Symantec Access Management

Some Helpful Queries for User Store and Provisioning Store Search 

Jan 02, 2018 01:00 PM

Hi All,

 

I am sure we all come across searching user store and provisioning store on a regular basis. I am going to provide some helpful dxsearch queries that you can use against User Store (CA Directory) and Provisioning Store.

 

You can run these queries from CA Directory via command line.

 

Assumptions:

User Store - CA Directory

Base DN: ou=people,dc=ca,dc=com

User Store Port: 389

User Store Admin: uid=imadmin,ou=people,dc=ca,dc=com

User Store Host Name - userstorehostname

Provisioning Store Host Name - provdirhostname

DYN Endpoint - Endpoint1

OS: RHEL

 

Queries:

 

Count no. of global users in Provisioning Store:

 

dxsearch -D "eTDSAContainerName=DSAs,eTNamespaceName=CommonObjects,dc=etadb" -h provdirhostname -p 20394 -w <password> eTGlobalUserName=* dxEntryCount 

 

Count no. of users in User Store:

 

dxsearch -b "ou=people,dc=ca,dc=com" -D "uid=imadmin,ou=people,dc=ca,dc=com" -h userstorehostname -p 389 -w <password> uid=* dxEntryCount

 

Count no. of Accounts in a DYN Endpoint in Provisioning Store:

 

dxsearch -b "eTDYNDirectoryName=Endpoint1,eTNamespaceName=Endpoint1,dc=im,dc=etadb" -D "eTDSAContainerName=DSAs,eTNamespaceName=CommonObjects,dc=etadb" -h provdirhostname -p 20394 -w <password> eTDYNAccountName=* dxEntryCount

 

Count no. of Inclusions for a Endpoint in Provisioning Store:

 

dxsearch -b "eTSubordinateClass=eTDYNAccount,eTSuperiorClass=eTGlobalUser,eTInclusionContainerName=Inclusions,eTNamespaceName=CommonObjects,dc=im,dc=etadb" -D "eTDSAContainerName=DSAs,eTNamespaceName=CommonObjects,dc=etadb" -h provdirhostname -p 20394 -w <password>  eTSubordinateClassEntry=*eTNamespaceName\=Endpoint1* dxEntryCount

 

Count no. of Accounts for a Endpoint NOT Correlated to [deafult user] in Provisioning Store:

 

dxsearch -LLL -b "eTSuperiorClass=eTGlobalUser,eTInclusionContainerName=Inclusions,eTNamespaceName=CommonObjects,dc=im,dc=etadb" -D "eTDSAContainerName=DSAs,eTNamespaceName=CommonObjects,dc=etadb" -h provdirhostname -p 20394 -w <password> \(\&\(\!\(eTSuperiorClassEntry=*\[default*\)\)\(eTSubordinateClassEntry=*eTNamespaceName\=Endpoint1*\)\) dxEntryCount

 

Count no. of Members of a group in User Store:

 

dxsearch -b "ou=groups,dc=ca,dc=com" -D "uid=imadmin,ou=people,dc=ca,dc=com" -h userstorehostname -p 389 -w <password> cn=Application1 | grep uniqueMember: | wc -l

 

Search Members dn of a Group in User Store:

 

dxsearch -b "ou=groups,dc=ca,dc=com" -D "uid=imadmin,ou=people,dc=ca,dc=com" -h userstorehostname -p 389 -w <password> cn=Application1 | grep uniqueMember:

 

Search Users with a condition in User Store:

 

Return DN:

 

dxsearch -b "ou=people,dc=ca,dc=com" -D "uid=imadmin,ou=people,dc=pep,dc=pvt" -h userstorehostname -p 389 -w <password> country="US" dn

 

Return Selected Attributes:

 

dxsearch -b "ou=people,dc=ca,dc=com" -D "uid=imadmin,ou=people,dc=pep,dc=pvt" -h userstorehostname -p 389 -w <password> country="US" dn uid givenName sn cn

 

Return Complete Entry:

 

dxsearch -b "ou=people,dc=ca,dc=com" -D "uid=imadmin,ou=people,dc=pep,dc=pvt" -h userstorehostname -p 389 -w <password> country="US"

 

Count:

 

dxsearch -b "ou=people,dc=ca,dc=com" -D "uid=imadmin,ou=people,dc=pep,dc=pvt" -h userstorehostname -p 389 -w <password> country="US" dxEntryCount

 

Complex Condition:

 

(&(state=Texas)(country=US))

 

dxsearch -b "ou=people,dc=ca,dc=com" -D "uid=imadmin,ou=people,dc=pep,dc=pvt" -h userstorehostname -p 389 -w <password> \(\&\(state=Texas\)\(country=US\)\)

 

Search Global Users with a Provisioning Role in Provisioning Role:

 

Return dn:

 

dxsearch -b "eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=etadb" -D "eTDSAContainerName=DSAs,eTNamespaceName=CommonObjects,dc=etadb" -h provdirhostname -p 20394 -w <password> eTRoleDN=*Role1,eTRoleContainerName=Roles,eTNamespaceName=CommonObjects,dc=im* dn

 

Return Complete Entry:

 

dxsearch -b "eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=etadb" -D "eTDSAContainerName=DSAs,eTNamespaceName=CommonObjects,dc=etadb" -h provdirhostname -p 20394 -w <password> eTRoleDN=*Role1,eTRoleContainerName=Roles,eTNamespaceName=CommonObjects,dc=im*

 

Count:

 

dxsearch -b "eTGlobalUserContainerName=Global Users,eTNamespaceName=CommonObjects,dc=im,dc=etadb" -D "eTDSAContainerName=DSAs,eTNamespaceName=CommonObjects,dc=etadb" -h provdirhostname -p 20394 -w <password> eTRoleDN=*Role1,eTRoleContainerName=Roles,eTNamespaceName=CommonObjects,dc=im* dxEntryCount

 

 

PS: / is used as escape character in RHEL Command Line. It may not be required in windows command prompt or unix shell scripting.

 

Thanks,

Praveen Jain

Statistics
0 Favorited
6 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.