Knox CLI Testing Tools
This section describes how to use the Knox CLI (Command Line Interface) to run diagnostic tests.
The Knox CLI is a command line utility that can be used to manage and test various aspects of a Knox deployment.
The knoxcli.sh command line utility script is located in the
{GATEWAY_HOME}/bin directory.
Knox CLI LDAP Authentication and Authorization Testing
You can use the following command format to authenticate a user name and password against LDAP.
bin/knoxcli.sh user-auth-test [--cluster c] [--u username] [--p password] [--g] [--d] [--help]
This command will test a topology’s ability to connect, authenticate, and authorize a
user with an LDAP server. The only required argument is the --cluster
argument to specify the name of the topology you wish to use. The topology must
be valid (passes a validate-topology command). If the –u and
–p arguments are not specified, you will be prompted for a user name
and password.
If authentication is successful, the command will attempt to use the topology to do an
LDAP group lookup. The topology must be configured correctly to do this. If it is not,
groups will not be returned and no errors will be printed unless the --g
argument is specified. Currently this command only works if a topology supports the use
of ShiroProvider for authentication.
Table 2.25. LDAP Authentication and Authorization Arguments
| Argument | Description | Required? |
|---|---|---|
| --cluster | The name of the cluster to authenticate. | Yes |
| --u | The user name to authenticate with. | No |
| --p | The password to authenticate with. | No |
| --g | Specifies that you want to return a user’s groups. If not specified, group lookup errors will not be returned. | No |
| --d | Print extra debug information for a failed authentication. | No |