IDM eDirectory/LDAP Synchronization Checker

This script counts the seconds it takes until a modification of attributes and the password on a reference object is synchronized.

How to install and configure

  1. Make sure your perl installation has the Net::LDAP and Term::ANSIColor Modules available.

  • Create a reference user object. Make sure it is synchronizable within your IDM Installation - this means it resides on an eDirectory partition that is local to the IDM Server.

  • Create a LDAP Proxy User that is used to modify the reference object. Make sure it has the rights to edit the following attributes:

  • mobile

  • facsimileTelephoneNumber

  • ability to change the password (Password Management)

  • Configure the script. Enter the server information following this example:

# Index for LDAP Host configurations
# 0 = IP-Address
# 1 = Proxy User with supervisory rights to the synctest object/1
# 2 = Password of this proxy user
# 3 = DN of synctest user (FDN: cn=test,ou=test,o=test)
# eDirectory/LDAP Host 1
@host1 = ("","cn=proxyuser,o=novell","password","cn=synctest,ou=test1,o=novell");

# eDirectory/LDAP Host 2
@host2 = ("","cn=proxyuser,ou=check,o=novell","password","cn=synctest,ou=test2,o=novell");

  • By default, the sync-check has a timeout after 1200 seconds (20 minutes) - really a long time. You can change it to any other value in seconds.

  • The check is bi-directional. After a successful sync from Server 1 to Server 2, it checks the sync from Server 2 to Server 1. This can be turned off by setting the variable $twoWay to 0.

  • After modifying the object on Server 1, the script queries for the value on server 2. This is done once per second by default. This can also be changed by setting the variable $readPause to the desired value in seconds.


Now you can run the script - after setting the right permissions - and see how long it really takes to sync modifications and passwords between two trees.

ui@hobbes:~/bin>chmod u x

checkIDMSync Screenshot


Comment List