Users Guide
aaa query-user
aaa query-user <ldap-server-name> <user-name>
Description
Troubleshoot an LDAP authentication failure by verifying that the user exists in the ldap server database.
Syntax
Parameter Description
<ldap-server-name>
Name of an LDAP server.
<user-name>
Name of a user whose LDAP record you want to view.
Usage Guidelines
If the Admin-DN binds successfully but the wireless user fails to authenticate, issue this command to
troubleshoot whether the problem is with the wireless network, the controller, or the ldap server. The aaa
query-user <ldap_server_name> <username> command to makes the controller send a search query to
find the user. If that search fails in spite of the user being in the LDAP database, it is most probable that the
base DN where the search was started was not correct. In such case, it is advisable to make the base DN at the
root of the ldap tree.
Example
The example below shows part of the output for an LDAP record for the username JDOE.
(host) #aaa query-user eng JDOE
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: John Doe
sn: Doe
userCertificate: 0\202\005\2240\202\004|\240\003\002\001\002\002\012H\011\333K
userCertificate: 0\202\005\2240\202\004|\240\003\002\001\002\002\012]\350\346F
userCertificate: 0\202\005\2240\202\004|\240\003\002\001\002\002\012\023\001\017\240
userCertificate: 0\202\005\2240\202\004|\240\003\002\001\002\002\012\031\224/\030
userCertificate: 0\202\005~0\202\004f\240\003\002\001\002\002\012\031\223\246\022
userCertificate: 0\202\005\2240\202\004|\240\003\002\001\002\002\012\037\177\374\305
givenName: JDE
distinguishedName: CN=John Doe,CN=Users,DC=eng,DC=net
instanceType: 4
whenCreated: 20060516232817.0Z
whenChanged: 20081216223053.0Z
displayName: John Doe
uSNCreated: 24599
memberOf: CN=Cert_Admins,CN=Users,DC=eng,DC=net
memberOf: CN=ATAC,CN=Users,DC=eng,DC=net
uSNChanged: 377560
department: eng
name: John Doe
...
Dell Networking W-Series ArubaOS 6.4.x | User Guide aaa query-user | 120