myOrg ExampleImporting Users using ldapmodify: 1.Export the users using fwm dbexport usinghello1234 as the pre-shared secret. fwm dbexport -l -f ./o_file.ldif -s "o=bigcorp,c=uk" -k hello1234 2.Create the "o=bigcorp,c=uk" branch. 3.Import the users: ldapmodify -a -c -h <host> -p <port> -D bindDN -w bindPas -f ./o_file.ldif 4.Define an Account Unit with these parameters. ldapsearch Description ldapsearchqueries an LDAP directory and returns the results. Syntax ldapsearch [options] filter [attributes] -dParameter Description optionsSee the optionsattributes below. filterRFC-1558 compliant LDAP search filter. For example, objectclass=fw1host.attributesThe list of attributes to be retrieved. If no attributes are given, all attributes are retrieved. -dDebug flag. The following are the attributes for options:•-A -Retrieve attribute names only (without values). •-B -Do not suppress printing of non-ASCII values. •-D bindDN -The DN to be used for binding to the LDAP server. •-F separator -Print separatorbetween attribute name and value instead of "=".
Security Management Server and Firewall Commands Command Line Interface Reference Guide R77 | 106 •-h host -The LDAP server identified by IP address or resolvable name. •-l timelimit -The server side time limit for search, in seconds. •-p portnum -The port number. The default is standard LDAP port 389. •-S attribute -Sort the results by the values of attribute.•-s scope -One of the following: "base", "one", "sub". •-b -Base distinguished name (DN) for search. •-t -Write values to files in /tmp. Each attribute-value pair is written to a separate file, named: /tmp/ldapsearch-<attribute>-<value>. •For example, for the fw1colorattribute, the file written is named. •/tmp/ldapsearch-fw1color-a00188.•-T timeout - Client-side timeout (in milliseconds) for all operations. •-u - Show "user friendly" entry names in the output. For example, show "cn=Babs Jensen, users, omi" instead of "cn=Babs Jensen, cn=users,cn=omi" •-w password - The password. •-Z - Encrypt using SSL. •-z sizelimit -Server-side size limit for search, in entries. Exampleldapsearch -p 18185 -b cn=omi objectclass=fw1host objectclassThis means that the LDAP directory will be queried for fw1hostobjects using port number 18185 with DN common name "omi". For each object found, the value of its objectclassattribute will be printed. log_export Description log_exportis a utility that allows you to transfer Log data to an external database. This utility behaves as a LEA client. LEA (Log Export API) enables Security Gateway Log data to be exported to third-party applications. log_exportreceives the Logs from the Security Management server via LEA so it can be run from any host that has a SIC connection with the Security Management server and is defined as an OPSEC host. To run log_export, you need a basic understanding and a working knowledge of: •