How to dump LDAP Schema

This article applies to the Linux and Mac versions of PaperCut. UNIX command-line experience is required.

PaperCut support may ask for an LDAP schema data to diagnose complex LDAP issues. The following commands can be used to produce a file with LDAP information:

If the base DN is known:

  ldapsearch -x -h localhost -b "<base dn>" | gzip > ldapsearch-data.gz

With an empty base DN:

  ldapsearch -x -h localhost -b "" | gzip > ldapsearch-data.gz

If authentication is required:

  ldapsearch -x -h localhost -D "<admin dn>" -w "<admin-password>" 
       -b "<base dn>" | gzip > ldapsearch-data.gz

Email the ldapsearch-data.gz file through to support and they can use this via diagnostics and/or setting up a duplicate ennvironment. Note: All data will be kept confidential and deleted when not required as per our privacy policy.

I use OpenLDAP, what is my BaseDN and AdminDN?

You should be able to obtain your AdminDN and BaseDN from your slapd.conf, this is often located in /usr/local/etc/openldap/ or /etc/openldap. On Mac OS X, this is called slapd_macosxserver.conf

Open the file in your favourite text editor and look for the suffix and rootdn.

Examples:

  • suffix "dc=branch,dc=company,dc=biz"
  • rootdn "uid=root,cn=users,dc=branch,dc=company,dc=biz"

You should know your password!

Windows users…

If you are running Windows and do not have access to a Mac OS X or Linux installation to use ldapsearch, please contact PaperCut Technical Support who has a Windows binary available for your use. You will need to reference “Internal Ticket: 3675”


Categories: How-to Articles, Authentication


keywords: ldap schema dump, ldap support, ldapsearch.exe

Comments