|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] using OpenLDAP with Active Directory
|
Sorry, I'm only half reading things.. i suck at multitasking.
try something like this:
ldapsearch -Hldap://fqdn.domain.controller -tt -x -D
"username@domain.controller" -b "dc=your,dc=base,dc=DN" -W -L
"cn=whatever"
Can you get a command like that to bind?
Once you can get it to bind, try to get searches working. I use
ldapsearch like that with AD pretty often. For example, to dump a
bunch of noise about a specific user I will do a query on....
ldapsearch -Hldap://DOMAINCONTROLLER -tt -x -D "jstelzer@DOMAIN" -b
dc=dept,dc=company,dc=com -W -L '(uid=somebody)'
that'll spit out everything (i am permitted to see) in an ldiff format.
Once you get that working, you can fight with wonderfully elegant and
obvious searches such as
(&
(&
(!(LogonCount=0))
(&(LastLogon=*)(!(LastLogon=0))))
(&
(UserAccountControl:1.2.840.113556.1.4.803:=512)
(!(UserAccountControl:1.2.840.113556.1.4.803:=2))
(!(UserAccountControl:1.2.840.113556.1.4.803:=32))
)
)
So, yeah it's slow.... but it's hard to use....
On Fri, Mar 26, 2010 at 2:06 PM, Mike Leone <turgon@mike-leone.com> wrote:
> Jason Stelzer had this to say:
>> The only thing I can think of is that anonymous binds aren't being
>> permitted. When I was doing stuff with ldap I generally created a
>> 'system' user account that could bind and query the appropriate data.
>
> But it's not an anonymous bind.
>
> I get the same error when I have:
>
> binddn cn=Administrator,dc=DaCrib,dc=local
> bindpw XXXXXXX
>
> in ldap.conf. (a later addition, not in the original email, that I just
> referenced. Sorry)
>
> I can make a special account to use to bind with. And specify that in
> ldap.conf.
>
>> Your first order of business should probably be to get binds working
>> via ldapsearch (try creating an account in ldap to narrow down if its
>> an issue with anonymous binds or if its an issue with how you are
>> connecting). There are a lot of details to sweat. make sure your
>> basedn is correct. Make sure the protocol you are using is what you
>> expect (v2 vs v3).
>
> It's v3, according to the Win tools I am using. I can hard-code that, I
> suppose, even though that's the default (as shown at the bottom of this
> email).
>
> ___________________________________________________________________________
> Philadelphia Linux Users Group -- http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
>
--
J.
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|