July 22, 2011

Audit your environment in 10 seconds

So you got servers up and running, how do you make sure their configurations are in sync ?
The Meat
Simple, we provide a tool called ldap-diff tool that allows to compare two trees and it can be used to compare two servers' configurations.
For example:

$ldap-diff --outputLDIF sourcetotargetdiff.ldif --baseDN cn=config --sourceBindDN "cn=directory manager" --sourceBindPassword admin123 --sourcePort 1389 --sourcehost sourceDSIP --targetPort 1389 --targetHost targetDSIP --targetBindDN "cn=directory manager" --targetBindPassword admin123 --searchFilter '(!(objectclass=*replication*))' --numPasses 1 "^userPassword" "+" "*" "^modifyTimestamp" "^modifiersName" "^ds-entry-checksum" "^ds-update-time" "^ds-create-time" "^ds-entry-unique-id" "^creatorsName" "^createTimestamp" "^entryUUID" "^ds-cfg-password" "^pwdChangedTime"

Put that in a loop to iterate across your servers, that's it!

