Restart the LDAP server Create the branch into which the users will be imported

Restart the ldap server create the branch into which

This preview shows page 105 - 107 out of 145 pages.

Restart the LDAP server. Create the branch into which the users will be imported, either by using Create Tree Object in the Account Management Client or with the ldapmodify command: ldapmodify -a -h <host> -p <port> -D <LDAPadminDN> -w <LDAPadminPassword> dn: o=myOrg,c=US objectclass: organization o:myOrg Example Importing Users using ldapmodify : 1. Export the users using fwm dbexport using hello1234 as the pre-shared secret. fwm dbexport -l -f ./o_file.ldif -s "o=bigcorp,c=uk" -k hello1234 2. Create the "o=bigcorp,c=uk" branch. 3. Import the users: ldapmodify -a -c -h <host> -p <port> -D bindDN -w bindPas -f ./o_file.ldif 4. Define an Account Unit with these parameters. ldapsearch Description ldapsearch queries an LDAP directory and returns the results. Syntax ldapsearch [options] filter [attributes] -d Parameter Description options See the options attributes below. filter RFC-1558 compliant LDAP search filter. For example, objectclass=fw1host. attributes The list of attributes to be retrieved. If no attributes are given, all attributes are retrieved. -d Debug flag. The following are the attributes for options: -A - Retrieve attribute names only (without values). -B - Do not suppress printing of non-ASCII values. -D bindDN - The DN to be used for binding to the LDAP server. -F separator - Print separator between attribute name and value instead of " = ".
Image of page 105
Security Management Server and Firewall Commands Command Line Interface Reference Guide R77 | 106 -h host - The LDAP server identified by IP address or resolvable name. -l timelimit - The server side time limit for search, in seconds. -p portnum - The port number. The default is standard LDAP port 389. -S attribute - Sort the results by the values of attribute. -s scope - One of the following: " base ", " one ", " sub ". -b - Base distinguished name (DN) for search. -t - Write values to files in /tmp . Each attribute-value pair is written to a separate file, named: /tmp/ldapsearch-<attribute>-<value> . For example, for the fw1color attribute, the file written is named. /tmp/ldapsearch-fw1color-a00188. -T timeout - Client-side timeout (in milliseconds) for all operations. -u - Show "user friendly" entry names in the output. For example, show " cn=Babs Jensen, users, omi " instead of " cn=Babs Jensen, cn=users,cn=omi " -w password - The password. -Z - Encrypt using SSL. -z sizelimit - Server-side size limit for search, in entries. Example ldapsearch -p 18185 -b cn=omi objectclass=fw1host objectclass This means that the LDAP directory will be queried for fw1host objects using port number 18185 with DN common name " omi ". For each object found, the value of its objectclass attribute will be printed. log_export Description log_export is a utility that allows you to transfer Log data to an external database. This utility behaves as a LEA client. LEA (Log Export API) enables Security Gateway Log data to be exported to third-party applications. log_export receives the Logs from the Security Management server via LEA so it can be run from any host that has a SIC connection with the Security Management server and is defined as an OPSEC host. To run log_export , you need a basic understanding and a working knowledge of:
Image of page 106
Image of page 107

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture