Re: [PLUG] using OpenLDAP with Active Directory

Mike Leone on 26 Mar 2010 11:39:21 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] using OpenLDAP with Active Directory

From: Mike Leone <turgon@mike-leone.com>

To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Subject: Re: [PLUG] using OpenLDAP with Active Directory

Date: Fri, 26 Mar 2010 14:39:21 -0400

Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: Thunderbird 2.0.0.24 (Windows/20100228)

Jason Stelzer had this to say: > Sorry, I'm only half reading things.. i suck at multitasking. > > try something like this: > > ldapsearch -Hldap://fqdn.domain.controller -tt -x -D > "username@domain.controller" -b "dc=your,dc=base,dc=DN" -W -L > "cn=whatever" > > Can you get a command like that to bind? Yes! I created a new AD user, called "ldap-proxy", and tried to bind using it ... root@workhorse:/etc/ldap# ldapsearch -Hldap://dim-win2300.dacrib.local -tt -x -D "ldap-proxy@dacrib.local" -b "dc=dacrib,dc=local" -W -L "(objectClass=user)" sAMAccountName Enter LDAP Password: version: 1 # # LDAPv3 # base <dc=dacrib,dc=local> with scope subtree # filter: (objectClass=user) # requesting: sAMAccountName # # Administrator, Users, DaCrib.local dn: CN=Administrator,CN=Users,DC=DaCrib,DC=local sAMAccountName:< file:///tmp/ldapsearch-sAMAccountName-fi1jI9 ... and so on ... > Once you can get it to bind, try to get searches working. I use > ldapsearch like that with AD pretty often. For example, to dump a > bunch of noise about a specific user I will do a query on.... > > ldapsearch -Hldap://DOMAINCONTROLLER -tt -x -D "jstelzer@DOMAIN" -b > dc=dept,dc=company,dc=com -W -L '(uid=somebody)' > > > that'll spit out everything (i am permitted to see) in an ldiff format. All righty! So, since I want this to work automatically (i.e., eventually I want to be able to log into the Linux box using an AD account (that doesn't exist on Linux), and have it all Just Work. Something I'm thinking I may be able to use at work ... This is definitely progress! I will put that account and password into my ldap.conf, and see if the simplified ldapsearch test works. Thanks so much! ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

References:

[PLUG] using OpenLDAP with Active Directory
From: Mike Leone <turgon@mike-leone.com>

Re: [PLUG] using OpenLDAP with Active Directory
From: Mike Leone <turgon@mike-leone.com>

Re: [PLUG] using OpenLDAP with Active Directory
From: Jason Stelzer <jason.stelzer@gmail.com>

Re: [PLUG] using OpenLDAP with Active Directory
From: Mike Leone <turgon@mike-leone.com>

Re: [PLUG] using OpenLDAP with Active Directory
From: Jason Stelzer <jason.stelzer@gmail.com>

Prev by Date: Re: [PLUG] using OpenLDAP with Active Directory

Next by Date: Re: [PLUG] using OpenLDAP with Active Directory

Previous by thread: Re: [PLUG] using OpenLDAP with Active Directory

Next by thread: Re: [PLUG] using OpenLDAP with Active Directory

Index(es):

Date

Thread