Once you choose a GC server, you must use the ldapsearch command to search for sites that contain GC servers that can authenticate users.
- Use the ldapsearch command to locate the configurationNamingContext for the forest:
ldapsearch -x -b "" -s base -H ldap://GC_server_name:port configurationNamingContext
- GC_server_name
- The DNS name of the GC server. For instructions on finding the server, see Finding All GC Servers in the Forest.
- port
- The port number for the GC_server_name.
The ldapsearch command produces output similar to the following:
# extended LDIF # # LDAPv3 # base <> with scope base # filter: (objectclass=*) # requesting: configurationNamingContext # # dn: configurationNamingContext: CN=Configuration,DC=ROOTDOMAIN,DC=COM # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1
where the value of the configurationNamingContext attribute is the -b search base you must use to find sites.
- Use the value of the configurationNamingContext attribute to construct an ldapsearch command that lists the sites served by the GC server, that is, sites at which the GC server can locally authenticate users, based on the binding scheme used by the site.
- For simple binding:
ldapsearch -x -D user_principal_name -W -H ldap://GC_server_name:port -ZZ \ -b "CN=Sites,config_naming_context" -s one "(objectClass=site)" cn
- For DIGEST-MD5 binding [Deprecated]: The DIGEST-MD5 authentication protocol used by LDAP is deprecated. Teradata strongly recommends you use simple binding with TLS protection, and stop using DIGEST-MD5.
ldapsearch -Y DIGEST-MD5 -U user_name -H ldap://GC_server_name:port \ -b "CN=Sites,config_naming_context" -s one "(objectClass=site)" cn
- user_principal_name
- The UPN for the user running the command.
- GC_server_name
- The GC server selected in Finding All GC Servers in the Forest.
- port
- The GC server default port.
- config_naming_context
- The value of the configurationNamingContext attribute. See Finding the Root Domain Name.
- user_name
- The domain username for the user running the command.
For command options not described in the preceding table, see Working with Ldapsearch.The ldapsearch command returns output similar to:
# extended LDIF # # LDAPv3 # base <CN=Sites,CN=Configuration,DC=ROOTDOMAIN,DC=COM> with scope one # filter: (objectClass=site) # requesting: cn # China, Sites, Configuration, ROOTDOMAIN.COM dn: CN=China,CN=Sites,CN=Configuration,DC=ROOTDOMAIN,DC=COM cn: China # NewYorkDiv, Sites, Configuration, ROOTDOMAIN.COM dn: CN=NewYorkDiv,CN=Sites,CN=Configuration,DC=ROOTDOMAIN,DC=COM cn: NewYorkDiv # SanDiegoHQ, Sites, Configuration, ROOTDOMAIN.COM dn: CN=SanDiegoHQ,CN=Sites,CN=Configuration,DC=ROOTDOMAIN,DC=COM cn: SanDiegoHQ # India, Sites, Configuration, ROOTDOMAIN.COM dn: CN=India,CN=Sites,CN=Configuration,DC=ROOTDOMAIN,DC=COM cn: India # Japan, Sites, Configuration, ROOTDOMAIN.COM dn: CN=Japan,CN=Sites,CN=Configuration,DC=ROOTDOMAIN,DC=COM cn: Japan # ChicagoDiv, Sites, Configuration, ROOTDOMAIN.COM dn: CN=ChicagoDiv,CN=Sites,CN=Configuration,DC=ROOTDOMAIN,DC=COM cn: ChicagoDiv # search result search: 2 result: 0 Success # numResponses: 7 # numEntries: 6
The example output shows three sites, China, India, and Japan, which are not listed in the search of the single domain shown in Locating the Site Objects in a Domain, and therefore represent separate domains within the forest.
- For simple binding: