Total Pageviews

Wednesday, September 24, 2014

OID commands cheet sheet, must need to have these commands for quick referance

cheat sheet for OID command. it is better to copy these commands at local disk instead of searching all the times.


Start .stop and Status the OID server

To start OID:
${ORACLE_HOME}/opmn/bin/opmnctl startall


To stop:
${ORACLE_HOME}/opmn/bin/opmnctl stopall

To get OID process status using opmnctl:
${ORACLE_HOME}/opmn/bin/opmnctl status

To get OID process using oidctl (OID Version 11g and higher):
${ORACLE_HOME}/oidctl connect=oiddb status

To start a specific OID instance using opmnctl:
${ORACLE_HOME}/opmn/bin/opmnctl startproc ias-component=oid1

other useful commands

The following example searches for all entries with any value for the objectclass attribute.
ldapsearch -p 389 -h sun1 -b "ou=hr, o=acme, c=us" -s subtree "objectclass=*"


The following example searches for all entries that have orcl at the beginning of the value for the objectclass attribute.
ldapsearch -p 389 -h sun1 -b "ou=hr, o=acme, c=us" -s subtree "objectclass=orcl*"


The following example searches for entries where the objectclass attribute begins with orcl and cn begins with foo.
ldapsearch -p 389 -h sun1 -b "ou=hr, o=acme, c=us" \
          -s subtree "(&(objectclass=orcl*)(cn=foo*))"


The following example searches for entries in which cn begins with foo or sn begins with bar.
ldapsearch -p 389 -h sun1 -b "ou=hr, o=acme, c=us" \
          -s subtree "(|(cn=foo*)(sn=bar*))"


The following example searches for entries in which employeenumber is less than or equal to 10000.
ldapsearch -p 389 -h sun1 -b "ou=hr, o=acme, c=us" \
           -s subtree "employeenumber<=10000"



Test if you can bind (connect) to the OID server:
$ ldapbind -p 389 -h my-host-name
bind successful
[edit] Add OID entries
Add an entry/ entries to the OID server:
$ ldapadd -h my-host-name -p 389 -D "cn=orcladmin" -w password -f onames.ldif


[edit] Lookup OID entries
Lookup an SQL*Net Service Name (in the example below, extract orclnetdescstring for TESTENTRY) in the OID directory:
$ ldapsearch -h my-host-name -p 389 -D "cn=orcladmin" -w password -b "cn=MYTEST,cn=OracleContext,dc=mycompany,dc=com" -s base "objectclass=*" orclnetdescstring


Lookup all user information using the mail attribute as the filter under a specified domain
$ ldapsearch -h my-host-name -p 389 -D "cn=orcladmin" -w password -b "dc=mycompany,dc=com" -s sub "mail=*"


Lookup a specific user in LDAP using a specific mail value
$ ldapsearch -h my-host-name -p 389 -D "cn=orcladmin" -w password -b "dc=mycompany,dc=com" -s sub "shahbaz@orasystemsusa.com"


Looking up a specifici user in LDAP but returning only the values for mail and uid cn attributes.
$ ldapsearch -h my-host-name -p 389 -D "cn=orcladmin" -w mypassword -b "dc=mycompany,dc=com" -s sub "mail=shahbaz@orasystemsusa.com" mail uid cn


Lookup all user information using the inetorgperson attribute as the filter under a specified domain and only returning the dn record
$ ldapsearch -h my-host-name -p 389 -D "cn=orcladmin" -w password -b "dc=mycompany,dc=com" -s sub "objectclass=inetorgperson" dn


[edit] Modify an OID entry
$ ldapmodify -h my-host-name -p 389 -D cn=orcladmin -w password -c -v -f <filename>.ldif

[edit] Delete an OID entry
$ ldapdelete -h my-host-name -p 389 -D "cn=orcladmin" -w password "cn=MYTEST,cn=OracleContext,dc=mycompany,dc=com"


[edit] Diagnostic Data
The following can only be performed on 11G and above.
$ oidctl connect=oiddb status -diag

    

to check if users account is locked or not run following command

ldapsearch -h <OID host> -p <oid port> -D cn=orcladmin -w <password> -b "<DN of the user>" -s sub "objectclass=*" oblogintrycount oblockedon oblockouttime pwdaccountlockedtime


to see or export all the member of a priticular group run following command, you can put output into a file

>ldapsearch -h host –p port –D bind account –q “cn=group” “uniquemember”  > allmember.txt


command to see all the groups a user is member of

Due to the fact that group memberships are maintained as attributes belonging to the group entry, it is not possible to view the groups that a particular user is a member of from ODSM. It is however possible to list the groups a user belongs to via command line.

Log in to the Server running OID, and enter the following command to return the list of groups to which a particular user belongs. Substitute the parameters in italics for the appropriate values, and enter the bind account password when prompted.

>ldapsearch -h host –p port –D bind account –q uniquemember=“user dn” “dn”

No comments:

Post a Comment