So this is something that I've wanted FOREVER …
***** LdapSearch Input Parameters *****
hostName=windows2012.uk.ibm.com
portNumber=389
sslEnabled=false
baseDN=CN=Users,DC=uk,DC=ibm,DC=com
bindDN=CN=LDAPBindUser,CN=Users,DC=uk,DC=ibm,DC=com
bindPwd=*****
searchFilter=cn=BPMUsers
searchLimit=20
referral=ignore
searchScope=sub
***** LdapSearch Results *****
------ #1
cn=BPMUsers
name=BPMUsers
instanceType=4
groupType=-2147483646
objectSid=_)2R
sAMAccountType=268435456
member=CN=BPMUser2,CN=Users,DC=uk,DC=ibm,DC=com
member=CN=BPMUser1,CN=Users,DC=uk,DC=ibm,DC=com
uSNCreated=12729
uSNChanged=12752
objectClass=top
objectClass=group
distinguishedName=CN=BPMUsers,CN=Users,DC=uk,DC=ibm,DC=com
objectCategory=CN=Group,CN=Schema,CN=Configuration,DC=uk,DC=ibm,DC=com
sAMAccountName=BPMUsers
objectGUID=HLtU
whenCreated=20170310074140.0Z
whenChanged=20170310074309.0Z
dSCorePropagationData=16010101000000.0Z
I don't know precisely when it appeared, but I just realised that WebSphere Application Server (WAS) Network Deployment 8.5.5.11 ( 8.5.5 Fixpack 11 ) now includes the ability to test LDAP connectivity: -
Specifically, this: -
which returns: -
whereas if, for example, I use the wrong Bind Password, I get: -
SECJ7340E: Exception raised trying to connect to LDAP serverException Name=javax.naming.AuthenticationException Reason=[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903D0, comment: AcceptSecurityContext error, data 52e, v2580] ***** LdapSearch Input Parameters ***** hostName=windows2012.uk.ibm.com portNumber=389 sslEnabled=false baseDN=CN=Users,DC=uk,DC=ibm bindDN=CN=LDAPBindUser,CN=Users,DC=uk,DC=ibm,DC=com bindPwd=***** searchFilter=cn=BPMUser* searchLimit=20 referral=ignore searchScope=sub
Even better, there's a Python command AdminTask.ldapSearch which makes Scripty McScriptface happy: -
print AdminTask.ldapSearch('[-hostname windows2012.uk.ibm.com -port 389 -baseDN CN=Users,DC=uk,DC=ibm,DC=com -bindDN CN=LDAPBindUser,CN=Users,DC=uk,DC=ibm,DC=com -bindPassword Qpassw0rd -sslEnabled false -referral ignore -searchFilter cn=BPMUsers -searchLimit 20 ]')
***** LdapSearch Input Parameters *****
hostName=windows2012.uk.ibm.com
portNumber=389
sslEnabled=false
baseDN=CN=Users,DC=uk,DC=ibm,DC=com
bindDN=CN=LDAPBindUser,CN=Users,DC=uk,DC=ibm,DC=com
bindPwd=*****
searchFilter=cn=BPMUsers
searchLimit=20
referral=ignore
searchScope=sub
***** LdapSearch Results *****
------ #1
cn=BPMUsers
name=BPMUsers
instanceType=4
groupType=-2147483646
objectSid=_)2R
sAMAccountType=268435456
member=CN=BPMUser2,CN=Users,DC=uk,DC=ibm,DC=com
member=CN=BPMUser1,CN=Users,DC=uk,DC=ibm,DC=com
uSNCreated=12729
uSNChanged=12752
objectClass=top
objectClass=group
distinguishedName=CN=BPMUsers,CN=Users,DC=uk,DC=ibm,DC=com
objectCategory=CN=Group,CN=Schema,CN=Configuration,DC=uk,DC=ibm,DC=com
sAMAccountName=BPMUsers
objectGUID=HLtU
whenCreated=20170310074140.0Z
whenChanged=20170310074309.0Z
dSCorePropagationData=16010101000000.0Z
which is GREAT.
Thanks IBM :-)
*UPDATE*
I've just found this: -
which says, in part: -
…
The fix for this APAR is currently targeted for inclusion in
fix packs 7.0.0.41, 8.0.0.12 and 8.5.5.8
…
so it's been there since 8.5.5.8 ;-)