8.6 Validating Access Using LDAP
Use the following steps to validate you can access Oracle Unified Directory (OUD) via
LDAP:
Note:
The examples assume sample data was installed when creating the OUD instance.LDAP Against an External Load Balancer
If your ingress is configured with type: LoadBalancer
then you cannot
connect to the external LoadBalancer hostname and ports from inside the pod and must
connect from an OUD installation outside the cluster.
- Example 1: Performing ldapsearch against external load balancer and LDAP
port:
The output will look similar to the following:$OUD_HOME/bin/ldapsearch --hostname <External LBR> --port 1389 \ -D "<Root User DN>" -w <Password for Root User DN> \ -b "" -s base "(objectClass=*)" "*"
dn: objectClass: top objectClass: ds-root-dse lastChangeNumber: 0 firstChangeNumber: 0 changelog: cn=changelog entryDN: pwdPolicySubentry: cn=Default Password Policy,cn=Password Policies,cn=config subschemaSubentry: cn=schema supportedAuthPasswordSchemes: SHA256 supportedAuthPasswordSchemes: SHA1 supportedAuthPasswordSchemes: SHA384 supportedAuthPasswordSchemes: SHA512 supportedAuthPasswordSchemes: MD5 numSubordinates: 1 supportedFeatures: 1.3.6.1.1.14 supportedFeatures: 1.3.6.1.4.1.4203.1.5.1 supportedFeatures: 1.3.6.1.4.1.4203.1.5.2 supportedFeatures: 1.3.6.1.4.1.4203.1.5.3 lastExternalChangelogCookie: vendorName: Oracle Corporation vendorVersion: Oracle Unified Directory 12.2.1.4.0 componentVersion: 4 releaseVersion: 1 platformVersion: 0 supportedLDAPVersion: 2 supportedLDAPVersion: 3 supportedControl: 1.2.826.0.1.3344810.2.3 supportedControl: 1.2.840.113556.1.4.1413 supportedControl: 1.2.840.113556.1.4.319 supportedControl: 1.2.840.113556.1.4.473 supportedControl: 1.2.840.113556.1.4.805 supportedControl: 1.3.6.1.1.12 supportedControl: 1.3.6.1.1.13.1 supportedControl: 1.3.6.1.1.13.2 supportedControl: 1.3.6.1.4.1.26027.1.5.2 supportedControl: 1.3.6.1.4.1.26027.1.5.4 supportedControl: 1.3.6.1.4.1.26027.1.5.5 supportedControl: 1.3.6.1.4.1.26027.1.5.6 supportedControl: 1.3.6.1.4.1.26027.2.3.1 supportedControl: 1.3.6.1.4.1.26027.2.3.2 supportedControl: 1.3.6.1.4.1.26027.2.3.4 supportedControl: 1.3.6.1.4.1.42.2.27.8.5.1 supportedControl: 1.3.6.1.4.1.42.2.27.9.5.2 supportedControl: 1.3.6.1.4.1.42.2.27.9.5.8 supportedControl: 1.3.6.1.4.1.4203.1.10.1 supportedControl: 1.3.6.1.4.1.4203.1.10.2 supportedControl: 2.16.840.1.113730.3.4.12 supportedControl: 2.16.840.1.113730.3.4.16 supportedControl: 2.16.840.1.113730.3.4.17 supportedControl: 2.16.840.1.113730.3.4.18 supportedControl: 2.16.840.1.113730.3.4.19 supportedControl: 2.16.840.1.113730.3.4.2 supportedControl: 2.16.840.1.113730.3.4.3 supportedControl: 2.16.840.1.113730.3.4.4 supportedControl: 2.16.840.1.113730.3.4.5 supportedControl: 2.16.840.1.113730.3.4.9 supportedControl: 2.16.840.1.113894.1.8.21 supportedControl: 2.16.840.1.113894.1.8.31 supportedControl: 2.16.840.1.113894.1.8.36 maintenanceVersion: 2 supportedSASLMechanisms: PLAIN supportedSASLMechanisms: EXTERNAL supportedSASLMechanisms: CRAM-MD5 supportedSASLMechanisms: DIGEST-MD5 majorVersion: 12 orclGUID: D41D8CD98F003204A9800998ECF8427E entryUUID: d41d8cd9-8f00-3204-a980-0998ecf8427e ds-private-naming-contexts: cn=schema hasSubordinates: true nsUniqueId: d41d8cd9-8f003204-a9800998-ecf8427e structuralObjectClass: ds-root-dse supportedExtension: 1.3.6.1.4.1.4203.1.11.1 supportedExtension: 1.3.6.1.4.1.4203.1.11.3 supportedExtension: 1.3.6.1.1.8 supportedExtension: 1.3.6.1.4.1.26027.1.6.3 supportedExtension: 1.3.6.1.4.1.26027.1.6.2 supportedExtension: 1.3.6.1.4.1.26027.1.6.1 supportedExtension: 1.3.6.1.4.1.1466.20037 namingContexts: cn=changelog namingContexts: dc=example,dc=com
- Example 2 - Performing ldapsearch against external load balancer and LDAP port
for specific Oracle Unified Directory
Interface:
$OUD_HOME/bin/ldapsearch --hostname <External LBR> --port 3890 \ -D "<Root User DN>" -w <Password for Root User DN> \ -b "" -s base "(objectClass=*)" "*"
LDAPS Against Kubernetes NodePort for Ingress Controller Service
In the example below LDAP utilities are executed from inside the
oud-ds-rs-0
pod. If your ingress is configured with type:
LoadBalancer
you can connect to the Kubernetes hostname where the ingress is
deployed using the NodePorts.
The following command performs an ldapsearch against the Kubernetes NodePort and LDAP
port:
[oracle@oud-ds-rs-0 bin]$ ./ldapsearch --hostname <Kubernetes Node> --port 31636 \
--useSSL --trustAll \
-D "<Root User DN>" -w <Password for Root User DN> \
-b "" -s base "(objectClass=*)" "*"