cheat sheet for OID command. it is better to copy these commands at local disk instead of searching all the times.
Start .stop and Status the OID server
To start OID:
${ORACLE_HOME}/opmn/bin/opmnctl startall
To stop:
${ORACLE_HOME}/opmn/bin/opmnctl stopall
To get OID process status using opmnctl:
${ORACLE_HOME}/opmn/bin/opmnctl status
To get OID process using oidctl (OID Version 11g and higher):
${ORACLE_HOME}/oidctl connect=oiddb status
To start a specific OID instance using opmnctl:
${ORACLE_HOME}/opmn/bin/opmnctl startproc ias-component=oid1
other useful commands
The following example searches for all entries with any value for the objectclass attribute.
ldapsearch -p 389 -h sun1 -b "ou=hr, o=acme, c=us" -s subtree "objectclass=*"
The following example searches for all entries that have orcl at the beginning of the value for the objectclass attribute.
ldapsearch -p 389 -h sun1 -b "ou=hr, o=acme, c=us" -s subtree "objectclass=orcl*"
The following example searches for entries where the objectclass attribute begins with orcl and cn begins with foo.
ldapsearch -p 389 -h sun1 -b "ou=hr, o=acme, c=us" \
-s subtree "(&(objectclass=orcl*)(cn=foo*))"
The following example searches for entries in which cn begins with foo or sn begins with bar.
ldapsearch -p 389 -h sun1 -b "ou=hr, o=acme, c=us" \
-s subtree "(|(cn=foo*)(sn=bar*))"
The following example searches for entries in which employeenumber is less than or equal to 10000.
ldapsearch -p 389 -h sun1 -b "ou=hr, o=acme, c=us" \
-s subtree "employeenumber<=10000"
Test if you can bind (connect) to the OID server:
$ ldapbind -p 389 -h my-host-name
bind successful
[edit] Add OID entries
Add an entry/ entries to the OID server:
$ ldapadd -h my-host-name -p 389 -D "cn=orcladmin" -w password -f onames.ldif
[edit] Lookup OID entries
Lookup an SQL*Net Service Name (in the example below, extract orclnetdescstring for TESTENTRY) in the OID directory:
$ ldapsearch -h my-host-name -p 389 -D "cn=orcladmin" -w password -b "cn=MYTEST,cn=OracleContext,dc=mycompany,dc=com" -s base "objectclass=*" orclnetdescstring
Lookup all user information using the mail attribute as the filter under a specified domain
$ ldapsearch -h my-host-name -p 389 -D "cn=orcladmin" -w password -b "dc=mycompany,dc=com" -s sub "mail=*"
Lookup a specific user in LDAP using a specific mail value
$ ldapsearch -h my-host-name -p 389 -D "cn=orcladmin" -w password -b "dc=mycompany,dc=com" -s sub "shahbaz@orasystemsusa.com"
Looking up a specifici user in LDAP but returning only the values for mail and uid cn attributes.
$ ldapsearch -h my-host-name -p 389 -D "cn=orcladmin" -w mypassword -b "dc=mycompany,dc=com" -s sub "mail=shahbaz@orasystemsusa.com" mail uid cn
Lookup all user information using the inetorgperson attribute as the filter under a specified domain and only returning the dn record
$ ldapsearch -h my-host-name -p 389 -D "cn=orcladmin" -w password -b "dc=mycompany,dc=com" -s sub "objectclass=inetorgperson" dn
[edit] Modify an OID entry
$ ldapmodify -h my-host-name -p 389 -D cn=orcladmin -w password -c -v -f <filename>.ldif
[edit] Delete an OID entry
$ ldapdelete -h my-host-name -p 389 -D "cn=orcladmin" -w password "cn=MYTEST,cn=OracleContext,dc=mycompany,dc=com"
[edit] Diagnostic Data
The following can only be performed on 11G and above.
$ oidctl connect=oiddb status -diag
to check if users account is locked or not run following command
ldapsearch -h <OID host> -p <oid port> -D cn=orcladmin -w <password> -b "<DN of the user>" -s sub "objectclass=*" oblogintrycount oblockedon oblockouttime pwdaccountlockedtime
to see or export all the member of a priticular group run following command, you can put output into a file
>ldapsearch -h host –p port –D bind account –q “cn=group” “uniquemember” > allmember.txt
command to see all the groups a user is member of
Due to the fact that group memberships are maintained as attributes belonging to the group entry, it is not possible to view the groups that a particular user is a member of from ODSM. It is however possible to list the groups a user belongs to via command line.
Log in to the Server running OID, and enter the following command to return the list of groups to which a particular user belongs. Substitute the parameters in italics for the appropriate values, and enter the bind account password when prompted.
>ldapsearch -h host –p port –D bind account –q uniquemember=“user dn” “dn”
Start .stop and Status the OID server
To start OID:
${ORACLE_HOME}/opmn/bin/opmnctl startall
To stop:
${ORACLE_HOME}/opmn/bin/opmnctl stopall
To get OID process status using opmnctl:
${ORACLE_HOME}/opmn/bin/opmnctl status
To get OID process using oidctl (OID Version 11g and higher):
${ORACLE_HOME}/oidctl connect=oiddb status
To start a specific OID instance using opmnctl:
${ORACLE_HOME}/opmn/bin/opmnctl startproc ias-component=oid1
other useful commands
The following example searches for all entries with any value for the objectclass attribute.
ldapsearch -p 389 -h sun1 -b "ou=hr, o=acme, c=us" -s subtree "objectclass=*"
The following example searches for all entries that have orcl at the beginning of the value for the objectclass attribute.
ldapsearch -p 389 -h sun1 -b "ou=hr, o=acme, c=us" -s subtree "objectclass=orcl*"
The following example searches for entries where the objectclass attribute begins with orcl and cn begins with foo.
ldapsearch -p 389 -h sun1 -b "ou=hr, o=acme, c=us" \
-s subtree "(&(objectclass=orcl*)(cn=foo*))"
The following example searches for entries in which cn begins with foo or sn begins with bar.
ldapsearch -p 389 -h sun1 -b "ou=hr, o=acme, c=us" \
-s subtree "(|(cn=foo*)(sn=bar*))"
The following example searches for entries in which employeenumber is less than or equal to 10000.
ldapsearch -p 389 -h sun1 -b "ou=hr, o=acme, c=us" \
-s subtree "employeenumber<=10000"
Test if you can bind (connect) to the OID server:
$ ldapbind -p 389 -h my-host-name
bind successful
[edit] Add OID entries
Add an entry/ entries to the OID server:
$ ldapadd -h my-host-name -p 389 -D "cn=orcladmin" -w password -f onames.ldif
[edit] Lookup OID entries
Lookup an SQL*Net Service Name (in the example below, extract orclnetdescstring for TESTENTRY) in the OID directory:
$ ldapsearch -h my-host-name -p 389 -D "cn=orcladmin" -w password -b "cn=MYTEST,cn=OracleContext,dc=mycompany,dc=com" -s base "objectclass=*" orclnetdescstring
Lookup all user information using the mail attribute as the filter under a specified domain
$ ldapsearch -h my-host-name -p 389 -D "cn=orcladmin" -w password -b "dc=mycompany,dc=com" -s sub "mail=*"
Lookup a specific user in LDAP using a specific mail value
$ ldapsearch -h my-host-name -p 389 -D "cn=orcladmin" -w password -b "dc=mycompany,dc=com" -s sub "shahbaz@orasystemsusa.com"
Looking up a specifici user in LDAP but returning only the values for mail and uid cn attributes.
$ ldapsearch -h my-host-name -p 389 -D "cn=orcladmin" -w mypassword -b "dc=mycompany,dc=com" -s sub "mail=shahbaz@orasystemsusa.com" mail uid cn
Lookup all user information using the inetorgperson attribute as the filter under a specified domain and only returning the dn record
$ ldapsearch -h my-host-name -p 389 -D "cn=orcladmin" -w password -b "dc=mycompany,dc=com" -s sub "objectclass=inetorgperson" dn
[edit] Modify an OID entry
$ ldapmodify -h my-host-name -p 389 -D cn=orcladmin -w password -c -v -f <filename>.ldif
[edit] Delete an OID entry
$ ldapdelete -h my-host-name -p 389 -D "cn=orcladmin" -w password "cn=MYTEST,cn=OracleContext,dc=mycompany,dc=com"
[edit] Diagnostic Data
The following can only be performed on 11G and above.
$ oidctl connect=oiddb status -diag
to check if users account is locked or not run following command
ldapsearch -h <OID host> -p <oid port> -D cn=orcladmin -w <password> -b "<DN of the user>" -s sub "objectclass=*" oblogintrycount oblockedon oblockouttime pwdaccountlockedtime
to see or export all the member of a priticular group run following command, you can put output into a file
>ldapsearch -h host –p port –D bind account –q “cn=group” “uniquemember” > allmember.txt
command to see all the groups a user is member of
Due to the fact that group memberships are maintained as attributes belonging to the group entry, it is not possible to view the groups that a particular user is a member of from ODSM. It is however possible to list the groups a user belongs to via command line.
Log in to the Server running OID, and enter the following command to return the list of groups to which a particular user belongs. Substitute the parameters in italics for the appropriate values, and enter the bind account password when prompted.
>ldapsearch -h host –p port –D bind account –q uniquemember=“user dn” “dn”
No comments:
Post a Comment